- you're in favour of the general principle, want some details changed, but agree to pospone that to the next round of certificate-related proposals (like "this proposal does not cover PI" - yes, we know, the plan was to "start with the easy bits = PA").
This proposal only applies to IPv4 ALLOCATED PA blocks that were issued by
Why is it stated : the RIPE NCC and excludes early registration and legacy space, as well as
blocks marked as ALLOCATED UNSPECIFIED or ALLOCATED PI.
That was one of the topics I noticed when I used the certification website for my own LIR. ( After some peer pressure by a guy named Alex B. ) I would think/argue that this would be more useful for specifically PI, rather than just doing it for PA. And to make things probably worse for the discussion, I would think that having the LIR manage this on behalf of their PI customers, might not be a bad idea, also because the location of the online certification site is in the LIR portal and this could be seen as one of the tasks a LIR does on behalf for their customers. PI LIR customers that doesn't want their specific LIR to deal with their certification process, could either change LIR or change to a Direct Assignment End-User, but I'm guessing that would be a very small group of all PI customers. It is my experience that PI customers don't want to deal with the 'RIPE stuff' and/or are not very responsive into sorting their stuff out, as long as they have access to their addresses/objects. And yes, I do realize that having a third party in the middle (the LIR) might be seen as an additional security risk, specifically in dealing with certificates, but that could be a different discussion. If the CA-TF isn't planning to change the policy to include ALLOCATED PI, is there a set time-frame on when this will be proposed / implemented ? Regards, Erik Bais Erik Bais | A2B Internet BV | +31 299 707 115 ( Office ) | +31 6 5122 1952 ( Dutch cell ) | ebais@a2b-internet.com |