From 4ae9e2c797bfc79e6eea0e4c2149caa18988d78d Mon Sep 17 00:00:00 2001
From: Florian Obser <fobser@ripe.net>
Date: Sun, 15 Jan 2023 08:32:33 +0100
Subject: [PATCH] silly footnote ;)

---
 VerifyHostKeyDNS.org | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/VerifyHostKeyDNS.org b/VerifyHostKeyDNS.org
index caef9ec..db0e821 100644
--- a/VerifyHostKeyDNS.org
+++ b/VerifyHostKeyDNS.org
@@ -64,7 +64,8 @@ needs to have the /Authentic Data (AD)/ flag set. The flag gets set
 when a validating name-server is asked for the SSHFP record, it finds
 it and it can validate the answer using DNSSEC.
 
-But then the libc stub resolver[fn:: The thingy that ssh uses to talk
+But then the libc stub resolver[fn:: The thingy[fn:: Thingy is a
+technical term, don't worry about it.] that ssh uses to talk
 to the validating name-server. On OpenBSD that is [[https://man.openbsd.org/man3/asr_run.3][asr]].] gets that
 answer it will strip the AD flag for security reasons. You see, it
 does not know that it can trust the validating name-server. One way to