--- 1/draft-ietf-perc-dtls-tunnel-11.txt	2021-11-12 09:13:27.654288020 -0800
+++ 2/draft-ietf-perc-dtls-tunnel-12.txt	2021-11-12 09:13:27.694289019 -0800
@@ -1,22 +1,22 @@
 
 Network Working Group                                           P. Jones
 Internet-Draft                                             Cisco Systems
 Intended status: Informational                             P. Ellenbogen
-Expires: 28 April 2022                              Princeton University
+Expires: 16 May 2022                                Princeton University
                                                              N. Ohlmeier
                                                                8x8, Inc.
-                                                         25 October 2021
+                                                        12 November 2021
 
      DTLS Tunnel between a Media Distributor and Key Distributor to
                         Facilitate Key Exchange
-                     draft-ietf-perc-dtls-tunnel-11
+                     draft-ietf-perc-dtls-tunnel-12
 
 Abstract
 
    This document defines a protocol for tunneling DTLS traffic in
    multimedia conferences that enables a Media Distributor to facilitate
    key exchange between an endpoint in a conference and the Key
    Distributor.  The protocol is designed to ensure that the keying
    material used for hop-by-hop encryption and authentication is
    accessible to the Media Distributor, while the keying material used
    for end-to-end encryption and authentication is inaccessible to the
@@ -30,21 +30,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at https://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 28 April 2022.
+   This Internet-Draft will expire on 16 May 2022.
 
 Copyright Notice
 
    Copyright (c) 2021 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents (https://trustee.ietf.org/
    license-info) in effect on the date of publication of this document.
    Please review these documents carefully, as they describe your rights
@@ -361,21 +361,21 @@
 
    When processing an incoming endpoint association, the Key Distributor
    MUST extract the "external_session_id" value transmitted in the
    "ClientHello" message and match that against the "tls-id" value the
    endpoint transmitted via SDP.  If the values in SDP and the
    "ClientHello" do not match, the DTLS association MUST be rejected.
 
    The process through which the "tls-id" in SDP is conveyed to the Key
    Distributor is outside the scope of this document.
 
-   The Key Distributor MUST match the certificate fingerprint and
+   The Key Distributor MUST match the fingerprint of the certificate and
    "external_session_id" [RFC8844] received from endpoint via DTLS with
    the expected fingerprint [RFC8122] and "tls-id" [RFC8842] values
    received via SDP.  It is through this process that the Key
    Distributor can be sure to deliver the correct conference key to the
    endpoint.
 
    The Key Distributor MUST report its own unique identifier in the
    "external_session_id" extension.  This extension is sent in the
    "EncryptedExtensions" message in DTLS 1.3, and the "ServerHello" in
    previous DTLS versions.  This value MUST also be conveyed back to the