From 7de9cdca9c616bfef2f84f81b52469d3aadd749a Mon Sep 17 00:00:00 2001
From: Hemant Sharma <101124549+hmntsharma@users.noreply.github.com>
Date: Tue, 23 Jul 2024 02:28:57 +0100
Subject: [PATCH] Update draft-hmntsharma-bmp-over-tls.md

---
 draft-hmntsharma-bmp-over-tls.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-hmntsharma-bmp-over-tls.md b/draft-hmntsharma-bmp-over-tls.md
index efd24f5..30d3fe4 100644
--- a/draft-hmntsharma-bmp-over-tls.md
+++ b/draft-hmntsharma-bmp-over-tls.md
@@ -102,7 +102,7 @@ In regular TLS connections, the server has a TLS certificate along with a public
 
 For BMP over TLS (BMPS), it is REQUIRED to implement mutual TLS (mTLS), wherein both the server (BMP station) and the client (network element) have certificates, and both sides authenticate each other using their respective public/private key pairs.
 
-The organizations implementing mTLS SHOULD have their own self-signed "root" certificate. The certificates issued to both the BMP station and NEs should correspond to this root certificate.
+A self-signed "root" TLS certificate is REQUIRED for mTLS, allowing an organization to act as its own certificate authority. The certificates issued to both the BMP station and NEs should correspond to this root certificate.
 
 The operational flow of BMP over TLS is similar to standard TLS operations: