[ca-tf] Notes on policy discussion, 5 October
Chris Buckridge chris at ripe.net
Tue Oct 6 10:48:14 CEST 2009
Hi all, Please find attached some notes from yesterday's discussion. Regards, Chris ----- Attending: Andrew de la Haye, Andrei Robachevsky, Axel Pawlik, Nigel Titley, Ruediger Volk, Gert Doering, Sander Steffann, Filiz Yilmaz, Chris Buckridge (scribe) Andrew noted that Nigel's proposal is currently "stalled" in the PDP. It was agreed that it is better to continue editing and working with this proposal than to abandon it and submit a new one. It was noted that the Certification Policy (CP) document is in the IETF process for review. The Certification Practice Statement (CPS) is something that the TF can assist with drafting, and should be closely related to the certification policy eventually endorsed by the community. Ruediger noted that it would be useful to get from the RIPE NCC some initial ideas for what the CPS should contain. It was noted that the TF is now taking active responsibility for moving the policy discussion forward, making it more tangible for the community. Andrei feels that there are principled questions, around which there is some contention, and we should not avoid those questions in drafting the CPS. Ruediger noted that doing policy while ignoring the applications is naive, and we need to identify the gaps or problems and address these to gain community support. There were very strong reservations expressed in Dubai, particularly in regard to the use of certificates in routing. People will be reluctant to install certificates if they have reasons to fear that routing may be stopped due to unexpected events relating to certificates (revocation). He suggested that the RIPE policy include rules to prevent things happening in the regular, specified procedures that would be considered "unexpected withdrawal". If unwanted events are minimised and there means of ensuring people know how to deal with unwanted events when they do occur, then we could get to a proposal that no one would object to. Andrei noted that even with PKI, you can put "cushions" at the decision point, and that if we take a position that RPKI simply is an extension of address allocation policies, then we can defend our position. Nigel agreed, but noted that if secure routing is implemented, then revoking a certificate will have an effect on routing. Ruediger suggested that if certificate holders know that they can override a revocation record, and the general policies include the rule that re-assignments will never happen for space around which there is a dispute, this would o some way to addressing community concerns. He also suggested consulting with PKI experts, and see if it is possible to design the system such that revocation can only occur with the holder's explicit consent (though the certificate could also naturally expire). The policy needs to say that if the RIPE NCC is compromised, then replacement certificates must be issued with the same info. Even if someone hasn't been paying their dues, if the certificate was valid (and not otherwise expiring) must be replaced/ maintained. It was agreed that Nigel will summarise problem, summarise suggested solutions and present to the Address Policy WG. Further community discussion can then be taken to the mailing list. Ruediger also suggested asking Steve Kent to do impromptu presentation on how bypassing revocation could work. Ruediger noted that the system should deliver on uniqueness of resources - if there is any kind of dispute, then there cannot be certificates, except in the temporary case of transfers between RIR regions.
[ Ca-tf Archive ]