Hi Mahesh, I confirm that the issues from my review are addressed (while the nits are mostly ignored J). Regards, Valery. From: Mahesh Jethanandani <[email protected]> Sent: Monday, October 20, 2025 10:10 PM To: Valery Smyslov <[email protected]> Cc: Russ Housley <[email protected]>; IETF SecDir <[email protected]>; [email protected]; [email protected]; [email protected] Subject: Re: [OPSAWG]Re: [Last-Call] draft-ietf-opsawg-prefix-lengths-07 ietf last call Secdir review Hi Valery, Can you do me a favor and confirm if all your comments have been addressed by the -08 version (just published) of the document? Thanks.
On Oct 18, 2025, at 1:15 AM, Valery Smyslov <[email protected] <mailto:[email protected]> > wrote: Hi Russ, Valery: I suggest: The Certification Authority (CA) The CA MUST generate a new End Entity (EE) certificate for each signing of a particular prefixlen file. The private key associated with the EE certificate SHOULD sign only one prefixlen file. That is, a new key pair SHOULD be generated for each new version of a particular prefixlen file. When the EE certificate used in this fashion, it is termed a "one-time-use" EE certificate (see Section 3 of [RFC6487]). This works for me. Thank you. Regards, Valery. Russ= Mahesh Jethanandani [email protected] <mailto:[email protected]>
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
