> Yep the issuer always gets to determine the subject name as per RFC > 6487 s4.5 so how about we just leave that bit out and make that > sentence a note: > > Note that more than one certificate can be issued to > an AS (i.e., more than one router can get a certificate > for the AS and hence the private key is shared among > more than one router). > > I guess the follow on question is whether we also point out that a > router could support more than one AS but having key pairs for each > AS: > > Also note that routers can support multiple ASs with > separate keys pairs one for each AS. > > or something like that?
i think i understand it and it makes sense. though i would tersify it to Rrouters can support multiple ASs with separate keys pairs, one for each AS :) randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr