Hi Russ, > Valery: > > I suggest: > > The Certification Authority (CA) The CA MUST generate a new End Entity (EE) > certificate for each signing of a particular prefixlen file. The private key > associated with the EE certificate SHOULD sign only one prefixlen file. That is, > a new key pair SHOULD be generated for each new version of a particular > prefixlen file. > When the EE certificate used in this fashion, it is termed a "one-time-use" > EE certificate (see Section 3 of [RFC6487]).
This works for me. Thank you. Regards, Valery. > Russ= _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
