From patrik at frobbit.se Tue May 6 09:39:16 2008 From: patrik at frobbit.se (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Tue, 6 May 2008 09:39:16 +0200 Subject: [ca-tf] Presentation today Message-ID: Being the chair of the session that start in a few minutes...I would like to know who will present, and how you want yourself presented. Regards, Patrik From chris at ripe.net Tue May 6 11:43:11 2008 From: chris at ripe.net (Chris Buckridge) Date: Tue, 6 May 2008 11:43:11 +0200 Subject: [ca-tf] CA-TF meeting minutes, 5 May 2008 Message-ID: <33DDE320-1896-45CA-8A63-FE536765244A@ripe.net> Certification Task Force Meeting Minutes 5 May 2008 Palace Hotel, Berlin Andrew de la Haye outlined the purpose of this meeting, which is to discuss the presentations being made to the community at this RIPE Meeting. Andrew outlined the initial presentation, which will be delivered by Nigel Titley on behalf of the Task Force. This is largely the same as the presentation given at the last Task Force meeting, and includes slides on the drivers for certification, the "added value" offered by certification and a summary of the Task Force's activities to date. Trudy Prins of the RIPE NCC then discussed the presentation that she and Oleg Muravskiy will give to the plenary. This includes the messages that: - A certificate is not the trust anchor, the registry is - Certification is all about allocations, with the certificate simply a representation of an allocation The presentation will also outline the recursive RPKI engine model under which certification will operate. Andrew noted that the slides on this model were inserted after the last TF meeting, which highlighted the need to clarify this idea, particularly the recursive aspect. Oleg outlined his section of the presentation, which includes discussion of automated provisioning, and ROAs (Route Origination Authorisations) and how they are related to certificates. His presentation will also include a demonstration of the user interface. Robert Kisteleki noted that when generating an ROA there is a lot going on in the background, and maybe there should be a slide to reflect this. He also felt that it is important to note that the information in the demo is not part of the actual RIPE Database. Trudy agreed, though noted that the RIPE NCC aims to have information in the real database in the next few weeks. She also felt that we should give an idea of what is expected of people who wish to be involved in the next stage of testing. Her presentation will also include a timeline for the testing from RIPE 56 (May) to RIPE 57 (October). She noted that the NCC will provide three regular updates to the test group (and the Task Force), which will include explanatory webcasts. For RIPE 57 the RIPE NCC hopes to have a production release, though possibly it will be a beta release. Trudy noted that the presentation does not currently touch on the transfer issue, but that the presentation will hopefully be enough to get people interested and involved. Gert noted that the plenary presentation should also direct people to the Routing and AP Working Groups, where there are related policy proposals being discussed at this meeting. Daniel agreed, and noted that there should be a couple of points in the presentation for prospective testers discussing what's in it for the testers and for the RIPE NCC. He also suggested including an estimate of the time involved on the tester's part (x hours to learn the system, and possibly then y hours to provide useful feedback). Andrew suggested that the presentation include a note that automated provisioning is a first step, and that further services will be rolled out, including transfer possibilities. Ruediger felt that a road map with some keywords would be useful in convincing people to participate, and asked what means of communication will be used for circulating feedback. Trudy noted that the mailing list and webcast will be the main communication channels. Andrew thanked the participants and noted that the presentation will be circulated to the TF by the end of Monday so that everyone will be aware of what is being presented. From duchuy.do at orange-ftgroup.com Wed May 21 17:46:52 2008 From: duchuy.do at orange-ftgroup.com (duchuy.do at orange-ftgroup.com) Date: Wed, 21 May 2008 17:46:52 +0200 Subject: [ca-tf] Subscribe me Message-ID: Dear list administrators, I am Huy from France Telecom R&D. I am now looking for documents and information about resource certificate to find out the requirements and other proceduces to apply resource certificate for FT-Orange customers. This archive list have provided a lot of valuable information for me. So could you please help me to subscribe to this list Thanks so much for your help ------- Do Duc Huy R&D/CORE/NAS +33 (0) 1 45 29 66 61 +84 (0) 4 57 42 87 9 -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.ripe.net/ripe/mail/archives/ca-tf/attachments/20080521/19ac4de6/attachment.html From filiz at ripe.net Fri May 30 16:24:52 2008 From: filiz at ripe.net (Filiz Yilmaz) Date: Fri, 30 May 2008 16:24:52 +0200 Subject: [ca-tf] Certification Proposal Message-ID: <51D68FB7-C325-47BE-8D6A-0CA0D8AF2745@ripe.net> Dear all, During RIPE 56, Nigel has presented the main points of an Initial Certification Policy Proposal. These points were previously agreed in the TF meeting back on 20th March 2008 and with the presentation in RIPE 56, the community feedback was asked. Below, I summarised the feedback received in the meeting: ------ The proposal points were received well by the community in general. One of the main points that was discussed was to have it for all resources immediately or keep the scope as proposed only to the PA allocations and holders initially. Gert Doering suggested that as long as there is a contractual relationship in place, there should not be a problem in including all resources in the picture. Hans Peter Holen said it may be an idea to still start with PA holders initially and then extend the scope of the policy later when in the meanwhile PI proposal can be resolved, after gaining some experience from the PA case. Then Michael Dillon raised some charging and fee issues linked to the certificates and questioned the concept from the point of a failure in payment causing problems in operations. This was identified as a procedural problem that can be solved within the LIR and the RIPE NCC. Finally it was agreed that this issue should be looked at from several angles (including education and raising awareness) but it should not stop this proposal to move now. ------ Nigel, you have mentioned that we may look at some rewording to include all the resources in the proposal. Regarding this, evenif there is a generic proposal what covers all resources that are bounded by some contractual relationship, we may need to phase things out during the real implementation level anyway. As I understand, there will be some operational difference between: a) certifying a resource that is held by an LIR who has a direct relationship with the RIPE NCC and b) certifying a resource that is held by an End User who has a direct relationship with an LIR instead of the RIPE NCC. And I hear implementation of cases fitting in "a)" will be earlier than implementation of cases fitting in "b)". Accordingly the policy proposal may want to be in sync with this phasing out, which is basically Hans Peter Holen's point above. I remember this being the idea behind starting with PA holders as we discussed during the CA TF meeting back on 20 March too. So my question now is: how do we proceed? Please let us know your ideas. Once agreed, I can work on the wording and pass a full proposal draft that can be put in PDP as a formal proposal. Kind regards, Filiz From nigel.titley at uk.easynet.net Fri May 30 17:59:21 2008 From: nigel.titley at uk.easynet.net (Nigel Titley) Date: Fri, 30 May 2008 16:59:21 +0100 Subject: [ca-tf] Certification Proposal In-Reply-To: <51D68FB7-C325-47BE-8D6A-0CA0D8AF2745@ripe.net> References: <51D68FB7-C325-47BE-8D6A-0CA0D8AF2745@ripe.net> Message-ID: <48402459.5060308@uk.easynet.net> Filiz Yilmaz wrote: > Dear all, > > During RIPE 56, Nigel has presented the main points of an Initial > Certification Policy Proposal. > These points were previously agreed in the TF meeting back on 20th > March 2008 and with the presentation in RIPE 56, the community > feedback was asked. > > Below, I summarised the feedback received in the meeting: > > ------ > The proposal points were received well by the community in general. > > One of the main points that was discussed was to have it for all > resources immediately or keep the scope as proposed only to the PA > allocations and holders initially. > > Gert Doering suggested that as long as there is a contractual > relationship in place, there should not be a problem in including all > resources in the picture. > Hans Peter Holen said it may be an idea to still start with PA holders > initially and then extend the scope of the policy later when in the > meanwhile PI proposal can be resolved, after gaining some experience > from the PA case. > > Then Michael Dillon raised some charging and fee issues linked to the > certificates and questioned the concept from the point of a failure in > payment causing problems in operations. > > This was identified as a procedural problem that can be solved within > the LIR and the RIPE NCC. Finally it was agreed that this issue should > be looked at from several angles (including education and raising > awareness) but it should not stop this proposal to move now. > ------ > > Nigel, you have mentioned that we may look at some rewording to > include all the resources in the proposal. > > Regarding this, evenif there is a generic proposal what covers all > resources that are bounded by some contractual relationship, we may > need to phase things out during the real implementation level anyway. > > As I understand, there will be some operational difference between: > > a) certifying a resource that is held by an LIR who has a direct > relationship with the RIPE NCC and > b) certifying a resource that is held by an End User who has a direct > relationship with an LIR instead of the RIPE NCC. > > And I hear implementation of cases fitting in "a)" will be earlier > than implementation of cases fitting in "b)". > > Accordingly the policy proposal may want to be in sync with this > phasing out, which is basically Hans Peter Holen's point above. > I remember this being the idea behind starting with PA holders as we > discussed during the CA TF meeting back on 20 March too. > > So my question now is: how do we proceed? I certainly think that the way to proceed is to offer certification to PA holders first. This is far less fraught with legal problems than anything else. I'm happy for us to widen the policy to cover other objects too. As to Michael Dillon's problem, I can understand his fears, I've worked for BT too, and the prospect of all your routes dropping out of the routing tables because accounts payable can't get their act together is enough to strike fear into the heart. However, I maintain that a combination of the RIPE NCCs traditional tolerant approach to lateness of payment, together with appreciating how important this is should do the trick. If you want to build appropriate wording into the proposal, then by all means go ahead, but I think it isn;t necessary. After all, similar things happen with domain names (and with far worse consequences). Nigel