Job Snijders wrote on 25/02/2025 16:23:
Without an (automated) revocation mechanism, such dangling delegations could
exist in perpetuity, wasting resources of all the validators on this planet.
garbage collection is good engineering.
Couple of suggestions for the proposal:
certificate shall be revoked by the RIPE NCC. RIPE NCC shall
make reasonable efforts to discover new Manifests, for example,
by corroborating information from multiple vantage points. After
Can I suggest removing the "for example [...]" bit? It's better for
policy to state the principles of what needs to be done rather than
dabbling in procedure.
Secondly in terms of timelines, the NCC will have some form of
communication details for the CAs, as part of setting them up in the
first place. I'd suggest a graduated approach to this:
1. notification after X months of fresh manifest non-availability
2. warning after Y months
3. removal after Z months
If delegation is removed without warnings, this will invite people to
complain.
Nick
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
