Hi, I asked on the mike about the success stories we have had with CPS in other contexts in order to find out who is actually writing these kinds of documents and whether it would be reasonable to expect any of this in future RPKI work.
There is probably some need to write at least a minimal statement if you sell certificate authority services. It would be nice to have these documents use a similar format (hence the CPS template) but AFAICS it's also perfectly fine to use your own format; the IETF is not a contract or documentation police :-). On the other hand, if an ISP does not sell those services (but rather is just an end-user and/or provides the service for free for its customers), it's not obvious why most ISPs would be interested in doing a lot of paperwork on this subject. Most ISPs already disclaim any responsibility for pretty much anything that hasn't been explicitly agreed to so not doing any paperwork would be compatible with current practise. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
