[ncc-services-wg] Certifying of PI End User Address Space

On 14 Mar 2013, at 12:20, Gert Doering <gert at space.net> wrote:

> On Thu, Mar 14, 2013 at 12:41:33PM +0100, Andrew de la Haye wrote:
>> 2) A PI End User requests a resource certificate through their sponsoring
>> LIR and gets access to the ROA management system themselves, or delegates
>> management to the sponsoring LIR
>> 
>> 3) A PI End User requests a resource certificate directly from the RIPE
>> NCC, without becoming a member, and obtains access to the ROA management
>> system
> 
> Supporting both 2) and 3) seem to make sense to me.
> 
> To avoid creating a high workload, 3) would need to be done in a mostly
> automated fashion - similar to what is happening today: if the sponsoring
> LIR sets up a mntner object that permits the end user to create their
> own route:/route6: objects, the end user can create "old-style" route
> authorization without involving the NCC.  Something like this, sort
> of "between 2) and 3)" - the sponsoring LIR creating an access code of
> some sorts, and the end user using that to talk to the NCC systems.

Could it actually be that straightforward? It seems unlikely, though I hope otherwise.

An obvious rat-hole in this scenario is figuring out what to do for PI End Users who can't/won't go through a sponsoring LIR. Presumably this amended option 3) would still mean the PI End User entering some sort of contractual relationship with the NCC => introducing extra procedures and infrastructure around billing, paperwork and so forth. A PI End User would or should pay something to get resource certificates, right?

Perhaps we'll get a re-run of the debate over legacy resource holders becoming LIRs or going through a sponsoring LIR.

My preference would be to avoid option 3) -- or variations of 3) -- for the reasons Andrew outlined.

That said, it would be helpful to get more data on the extent of the issue and a rough idea of likely costs. How many PI End Users are there and what are the best case and worst case scenarios for the amount of work that would be involved in issuing them with resource certificates? If the costs to the NCC for option 3) will always be insignificant, then there's nothing to see here, move along. Just do it. OTOH if option 3) has the potential to grow into a monster that needs a small army to administer it, we should not go down that path.