[ca-tf] Certification Proposal

Filiz Yilmaz wrote:
> Dear all,
>
> During RIPE 56, Nigel has presented the main points of an Initial 
> Certification Policy Proposal.
> These points were previously agreed in the TF meeting back on 20th 
> March 2008 and with the presentation in RIPE 56, the community 
> feedback was asked.
>
> Below, I summarised the feedback received in the meeting:
>
> ------
> The proposal points were received well by the community in general.
>
> One of the main points that was discussed was to have it for all 
> resources immediately or keep the scope as proposed only to the PA 
> allocations and holders initially.
>
> Gert Doering suggested that as long as there is a contractual 
> relationship in place, there should not be a problem in including all 
> resources in the picture.
> Hans Peter Holen said it may be an idea to still start with PA holders 
> initially and then extend the scope of the policy later when in the 
> meanwhile PI proposal can be resolved, after gaining some experience 
> from the PA case.
>
> Then Michael Dillon raised some charging and fee issues linked to the 
> certificates and questioned the concept from the point of a failure in 
> payment causing problems in operations.
>
> This was identified as a procedural problem that can be solved within 
> the LIR and the RIPE NCC. Finally it was agreed that this issue should 
> be looked at from several angles (including education and raising 
> awareness) but it should not stop this proposal to move now.
> ------
>
> Nigel, you have mentioned that we may look at some rewording to 
> include all the resources in the proposal.
>
> Regarding this, evenif there is a generic proposal what covers all 
> resources that are bounded by some contractual relationship, we may 
> need to phase things out during the real implementation level anyway.
>
> As I understand, there will be some operational difference between:
>
> a) certifying a resource that is held by an LIR who has a direct 
> relationship with the RIPE NCC and
> b) certifying a resource that is held by an End User who has a direct 
> relationship with an LIR instead of the RIPE NCC.
>
> And I hear implementation of cases fitting in "a)" will be earlier 
> than implementation of cases fitting in "b)".
>
> Accordingly the policy proposal may want to be in sync with this 
> phasing out, which is basically Hans Peter Holen's point above.
> I remember this being the idea behind starting with PA holders as we 
> discussed during the CA TF meeting back on 20 March too.
>
> So my question now is: how do we proceed?
I certainly think that the way to proceed is to offer certification to 
PA holders first. This is far less fraught with legal problems than 
anything else. I'm happy for us to widen the policy to cover other 
objects too.

As to Michael Dillon's problem, I can understand his fears, I've worked 
for BT too, and the prospect of all your routes dropping out of the 
routing tables because accounts payable can't get their act together is 
enough to strike fear into the heart. However, I maintain that a 
combination of the RIPE NCCs traditional tolerant approach to lateness 
of payment, together with <insert large company here> appreciating how 
important this is should do the trick. If you want to build appropriate 
wording into the proposal, then by all means go ahead, but I think it 
isn;t necessary. After all, similar things happen with domain names (and 
with far worse consequences).


Nigel