[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal: valid-until time for an allocation
At Thu, 19 Apr 2007 21:46:50 +0200, Róbert Kisteleki wrote:
>
> Ahh, so you have not really answered the question :-) Well, based on your
> approach, there's no good answer, as it can be:
> 1. June + grace period
> 2. next Jan + grace period
> 3. something else.
> Neither of these "reflect the allocaton's contract period".
I'm not convinced that it needs to reflect the contract period,
although issuing a certificate significantly longer than any contract
period with that customer would be silly.
I view certificate expiration primarily as a mechanism for limiting
the length of the CRL.
> So you either have to give a shorter term certificate than the
> "normal" allocation period (and reissue mid-year), or you give out
> an too long lived certificate for the "experimental" space, and you
> have to revoke/reissue in mid-year. But approaches are twisted.
As is your proposed solution. :)
> This is exactly the reason why the up-down protocol contains the
> distinction and the potential for subclasses, as that solves the
> problem. And this is why I proposed the protocol change.
Classes in the up down protocol are to deal with resources received
via different paths, which can't be combined into a single
certificate. We got rid of subca because it was too complex, remember?
> If you don't agree with this, then we have to talk about this in Tallinn, as
> I believe RIPE (and APNIC too, but I cannot talk for them) wants to have
> this feature.
Last I heard APNIC agreed that we didn't need this complexity. If
RIPE says that RIPE does, I guess we do need to talk about it in
Tallinn.
