From 3923d26be64ad9a67d1674d3cdb5ad78ffafeb21 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Sat, 20 Jan 2024 10:41:30 -0800
Subject: [PATCH] -09 published

---
 draft-ietf-opsawg-9092-update.xml | 35 ++++++++++++++++---------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/draft-ietf-opsawg-9092-update.xml b/draft-ietf-opsawg-9092-update.xml
index 04e67e6..4ac1b71 100644
--- a/draft-ietf-opsawg-9092-update.xml
+++ b/draft-ietf-opsawg-9092-update.xml
@@ -8,7 +8,7 @@
 <?rfc compact="yes"?>
 <?rfc subcompact="no"?>
 
-<rfc category="std" docName="draft-ietf-opsawg-9092-update-08"
+<rfc category="std" docName="draft-ietf-opsawg-9092-update-09"
      submissionType="IETF" consensus="true" ipr="trust200902"
      obsoletes="9092" version="2" >
 
@@ -547,32 +547,33 @@
 	</li>
 
 	<li>
-	  Validation of the signer's certificate MUST ensure that it is
+	  Validating the signer's certificate MUST ensure that it is
 	  part of the current <xref target="RFC9286"/> manifest and that
 	  all resources are covered by the RPKI certificate.
 	</li>
 
 	<li>
-	  Construct the certification path for the signer's certificate.
-	  All of the needed certificates are expected to be readily
-	  available in the RPKI repository.  The certification path MUST
-	  be valid according to the validation algorithm in <xref
-	  target="RFC5280"/> and the additional checks specified in
-	  <xref target="RFC3779"/> associated with the IP Address
-	  Delegation certificate extension and the Autonomous System
-	  Identifier Delegation certificate extension.  If certification
-	  path validation is unsuccessful, then validation MUST fail.
+	  Constructing the certification path for the signer's
+	  certificate.  All of the needed certificates are expected to
+	  be readily available in the RPKI repository.  The
+	  certification path MUST be valid according to the validation
+	  algorithm in <xref target="RFC5280"/> and the additional
+	  checks specified in <xref target="RFC3779"/> associated with
+	  the IP Address Delegation certificate extension and the
+	  Autonomous System Identifier Delegation certificate extension.
+	  If certification path validation is unsuccessful, then
+	  validation MUST fail.
 	</li>
 
 	<li>
-	  Validate the CMS SignedData as specified in <xref
+	  Validating the CMS SignedData as specified in <xref
 	  target="RFC5652"/> using the public key from the validated
 	  signer's certificate.  If the signature validation is
 	  unsuccessful, then validation MUST fail.
 	</li>
 
 	<li>
-	  Confirm that the eContentType object identifier (OID) is
+	  Confirming that the eContentType object identifier (OID) is
 	  id-ct-geofeedCSVwithCRLF (1.2.840.113549.1.9.16.1.47).  This
 	  OID MUST appear within both the eContentType in the
 	  encapContentInfo object and the ContentType signed attribute
@@ -580,10 +581,10 @@
 	</li>
 
 	<li>
-	  Verify that the IP Address Delegation certificate extension
-	  <xref target="RFC3779"/> covers all of the address ranges of
-	  the geofeed file.  If all of the address ranges are not
-	  covered, then validation MUST fail.
+	  Verifying that the IP Address Delegation certificate
+	  extension <xref target="RFC3779"/> covers all of the address
+	  ranges of the geofeed file.  If all of the address ranges are
+	  not covered, then validation MUST fail.
 	</li>
       </ol>