Hi,

Both RIPE and their CDN seem to use DNSSEC.

Indeed, the CDN utilizes LE as the issuing CA. The LE does publish the list of issued certificates as part of Certificate Transparency, as far as I know the list is public and can be consumed by anyone.

Is there some specific concern you're thinking of?

Kaj

Sent from my iPad

From: Andrey Korolyov <andrey@xdel.ru>
Sent: Tuesday, April 16, 2024 10:12 PM
To: Kaj Niemi <kajtzu@basen.net>
Cc: Petru Bunea <suport@bunea.eu>; Daniel Pearson <daniel@privatesystems.net>; members-discuss@ripe.net <members-discuss@ripe.net>
Subject: Re: [members-discuss] Charging scheme 2025 proposal (logarithmic)

You don't often get email from andrey@xdel.ru. Learn why this is important

RIPE, revenue 38M EUR (40M USD), members 20k = 2 k/member

ARIN, revenue 25M USD, members 25k = 1 k/member

APNIC, revenue 33M AUD (21M USD), members 10k = 2 k/member

LACNIC, revenue 10M USD, members 12k = 0.8 k/member

AFRINIC, revenue 6M USD, members 2k = 3 k/member

Thanks for the numbers Kaj. BTW I wonder how it was possible for two of five organisations listed, including RIPE, to not allocate the funds for a purchase of a regular SSL certificate for their resources, using instead free-tier CA (and RIPE uses the worst one in terms of hijack-ability, Let's Encrypt).