diff --git a/draft-dkg-dprive-demux-dns-http.md b/draft-dkg-dprive-demux-dns-http.md
index 1cec64fbeae57b01e8f545ede72647398734be11..990ed7d97f907efe1459726dbcb1a7291d16568d 100644
--- a/draft-dkg-dprive-demux-dns-http.md
+++ b/draft-dkg-dprive-demux-dns-http.md
@@ -472,7 +472,7 @@ and 3*2560 == 7680 RRs.  But:
     12 + 5*2560 + 11*7680 == 97292
 
 So the smallest possible DNS message where none of these four
-inequalites hold is 97292 octets.  But a DNS message is limited in
+inequalities hold is 97292 octets.  But a DNS message is limited in
 size to 65535 octets.
 
 Therefore at least one of these inequalities holds, and one of the
@@ -592,10 +592,10 @@ brackets after each mitigation]:
    \[bytestream\[5] == 0x00]
 
  * Ensure that the high bit of the first octet of the message ID of
-   the first message is set. \[bytesteam\[2] > 0x7F]
+   the first message is set. \[bytestream\[2] > 0x7F]
 
  * Send an initial short Server Status DNS message ahead of the
-   otherwise intended initial DNS message. \[bytstream\[0] == 0x00]
+   otherwise intended initial DNS message. \[bytestream\[0] == 0x00]
 
  * Use the EDNS(0) padding option {{RFC7830}} to pad the first
    message to a multiple of 256 octets. \[bytestream\[1] == 0x00]
@@ -626,7 +626,7 @@ able to omit some records)
 FIXME: if widely deployed, consider amplification for DDoS against
 authoritative servers?
 
-FIXME: consider dnssec transparency
+FIXME: consider DNSSEC transparency
 
 FIXME: consider TLS session resumption -- this counts as a new stream
 boundary, so the multiplexing decision need not persist across