diff --git a/draft-ietf-privacypass-auth-scheme.md b/draft-ietf-privacypass-auth-scheme.md
index b9646576..9608c23d 100644
--- a/draft-ietf-privacypass-auth-scheme.md
+++ b/draft-ietf-privacypass-auth-scheme.md
@@ -617,15 +617,15 @@ challenge is per-origin or not. For example, cross-origin tokens with empty
 contexts can be reflected from one party by another, as shown below.
 
 ~~~ aasvg
-+--------+           +----------+               +--------+
-| Origin |           | Attacker |               | Client |
-+---+----+           +----+-----+               +---+----+
-    |                     |                         |
-    +-- TokenChallenge -->|                         |
-    |                     +-- (reflect challenge) ->|
-    |                     |<-------- Token ---------+
-    |<-- (reflect token) -+                         |
-    |                     |
++--------+            +----------+                +--------+
+| Origin |            | Attacker |                | Client |
++---+----+            +----+-----+                +---+----+
+    |                      |                          |
+    +--- TokenChallenge -->|                          |
+    |                      +-- (reflect challenge) -->|
+    |                      |<-------- Token ----------+
+    |<-- (reflect token) --+                          |
+    |                      |                          |
 ~~~
 {: #fig-replay title="Replay attack example"}