On Oct 08, 2014, at 02:48, Randy Bush <ra...@psg.com> wrote: >> Yep the issuer always gets to determine the subject name as per RFC >> 6487 s4.5 so how about we just leave that bit out and make that >> sentence a note: >> >> Note that more than one certificate can be issued to >> an AS (i.e., more than one router can get a certificate >> for the AS and hence the private key is shared among >> more than one router). >> >> I guess the follow on question is whether we also point out that a >> router could support more than one AS but having key pairs for each >> AS: >> >> Also note that routers can support multiple ASs with >> separate keys pairs one for each AS. >> >> or something like that? > > i think i understand it and it makes sense. though i would tersify it > to > > Rrouters can support multiple ASs with > separate keys pairs, one for each AS > > :) > > randy
I let this one sit for a while and hearing no objections I went ahead and made the changes in the version on github: https://github.com/seanturner/draft-ietf-sidr-bgpsec-pki-profiles/blob/master/draft-ietf-sidr-bgpsec-pki-profiles-09.txt I’ll submit it to the IETF once the submission window reopens. To the best of my knowledge this resolves the last remaining technical issue. spt _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr