Policy Proposal 2025-02 Review Phase (Revocation of Persistently Non-functional Delegated RPKI CAs)
Dear colleagues, Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase. The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion. You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/ As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net <mailto:routing-wg@ripe.net> before 5 September 2025. Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
Dear all, I fully support this proposal as it will reduce the load of RPKI validators for everyone while not impacting security imo. Thanks Max On 07 August, 2025 14:09 CEST, Karen Hung <khung@ripe.net> wrote: Dear colleagues, Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase. The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion. You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/ As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net before 5 September 2025. Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
Hi
https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis
I'm somwehat confused about this paragraph: It is the RIPE NCC’s understanding that this proposal, if accepted, will require the RIPE NCC to revoke the RPKI certificate for any Delegated Certification Authorities (CAs) that have not updated their manifest and/or Certification Revocation List (CRL) for longer than three months. This sounds as if the three months (90 days) are counted starting from a manifest's or CRL's thisUpdate, whereas an ulterior paragraph seems to imply that the nextUpdate is intended: From this, the RIPE NCC interprets that if the RIPE NCC is unable to discover and validate a Delegated CA's current Manifest and CRL for more than 90 days, that Delegated CA will be removed as a child, and its resource certificate will be revoked by the RIPE NCC parent CA. The latter interpretation makes more sense to me and perhaps the first paragraph should insert "after expiry" at the end or something with an equivalent effect.
Hi Theo,
On 7 Aug 2025, at 16:04, Theo Buehler <tb@theobuehler.org> wrote:
Hi
https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis
I'm somwehat confused about this paragraph:
It is the RIPE NCC’s understanding that this proposal, if accepted, will require the RIPE NCC to revoke the RPKI certificate for any Delegated Certification Authorities (CAs) that have not updated their manifest and/or Certification Revocation List (CRL) for longer than three months.
This sounds as if the three months (90 days) are counted starting from a manifest's or CRL's thisUpdate, whereas an ulterior paragraph seems to imply that the nextUpdate is intended:
From this, the RIPE NCC interprets that if the RIPE NCC is unable to discover and validate a Delegated CA's current Manifest and CRL for more than 90 days, that Delegated CA will be removed as a child, and its resource certificate will be revoked by the RIPE NCC parent CA.
The latter interpretation makes more sense to me and perhaps the first paragraph should insert "after expiry" at the end or something with an equivalent effect.
It was not our intention to introduce an inconsistency. The first paragraph was just intentionally a bit lighter on detail to make it more readable to readers who are less well versed in RPKI. That said, I think your suggestion to insert "after expiry" at the end make sense. Thank you for pointing this out! Kind regards, Tim Bruijnzeels RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Dear Tim, RIPE NCC, Routing-WG, Thank you for your work on the Impact Analysis! Having read RIPE NCC's impact analysis [1] & the follow-up message from Tim [2], I am of the opinion that RIPE NCC has a solid understanding of what the policy entails, its potential effects, and how to implement it. I support acceptance & implementation of policy proposal 2025-02 "Revocation of Persistently Non-functional Delegated RPKI CAs". It probably is worth mentioning that in the APNIC region a similar policy proposal is under discussion in APNIC's Policy Special Interest Group. So far it seems participants are supportive of the concept. The thread can reviewed here: https://orbit.apnic.net/hyperkitty/list/sig-policy@lists.apnic.net/thread/ZK... Kind regards, Jo (co-author of policy proposal 2025-02) [1]: https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis [2]: https://mailman.ripe.net/archives/list/routing-wg@ripe.net/message/R56YUNHRV...
Hi. On Thu, Aug 14, 2025 at 11:35:31AM +0000, Job Snijders wrote:
Thank you for your work on the Impact Analysis!
Having read RIPE NCC's impact analysis [1] & the follow-up message from Tim [2], I am of the opinion that RIPE NCC has a solid understanding of what the policy entails, its potential effects, and how to implement it.
Agreed. Full support from my side as well.
Same for me, Full support on this On Thu, 14 Aug 2025 at 12:43, Theo Buehler <tb@theobuehler.org> wrote:
Hi.
On Thu, Aug 14, 2025 at 11:35:31AM +0000, Job Snijders wrote:
Thank you for your work on the Impact Analysis!
Having read RIPE NCC's impact analysis [1] & the follow-up message from Tim [2], I am of the opinion that RIPE NCC has a solid understanding of what the policy entails, its potential effects, and how to implement it.
Agreed. Full support from my side as well. ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
On 14 Aug 2025, at 13:35, Job Snijders <job@sobornost.net> wrote:
I support acceptance & implementation of policy proposal 2025-02 "Revocation of Persistently Non-functional Delegated RPKI CAs".
Full support from me. Thanks for working on this, everyone! -- Niels Raijer niels@fusix.nl
Hi, Vouch from me for acceptance and implementation of the proposal "Revocation of Persistently Non-functional Delegated RPKI CAs". Kind Regards, Filip Hruska
On Aug 14, 2025, at 13:35, Job Snijders <job@sobornost.net> wrote:
Dear Tim, RIPE NCC, Routing-WG,
Thank you for your work on the Impact Analysis!
Having read RIPE NCC's impact analysis [1] & the follow-up message from Tim [2], I am of the opinion that RIPE NCC has a solid understanding of what the policy entails, its potential effects, and how to implement it.
I support acceptance & implementation of policy proposal 2025-02 "Revocation of Persistently Non-functional Delegated RPKI CAs".
It probably is worth mentioning that in the APNIC region a similar policy proposal is under discussion in APNIC's Policy Special Interest Group. So far it seems participants are supportive of the concept. The thread can reviewed here: https://orbit.apnic.net/hyperkitty/list/sig-policy@lists.apnic.net/thread/ZK...
Kind regards,
Jo (co-author of policy proposal 2025-02)
[1]: https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis [2]: https://mailman.ripe.net/archives/list/routing-wg@ripe.net/message/R56YUNHRV... ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Hi, On Thu, Aug 07, 2025 at 02:09:37PM +0200, Karen Hung wrote:
Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
Still support! I see nothing in the IA that makes me think otherwise. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Karin Schuler, Sebastian Cler Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Moin, big fan of the proposal, and certainly in support! With best regards, Tobias On Thu, 2025-08-07 at 14:09 +0200, Karen Hung wrote:
Dear colleagues,
Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion.
You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/
As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document.
At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase.
We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net before 5 September 2025.
Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
-- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tobias@fiebig.nl Pronouns: he/him/his
Just like before, support the cleanup! On 8/7/2025 3:09 PM, Karen Hung wrote:
Dear colleagues,
Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion.
You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/
As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document.
At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase.
We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net <mailto:routing-wg@ripe.net> before 5 September 2025.
Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Hey ho, I support this proposal. On 8/7/25 14:09, Karen Hung wrote:
Dear colleagues,
Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion.
You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/
As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document.
At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase.
We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net <mailto:routing-wg@ripe.net> before 5 September 2025.
Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Karen, Job & routing-wg, thanks for your work on the proposal and impact analysis. I support Policy Proposal 2025-02, and look forward to its implementation by the RIPE NCC. -- Simon Leinen, Network Switch EPFL Innovation Park, Bâtiment I, 1015 Lausanne, Switzerland phone: NOC +41 44 268 1530, direct +41 44 268 1536, mobile +41 78 638 7061 https://switch.ch
Dear colleagues, Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
The RIPE NCC has prepared an impact analysis on this proposal to support the community’s discussion.
You can find the proposal and impact analysis at: https://www.ripe.net/community/policies/proposals/2025-02/ https://www.ripe.net/community/policies/proposals/2025-02#impact-analysis And the draft document at: https://www.ripe.net/community/policies/proposals/2025-02/draft/
As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue the discussion of the proposal taking the impact analysis into consideration, and to review the full draft RIPE Policy Document.
At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase.
We encourage you to read the proposal, impact analysis and draft document and to send any comments to routing-wg@ripe.net before 5 September 2025.
Kind regards, Karen Hung On behalf of Policy Officer RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Hello, On Thu, 7 Aug 2025 at 14:09, Karen Hung <khung@ripe.net> wrote:
Dear colleagues,
Policy proposal 2025-02, "Revocation of Persistently Non-functional Delegated RPKI CAs", is now in the Review Phase.
I fully support policy proposal 2025-02, thanks to everyone working on it. Lukas Tribus
participants (14)
-
Ben Cartwright-Cox -
Filip Hruska -
Gert Doering -
Job Snijders -
Karen Hung -
Lukas Hagen -
Lukas Tribus -
Max Emig -
Niels Raijer -
Radu Anghel -
Simon Leinen -
Theo Buehler -
Tim Bruijnzeels -
Tobias Fiebig