[ca-tf] Certification-Policy Proposal - next steps?
Andrew de la Haye andrew at ripe.net
Wed Mar 24 17:14:55 CET 2010
Hi Gert, Nigel, I appreciate your comments. Below some food for thoughts. It is of course without question that the Certification system is based on Community wishes and looks after their interests, like robust Registry data and secure and stable routing on the Internet. One of the reasons that the CEOs of the five RIRs have commmitted to having a production system ready by the 1st of January 2011, is because Certification is merely an additional opt-in member service, that ties in to what is already available. It is another representation of the allocation status which follows the policies we already have, along with the membership status (this is also supported in the first draft of the legal assessment). This means the questions Nigel raises could in fact already be answered: > Do we just offer it as a service that any RIPE NCC member can avail themselves of? Precisely, the LIR is free to choose to go into the LIR Portal and get a Certificate for their Internet resources. > How long will certificates last? They expire after one year and will be automatically rolled over and renewed, for as long as you remain a member. Just like our current business process for allocations, again in this process the certificates just follow their allocations. > Do we with withdraw them when a member leaves? Reclaiming address space after an LIR ceases to be a member is in line with the Community wishes, and with the policies and Resource Lifecycle Management we are committed to. Since the Certificate is tied to address space, it would automatically mean the certificate gets invalid (after a grace period) once they stop being a member. This is analogous to the RIPE Database entries being removed, and the reverse DNS service being stopped. Once the address space has been reclaimed and reissued to another member, they would be able to get a certificate for it. Obviously we are concerned about the impression that we are pushing this forward. I would like to reiterate a point out of my previous message: we have realized people are more concerned with the benefits of the system to their organisation than with aspects like the time the certificate lasts. So instead of waiting for someone to voice their opinion as we have done with 2008-08 with little result, we're using targeted messaging, as well as a survey and training courses to actively gather feedback. Based on the results, we will do a thorough analysis and make a decision that is in the best interest of our Community. Regards, Andrew On 22 Mar 2010, at 16:45, Gert Doering wrote: > Hi, > > On Mon, Mar 22, 2010 at 11:32:02AM +0000, Nigel Titley wrote: >> Well, I don't see any consensus for the policy proposal as originally >> proposed > > Definitely not... > >> and I'm happy to withdraw it > > ... but I don't think that this should be the right way. I'd go for > "v2.0" of the proposal that incorporates clear words to address the > issues voiced by the community. > >> and just continue with the >> technical implementation, but this begs the question of how we implement >> certification from a business perspective. Do we just offer it as a >> service that any RIPE NCC member can avail themselves of? How long will >> certificates last? Do we with withdraw them when a member leaves? All >> the questions that came up during the policy debate still need >> answering. > > That's why I think a "v2.0" of the proposal with some answers to that > makes sense. On 23 Mar 2010, at 13:18, Nigel Titley wrote: > On Mon, 2010-03-22 at 16:45 +0100, Gert Doering wrote: > >> >> That's why I think a "v2.0" of the proposal with some answers to that >> makes sense. > > Yes, I'm beginning to agree with you. Merely dropping the proposal gives > the impression that the RIPE NCC is just going to steam roller ahead > regardless of what the community thinks or wants. And this is something > that we want to avoid at all costs. > > Nigel > On Mar 23, 2010, at 1:18 PM, Nigel Titley wrote: > On Mon, 2010-03-22 at 16:45 +0100, Gert Doering wrote: > >> >> That's why I think a "v2.0" of the proposal with some answers to that >> makes sense. > > Yes, I'm beginning to agree with you. Merely dropping the proposal gives > the impression that the RIPE NCC is just going to steam roller ahead > regardless of what the community thinks or wants. And this is something > that we want to avoid at all costs. > > Nigel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1727 bytes Desc: not available Url : https://www.ripe.net/ripe/mail/archives/ca-tf/attachments/20100324/b2b10e2a/attachment.bin
[ Ca-tf Archive ]
