diff --git a/xep-0280.xml b/xep-0280.xml
index 714d0766..dab6daf4 100644
--- a/xep-0280.xml
+++ b/xep-0280.xml
@@ -432,7 +432,11 @@
   </section2>
 </section1>
 <section1 topic='Security Considerations' anchor='security'>
-  <p>The security model assumed by this document is that all of the resources for a single user are in the same trust boundary. Any forwarded copies received by a Carbons-enabled client MUST be from that user's bare JID; any copies that do not meet this requirement MUST be ignored.</p>
+  <p>The security model assumed by this document is that all of the resources for a single user are in the same trust boundary.</p>
+  <ul>
+    <li>Any forwarded copies received by a Carbons-enabled client MUST be from that user's bare JID;</li>
+    <li>any copies that do not meet this requirement MUST be ignored.</li>
+  </ul>
   <p>Outbound chat messages that are encrypted end-to-end are not often useful to receive on other resources.  As such, they should use the &lt;private/&gt; element specified above to avoid such copying, unless the encryption mechanism is able to accommodate this protocol.</p>
 </section1>
 <section1 topic='IANA Considerations' anchor='iana'>