Yes there's usually a lot to think about in
terms of implementation specifics. I'd be of the opinion that it would
best to leave this to the RIPE NCC to work out what's the most sensible
thing to do. Tying operational details down in a policy statement is
usually not a good idea unless the person writing the policy has a
complete view of all the subtleties in question, which personally I
don't, or where it's operationally advisable to specify the details in
policy, which I don't see a case for here. I'm happy for the RIPE NCC to
handle the specifics in this situation. If it turns out that this
causes problems for operators in the future, that discussion can happen.
Incidentally, iso27001 / soc2 compliance will mean that they'll need
internal documentation, so in due course, there'll be an documented
procedure for handling this.
Nick
Radu Anghel wrote on 06/06/2025 12:45:
public holidays
in NL are not always the same as in other countries,
this could generate complaints.
having the thing automated removes the burden of checking worldwide
public holiday calendars from the NCC and gives nice fixed numbers to
work with.
24x7 NOCs are there on public holidays too, in case they miss all of the
pre-revocation notifications.
there are probably more arguments for both options, the revocation
should happen anyway to clean things up, +/- a few days make no
difference when you have unresponsive CAs since 2023.
best,
Radu
On 6/6/2025 1:18 PM, Nick Hilliard wrote:
Radu Anghel via routing-wg wrote on 06/06/2025
11:33:
nitpicking: to avoid CAs being deregistered
at different intervals
after short months like February the 3 months could be specified as 90
days.
"more than three months" should give the RIPE NCC enough leeway not
to
be forced to take action on specific days which was a bad idea, for
example, having a revocation happen on a public holiday and that sort of
thing.
The point is that the delegation is revoked after notice, and enough
time for the operator in question to take action. The specific day is
not that relevant, i.e. if it's + a couple of days, that's not that big
a deal.
Nick
-----
To unsubscribe from this mailing list or change your subscription
options, please visit:
https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account
with the email matching your subscription before you can change your
settings.
More details at:
https://www.ripe.net/membership/mail/mailman-3-migration/