[ca-tf] Certification-Policy Proposal - next steps?
Nigel Titley nigel.titley at uk.easynet.net
Mon Mar 22 12:32:02 CET 2010
On Fri, 2010-03-19 at 15:04 +0100, Andrew de la Haye wrote: > Hi Gert, > > since the last RIPE meeting where we met with the CA-TF and with the community, we have been very active on several levels. > - Technical implementation and production readiness plans (aim: production ready January 2011) > - Drafting Certification Practice Statement (CPS) and aligning Certification Policy (CP) with other RIRs (I'll be able to give you a date of delivery of first draft after the IETF of next week) > - Legal impact assessment (draft from lawyers received) > - Analysing of other documentation (mainly IETF standards related) > - Drafting roll-out plan which consists of: > --- external audit (to be planned) > --- getting feedback from a wider audience (including short survey) > --- analyse strength and weaknesses (ongoing) > --- implementation plan (ongoing) > --- communication strategy (alignment with other RIRs) > --- development of toolset according to feedback from membership (to be started) > We have now a dedicated resource on the roll-out plan, which is Alex Band (our TS rep. who delivered the RIPE 59 Cert update). > > On the topic of RIPE Policy I have made the following observation: > > During RIPE 59, there were presentations from Nigel and Stephen Kent. Stephen focused on the technical aspects and capabilities of a certification system, following the feedback from the previous meeting and discussions. > > Most of the discussion concerning Certification revolves around technical details and implementation issues (which are being covered by the CPS). Next to this, the target audience needing to adopt Certification, is more concerned with the is benefits of the system to their organisation. > > It seems there is difficulty within community to agree on a broader policy document before seeing practical issues on a less formal document. Following this how would the CA-TF feel about withdrawing the current policy proposal (2008-08)? Well, I don't see any consensus for the policy proposal as originally proposed and I'm happy to withdraw it and just continue with the technical implementation, but this begs the question of how we implement certification from a business perspective. Do we just offer it as a service that any RIPE NCC member can avail themselves of? How long will certificates last? Do we with withdraw them when a member leaves? All the questions that came up during the policy debate still need answering. Nigel
[ Ca-tf Archive ]