From ffd3cbb646ff2f9f5e0cfcbc164e18f7fe4089df Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Tue, 20 Feb 2024 17:59:44 -0500
Subject: [PATCH] proposed text from errata

---
 dtbootstrap-anima-keyinfra.xml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dtbootstrap-anima-keyinfra.xml b/dtbootstrap-anima-keyinfra.xml
index 7d2557d..a0b2428 100644
--- a/dtbootstrap-anima-keyinfra.xml
+++ b/dtbootstrap-anima-keyinfra.xml
@@ -1957,8 +1957,11 @@ locator3  = [O_IPv6_LOCATOR, fe80::1234, 41, nil]]]></artwork>
         </t>
 
         <t>
-          Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is
-          REQUIRED.  TLS 1.3 (or newer) SHOULD be available.
+          TLS 1.2 [RFC5246] with SNI support [RFC6066] is REQUIRED if
+          TLS 1.3 is not available.
+          The Server Name Indicator (SNI) is required when the Registrar
+          communicates with the MASA in order for the MASA to be hosted in
+          a modern multi-tenant TLS infrastructure.
         </t>
 
         <t>