diff --git a/api/server-server/definitions/keys.yaml b/api/server-server/definitions/keys.yaml
index c48c320a..8bc6c563 100644
--- a/api/server-server/definitions/keys.yaml
+++ b/api/server-server/definitions/keys.yaml
@@ -98,7 +98,7 @@ properties:
       be ignored in room versions 1, 2, 3, and 4. Keys used beyond this timestamp MUST
       be considered invalid, depending on the `room version specification`_.
 
-      Servers SHOULD use the lesser of this field and 7 days into the future when
+      Servers MUST use the lesser of this field and 7 days into the future when
       determining if a key is valid. This is to avoid a situation where an attacker
       publishes a key which is valid for a significant amount of time without a way
       for the homeserver owner to revoke it.
diff --git a/specification/rooms/v5.rst b/specification/rooms/v5.rst
index 9b9fad7e..97ebf2fe 100644
--- a/specification/rooms/v5.rst
+++ b/specification/rooms/v5.rst
@@ -15,8 +15,8 @@
 Room Version 5
 ==============
 
-This room version builds on `version 4 <v4.html>`_, enforcing signing key validity
-periods for events.
+This room version builds on `version 4 <v4.html>`_ while enforcing signing
+key validity periods for events.
 
 .. contents:: Table of Contents
 .. sectnum::
@@ -52,3 +52,8 @@ validated. Servers missing a copy of the signing key MUST try to obtain one via
 or `POST /_matrix/key/v2/query <../server_server/r0.1.1.html#post-matrix-key-v2-query>`_
 APIs. When using the ``/query`` endpoint, servers MUST set the ``minimum_valid_until_ts``
 property to prompt the notary server to attempt to refresh the key if appropriate.
+
+Servers MUST use the lesser of ``valid_until_ts`` and 7 days into the future when
+determining if a key is valid. This is to avoid a situation where an attacker
+publishes a key which is valid for a significant amount of time without a way for
+the homeserver owner to revoke it.