RS-002: Drop ability to use long-term identity keys for encryption pu…

…rposes That was a temporary stopgap solution in the early days. Everything uses the Channel Session Protocol now.
AwalaApp · Jul 19, 2024 · 910530a · 910530a
1 parent f19810e
commit 910530a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rs002-pki.md b/rs002-pki.md
@@ -93,7 +93,7 @@ Where, `limit` specifies how many parcels can be sent within a given number of s
 
 Each gateway has at least two certificates for the same long-term key pair: One self-issued and one certificate issued by each of its peer gateways. Consequently, every private gateway has exactly two certificates because it has exactly one peer, while a Internet gateway may have more certificates.
 
-Self-issued certificates MUST only be used to issue certificates to peers, and therefore such certificates will be the root for a PDA or a [Cargo Delivery Authorization (CDA)](#cargo-delivery-authorization-cda). Self-issued certificates MUST NOT be used to sign channel or binding messages. Peers MAY use the self-issued certificate to encrypt payloads when not using the Channel Session Protocol.
+Self-issued certificates MUST only be used to issue certificates to peers, and therefore such certificates will be the root for a PDA or a [Cargo Delivery Authorization (CDA)](#cargo-delivery-authorization-cda). Self-issued certificates MUST NOT be used to sign channel or binding messages.
 
 Certificates issued by peers MUST be used to sign channel and binding messages like cargoes. A certificate issued by a private gateway to its Internet peer is known as a CDA, and additional requirements and recommendations apply.