From cabe3f1447fa8cd70cc314197daa033c35e0762e Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Thu, 7 May 2020 14:32:21 -0700
Subject: [PATCH] another ref to 5280 per russ

---
 draft-ymbk-lsvr-l3dl-signing.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/draft-ymbk-lsvr-l3dl-signing.txt b/draft-ymbk-lsvr-l3dl-signing.txt
index 57d07c4..0dd3510 100644
--- a/draft-ymbk-lsvr-l3dl-signing.txt
+++ b/draft-ymbk-lsvr-l3dl-signing.txt
@@ -234,11 +234,11 @@ Internet-Draft   Layer 3 Discovery and Liveness Signing         May 2020
 
 3.  Public Key Infrastructure Method
 
-   Using a PKI is almost the same as using TOFU, but with one additional
-   step: during verification of an OPEN PDU, after extracting the Key
-   field from the PDU but before attempting to use it to verify the
-   PDU's signature, the receiver MUST verify the received key against
-   the PKI to confirm that it's an authorized key.
+   Using a PKI, [RFC5280], is almost the same as using TOFU, but with
+   one additional step: during verification of an OPEN PDU, after
+   extracting the Key field from the PDU but before attempting to use it
+   to verify the PDU's signature, the receiver MUST verify the received
+   key against the PKI to confirm that it's an authorized key.
 
    Generating an OPEN PDU using the PKI method requires a certificate,
    which must be supplied via out of band configuration.  The