--- 1/draft-ietf-lamps-pkix-shake-14.txt	2019-07-22 08:14:25.567523243 -0700
+++ 2/draft-ietf-lamps-pkix-shake-15.txt	2019-07-22 08:14:25.603524156 -0700
@@ -1,20 +1,20 @@
 
 LAMPS WG                                                   P. Kampanakis
 Internet-Draft                                             Cisco Systems
 Updates: 3279 (if approved)                                      Q. Dang
 Intended status: Standards Track                                    NIST
 Expires: January 22, 2020                                  July 21, 2019
 
      Internet X.509 Public Key Infrastructure: Additional Algorithm
            Identifiers for RSASSA-PSS and ECDSA using SHAKEs
-                     draft-ietf-lamps-pkix-shake-14
+                     draft-ietf-lamps-pkix-shake-15
 
 Abstract
 
    Digital signatures are used to sign messages, X.509 certificates and
    CRLs.  This document updates the "Algorithms and Identifiers for the
    Internet X.509 Public Key Infrastructure Certificate and Certificate
    Revocation List Profile" (RFC3279) and describes the conventions for
    using the SHAKE function family in Internet X.509 certificates and
    revocation lists as one-way hash functions with the RSA Probabilistic
    signature and ECDSA signature algorithms.  The conventions for the
@@ -69,20 +69,24 @@
    9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
      9.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
      9.2.  Informative References  . . . . . . . . . . . . . . . . .  12
    Appendix A.  ASN.1 module . . . . . . . . . . . . . . . . . . . .  13
    Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  17
 
 1.  Change Log
 
    [ EDNOTE: Remove this section before publication. ]
 
+   o  draft-ietf-lamps-pkix-shake-15:
+
+      *  Minor editorial nits.
+
    o  draft-ietf-lamps-pkix-shake-14:
 
       *  Fixing error with incorrect preimage resistance bits for SHA128
          and SHA256.
 
    o  draft-ietf-lamps-pkix-shake-13:
 
       *  Addressing one applicable comment from Dan M. about sec levels
          while in secdir review of draft-ietf-lamps-cms-shakes.
 
@@ -445,21 +449,21 @@
    documents can be used as guides to choose appropriate key sizes for
    various security scenarios.
 
    SHAKE128 with output length of 256-bits offers 128-bits of collision
    and preimage resistance.  Thus, SHAKE128 OIDs in this specification
    are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit
    security) RSA modulus or curves with group order of 256-bits (128-bit
    security).  SHAKE256 with 512-bits output length offers 256-bits of
    collision and preimage resistance.  Thus, the SHAKE256 OIDs in this
    specification are RECOMMENDED with 4096-bit RSA modulus or higher or
-   curves with group order of 521-bits (256-bit security) or higher.
+   curves with group order of at least 521-bits (256-bit security).
    Note that we recommended 4096-bit RSA because we would need 15360-bit
    modulus for 256-bits of security which is impractical for today's
    technology.
 
 8.  Acknowledgements
 
    We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for
    their valuable contributions to this document.
 
    The authors would like to thank Russ Housley for his guidance and