diff --git a/index.src.html b/index.src.html
index 846ccb9..b78bab5 100644
--- a/index.src.html
+++ b/index.src.html
@@ -339,6 +339,11 @@ <h2 id="framework">Framework</h2>
 
   <h3 id="ip-address-space-heading">IP Address Space</h3>
 
+  Define {{IPAddressSpace}} as follows:
+  <pre class="idl">
+    enum IPAddressSpace { "public", "private", "local" };
+  </pre>
+
   Every IP address belongs to an
   <dfn export local-lt="address space">IP address space</dfn>, which can be one
   of three different values:
@@ -527,7 +532,7 @@ <h3 id="private-network-request-heading">Private Network Request</h3>
   a change is not deemed worth the payoff for now. This can be shipped as an
   incremental improvement later on.
 
-  NOTE: Some [=local network requests=] are more challenging to secure than
+  NOTE: Some [=private network requests=] are more challenging to secure than
   others. See [[#rollout-difficulties]] for more details.
 
   <h3 id="headers">Additional CORS Headers</h3>
@@ -918,14 +923,17 @@ <h4 id="fetching">Fetching</h4>
                   "<a http-header>`Private-Network-Access-ID`</a>" and
                   |response|'s [=response/header list=].
 
-              1.  if |targetId| is invalid, return a [=network error=].
+              1.  if |targetId| is not a string of 6 hexadecimal bytes
+                  separated by colons, return a [=network error=].
 
               1.  Let |targetName| be the result of [=extracting header list
                   values=] given
                   "<a http-header>`Private-Network-Access-Name`</a>" and
                   |response|'s [=response/header list=].
 
-              1.  if |targetName| is invalid, return a [=network error=].
+              1.  if |targetName| does not match the [ECMAScript] regexp
+                  /^[a-z0-9_-.]+$/ or has more than 248 UTF-8 code units,
+                  return a [=network error=].
 
               1.  Let |state| be the result of [=requesting permission to use=]
                   the following descriptor:
@@ -960,10 +968,6 @@ <h4 id="fetch-api">Fetch API</h4>
 
   The Fetch API needs to be adjusted as well.
 
-  - Define {{IPAddressSpace}} as follows.
-      <pre class="idl">
-        enum IPAddressSpace { "public","private", "local" };
-      </pre>
   - Append an optional [=map/entry=] to {{RequestInfo}}, whose [=map/key=] is
     <dfn export>targetAddressSpace</dfn>, and [=map/value=] is a
     {{IPAddressSpace}}.
@@ -972,21 +976,32 @@ <h4 id="fetch-api">Fetch API</h4>
           IPAddressSpace targetAddressSpace;
         };
       </pre>
+
+  - Define a new {=targetAddressSpace=} representing the
+    above in [=request=].
+      <pre class="idl">
+        partial interface Request {
+          readonly attribute IPAddressSpace targetAddressSpace;
+        };
+      </pre>
+
   - The <a constructor for=Request lt="Request(input, init)"><code>new
     Request(<var ignore=''>input</var>, |init|)</code></a> is
     appended with the following step right before setting [=this=]'s [=request=]
     to |request|:
-    1.  If |init|["{{RequestInit/targetAddressSpace}}"] [=map/exists=], and
-        |request|'s [=request/client=] is a [=secure context=], then switch on
-        |init|["{{RequestInit/targetAddressSpace}}"]:
+    1.  If |init|["{{RequestInit/targetAddressSpace}}"] [=map/exists=], then
+        switch on |init|["{{RequestInit/targetAddressSpace}}"]:
         <dl class=switch>
+          <dt>public
+            <dd>Do nothing.
+
           <dt>private
           <dd>Set |request|'s [=target IP address space=] to [=IP address
-            space/private=]
+            space/private=].
 
           <dt>local
           <dd>Set |request|'s [=target IP address space=] to [=IP address
-            space/local=]
+            space/local=].
         </dl>
 
   <h4 id="forbidden-header-names">Forbidden header names</h4>