diff --git a/draft-ymbk-lsvr-l3dl-signing.xml b/draft-ymbk-lsvr-l3dl-signing.xml
index aad62fd..ef59717 100644
--- a/draft-ymbk-lsvr-l3dl-signing.xml
+++ b/draft-ymbk-lsvr-l3dl-signing.xml
@@ -60,9 +60,10 @@
 
     <t>The Layer 3 Discovery and Liveness protocol provides for the OPEN
     PDU to contain a key which can be used to verify signatures on
-    subsequent PDUs.  This document describes two methods of key
-    generation and signing for use by L3DL, Trust On First Use, AKA
-    TOFU, and PKI-based.</t>
+    subsequent PDUs.  This document describes two mechanisms based on
+    digital signatures, one that is Trust On First Use (TOFU), and one
+    that uses X.509 certificates to provide authentication as well as
+    session integrity.</t>
 
   </abstract>
 
@@ -93,17 +94,24 @@
     provided in the OPEN PDU is used to verify the signatures on the
     subsequent PDUs.  The difference is how that key is generated.</t>
 
-    <t>In the TOFU  method the OPEN key is believed without question and
-    is used to verify all subsequent PDUs with the same Key Type.</t>
+    <t>In the TOFU method the OPEN key is believed without question and
+    is used to verify all subsequent PDUs from the same peer with the
+    same Key Type.</t>
+
+    <t>With the PKI-mechanism, an enrollment step is performed.  The
+    public key and an identifier of the subject are put into a
+    certificate, which is signed by the trust anchor.  In this way, the
+    relying party can be confident that the public key is under control
+    of the identified L3DL protocol entity.</t>
 
     <t>In the PKI method the OPEN key MUST be verified against the trust
     anchor for the operational domain.  It is then used to verify all
-    subsequent PDUs with the same Key Type.</t>
+    subsequent PDUs from the same peer with the same Key Type.</t>
 
-    <t>The Key in the OPEN PDU SHOULD be the public half of an
-    asymmetric key pair.  The sender signs with the private key, of
-    course.  The device sending the OPEN may use one key for all links,
-    a different key for each link, or some aggregation(s) thereof.</t>
+    <t>The Key in the OPEN PDU SHOULD be the public key of an asymmetric
+    key pair.  The sender signs with the private key, of course.  The
+    device sending the OPEN may use one key for all links, a different
+    key for each link, or some aggregation(s) thereof.</t>
 
     </section>
 
@@ -118,10 +126,11 @@
   <section anchor="roll" title="NEWKEY, Key Roll">
 
     <t>Modern key management allows for agility in 'rolling' to a new
-    key or even algorithm in case of key compromise or merely prudence.
-    Declaring a new key with an L3DL OPEN PDU would cause serious churn
-    in topology as a new OPEN causes a withdraw of previously announced
-    encapsulations.  Therefore, a gentler rekeying is needed.</t>
+    key or even algorithm in case of key expry, key compromise, or
+    merely prudence.  Declaring a new key with an L3DL OPEN PDU would
+    cause serious churn in topology as a new OPEN causes a withdraw of
+    previously announced encapsulations.  Therefore, a gentler rekeying
+    is needed.</t>
 
 <!--
     protocol "Type = 8:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:40,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40"