Dear Nick, On Tue, Feb 25, 2025 at 05:59:14PM +0000, Nick Hilliard wrote:
Job Snijders wrote on 25/02/2025 16:23:
Without an (automated) revocation mechanism, such dangling delegations could exist in perpetuity, wasting resources of all the validators on this planet.
garbage collection is good engineering.
Couple of suggestions for the proposal:
certificate shall be revoked by the RIPE NCC. RIPE NCC shall make reasonable efforts to discover new Manifests, for example, by corroborating information from multiple vantage points. After
Can I suggest removing the "for example [...]" bit? It's better for policy to state the principles of what needs to be done rather than dabbling in procedure.
I personally think it is helpful for both the community and RIPE NCC to have an inkling of an idea what 'reasonable efforts' might constitute, to shape expectations.
Secondly in terms of timelines, the NCC will have some form of communication details for the CAs, as part of setting them up in the first place. I'd suggest a graduated approach to this:
1. notification after X months of fresh manifest non-availability 2. warning after Y months 3. removal after Z months
If delegation is removed without warnings, this will invite people to complain.
Sure, but does that need to be part of the policy? What's the difference between step 1 and step 2 in your listing? What if the notification emails can't be delivered, should that delay the revocation? Kind regards, Job