From 879db0ac8baf9c40fabc8bb6143c5b3bc109e094 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Mon, 23 Oct 2023 07:10:32 -0700
Subject: [PATCH] -06 with ggm/job back and froth

---
 draft-ietf-opsawg-9092-update.xml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/draft-ietf-opsawg-9092-update.xml b/draft-ietf-opsawg-9092-update.xml
index 8e7e2b8..1372197 100644
--- a/draft-ietf-opsawg-9092-update.xml
+++ b/draft-ietf-opsawg-9092-update.xml
@@ -8,7 +8,7 @@
 <?rfc compact="yes"?>
 <?rfc subcompact="no"?>
 
-<rfc category="std" docName="draft-ietf-opsawg-9092-update-05"
+<rfc category="std" docName="draft-ietf-opsawg-9092-update-06"
      submissionType="IETF" consensus="true" ipr="trust200902"
      obsoletes="9092" version="2" >
 
@@ -518,10 +518,13 @@
       </t>
 
       <t>
-	The CA MUST generate a new EE certificate for each new signing
-	of the geofeed file.  An associated EE certificate used in this
-	fashion is termed a "one-time- use" EE certificate (see Section
-	3 of <xref target="RFC6487"/>).
+	The CA SHOULD sign only one geofeed file with each generated
+	private key and SHOULD generate a new key pair for each new
+	version of a perticular geofeed file.  The CA MUST generate a
+	new EE certificate for each signing of a particular geofeed
+	file.  An associated EE certificate used in this fashion is
+	termed a "one-time-use" EE certificate (see Section 3 of <xref
+	target="RFC6487"/>).
       </t>
 
       <t>