Skip to main content

Resource Certification for non-RIPE NCC Members

This policy proposal has been accepted

The new RIPE Document is: ripe-596

You're looking at an older version: 1

The current (published) version is 2
2013-04
State:
Accepted
Publication date
Draft document
Draft
Author(s)
Proposal Version
2.0 - 06 Jun 2013
All Versions
Accepted
02 Oct 2013
Working Group
RIPE NCC Services Working Group
Proposal type
  • New
Policy term
Indefinite
New RIPE Document(s)

This proposal intends to allow the RIPE NCC to issue resource certificates for non-members, such as Provider Independent End Users and Legacy address space holders, who reside in the the RIPE NCC Service Region.

Summary of Proposal

Currently, the RIPE NCC Resource Certification (RPKI) service is only available for RIPE NCC members. This proposal intends to allow the RIPE NCC to issue resource certificates for non-members, such as Provider Independent End Users and Legacy address space holders, which reside in the RIPE NCC Service region.

Policy Text

New policy text

[Following text will result in a new RIPE Policy Document “Policy for Resource Certification for non-RIPE NCC Members”, if the proposal reaches consensus]


1.0 Introduction

This policy allows the RIPE NCC to issue resource certificate for non-RIPE NCC members such as Provider Independent (PI) End Users and Legacy Address Space holders.

2.0 Certification of resources held by non-RIPE NCC members

When requested, the RIPE NCC will issue a certificate for Internet resources held by non-RIPE NCC member organisations, provided that:

  • The organisation proves that they are the legitimate holder of the resources
  • The Internet resources reside within the RIPE NCC service region

In order to be eligible for resource certification, PI End Users must comply with the RIPE policy “Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region” [1]. The contract with the sponsoring LIR must be verified and approved by the RIPE NCC.

PI End Users can optionally have their sponsoring LIR to act as an intermediary in this process.

3.0 Attribution

This document is developed by the RIPE community.

The following people actively contributed by making proposals through the RIPE Policy Development Process:

Erik Bais

4.0 Reference

[1] ripe-452, “Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region

Rationale

  1. Arguments supporting the proposal

    Resource Certification (RPKI) – and specifically the BGP Origin Validation functionality that it provides – is only a viable solution if all address space that falls under the authority of the RIR can be covered by a certificate and a Route Origin Authorisation (ROA). A partial implementation is as useful in the real world as no implementation at all.

    As it stands, around 9000 address space holders in the RIPE NCC service region can make use of the functionality that RPKI currently offers and about 18,000 other resource holders who are not members can't.

  2. Arguments opposing the proposal

    Resource Certification could be regarded as a member-only service. This means every address space holder in the RIPE NCC service region who wishes to use the Resource Certification service should become a RIPE NCC member.

    However there are cases known where for instance current PI holders can’t enter into a member agreement with the RIPE NCC, which would exclude them from using Resource Certification.