>> all private keys MUST be protected when at rest in a secure
>> fashion.
> that use of a MUST is commendable but its not exactly an
> interoperability issue
is
The operator MUST ensure that the installed CA certificate is valid.
an interop issue?
this is an opsec doc; not protocol on the wire. hence its MUSTs are
security and operational prudence.
but enough already.
randy
