[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proposal: valid-until time for an allocation
- To: Resource Cert List <rescert@apnic.net>
- Subject: Proposal: valid-until time for an allocation
- From: Robert Kisteleki <robert@ripe.net>
- Date: Wed, 18 Apr 2007 12:15:36 +0200
- Organization: RIPE NCC
- User-agent: Thunderbird 1.5.0.10 (Macintosh/20070221)
Continuing on this:
"If we do issue a new cert for a new allocation, then the validity
intervale should be easy, as it should align with the contract period
for the new allocation, plus a grace period."
From the left-right protocol point of view, we probably need to extend
the list-resources message. Currently it is the following:
(list-resources :self-id 42 ; issuer id
&optional ; If left off, we're asking
; about self rather than child
:child id) ; subject id
=> ((:ipv4-address "10.0.0.44/32" "10.3.0.44/32")
(:ipv6-address "fe80:dead:beef::/24")
(:as-number "666")
...)
Since the ipv4-ipv6-asn sets can be grouped by the "contract period for
that allocation", I believe the following version could be used:
(list-resources :self-id 42 ; issuer id
&optional ; If left off, we're asking
; about self rather than child
:child id) ; subject id
=> (((:ipv4-address "10.0.0.44/32" "10.3.0.44/32")
(:ipv6-address "fe80:dead:beef::/24")
(:as-number "666")
(:valid-until "date-in-some-form")
(:class-name "experimental")
)
...)
That is, what was one ipv4-ipv6-asn set before becomes an
ipv4-ipv6-asn-validuntil-class set, and the response can contain a list
of these.
I think that the valid-until part of the set should contain the grace
period, therefore the certificates' validity times are completely in the
BE's control. That's useful.
The class attribute is a string value, no magic there.
Cheers,
Robert
