From b0aa9c35b256f5b39d061437504afc3e6e474e4f Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 17 Jul 2019 15:21:00 -0400
Subject: [PATCH] Fix <list/> (forgot <t>...</t> wrappers).

---
 draft-ymbk-lsvr-l3dl-signing.xml | 136 ++++++++++++++++---------------
 1 file changed, 71 insertions(+), 65 deletions(-)

diff --git a/draft-ymbk-lsvr-l3dl-signing.xml b/draft-ymbk-lsvr-l3dl-signing.xml
index e11a0ca..3555065 100644
--- a/draft-ymbk-lsvr-l3dl-signing.xml
+++ b/draft-ymbk-lsvr-l3dl-signing.xml
@@ -128,31 +128,33 @@
 
       <t>All signed PDUs are generated in the same way:</t>
 
-      <list style="symbols">
+      <t>
+	<list style="symbols">
 
-	<t>
-	  Compose the PDU, with all fields including "Sig Type" and
-	  "Signature Length" set, but omitting the trailing
-	  "Signature" field itself.  This is the "message to be
-	  signed" for purposes of the signature algorithm.
-	</t>
+	  <t>
+	    Compose the PDU, with all fields including "Sig Type" and
+	    "Signature Length" set, but omitting the trailing
+	    "Signature" field itself.  This is the "message to be
+	    signed" for purposes of the signature algorithm.
+	  </t>
 
-	<t>
-	  Generate the signature as specified for the chosen signature
-	  suite, using the private member of the asymmetric key pair.
-	  In general this will involve first hashing the "message to
-	  be signed" then signing the hash, but the precise details
-	  may vary with the specific algorithm.  The result will be a
-	  sequence of octets, the length of which MUST be equal to the
-	  setting of the "Signature Length" field.
-	</t>
+	  <t>
+	    Generate the signature as specified for the chosen signature
+	    suite, using the private member of the asymmetric key pair.
+	    In general this will involve first hashing the "message to
+	    be signed" then signing the hash, but the precise details
+	    may vary with the specific algorithm.  The result will be a
+	    sequence of octets, the length of which MUST be equal to the
+	    setting of the "Signature Length" field.
+	  </t>
 
-	<t>
-	  Construct the complete message by appending the signature
-	  octets to the otherwise complete message composed above.
-	</t>
+	  <t>
+	    Construct the complete message by appending the signature
+	    octets to the otherwise complete message composed above.
+	  </t>
 
-      </list>
+	</list>
+      </t>
 
       <t>
 	In the case of the OPEN PDU, the message to be signed will
@@ -171,37 +173,39 @@
 	OPEN PDU also establishes the session key.
       </t>
 
-      <list style="symbols">
+      <t>
+	<list style="symbols">
 
-	<t>
-	  Verify that the PDU is syntactically correct, and extract
-	  the Auth Type, Key, Sig Type, and Signature fields.
-	</t>
+	  <t>
+	    Verify that the PDU is syntactically correct, and extract
+	    the Auth Type, Key, Sig Type, and Signature fields.
+	  </t>
 
-	<t>
-	  Verify that Auth Type and Sig Type refer to the same
-	  algorithm suite, and that said algorithm suite is one that
-	  the implementation understands.
-	</t>
+	  <t>
+	    Verify that Auth Type and Sig Type refer to the same
+	    algorithm suite, and that said algorithm suite is one that
+	    the implementation understands.
+	  </t>
 
-	<t>
-	  Construct the "message to be verified" by truncating the PDU
-	  to remove the Signature field (in practice this should not
-	  require copying any data, just subtract the signature length
-	  from the PDU length).
-	</t>
+	  <t>
+	    Construct the "message to be verified" by truncating the PDU
+	    to remove the Signature field (in practice this should not
+	    require copying any data, just subtract the signature length
+	    from the PDU length).
+	  </t>
 
-	<t>
-	  Verify the message constructed above against the public key
-	  using the rules for the specific signature suite.
-	</t>
+	  <t>
+	    Verify the message constructed above against the public key
+	    using the rules for the specific signature suite.
+	  </t>
 
-	<t>
-	  Record Auth Type and Key as this sessions's authentication
-	  type and session key, for use in verifying subseuqent PDUs.
-	</t>
+	  <t>
+	    Record Auth Type and Key as this sessions's authentication
+	    type and session key, for use in verifying subseuqent PDUs.
+	  </t>
 
-      </list>
+	</list>
+      </t>
 
       <t>
 	If any of the above verification steps fail, generate an error
@@ -227,30 +231,32 @@
 	but follows the same basic pattern as for OPEN PDUs.
       </t>
 
-      <list style="symbols">
+      <t>
+	<list style="symbols">
 
-	<t>
-	  Verify that the PDU is syntactically correct, and extract
-	  the Sig Type and Signature fields.
-	</t>
+	  <t>
+	    Verify that the PDU is syntactically correct, and extract
+	    the Sig Type and Signature fields.
+	  </t>
 
-	<t>
-	  Verify that Sig Type refers to the same algorithm suite as
-	  the Auth Type recorded during verification of the OPEN PDU.
-	</t>
+	  <t>
+	    Verify that Sig Type refers to the same algorithm suite as
+	    the Auth Type recorded during verification of the OPEN PDU.
+	  </t>
 
-	<t>
-	  Construct the "message to be verified" by truncating the PDU
-	  to remove the Signature field.
-	</t>
+	  <t>
+	    Construct the "message to be verified" by truncating the PDU
+	    to remove the Signature field.
+	  </t>
 
-	<t>
-	  Verify the message constructed above against the recorded
-	  session key using the rules for the specific signature
-	  suite.
-	</t>
+	  <t>
+	    Verify the message constructed above against the recorded
+	    session key using the rules for the specific signature
+	    suite.
+	  </t>
 
-      </list>
+	</list>
+      </t>
 
       <t>
 	If any of the above verification steps fail, generate an error