From 2686e81ac5fcb98a0346b8c203ca25a071faa0e9 Mon Sep 17 00:00:00 2001
From: Kent Watsen <kent@watsen.net>
Date: Fri, 7 Dec 2018 12:55:20 -0500
Subject: [PATCH] fixed action/notif under case statements issue

---
 draft-ietf-netconf-tls-client-server.xml | 18 +++++++++++++-----
 refs/ex-tls-client-keystore.xml          |  2 +-
 refs/ex-tls-client-local.xml             | 10 ++++++----
 refs/ex-tls-server-keystore.xml          |  2 +-
 refs/ex-tls-server-local.xml             | 10 ++++++----
 5 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/draft-ietf-netconf-tls-client-server.xml b/draft-ietf-netconf-tls-client-server.xml
index 91f7e45..c4b04b6 100644
--- a/draft-ietf-netconf-tls-client-server.xml
+++ b/draft-ietf-netconf-tls-client-server.xml
@@ -120,7 +120,7 @@
       grouping for the TLS parts it provides, while adding data nodes for the
       TCP-level call-home configuration.</t>
 
-      <t>The modules defined in this document uses groupings defined in <xref
+      <t>The modules defined in this document use groupings defined in <xref
       target="I-D.ietf-netconf-keystore"/> <!-- and
         <xref target="I-D.kwatsen-netconf-trust-anchors"/> --> enabling keys
       <!-- and trust anchors, respectively,--> to be either locally defined or
@@ -247,7 +247,7 @@ INSERT_TEXT_FROM_FILE(ietf-tls-server@YYYY-MM-DD.yang)
       algorithms are ordered such that, if multiple algorithms are permitted
       by the client, the algorithm that appears first in its list that is also
       permitted by the server is used for the TLS transport layer connection.
-      The ability to restrict the the algorithms allowed is provided in this
+      The ability to restrict the algorithms allowed is provided in this
       grouping for TLS clients and TLS servers that are capable of doing so
       and may serve to make TLS clients and TLS servers compliant with local
       security policies. This model supports both TLS1.2 <xref
@@ -656,7 +656,7 @@ INSERT_TEXT_FROM_FILE(ietf-tls-common@YYYY-MM-DD.yang)
       <section title="The YANG Module Names Registry">
         <t>This document registers three YANG modules in the YANG Module Names
         registry <xref target="RFC6020"/>. Following the format in <xref
-        target="RFC6020"/>, the the following registrations are requested:</t>
+        target="RFC6020"/>, the following registrations are requested:</t>
 
         <t><figure>
             <artwork>
@@ -813,13 +813,21 @@ INSERT_TEXT_FROM_FILE(ietf-tls-common@YYYY-MM-DD.yang)
       <section title="07 to 08">
         <t>
           <list style="symbols">
-            <t>Added a number of compatibility matricies to Section 5 (thanks Frank!)</t>
-            <t>Claified that any configured "cipher-suite" values need to be 
+            <t>Added a number of compatibility matrices to Section 5 (thanks Frank!)</t>
+            <t>Clarified that any configured "cipher-suite" values need to be 
                compatible with the configured private key.</t>
           </list>
         </t>
       </section>
 
+      <section title="08 to 09">
+        <t>
+          <list style="symbols">
+            <t>Updated examples to reflect update to groupings defined in the keystore draft.</t>
+          </list>
+        </t>
+      </section>
+
     </section>
 
     <section numbered="no" title="Acknowledgements">
diff --git a/refs/ex-tls-client-keystore.xml b/refs/ex-tls-client-keystore.xml
index 59a6612..cd17ef2 100644
--- a/refs/ex-tls-client-keystore.xml
+++ b/refs/ex-tls-client-keystore.xml
@@ -3,7 +3,7 @@
   <!-- how this client will authenticate itself to the server -->
   <client-identity>
     <certificate>
-      <reference>ex-rsa-cert</reference>
+      <keystore-reference>ex-rsa-cert</keystore-reference>
     </certificate>
   </client-identity>
 
diff --git a/refs/ex-tls-client-local.xml b/refs/ex-tls-client-local.xml
index bd6a0e0..25dd66a 100644
--- a/refs/ex-tls-client-local.xml
+++ b/refs/ex-tls-client-local.xml
@@ -3,10 +3,12 @@
   <!-- how this client will authenticate itself to the server -->
   <client-identity>
     <certificate>
-      <algorithm xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:rsa2048</algorithm>
-      <private-key>base64encodedvalue==</private-key>
-      <public-key>base64encodedvalue==</public-key>
-      <cert>base64encodedvalue==</cert>
+      <local-definition>
+        <algorithm xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:rsa2048</algorithm>
+        <private-key>base64encodedvalue==</private-key>
+        <public-key>base64encodedvalue==</public-key>
+        <cert>base64encodedvalue==</cert>
+      </local-definition>
     </certificate>
   </client-identity>
 
diff --git a/refs/ex-tls-server-keystore.xml b/refs/ex-tls-server-keystore.xml
index 2136658..9c78188 100644
--- a/refs/ex-tls-server-keystore.xml
+++ b/refs/ex-tls-server-keystore.xml
@@ -2,7 +2,7 @@
 
   <!-- how this server will authenticate itself to the client -->
   <server-identity>
-    <reference>ex-rsa-cert</reference>
+    <keystore-reference>ex-rsa-cert</keystore-reference>
   </server-identity>
 
   <!-- which certificates will this server trust -->
diff --git a/refs/ex-tls-server-local.xml b/refs/ex-tls-server-local.xml
index 7aa903b..0d95185 100644
--- a/refs/ex-tls-server-local.xml
+++ b/refs/ex-tls-server-local.xml
@@ -2,10 +2,12 @@
 
   <!-- how this server will authenticate itself to the client -->
   <server-identity>
-    <algorithm xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:rsa2048</algorithm>
-    <private-key>base64encodedvalue==</private-key>
-    <public-key>base64encodedvalue==</public-key>
-    <cert>base64encodedvalue==</cert>
+    <local-definition>
+      <algorithm xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:rsa2048</algorithm>
+      <private-key>base64encodedvalue==</private-key>
+      <public-key>base64encodedvalue==</public-key>
+      <cert>base64encodedvalue==</cert>
+    </local-definition>
   </server-identity>
 
   <!-- which certificates will this server trust -->