per ggm, unique one time EE cert, no new key needed

2023-10-17 12:53:48 -07:00 · 2023-10-17 12:53:48 -07:00 · 4db8e66cfa
commit 4db8e66cfa
parent 0c948f190d
1 changed files with 4 additions and 5 deletions
--- a/draft-ietf-opsawg-9092-update.xml
+++ b/draft-ietf-opsawg-9092-update.xml
@ -518,11 +518,10 @@
      </t>

      <t>
-	The CA MUST sign only one geofeed with a particular generated
-	private key and MUST generate a new key pair for each new
-	version of the geofeed.  An associated EE certificate used in
-	this fashion is termed a "one-time- use" EE certificate (see
-	Section 3 of <xref target="RFC6487"/>).
+	The CA MUST generate a new EE certificate for each new signing
+	of the geofeed file.  An associated EE certificate used in this
+	fashion is termed a "one-time- use" EE certificate (see Section
+	3 of <xref target="RFC6487"/>).
      </t>

      <t>