1 files changed, 5 insertions, 2 deletions

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 50f71cd..1f0ef16 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -2534,7 +2534,9 @@ NICK: john (Supplemental)
            by having the respective domains seized by authorities.
            However, the same mechanisms can also be abused in order to impose
            state censorship, which is one of the motivations behind GNS.
-           Hence, such a seizure is, by design, difficult to impossible in GNS.
+           In GNS, TLDs are not enumerable. By design, the start zone of
+           the resolver is defined locally and hence such a seizure is
+           difficult and ineffective in GNS.
            <!--In particular, GNS does not support WHOIS (<xref target="RFC3912" />).-->
          </t>
        </section>
@@ -2548,7 +2550,8 @@ NICK: john (Supplemental)
            Zone administrators, and for GNS this includes end-users, are
            required to responsibly and diligently protect their cryptographic
            keys.
-           GNS supports offline signing of records.
+           GNS supports signing records in advance ("offline") in order to
+           support processes which aim to protect private keys such as air gaps.
            <!-- It does not support separate zone signing and key-signing keys
            (as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer -->
          </t>