--- 1/draft-ietf-netmod-snmp-cfg-07.txt	2014-09-18 18:14:51.227989469 -0700
+++ 2/draft-ietf-netmod-snmp-cfg-08.txt	2014-09-18 18:14:51.359992672 -0700
@@ -1,19 +1,19 @@
 
 Network Working Group                                       M. Bjorklund
 Internet-Draft                                            Tail-f Systems
 Intended status: Standards Track                        J. Schoenwaelder
-Expires: February 14, 2015                             Jacobs University
-                                                         August 13, 2014
+Expires: March 22, 2015                                Jacobs University
+                                                      September 18, 2014
 
                 A YANG Data Model for SNMP Configuration
-                     draft-ietf-netmod-snmp-cfg-07
+                     draft-ietf-netmod-snmp-cfg-08
 
 Abstract
 
    This document defines a collection of YANG definitions for
    configuring SNMP engines.
 
 Status of This Memo
 
    This Internet-Draft is submitted in full conformance with the
    provisions of BCP 78 and BCP 79.
@@ -21,21 +21,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on February 14, 2015.
+   This Internet-Draft will expire on March 22, 2015.
 
 Copyright Notice
 
    Copyright (c) 2014 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -764,24 +764,21 @@
          "Directly specifies the name to be used for the certificate.
           The value of the leaf 'name' in 'cert-to-name' list is used.";
        reference "SNMP-TLS-TM-MIB.snmpTlstmCertSpecified";
      }
 
      identity san-rfc822-name {
        base cert-to-name;
        description
          "Maps a subjectAltName's rfc822Name to a name.  The local part
           of the rfc822Name is passed unaltered but the host-part of the
-          name must be passed in lowercase.  This mapping results in a
-          1:1 correspondence between equivalent subjectAltName
-          rfc822Name values and name values except that the host-part
-          of the name MUST be passed in lowercase. For example, the
+          name must be passed in lowercase.  For example, the
           rfc822Name field FooBar@Example.COM is mapped to name
           FooBar@example.com.";
        reference "SNMP-TLS-TM-MIB.snmpTlstmCertSANRFC822Name";
      }
 
      identity san-dns-name {
        base cert-to-name;
        description
          "Maps a subjectAltName's dNSName to a name after first
           converting it to all lowercase (RFC 5280 does not specify
@@ -899,24 +895,24 @@
               cert-to-name list are searched.  Entries with lower
               numbers are searched first.";
            reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNID";
          }
 
          leaf fingerprint {
            type x509c2n:tls-fingerprint;
            mandatory true;
            description
              "Specifies a value with which the fingerprint of the
-              certificate presented by the peer is compared.  If the
-              fingerprint of the certificate presented by the peer does
-              not match the fingerprint configured, then the entry is
-              skipped and the search for a match continues.";
+              full certificate presented by the peer is compared.  If
+              the fingerprint of the full certificate presented by the
+              peer does not match the fingerprint configured, then the
+              entry is skipped and the search for a match continues.";
            reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNFingerprint";
          }
 
          leaf map-type {
            type identityref {
              base cert-to-name;
            }
            mandatory true;
            description
              "Specifies the algorithm used to map the certificate
@@ -2498,21 +2494,22 @@
              container sha {
                uses key;
                reference
                  "SNMP-USER-BASED-SM-MIB.usmHMACSHAAuthProtocol";
              }
            }
          }
          container priv {
            must "../auth" {
              error-message
-               "when privacy is used, authentication must also be used";
+               "when privacy (confidentiality) is used, "
+             + "authentication must also be used";
            }
            presence "enables encryption";
            description
              "Enables encryption of SNMP messages.";
 
            choice protocol {
              mandatory true;
              reference "SNMP-USER-BASED-SM-MIB.usmUserPrivProtocol";
              container des {
                uses key;