(co-chair toe socks off) On Thu, Sep 16, 2010 at 10:04 AM, Tim Bruijnzeels <[email protected]> wrote: > Hi all, > > I wanted to ask how others feel about having resource certificates that > say: "no resources certified." > > We have a use case for this at the RIPE NCC. It may happen (for various > reasons) that a member who formerly had a resource certificate issued by > us no longer holds any certifiable resources. > > We can of course revoke all existing resource certificate and not issue > a new one. But.. I feel this is confusing to RPs. In particular RPs may > assume, wrongly, that we just forgot to issue a new cert. It's a much > more clear to have a new certificate that says "no resources".
For a bgp/routing persp In either case on the routing device the routes are 'invalid' or 'uncool' or whatever the selected term is... So folks in the routing system will accept/deny the routes > But it seems this is not allowed by the res-cert draft: > > We MUST include at least one of "an IP Resources extension, an AS > Resources extension", as described here: > http://tools.ietf.org/html/draft-ietf-sidr-res-certs-18#section-4.9.10 > > And that inclusion of an "IPAddressFamily" only gives us the option to > either: (1) include a specific resource(range) of that type, or (2) > inherit from the issuer, as described here: > http://tools.ietf.org/html/rfc3779#section-2.2.3 > > So, we can not legally issue a new resource certificate that says: "no > resources". As far as I can tell this is perfectly legal to do under > rfc3779: just don't include any "IPAddressFamily"; use a "SEQUENCE OF" > with length 0. > > So, to re-state my question: do others also see a use-case for resource > certs that have no resources? And if so, could section 4.9.10 of the > res-cert draft be reworded: MUST -> MAY. > > > Regards, > > Tim Bruijnzeels > > Senior Software Developer > RIPE NCC > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
