| | | | | | | | |
|
|
|
You're here: Home |
We've been there and back a few times. The current up-down protocol makes that distinction ("A Resource Class is a set of IR-managed resources that are allocated to an ISP that have a common validation path and a common validity expiration time.")Suppose it's 1 January, you're a client of RIPE. You've paid your annual membership fee. You have a "normal" allocation (you've been and plan to be using that a long time now) and an experimental one which expires in June. The both come from RIPE. Do you think it is fine to put these two into the same class? What shall the valid-until time be?
whoops - I thought I had removed that phase of "a common validity expiration time" back in January! My apologies.
The rationale for the simplification in removing the distinction was to trim down the number of CA, and the observation that relying parties really should be performing a full refresh of every issued certificate every 24 hours in any case and we are relying on explicit reissue and revocation as a means of signalling the removal of resources from an entity, rather than expiration.
So I agree with Rob A here, and the expiration time of the issued cert should be related to the expiration of the current service contract with the entity rather than any particular conditions related to the allocated resource.
Geoff