The directory service should be able to issue signing-key certificates (e.g. via Sectigo) so that there is a separation between identity verification EV certificates and signing certificates.
Alternatively, the directory service should accept CSR requests and sign them using Sectigo or a directory-specific certificate and store those CSRs as signing-keys for the VASPs.
NOTE: Right now the rVASP is signing transactions with its identity verification certificates.
The directory service should be able to issue signing-key certificates (e.g. via Sectigo) so that there is a separation between identity verification EV certificates and signing certificates.
Alternatively, the directory service should accept CSR requests and sign them using Sectigo or a directory-specific certificate and store those CSRs as signing-keys for the VASPs.
NOTE: Right now the rVASP is signing transactions with its identity verification certificates.