At 1:36 PM -0700 3/13/08, Christopher LILJENSTOLPE wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Stephen, > > What I was saying is that, if this IS for the protection of >the the individual entity hosting the PKI, then to issue a CPS is >their call, not ours to specify as a standards action. > > Either people will grok the risk and make a judgement, or not >grok the risk and still make a judgement. Therefore, suggesting >that someone embarking on SIDR may want to consider a CPS with their >powers-that-be is probably a good-thing(TM) - which is what BCPs are >for. >However, saying that it is part of doing SIDR, is probably not germane. > > Now if we are not saying that CPS is required for SIDR, then >I humbly withdraw my comments and blame it on a mis-parsing on my >part. > > Chris
Chris, I do not believe that anyone is suggesting that to be a CA in the RPKI you MUST issue a CPS. I believe that each RIR will issue its own CPS, and the handful of NIRs that exists probably will as well. As for ISPs, bigger ones probably will, but smaller ones may not. In general an entity operating a CA (other that for purely internal use) should publish a CPS, and RFC 3647 provides a generally accepted outline for writing a CP or a CPS. If an ISP acting as a CA in the RPKI decides to issue a CPS, we can make life easier for them by having a published template as a (non-normative) starting point. Our experience in doing this in the RIR space certainly suggests that is the case, i.e, the work I did for APNIC to help complete their CPS benefited greatly from having the RIR CPS template as a starting point. Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
