Here is the SIG Report we just presented during AGM.
RPKI is a complex system but we expect Network Operators to start creating ROAs and ultimately move to validation but there is a lack of transparency into the operations. Things like the validity period of ROA, when and how it will be renewed and revoked is not clearly defined.
While APNIC is reviewing CPS (Certificate Practice Statement) as there are legal requirements in it but it is important to have community consultation or review process of items of operational relevance (e.g. Time or Frequency of Publication of certificates etc).
Reporting process if something goes wrong. Operational status page.
There are no current recommendations from APNIC for those who want to run self-hosted CA. Also, the consequences of not following the guidelines/recommendations should be clear to anyone doing self-hosted CA.
There is a strong opinion to have Transparency, currently the whole system is a grey box which fortunately is working but if we want to convince all members to start actively maintaining ROAs and start doing validation then we need make some changes.
There is a need to have clearly defined obligations from both the Member and APINC end. Having an agreeable SLA for these services can be way forward as per the membership agreement. Many operators moving towards validation makes RPKI critical for operations and APNIC running one of the TA has to play a role in this.
Chairs have decided to conduct a standalone event every 4-6 weeks (schedule will be decided and shared soon) to go through these points in detail.
This will provide a platform to discuss the pros/cons of many ideas we came across during panel discussion.
This will algo give an opportunity to invite relying party software vendors to share their point of view.
The Secretariat has confirmed their logistical support for this.