--- 1/draft-ietf-dnsext-ds-sha256-03.txt	2006-02-04 17:00:45.000000000 +0100
+++ 2/draft-ietf-dnsext-ds-sha256-04.txt	2006-02-04 17:00:45.000000000 +0100
@@ -1,17 +1,17 @@
 
 Network Working Group                                        W. Hardaker
 Internet-Draft                                                    Sparta
-Expires: July 10, 2006                                   January 6, 2006
+Expires: July 17, 2006                                  January 13, 2006
 
  Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
-                   draft-ietf-dnsext-ds-sha256-03.txt
+                   draft-ietf-dnsext-ds-sha256-04.txt
 
 Status of this Memo
 
    By submitting this Internet-Draft, each author represents that any
    applicable patent or other IPR claims of which he or she is aware
    have been or will be disclosed, and any of which he or she becomes
    aware will be disclosed, in accordance with Section 6 of BCP 79.
 
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
@@ -22,21 +22,21 @@
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
    The list of current Internet-Drafts can be accessed at
    http://www.ietf.org/ietf/1id-abstracts.txt.
 
    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.
 
-   This Internet-Draft will expire on July 10, 2006.
+   This Internet-Draft will expire on July 17, 2006.
 
 Copyright Notice
 
    Copyright (C) The Internet Society (2006).
 
 Abstract
 
    This document specifies how to use the SHA-256 digest type in DNS
    Delegation Signer (DS) Resource Records (RRs).  DS records, when
    stored in a parent zone, point to key signing DNSKEY key(s) in a
@@ -194,22 +194,22 @@
       present but invalid.
 
    For example, if the following conditions are all true:
 
    o  Both SHA-1 and SHA-256 based digests are published in DS records
       within a parent zone for a given child zone's DNSKEY.
 
    o  The DS record with the SHA-1 digest matches the digest computed
       using the child zone's DNSKEY.
 
-   o  The DS record with the SHA-256 digest fails to match the signature
-      computed using the child zone's DNSKEY
+   o  The DS record with the SHA-256 digest fails to match the digest
+      computed using the child zone's DNSKEY.
 
    Then if the validator accepts the above situation as secure then this
    can be used as a downgrade attack since the stronger SHA-256 digest
    is ignored.
 
 6.2.  SHA-1 vs SHA-256 Considerations for DS Records
 
    Because of the weaknesses recently discovered within the SHA-1
    algorithm, users of DNSSEC are encouraged to deploy the use of SHA-
    256 as soon as the software implementations in use allow for it.