Re: [ncc-services-wg] [ncc-announce] [news] RPKI and PI End Users Proposal - Feedback Requested
On 11/02/2013 13:55, Axel Pawlik wrote:
The functionality that we most commonly receive requests for is to make address space held by Provider Independent (PI) End Users eligible for certification. During the RIPE 65 Meeting in Amsterdam, there were discussions on this and the RIPE NCC Executive Board extensively deliberated the issue. Based on these discussions, the Executive Board now submits this proposal for consideration and discussion to you, the RIPE NCC membership and the RIPE community.
If I'm reading this correctly, the board has already decided to provide RPKI services to PI address holders without a RIPE community policy proposal or a RIPE NCC membership vote, and this email is just soliciting opinions on the terms of this decision. Could I respectfully suggest that the board put this proposal through the normal channels for policy development, i.e. the PDP. Nick
On Mon, Feb 11, 2013 at 03:03:13PM +0000, Nick Hilliard wrote:
Could I respectfully suggest that the board put this proposal through the normal channels for policy development, i.e. the PDP.
I thought the decision at the time was that the provision of rpki services was independent of, rsp. not subject to, policy? Notwithstanding, I think the board may be well advised to put this up for vote at the upcoming GM... cheers, Sascha
On 11/02/2013 15:07, Sascha Luck wrote:
I thought the decision at the time was that the provision of rpki services was independent of, rsp. not subject to, policy?
The RIPE NCC originally provided RPKI services under the terms of the Certification Task Force; these terms were explicitly outlined in the text of the ill-fated 2008-08, which stated in the explanation part:
Once a policy for resources held by LIRs has been discussed and the community has agreed on guidelines, then the CA-TF will consider more complicated scenarios, such as PI address space and ERX and legacy address space. This phased development is also inline with the technical implementation of the system, as certificates for LIR resource holders are the first real cases for the certification system. Certification of other resources will be implemented later on.
While the proposal failed to achieve consensus, this sentence did specify the terms of reference for the RIPE NCC's engagement for providing RPKI services at the time and it was clear that it excluded PI / ERX address blocks. There were two proposals at the November 2011 General Meeting to change the RIPE NCC's mandate: Option A was to instruct the board to drop RPKI completely and Option B was to continue RPKI development, but without ROAs. Neither proposal received enough support to be adopted, so the board assumed a mandate to continue with the existing arrangements:
If neither resolution is adopted, the RIPE NCC will continue the current Certification/RPKI activities of the association.
(http://www.ripe.net/lir-services/ncc/gm/november-2011/agenda) My reading of this is that if the board wants to proceed with RPKI for PI holders - and later, ERX holders - it will need a mandate from the RIPE Community and probably also the RIPE NCC membership. Nick
Hi all, as a PI ressource holder, I appreciate that the board is taken action. Option 1 is probably the easiest way for PI ressource holders to take part in RPKI. Option 2 does not seem new to me?! However, the more members the better, i guess. Thanks for trying to solve the PI-RPKI issue! Dan -- Dan Luedtke http://www.danrl.de
participants (3)
-
Dan Luedtke -
Nick Hilliard -
Sascha Luck