From 547178358d20670a59b65531a552dc50ab6caf73 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Tue, 12 Apr 2022 18:16:05 -0700
Subject: [PATCH] change subsection title yet again :)

---
 draft-ietf-sidrops-rpki-has-no-identity.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/draft-ietf-sidrops-rpki-has-no-identity.xml b/draft-ietf-sidrops-rpki-has-no-identity.xml
index 3c043cd..ae21159 100644
--- a/draft-ietf-sidrops-rpki-has-no-identity.xml
+++ b/draft-ietf-sidrops-rpki-has-no-identity.xml
@@ -113,7 +113,7 @@
 
     </section>
   
-  <section anchor="bottom" title="The Bottom Line">
+  <section anchor="bottom" title="The RPKI is for Authorization">
 
     <t>The RPKI was designed and specified to sign certificates for use
     within the RPKI itself and to generate Route Origin Authorizations
@@ -134,7 +134,11 @@
     
     <t>PKI operations MUST NOT be performed with RPKI certificates other
     than exactly as described, and for the purposes described, in <xref
-    target="RFC6480"/>.</t>
+    target="RFC6480"/>.  That is, RPKI-based credentials of INRs MUST
+    NOT be used to authenticate real-world documents or transactions
+    without some formal external authentication of the INR and the
+    authority for the actually anonymous INR holder to authenticate the
+    particular document or transaction.</t>
 
     <t>I.e., RPKI-based credentials of INRs MUST NOT be used to
     authenticate real-world documents or transactions without some