From d3af4aada3a0f170535a2f90e2ec3121b34b9a85 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 8 Nov 2012 23:08:46 +0100
Subject: [PATCH] doc update

---
 doc/cha-cert-auth.texi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 168b10639..6b9c85d52 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -498,7 +498,9 @@ provide an alternative public key infrastructure to the commercial CAs that
 are typically used to sign TLS certificates. The DANE protocol takes advantage
 of the DNSSEC infrastructure to verify TLS certificates. This can be 
 in addition to the verification by CA infrastructure or 
-could even replace it where DNSSEC is deployed.
+may even replace it where DNSSEC is fully deployed. Note however, that DNSSEC deployment is
+fairly new and it would be better to use it as an additional verification
+method rather than the only one.
 
 The DANE functionality is provided by the @code{libgnutls-dane} library that is shipped
 with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. 
-- 
2.11.4.GIT