Job Snijders wrote on 25/02/2025 16:23:
Without an (automated) revocation mechanism, such dangling delegations could exist in perpetuity, wasting resources of all the validators on this planet.
garbage collection is good engineering. Couple of suggestions for the proposal:
certificate shall be revoked by the RIPE NCC. RIPE NCC shall make reasonable efforts to discover new Manifests, for example, by corroborating information from multiple vantage points. After
Can I suggest removing the "for example [...]" bit? It's better for policy to state the principles of what needs to be done rather than dabbling in procedure. Secondly in terms of timelines, the NCC will have some form of communication details for the CAs, as part of setting them up in the first place. I'd suggest a graduated approach to this: 1. notification after X months of fresh manifest non-availability 2. warning after Y months 3. removal after Z months If delegation is removed without warnings, this will invite people to complain. Nick