Plenary Minutes RIPE 29
-
From: RIPE NCC Meeting Registration <>
-
Date: Wed, 25 Mar 1998 17:33:15 +0100
RIPE 29
Amsterdam, 28 - 30 January 1998
Plenary Session
RIPE 29 Meeting Plenary Session Minutes - DRAFT
Chair: Rob Blokzijl
Scribes: Julia Edwards, Paula Caslav
1. Opening:
Rob Blokzijl opened the plenary session of the 29th RIPE meeting.
2. Agenda
This is the preliminary agenda:
1. Opening
2. Agenda
3. From the RIPE Chair
4. Minutes RIPE 28
5. Action items RIPE 28
6. RIPE NCC Association
7. Report from the RIPE NC
8. Restructuring the IANA
9. IPv6 Addressing Policy
10. Secure DNS/BIND
11. Mapping the Internet
12. DB Security Task Force report
13. Reports from the working groups
14. Next RIPE meetings
15. AOB
The agenda was agreed upon.
3. From the RIPE Chair
Comments from Rob Blokzijl - About Internet drafts RE: IPV6. Daniel and Rob
drafted docs w/o consultation with IPv6 wg due to time constraints. Chairs
of wg's should keep abreast of what's current.
4. Minutes RIPE 28
No comments/additions.
5. Action items RIPE 28
Actions - Most of the items belong in the WG's instead of overall.
Result - No outstanding items that couldn't be dealt with in the WG's.
6. RIPE NCC Association (RNA)
First of January first day of RNA. Report from Daniel Karrenberg
regarding the RNA, the executive board, etc..
7. Report from the RIPE NCC (Daniel Karrenberg)
Quality Assurance Report (John Crain)
(Discussion/questions about auditing)
Question (Kurt Kaiser) Does the audit include address space allocated
by the InterNIC before the RIPE NCC existed?
NO, but addresses allocated by the RIPE NCC earlier can also be audited.
In this cases the policies in place then are taken into account.
Swipnet - will you have some auditing action when registries change sizes.
(I.E. from larger to medium or medium to smaller)
There are plans to put down procedures for old assignments. Only reason
this could be done is if space becomes a problem or the LIR's bring up
concerns of fairness.
(Comment) Problems with with PGP, (not possible to use or distribute
in France) However, Carol Orange assures that it'll still be possible
to submit updates to the database, just not by using PGP authentication.
New service agreements had to be signed for new RIPE NCC Association.
The RIPE NCC is still processing them. The majority of them has been
returned to us.
8. Restructuring the IANA (Paul Ridley)
(See presentation IANA Update)
Discussion (Wilfried Woeber - We have core activities, but do we have any
insight about industry involvement) Why separate the IP and domain
registration?
Daniel Karrenberg - Different constituencies. The constituency of RIPE NCC
is the ISP, but for domain registration is the TLD registrars. Keep
the level of politics under control by staying out of Naming.
Paul Ridley - if they are separate they can be more focused. No problem with
IP activities taking resources from naming. Funding? funding for IANA
from US will stop on Oct 98. IANA still holds funds given by APNIC and
RIPE NCC. Regional registries have budgets to pay.
Mike Norris expressed concerns that the LIR's could be losing
something in the separation of these two bodies. (ir's and ntld's)
9. IPv6 Addressing Policy
Daniel Karrenberg: 2 drafts were proposed by the IPNG WG of the IETF.
They were due to become an RFC when the RIPE NCCs registration
services pointed out that the address format described in one of them
was very limited and would be enough for all LIRs.
The second draft proposed allocation guidelines for these addresses.
It was felt that the IETF is not the right place to set address
allocation guidelines. This has traditionally and successfully been
done by the registries together with the IANA.
It would be more appropriate if the IETF would submit a document with
engineering considerations for the proposed address formats and
the allocation of them.
A new version of the draft describing the address format has now been
submitted by the IESG. A number of bits are now reserved for possible
extension of the addresses.
The draft can be found at
ftp://ftp.ripe.net/internet-drafts/draft-ietf-ipngwg-unicast-aggr-03.txt
Discussion (Thomas Trede) Is it the duty of IPv6 wg to scan documents
regarding allocation policies. At RIPE 20 it was agreed that it not be the
wg.
Daniel Karrenberg: it is as much part of the WG as the RIPE NCC.
Rob: The RIPE NCC and the RIPE WG need to keep contact with each other.
Thomas: Should the WG be responsible for keeping track of IETF activities?
If the RIPE NCC has questions about IPV6 the WG is the place to pose
questions.
Community should be grateful to the RIPE NCC and Rob for bringing up
objection to drafts since everyone else missed it.
10. Secure DNS/BIND (Carl Malamud)
www.isc.org
History -
Chairman of Internet software consortium.
Came in to be chairman and make it a commercial operation.
The consortium also produces INN and is working to move Kerberos from beta.
They have also worked on Sendmail.
Consortium started by Paul Vixie.
Funding is by providing software support functions to companies.
Secure DNS/BIND
Secure DNS - Based upon RSA, to allow for authenticated zone transfers
and queries. John Gilmore went to RSA and obtained royalty free perpetual
license for DNS authentication purposes. Which allows for export.
In the first quarter the first pieces will start showing. By the end of
98 more will be out.
Reason for announcement? Strong implication for operation of ISPs and
TLDs in use of DNS. It will allow for general purpose key lookup. This
will allow for such things as PGP key lookups.
Unsecure DNS allows for spamming, spoofing, etc.., this may help stop this.
(discussion) Wilfried Woeber - appreciates input, and says thank you
for allowing input. Are there figures of percentage of DNS to be secured?
5 to 10% should be able to be secured in the next 12 months.
(Question) - Could you perhaps provide comments on problems?
If you're not running full version of BIND, then that's the first step.
Also, it's better to see some signatures than none at all.
If you are signing for your clients, then how much will that mean? So, if
the RIPE NCC signs, then this will mean that an object that is submitted
will identify.
Daniel Karrenberg- What can be expected from RNA is deploying procs
for key management. >From history, most of deployment is educating
users. Public key encryption, how do you secure your keys? etc... this
does not have to be exclusively for DNS, can help in other areas.
(discussion) Raza Rizvi - What about ISP customers not using BIND?
RSA will extend copyright to other DNS protocol implementations.
If you apply to RSA, they will only commit within the next three years for a
perpetual license.
Does the offer extend to commercial DNS protocol implementations?
yes.
The most important point, don't wait forever to start looking and
implementing security.
11. Mapping the Internet (Carl Malamud)
Multi Casting, non profit organization. Talked at RIPE in 92 in PRAGUE
about radio. Reset-up multi casting in Amsterdam. This was the right
place because of new media artists concentration, and infrastructure.
This project is to basically map Internet. How do you map across
protocols? how do you construct topological maps? While web is beautiful,
visualizing has use for those in the business. So, the question is,
what organization has what servers running? With a topology map, you
get a picture of this.
This is to be a 3 to 5 year project.
Structure - coordinating project.
RIPE NCC is providing support with an office at Nikhef, and by helping
to obtain VISAs. But, they are not providing financial support.
This project will return again in a BoF. Other supporters, Sun Labs, and a
Japanese consortium, that includes members like Cisco.
Right now very low level RIPE support, only admin support.
CERT question - Data points that need to be collected. There's going to
be a certain amount of traffic doing that collection of information. For
every packet taken to search for info, there's another packet created,
responding.
Yes it has Bandwidth consequences.
When I looked for a machine.. I asked for something like 10gigs RAM and
500 gigs into terrabytes disk. Yes, Sun said, it's possible.
12. Database Security Task Force Report (Joachim Schmitz)
Meetings
* Washington IETF
* prior to this RIPE meetings
Recent Developments
* IETF WGs
IDR & RPS
Security concerns regarding routing, e.g. hole punching triggered
extensive discussion
- -> reference needed
- -> IRR
currently minor security measures
- -> increase security
- -> populate database
- -> educate users
- -> change of the IRR
- -> more responsibilities with registries
Topics
* coordination with other RRs
* role of the IRR
presentations by Gerald Winters, Merit
definition for the IRR
* database security trust model in development
* security suggestions by Curtis Villamizar, ANS
* PGP deal: Presentation by Carol Orange, RIPE NCC
(discussion) Wilfried Woeber commented that we need a "known" person
to acquire a license, but the license will be granted to the
organisation, so if the original person leaves or changes position
it's no problem.
(question) Francis Dupont: Will PGP be added to the authentication
mechanisms?
Carol Orange: yes, there will then be 4 mechanisms, but no-one will be
forced to use PGP or any other strong authentication.
(question) Has there been progress in having a referral mechanism in
the database?
Carol Orange: There has been progress in definition but not in
implementation. The RIPE NCC has a lack of programmers, but it's high
on the priority list.
Wilfried Woeber: We're also thinking of offering checksumming and
other security measures, not just authorisation. We're also discussing
authentication- who has access to objects, identification, etc.. But
we have to have something available now.
13. Reports from the WGs
Routing Working Group: Chair- Joachim Schmitz
Current Developments
* RIPE document on Route Flap Damping
-> last call
* RPSL
-> implementation delayed
-> RPSL draft has moved to proposed standard
-> several developments around it
* Security Issues
-> data integrity
-> prevention of accidental/malicious misconfiguration
-> prevention of improper use of address space
Presentations
* IRR Authorisation (Carol Orange)
Scheme for ISPs which routes to trust
Proposal for IRR definition:
"The IRR is a place that reflects what is announced on the
Internet and what is permitted to be announced"
* Using Internet Routing Announcements to identify incorrect IRR data
(Gerald Winters)
-> PAIR http://www.rsng.net/pair
analysis tools
-> Examples of (mis)use of the IRR
-> Definition of the IRR?
Role of the IRR?
Actions
* 29.R1 Gerald Winters, Carol Orange, Joachim Schimtz
Definition of the IRR and an AUP
* 29.R2 RIPE NCC, Carol Orange
Implementation of notification and aut-num authorisation
* 29.R3 RIPE NCC, Carol Orange
Implementation of PGP
14. Next RIPE meetings
Stockholm, Sweden May 18-20
Edinburgh, UK September 23-25
Amsterdam, Netherlands January (no dates set yet)
----------------------------------------------
DNS Working Group: Chair- Ruediger Volk
(discussion) There was further discussion of "jspnrmptgsbssdir" a
Microsoft created DNS confusion. The name "jspnrmptgsbssdir" is
queried regularly from a Windows NT server or workstation running the
Windows NT Remote Access Service. Try creating an entry for
jspnrmptgsbssdir in your zone file.
----------------------------------------------
Netnews Working Group: Chair- Felix Kugler
Report of the RIPE29 Netnews WG meeting
37 attendees
chair: Felix Kugler
scribe: Leigh Porter
1. Review of outstanding actions:
A26.N3 Upgrade servers to Newsbone standards
A27.N2 Newsbone deployment
There has been some progress with both actions. However, the WG
suggest to drop them from the list as they are ongoing items per
definitionem.
A27.N1 Tool Support for non-INN servers
There have been improvements, though not by WG members. This action
will be carried forward.
2. A review of the Netnews-WG
As this WG goes into its 3rd year soon, a short review about the
activities was given.
The WG now focuses aroung three working areas:
- feed topology issues
- server tuning issues
- reliability & QOS
The WG's conception is that it is in no position to really coordinate
News feeds in Europe. Rather it tries to help coordination efforts by
providing information about traffic streams, tools to visualize and
monitor traffic, and a discussion forum. The charter has to be updated
to reflect this change.
A29.N1 Felix Kugler to update charter on WG WWW server
The Newsbone document shall be stripped from unnecessary requirements
which might have prevented some ISPs from joining.
A29.N2 Felix Kugler to update Newsbone document and related WWW pages
3. Presentations and proposals for new projects
- Group list maintenance (Gerhard Winkler):
Use synchronisation with refernce servers where conventional group
maintenance using control messages is not sufficient.
A29.N3 WG to provide information about maintainers and reference servers
A29.N4 Gerhard Winkler to collect data and edit info page
- Article loss measurements (Gerhard Winkler)
Proposal to measure article loss with test articles. Will not be
pursued, use endusers as indicators instead !
- News admins guide - Building and running a news service (Leigh Porter)
Do's and don'ts for qunning backbone News servers.
A29.N5 Leigh Porter to write a "News admins guide"
- Spam on Usenet (Felix Kugler)
Short introduction to Spam in Usenet, differences to email spamming,
countermeasures...
----------------------------------------------
Database Working Group: Chair- Wilfried Woeber
----------------------------------------------
Local IR Working Group: Chair- Mike Norris
http://www.ripe.net/wg/lir/r29-summary.html
----------------------------------------------
Spam BoF: Chair- John Martin, presentation Roderik Muit
(discussion) Antonio-Blasco Bonito noted that in Italy new domains
have to sign a nettiquette agreement, this might be something to
consider for the Spam working group.
----------------------------------------------
TLD Working Group: chair- Niall O'Reilly
(discussion) It was noted that the RIPE NCC will only bootstrap the
new RIPE CENTR and the organisation will become independent as soon as
possible if feasible. The time frame for RIPE NCC involvement is about
1 year.
http://www.ripe.net/wg/tld/summary-29.html
----------------------------------------------
EIX Working Group: chair- Keith Mitchell
----------------------------------------------
MBONE Working Group: chair- Kurt Kayser
http://www.ripe.net/wg/mbone/summary-29.html
----------------------------------------------
IPv6 Working Group: chair- Thomas Trede
----------------------------------------------
15. AOB
There was no other business
16. Closing
Rob thanked the RIPE NCC for doing a great job in organising this
meeting, and thanked everybody for coming.
|
you are here: RIPE -> RIPE Maillists > Archives
