Hi James & Malcolm,
I agree that it should at least re-visited as some of the wider implications might have been missed in the process as the focus has been with the technical solution to the 'problem' rather than potential for 'outside influence'.
The policy by itself doesn't require you to automate the process within your network to accept / deny / discard prefixes. If I speak for myself, I know that I won't be the first to start using in network prefix alterations based on the information within the RPKI db. I will however use the repository to check if what my customers want to start to announce to our network. And when PI is going to be accepted after this policy, also PI. The question is not what you are planning to do within your network with this or how paranoid you plan to be in regards to the tools around this. If you don't want to use the provided tools from RIPE NCC, run your own CA. If you don't want to use RPKI, fine as well, no-body is forcing you. However with the hijacking of (legacy) IP space and ownership of especially pre-rir IP space, we need to get a policy in place that will allow us to do this. Is the current policy perfect ? As in, final and all inclusive etc ? nope.. Is it a good start ? Imho.. a full YES ! I would strongly suggest to get on the RPKI support bandwagon and get the current policy in front of us approved and work together on how we can get the other stuff included in the next version. I'm on the RIPE meeting atm, let's have a cup of coffee if needed on the topic. Regards, Erik Bais