diff --git a/drafts/erikj_federation.rst b/drafts/erikj_federation.rst
index d64be7cf..5efc6a90 100644
--- a/drafts/erikj_federation.rst
+++ b/drafts/erikj_federation.rst
@@ -132,6 +132,20 @@ it serves to remote servers.
     We probably should probably give a lower band of how long auth events
     should be kept around for.
 
+Auth chain
+~~~~~~~~~~
+
+The *auth chain* for an event is the recursive list of auth events and the auth
+chain for those auth events.
+
+The auth chain for event gives all the information a server needs to accept an
+event. However, being given an auth chain for an event that appears valid does
+not mean that the event might later be rejected. For example if we discover
+that the sender had been banned between the join event listed in the auth
+events and the event being authed.
+
+**TODO**: Clean the above explanations up a bit.
+
 
 Definitions
 ~~~~~~~~~~~