4.2.3 Self-Audit and Refresh

Periodically, the user’s client should ask the server for an updated ZTT commitment, ensure that this commitment is consistent with past data, possibly verify it with external auditors, and review the user’s sigchain for any new statements. If new keys are added to the sigchain, the client should ask the user to review the changes. If the user notices an unexpected change, they may be prompted to change their password or talk to their IT department.