From 06ae3da805e446571fd43870acc796a72ef6a9c7 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Fri, 12 Feb 2021 10:16:38 -0800
Subject: [PATCH] trying to start to deal with russ's review

---
 draft-ietf-lsvr-l3dl-signing.xml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-lsvr-l3dl-signing.xml b/draft-ietf-lsvr-l3dl-signing.xml
index 2f529a8..4815497 100644
--- a/draft-ietf-lsvr-l3dl-signing.xml
+++ b/draft-ietf-lsvr-l3dl-signing.xml
@@ -11,7 +11,7 @@
 <?rfc tocindent="yes"?>
 <?rfc tocompact="yes"?>
 
-<rfc category="std" docName="draft-ietf-lsvr-l3dl-signing-01" ipr="trust200902">
+<rfc category="std" docName="draft-ietf-lsvr-l3dl-signing-02" ipr="trust200902">
 
 <front>
 
@@ -99,12 +99,12 @@
     <t>The Key in the OPEN PDU SHOULD be the public key of an asymmetric
     key pair.  The sender signs with the private key, of course.  The
     device sending the OPEN may use one key for all links, a different
-    key for each link, or some mix(s) thereof.</t>
+    key for each link, or some mix(es) thereof.</t>
 
     <t>In the TOFU method the key sent in the OPEN PDU is generated on
     the sending device, is believed without question by the receiver,
     and used to verify all subsequent PDUs from the same sender with the
-    same Key Algorithm.</t>
+    same Key Type and Algorithm.</t>
 
     <t>With the PKI-mechanism, an enrollment step is performed.  The
     public key is put into a certificate <xref target="RFC5280"/>, which
@@ -112,6 +112,9 @@
     this way, the relying party can be confident that the public key is
     under control of the identified L3DL protocol entity.</t>
 
+    <t>As part of enrollment or before hand, all relying parties must
+    have received the trust anchor in an authentic manner.</t> 
+
     <t>To the receiver verifying signatures on PDUs, the two methods are
     indistinguishable; the key provided in the OPEN PDU is used to
     verify the signatures of subsequent PDUs.  The difference that