A few idle thoughts on this without being fuelled by Krasnapolsky coffee and chocolates... 2008-08 is about creating a mechanism to use public key cryptography to verify the contents of the RIPE database. Both the allocation records (inet(6)nums) via certificates and the RPSL records (route objects) via ROAs. It does not yet cover aut-nums or any other objects. One of the strengths of the RIPE database has been that of all the RIRs it was the only one to tie those together in the same database. Ironically, this tie now appears to be the stumbling block for moving the resource certification process forward in our region. The thought that in a system where allocation and routing records are tied together by certificates and signed objects the enforced withdrawal of one could lead to isolation from "the Internet." However, 2008-08 does not cover routing, it simply concerns itself with providing a way of cryptographically verifying (I have no idea if that is a real term) the contents of the RIPE database's allocation records. Mechanisms for coupling the allocation records more tightly to routing do indeed need ways for operators to influence the policy they apply -- "my network, my rules." That is currently there with the suggested way to implement this via routing policy, but nobody thinks this solution won't be improved in the future. If there is a requirement to show revoked certificates, that will be part of it. If "law enforcement" mandates the NCC to withdraw an allocation, could it also not mandate that the NCC originates a competing route with a valid ROA that will "trump" the now-invalid ROA? Is this necessarily a problem? By the time it gets to that stage won't the legal system have performed sufficient due process that it believes this is the right way to go? The law is, after all, the law. I fear that is a much more involved discussion though. I value Malcolm's opinion greatly, and when he is this concerned about a proposal it scares me, it scares me a lot, but I think calling a halt to 2008-08 is cutting off our nose to spite our face. 2008-08 is about as simple as it can get, "the certificates will reflect the registration status of the resource." There are many people that are far more expert in creating complicated policy than we are, we should do what we do best, simple policy and flexibility in the technical mechanisms of how this is implemented that leaves control in the hands of the operators (for some definition of "best"). This, though, is in the mechanisms of how we tie this to the routing system. I support a way of being able to verify the holder of address space and 2008-08 is the first step forward in that for some limited set of resources, and I support its progress. It does not require universal deployment to be useful for those that choose to use it, whether for verifying the "owner" of address space, or giving the routing systems hints over preference. All the best, Rob