Nick, I concur with your text and the intent behind this to help clean up the ecosystem. I view this similar to many other registration vs delegation, eg: if you delegate a domain name to servers that don't respond, I would support removing that delegation but not the associated registration. Same for delegated PTR/in-addr services.
I like the idea of approximately 3 months but for practical reasons think it could be shorter or left with an advisory range for implementation. You want enough to cover a short leave of absence/august in Europe but not so long that the domain names could expire 😊 I would also provide some guidance of automatic removal of delegations if the domain registration fails to exist after 7 days. I see this as common sense but likely worthwhile to write down to avoid the principle of least surprise. - Jared Sent via RFC1925 compliant device > On Feb 25, 2025, at 5:10 PM, Nick Hilliard <[email protected]> wrote: > > If RIPE NCC is unable to discover and validate a Delegated RPKI Certification > Authority's (CA's) current Manifest and CRL for one hundred consecutive days, > that Delegated CA's resource certificate shall be revoked by the RIPE NCC. > RIPE NCC shall make reasonable efforts to discover new Manifests, to notify > the Delegated CA operator if a current Manifest and CRL cannot be validated, > and to notify the operator if the delegation is revoked." > > Minor nit: it would be more normal to use calendar months for longer time > periods instead of base-10 numbers of days. I'd suggest reconsidering the 100 > days thing, especially if there's a gradual response approach implemented, > e.g. 1 month between notification, warning and revocation. ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
