This all sounds entirely reasonable. I'd love for the NCC to document their solution in a similar fashion if/when this proposal is accepted. -- Tom Strickx Principal Network Engineer AS13335 - Cloudflare
On Fri, Jun 6, 2025 at 2:31 PM Job Snijders <[email protected]> wrote: > On Fri, Jun 06, 2025 at 01:29:14PM +0100, Tom Strickx via routing-wg wrote: > > Happy to see this proposal! > > Fully in agreement with Nick that bogging down the policy with > > implementation details is a bad idea. > > Thanks! > > > It might be relevant to operators to tie down the "unable to discover" > > component. What is considered "reasonable efforts" in this context? > > Speaking as RPKI operator I'd expect RIPE NCC to make reasonable efforts > to discover new Manifests, for example, by corroborating information > from multiple vantage points. > > The NCC could run a handful of validator instances (produced by > different vendors) in different geographical regions behind different > providers, then when a 100% of those instances report the CA was > non-functional for 100% of all indidividual measurements for a 3+ month > period, conclude the Delegated CA is kaput. > > 5 instances times 4 runs per hour times 3 months = 44,640 measurements. > > If the NCC makes more than 44,000 attempts to discover+validate a CA's > Manifest from more than 4 countries, I'd say that is more than > reasonable. > > Should this policy proposal advance, RIPE NCC themselves can probably > shed more light on how they'd approach measuring whether a CA is > non-functional or not. > > Kind regards, > > Job > ----- > To unsubscribe from this mailing list or change your subscription options, > please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ > As we have migrated to Mailman 3, you will need to create an account with > the email matching your subscription before you can change your settings. > More details at: https://www.ripe.net/membership/mail/mailman-3-migration/ >
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
