tim bray wanted 6480 pushed harder

draft-ietf-sidrops-rpki-has-no-identity.xml

@@ -130,11 +130,15 @@
     services.  They claim to be authoritative, at least for the INRs
     which they allocate.</t>
     
-    <t>RPKI-based credentials of INRs MUST NOT be used to authenticate
+    <t>PKI operations MUST NOT be performed with RPKI certificates other
-    real-world documents or transactions without some formal external
+    than exactly as described, and for the purposes described, in <xref
-    authentication of the INR and the authority for the actually
+    target="RFC6480"/>.</t>
-    anonymous INR holder to authenticate the particular document or
+
-    transaction.</t>
+    <t>I.e., RPKI-based credentials of INRs MUST NOT be used to
+    authenticate real-world documents or transactions without some
+    formal external authentication of the INR and the authority for the
+    actually anonymous INR holder to authenticate the particular
+    document or transaction.</t>
 
     <t>Given sufficient external, i.e. non-RPKI, verification of
     authority, the use of RPKI-based credentials seems superfluous.</t>
@@ -231,13 +235,13 @@
     <t>Control of INRs for an entity could be used to falsely authorize
     transactions or documents for which the INR manager has no
     authority.</t>
-
+<!--
     <t>RPKI-based credentials of INRs MUST NOT be used to authenticate
     real-world documents or transactions without some formal external
     authentication of the INR and the authority for the actually
     anonymous INR holder to authenticate the particular document or
     transaction.</t>
-
+-->
     </section>
 
   <section anchor="iana" title="IANA Considerations">