You are here: Home > Participate > Join a Discussion > Mailman Archives

[certtest] RIPE 57 goal for certification

Dear Colleagues,

Some of you have raised questions about the certification production application that we are aiming to have ready for RIPE 57. Most importantly, 'What will this application do?'
The technical specifications of Internet resource certificates (using  
RFC 3779) and Route Origin Authorisations (ROAs) are, at this stage,  
relatively settled. We therefore propose to produce a working  
application based on these specifications. It is important to note,  
however, that there remain a number of issues regarding policy and  
implementation that are still under discussion. It is our expectation  
that these issues will be addressed in due time and the system can  
then be adjusted to take account of them.
Even within this scope, however, it is difficult to provide a simple  
answer to the question of what the production version will do. The  
development team has deliberately chosen an approach that allows us to  
adjust the direction of development based on the feedback we get from  
you, the testers, and the RIPE Certification Task force.
At this moment we are aiming for the following:

- A web-based portal for members, hosted by RIPE NCC, that:
- Allows members to request certificates IPv4 and IPv6 Provider Aggregatable (PA) resources
  - Allows members to manage ROAs for their PA address space
- A public web interface for certificate and ROA validation
- Ensure that the system can handle key roll-overs and revocation
- Provide a public repository of certificates and ROAs

This is not a final checklist, however; we may find that the first production version will need to include even more functionality than outlined above, or that we need to change the priority of certain functionality. The testing process, discussions with the task force and within the RIPE NCC will all have a bearing on this. As members of the testing group, you will be kept up to date on any such developments.
It is important that the production application presented to the  
community at RIPE 57 provide real value to members, implement a  
minimum set of core functionality, and be secure and bug-free (or as  
close to this as possible). It is not, however, intended that it be  
the final release. We plan to progressively add further functionality  
after the October release, according to a schedule and method to be  
decided during discussions at RIPE 57.

Kind regards,

Tim Bruijnzeels
Software Engineer, RIPE NCC