On 5 Jun 2025, at 10:35, Angela Dall'Ara <adallara@ripe.net> wrote:
Dear colleagues,
A new RIPE Policy Proposal, 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs" is now available for discussion.
This proposal suggests providing a mandate to the RIPE NCC to revoke resource certificates associated with longtime non-functional CAs to reduce Relying Party workloads.
Hi Angela, Thanks for this new PDP, I agree with Job and Nick, this is definitely something that RIPE NCC should implement. It will reduce the NCCs cloud costs, and for each and every relying party (read: every ISP in the world) reduce the overhead from attempting to contact ISPs who do not have a properly functioning RP. It thus will also speed up processing of each round of reaching out to al RPs. It will make RPKI more stable and reliable. Thus this is a good move to do. One could weasel a wee bit around the words in the doc, but the intent should be clear for the NCC: revoke after 90 days of instability. Thanks Job and Nick for submitting this PDP: for a better Internet. Regards, Jeroen