[ca-tf] Policy proposal

On 5/3/10 2:58 PM, Nigel Titley wrote:
> Folks
> 
> Following this morning's discussion, here is my proposal for the slide
> set. I think it roughly summarises the discussion. It may look a bit
> bald, but the supporting patter should take the edge off.
> 
> Comments and brickbats please. I know it is less than ideal, but we need
> to get *something* agreed out there.
> 
> Nigel
> 

Hi Nigel,

I agree with your summary. Please let me give you some technical answers
to the proposal on slide #7.

- certificates on request

no problem

- 3-5 year period

no problem, we should keep an eye on CRLs growing and key lifetimes and
adjust later if needed.

- lax re-issue

This implies that the RIPE NCC keeps providing services to ex-members in
this specific case. There are some technicalities involved with this
(access part of the portal and BPKI -- ensure that people can
authenticate properly). These technicalities can be overcome, but
ultimately this will require resources that normal members end up paying
for. Is this what the community wants?

- revoke on re-*assignment*

not implement now, but can be done technically


Regards,
Tim