Dear Nick, On Tue, Feb 25, 2025 at 05:59:14PM +0000, Nick Hilliard wrote: > Job Snijders wrote on 25/02/2025 16:23: > > Without an (automated) revocation mechanism, such dangling delegations could > > exist in perpetuity, wasting resources of all the validators on this planet. > > garbage collection is good engineering. > > Couple of suggestions for the proposal: > > > certificate shall be revoked by the RIPE NCC. RIPE NCC shall > > make reasonable efforts to discover new Manifests, for example, > > by corroborating information from multiple vantage points. After > > Can I suggest removing the "for example [...]" bit? It's better for policy > to state the principles of what needs to be done rather than dabbling in > procedure.
I personally think it is helpful for both the community and RIPE NCC to have an inkling of an idea what 'reasonable efforts' might constitute, to shape expectations. > Secondly in terms of timelines, the NCC will have some form of communication > details for the CAs, as part of setting them up in the first place. I'd > suggest a graduated approach to this: > > 1. notification after X months of fresh manifest non-availability > 2. warning after Y months > 3. removal after Z months > > If delegation is removed without warnings, this will invite people to > complain. Sure, but does that need to be part of the policy? What's the difference between step 1 and step 2 in your listing? What if the notification emails can't be delivered, should that delay the revocation? Kind regards, Job ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
