diff --git a/proposals/xxxx-sas-v2.md b/proposals/xxxx-sas-v2.md
index e4e4e320..d9d37471 100644
--- a/proposals/xxxx-sas-v2.md
+++ b/proposals/xxxx-sas-v2.md
@@ -11,6 +11,9 @@ generation of the SAS string by including it in the info parameter of the HKDF.
 Thus if an attacker sends them different public keys, the info parameters will
 be different, and so the key generated by the HKDF will be different.
 
+Thanks to [David Wong](https://twitter.com/cryptodavidw) for identifying the
+issue, disclosing responsibly, and for helping to design the fix.
+
 ## Proposal
 
 A new `key_agreement_protocol`, `curve25519-hkdf-sha256` is introduced, and