diff --git a/AGGREGATE.md b/AGGREGATE.md
index 0ad3e2889..592dcf649 100644
--- a/AGGREGATE.md
+++ b/AGGREGATE.md
@@ -308,7 +308,7 @@ shared.
 The encryption will use public keys specified by the aggregation service. The
 browser will encrypt payloads just before the report is sent by fetching the
 public key endpoint (the aggregation service coordinator origin at the path
- `/.well-known/aggregation-service/public-keys`) with an un-credentialed request. The processing origin will
+ `/.well-known/aggregation-service/v1/public-keys`) with an un-credentialed request. The processing origin will
 respond with a set of keys which will be stored according to standard HTTP
 caching rules, i.e. using Cache-Control headers to dictate how long to store the
 keys for (e.g. following the [freshness
@@ -329,6 +329,8 @@ encoded public keys is as follows:
 }
 ```
 
+Note: The version in the `.well-known` path may change.
+
 To limit the impact of a single compromised key, multiple keys (up to a small
 limit) can be provided. The browser should independently pick a key uniformly at
 random for each payload it encrypts to avoid associating different reports.
diff --git a/index.bs b/index.bs
index 5dbeedf17..257136a4e 100644
--- a/index.bs
+++ b/index.bs
@@ -3272,7 +3272,7 @@ To <dfn>obtain the public key for encryption</dfn> given an [=aggregation coordi
 1. Set |url|'s [=url/scheme=] to |aggregationCoordinator|'s [=origin/scheme=].
 1. Set |url|'s [=url/host=] to |aggregationCoordinator|'s [=origin/host=].
 1. Set |url|'s [=url/port=] to |aggregationCoordinator|'s [=origin/port=].
-1. Set |url|'s [=url/path=]  to «"`.well-known`", "`aggregation-service`", "`public-keys`"».
+1. Set |url|'s [=url/path=]  to «"`.well-known`", "`aggregation-service`", "`v1`", "`public-keys`"».
 1. Return a user-agent-determined public key from |url| or an error in the event that the user
     agent failed to obtain the public key from |url|. This step may be asynchronous.