[ca-tf] Policy proposal

Nigel,

Nigel Titley wrote on 3/5/10 2:58 PM:
> Folks
> 
> Following this morning's discussion, here is my proposal for the slide
> set. I think it roughly summarises the discussion. It may look a bit
> bald, but the supporting patter should take the edge off.
> 
> Comments and brickbats please. I know it is less than ideal, but we need
> to get *something* agreed out there.
> 
> Nigel
> 

I am not sure if I am interpreting the proposal correctly (slide 7), but
does "not tied to RIPE NCC membership" imply that the certificates are
not based on business relationships between the holder and the RIPE NCC
anymore?

The 3-5 year validity period implies that we re-issue certificates also
once in 3-5 years. That also means that the community is OK with the
decreasing quality of the initial cert statement over this long period
of time.

IMO "Certificates revoked on address re-assignment" effectively means
that only voluntarily returned space can be reclaimed.

I am a bit worried that with these sacrifices we may decrease the
utility of the resulting tool for routing security too much.

Andrei