[certtest] RIPE 57 goal for certification


Dear Colleagues,

Some of you have raised questions about the certification production application that we are aiming to have ready for RIPE 57. Most importantly, 'What will this application do?'

The technical specifications of Internet resource certificates (using RFC 3779) and Route Origin Authorisations (ROAs) are, at this stage, relatively settled. We therefore propose to produce a working application based on these specifications. It is important to note, however, that there remain a number of issues regarding policy and implementation that are still under discussion. It is our expectation that these issues will be addressed in due time and the system can then be adjusted to take account of them.

Even within this scope, however, it is difficult to provide a simple answer to the question of what the production version will do. The development team has deliberately chosen an approach that allows us to adjust the direction of development based on the feedback we get from you, the testers, and the RIPE Certification Task force.

At this moment we are aiming for the following:

- A web-based portal for members, hosted by RIPE NCC, that:
- Allows members to request certificates IPv4 and IPv6 Provider Aggregatable (PA) resources
  - Allows members to manage ROAs for their PA address space
- A public web interface for certificate and ROA validation
- Ensure that the system can handle key roll-overs and revocation
- Provide a public repository of certificates and ROAs

This is not a final checklist, however; we may find that the first production version will need to include even more functionality than outlined above, or that we need to change the priority of certain functionality. The testing process, discussions with the task force and within the RIPE NCC will all have a bearing on this. As members of the testing group, you will be kept up to date on any such developments.

It is important that the production application presented to the community at RIPE 57 provide real value to members, implement a minimum set of core functionality, and be secure and bug-free (or as close to this as possible). It is not, however, intended that it be the final release. We plan to progressively add further functionality after the October release, according to a schedule and method to be decided during discussions at RIPE 57.


Kind regards,

Tim Bruijnzeels
Software Engineer, RIPE NCC