Hi Tim, > But this should start with a problem statement which is discussed in > the IETF. The context of the RPKI standards matter and a lot of the > contributors to those standards are not active here.
It is not uncommon for initiatives to start in a special interest group outside the IETF, and then later on be presented to the appropriate IETF working group. For example the origins of the development of BGP Large Communities can be traced back to a NetNod meeting [1], later on the design was influenced based on feedback received at Routing WG @ RIPE 72, and then finally the specification was published as RFC via the IETF IDR WG. This message [2] is intended to start a conversation in the RIPE community specifically about the topic of Certificate Transparency and RPKI, because CT appears to have critically improved the WebPKI. > As it stands I think that asking the RIPE NCC to make a big investment > without further analysis is questionable. I agree, more study is needed before committing to big investments. Gauging community interest is part of the exploratory phase of the process. > It is also not sufficiently clear to me how and why this problem is > more urgent than other investments in RPKI, I don't recall anyone suggesting this is "more urgent than other investments"? > e.g. providing a Publication Server service for members, and investing > in support for ASPA. RIPE NCC maintains a list of plans here [4]. Neither Publication Server service nor ASPA are listed as of yet. Specific to about ASPA: as per last IETF 111 SIDROPS meeting [3], I think ASPA is pending the development of a testbed between various vendors coordinated through that IETF working group. It'll depend on market forces at what pace ASPA moves along. And do keep in mind that deployment of ASPA would mean we (network operators) collectively even more increase our dependency on the RPKI, which in my opinion strengthens the case to talk about additional oversight and auditability of Trust Anchors ... perhaps through Certificate Transparency! Kind regards, Job [1]: http://largebgpcommunities.net/2016/where-did-large-communities-start/ [2]: https://www.ripe.net/ripe/mail/archives/routing-wg/2021-September/004397.html [3]: https://www.youtube.com/watch?v=DtnFulym8CQ [4]: https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/rpki-planning-and-roadmap
