diff --git a/draft-ietf-sidrops-rpki-has-no-identity.xml b/draft-ietf-sidrops-rpki-has-no-identity.xml
index 9d8c83f..dcad5dd 100644
--- a/draft-ietf-sidrops-rpki-has-no-identity.xml
+++ b/draft-ietf-sidrops-rpki-has-no-identity.xml
@@ -77,7 +77,7 @@
     collectively known as Internet Number Resources (INRs).  Since
     initial deployment, the RPKI has grown to include other similar
     resource and routing data, e.g. Router Keying for BGPsec, <xref
-    target="RFC8635"/>.</t>
+    target="RFC8635"/>.</t> 
 
     <t>In security terms, the phrase "Public Key" implies there is also
     a corresponding private key <xref target="RFC5280"/>.  The RPKI's
@@ -92,16 +92,18 @@
 
     <t>It has been suggested that one could authenticate real-world
     business transactions with the signatures of INR holders.  E.g.
-    Bill's Bait and Sushi could use their AS in the RPKI to sign a
-    Letter of Authorization (LOA) for some other party to rack and stack
-    hardware owned by BB&amp;S.  Unfortunately, this is not formally
-    feasible.</t>
+    Bill's Bait and Sushi could use the private key attesting to
+    ownership of their AS in the RPKI to sign a Letter of Authorization
+    (LOA) for some other party to rack and stack hardware owned by
+    BB&amp;S.  Unfortunately, while this may be technically possible, it
+    is neither appropriate nor meaningful.</t>
 
     <t>The I in RPKI actually stands for "Infrastructure," as in
     Resource Public Key Infrastructure, not for "Identity".  In fact,
     the RPKI does not provide any association between INRs and the real
     world holder(s) of those INRs.  The RPKI provides authorization to
-    speak for the named IP address blocks and AS numbers.</t>
+    make assertions only regarding named IP address blocks, AS numbers,
+    etc.</t>
 
     <t>In short, avoid the desire to use RPKI certificates for any
     purpose other than the verification of authorizations associated
@@ -120,10 +122,10 @@
     among other issues, it would expose the Certification Authority (CA)
     to liability.</t>
     
-    <t>That the RPKI does not authenticate real-world identity is a
-    feature, not a bug.  If it tried to do so, aside from the liability,
-    it would end in a world of complexity with no proof of termination,
-    as X.400 learned.</t>
+    <t>That the RPKI does not authenticate real-world identity is by
+    design.  If it tried to do so, aside from the liability, it would
+    end in a world of complexity with no proof of termination, as X.400
+    learned.</t>
 
     <t>Registries such as the Regional Internet Registries (RIRs)
     provide INR to real-world identity mapping through whois and similar