diff --git a/docs/workflows/bootstrap-enrollment.md b/docs/workflows/bootstrap-enrollment.md
index 07e00a6..bfe8c06 100644
--- a/docs/workflows/bootstrap-enrollment.md
+++ b/docs/workflows/bootstrap-enrollment.md
@@ -178,7 +178,7 @@ sequenceDiagram
     Note over Agent: Token nearing expiry
     Agent->>Agent: Generate ephemeral Ed25519 key
     Agent->>Agent: Build naming JWT (signed by durable key,<br/>embeds ephemeral key as cnf.jwk)
-    Agent->>AP: POST /refresh (signed with ephemeral key,<br/>Signature-Key: sig=jkt-jwt;jwt="naming-jwt")
+    Agent->>AP: POST /refresh (signed with ephemeral key,<br/>Signature-Key: sig=jkt-jwt jwt=naming-jwt)
     AP->>AP: Extract durable key thumbprint from naming JWT kid
     AP->>AP: Verify naming JWT signature against enrolled durable key
     AP->>AP: Verify HTTP signature against ephemeral key