On Mon, Sep 20, 2021 at 06:39:30AM -0700, Randy Bush wrote:
In recent mail threads the concepts of "Hosted RPKI" and "Delegated RPKI" came up, but as mentioned by Tim and Rubens, another flavor also exists! A "hybrid" between Delegated and Hosted, informally known as "publish in parent" (aka RFC 8181 compliant Publication Services).
a delegated CA may publish at their parent or anywhere else.
As I understand the current situation under the RIPE NCC Trust Anchor, a "Delegated CA" can publish anywhere ... *except* at their parent. Only CAs operated via the "Hosted RPKI" service can publish at rpki.ripe.net/rrdp.ripe.net. For "Delegated RPKI" users it currently is not possible to publish via rpki.ripe.net/rrdp.ripe.net. In this thread I'm to start and participate in a community dialogue, asking fellow RPKI operators what their take is on RFC 8181 in context of RIPE NCC's RPKI services, if they think it would be useful or not. What do you think? Kind regards, Job