Skip to main content

RIPE NCC Services Working Group Minutes RIPE 92

Wednesday, 20 May 2026, 14:00-15:30 (UTC+1)

Chairs: Rob Evans, Stefan Wahl, János Zsakó
Scribe: Antony Gollan
Status: Draft

The recordings of the session are available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/

The stenography transcripts are available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/transcript/

1. Welcome

Rob Evans, RIPE NCC Services WG Co-chair, welcomed attendees and ran through the agenda.

2. RIPE NCC Strategy 2027-2031

Hans Petter Holen, RIPE NCC

The presentation is available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/ZCSWAA/

Hans Petter presented the RIPE NCC’s draft five-year strategy for 2027-2031, which had been updated based on feedback from RIPE 91 as well as further internal planning. They had also developed service-level strategies that would guide their work to incorporate the strategy into their yearly Activity Plans. He invited further feedback on the current draft before the document was finalised.

Rob asked if the next step was for the strategy to go to the Board for approval at its upcoming meeting, after which it would be final.

Hans Petter said that was correct. He added that it was important to have a longer-term strategy; they had annual plans and quarterly priorities and it was useful to have a longer term vision of where they wanted to take the organisation. The strategy could always be changed if something dramatic happened, though the new strategy was also not radically different from the previous one.

Brian Nisbet, Asiera, asked if there would be an in-built review point somewhere in the five-year strategy period, and also if there were specific KPIs or measurable goals for the projects and focus areas that would be published.

Hans Petter said they had KPIs for the objectives listed in the service-level strategies, and these would be included in their annual planning and annual reports. The intent was to use existing measurements rather than inventing new ones. On review points, the strategy would effectively be reviewed as part of their planning each year, to check that it was still relevant and see which parts should be prioritised. In theory they could do some sort of halfway review, but they would also have to start developing their next strategy in four years time as well.

3. Rebuilding Our Technical Infrastructure

Hans Petter Holen, RIPE NCC

The presentation is available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/S9GKWB/

Hans Petter Holen explained that while the RIPE NCC’s earlier cloud project had given them useful tools, the rapidly changing geopolitical and operational environment meant that they needed to place greater emphasis on maintaining resilient and independent technical infrastructure. This required additional investment to bring CAPEX up to previous levels and a project to transition to an entirely new infrastructure. This work was expected to run from 2026 to 2028, and they would share more information on this in the future.

Cynthia Revström, Itnord Security Solutions, said she was happy that the RIPE NCC had accepted that the cloud strategy was not the best move. She supported the idea of having another data centre outside of the Netherlands. She also recommended that they be careful when using external parties to design infrastructure. Often they designed something that looked great, but later became difficult to maintain or upgrade.

Hans Petter said that their engineering staff were heavily involved in this work. External specialists were useful because the RIPE NCC was not normally in the business of designing new architecture from scratch, but they also needed to operate and maintain their infrastructure afterwards. On the number of data centres, he had mentioned three in his presentation, but ideally he would like five or more, because this would allow for a more distributed design. However, the cost of doing five or more was not currently in their plans.

Tina Morris, Amazon Web Services (AWS), said she did not mind what strategy the RIPE NCC chose, but wanted to clarify a few points. While AWS was based in the US, they now had a European sovereign cloud and all of the IP addresses used for this were registered with the RIPE NCC. She noted that Hans Petter had mentioned that the RIPE NCC’s cloud deployments were dependent on its own data centre, which meant the architecture was poorly designed. She added that cloud could still be useful for off-site storage, and there were discount programmes available for not-for-profits. Finally, Tina noted that the RIPE NCC was currently recruiting for a CTO position and she hoped they would find someone with innovative thinking who could examine internal processes and improve resilience, regardless of whether cloud services were used.

Hans Petter said one issue the RIPE NCC had encountered in a legal analysis of another SaaS provider was that some platforms could not be used to deliver services to certain countries in the RIPE NCC service region, such as Iran and Syria. The more they could be protected from these kinds of obstacles, the better. He said they would not get rid of all cloud services; as with various SaaS offerings, they would be reviewed when appropriate and there was no rush to drop all of them. The primary goal was to bring core services such as the RIPE Database, RPKI, the LIR Portal and the registry onto infrastructure where the RIPE NCC had greater control.

Randy Bush, IIJ, responding to Tina’s comment, said that the US CLOUD Act allowed the US government to exercise authority over cloud services regardless of where they were being operated.

Hans Petter said that, without singling out any one government, this was a reality the RIPE NCC needed to take into account. It was part of their reason for considering a more distributed infrastructure model. He added that it was becoming increasingly complicated both to hold data for non-EU members within the EU, and to move data from the EU to other regions. This might require the RIPE NCC to start thinking about more radical software re-architecture, even if it made things difficult for their software development team. He also noted that the application deadline for the CTO role was at the end of the month and said there had been strong interest in the position so far.

4. Operational Review of Public ENUM under e164.arpa

Hisham Ibrahim, RIPE NCC

The presentation is available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/YBYU78/

Hisham Ibrahim gave an update on the RIPE NCC’s operational review of Public ENUM within the e164.arpa domain, noting that the scope was limited to public infrastructure and did not include private carrier ENUM. The review highlighted the complex interplay between telephony bodies like the ITU-T and Internet entities including the IETF, IAB, and IANA. Findings indicated that while some zones remained active, many suffered from technical failures, minimal query traffic, or unreachable contacts, with some even showing signs of hijacking. Hisham noted that the ITU-T TSB had issued new interim procedures for unresponsive member states following discussions with the RIPE NCC and IAB. He invited community feedback on these operational risks and potential future directions for the service.

Maximilian Emig, no affiliation, (online) asked if there had been an incident where a private individual hijacked an entire country zone via an expired domain.

Hisham said he believed this had happened on more than one occasion. Some countries were aware of this, but others only found out when contacted by the RIPE NCC.

Cynthia Revström, Itnord Security Solutions, said she felt partially responsible for kicking this off by asking about RDAP support for e164.arpa in July of the previous year. She thought it was worth improving the service by adding RDAP, and cleaning up broken or hijacked delegations. However, this was different from discussions about whether to keep the overall system, and she thought they should avoid conflating the two. She also noted that some countries like Sweden were actively maintaining their delegations.

Hisham said that while the RDAP query had been a factor, this was really about operating the registry and the need for a comprehensive operational review. An earlier review in 2020 had already flagged these issues to the TSB, yet data quality had continued to deteriorate since then. He said the IAB instructions did talk about a periodic review, and given it had been more than five years since the last time, it seemed like time.

Sergey Myasoedov, NetArt Group, asked if the RIPE NCC could improve the service’s value by adopting verification procedures similar to those used for IP resources, such as regular DNS and contact checks.

Hisham said they would need to get instructions from the IAB, as this was not something they could unilaterally decide themselves.

Sergey asked if Hisham could point him to the relevant documentation.

Hisham referred him to his article on RIPE Labs, which had all the relevant links included. He said he could provide them directly if needed.

Jim Reid, no affiliation / longtime ENUM enthusiast, said there was a range of issues that the RIPE NCC had gotten very wrong, starting with its contribution to the ITU-T Study Group 2. This had been sent without first having a discussion within RIPE, which meant that it lacked a clear mandate from the community. Some of the wording in that document was also problematic, as the subtext was that the RIPE NCC was not up to the task of managing this registry and required the ITU’s help. If they wanted to correct outdated contact information for the tier-1 holders, that could’ve been handled via a private letter to the ITU-T secretariat. Some of the documents now circulating contained information that was fundamentally incorrect, and this created space for countries that were hostile to the multi-stakeholder model to exploit this in their arguments. He also noted that the IAB had not been informed prior to the submission. Jim said that while the future of the ENUM registry and the RIPE NCC’s role in this was a valid topic, this discussion should have started within the RIPE community rather than the ITU and he was very disappointed that this had not happened.

Hisham thanked Jim for his critique and for engaging with them prior to the session. He couldn’t address all of his points due to time, but said he looked forward to working with him and with the other member states they had reached out to so they could find the best way forward. Hisham clarified that the RIPE NCC had never proposed closing the service.

Jim Reid said the submission had effectively signaled an intention to close the service by soliciting the ITU’s opinion on the matter.

Marco Hogewoning, speaking in his capacity representing the Netherlands as the holder of the +31 country code and the corresponding e164.arpa delegation, said the Dutch delegation was operated by ISOC Netherlands. He noted that he had been heavily involved in drafting the 2017-2019 instruction set. The poor state of the registry was one of the reasons this work had been undertaken in 2017 and they had added extra clauses that allowed for delegations to be removed. He asked if the process in those instructions had been fully tried, including sending a liaison to Study Group 2. He said that he was still trying to understand where this process was failing. He asked if the RIPE NCC had contacted the 23 currently operational registries and asked about their future plans for their delegations.

Marco continued – regarding the circular, from an ITU member-state perspective, it asked whether e164.arpa services should be stopped. This was a binary yes/no question. However, the Study Group had already made the decision to stop and so this was effectively ‘last call’ to confirm that decision. The default outcome would now be to stop the service unless a substantial number of ITU member states objected and provided a rationale. He said the Netherlands planned to respond, but government processes were lengthy and he was not certain there would be enough time. He asked for the RIPE NCC’s help to build a coalition of member states, particularly those with working delegations, to respond to the ITU and say the service should continue. He also asked for a contingency plan in case the ITU decided to stop its part of the service, so that there would be a safe and soft landing for the zone.

Hisham said he appreciated Marco’s points and the support he had provided, and said the RIPE NCC would follow up with him.

Tobias Fiebig, TU Wien / AS59645, said that, looking at passive DNS data for the delegations, he saw around 100 unique RRsets per month, which was less than his private /48 at home.

Peter Koch, DENIC, said DENIC was a RIPE NCC member and the operator of the +49 country code in ENUM. He said they were not happy with what the RIPE NCC had done here, for the reasons already set out by Jim and Marco. He said this was a serious interference and the Internet governance implications had not been sufficiently addressed. He said the RIPE NCC had effectively asked ITU member states to decide on something that was essentially an Internet service, and it had done this through its ITU sector membership, whereas the registry function should have used the liaison through the IAB. He said this shortcut created political turmoil and set a worrying precedent for future interactions with the ITU. Peter asked the RIPE NCC to publish the submission, since it was not available to those without ITU access, and to ensure that follow-up work was channelled through the appropriate part of the community. He also noted that most operators of the working delegations were in the RIPE NCC service region and had not been consulted in advance, and asked the RIPE NCC to improve on this.

Hisham said the RIPE NCC had published the submission to the ITU on its website, as it does with its consultations and submissions, and that he believed it was linked in the article referred to in the presentation.

Rob closed the discussion by thanking Hisham and saying that the discussion could continue on the mailing list and he was sure the RIPE NCC had heard the points raised.

5. Multiple LIRs, PI and Legacy

Gabor de Wit, RIPE NCC

The presentation is available at:
https://ripe92.ripe.net/programme/meeting-plan/sessions/90/WSJJRR/

Gabor de Wit presented three areas where existing processes and concepts were creating operational complexity for the RIPE NCC: multiple LIR accounts, Provider Independent (PI) resources, and legacy resources. He explained that the purpose of the presentation was to ask the community if these areas should be simplified and whether the RIPE NCC should work with the community to find better solutions. Gabor said the RIPE NCC wanted to increase efficiency, reduce complexity and support due diligence, but stressed that these were complex issues that would require community input and discussion ahead of RIPE 93.

Gert Döring, former Address Policy Working Group Chair, said this was the wrong forum for much of the discussion. Two thirds of these questions belonged in the Address Policy Working Group because they related to community policy. He said the RIPE NCC acted as secretariat and should implement the policies it was given, rather than telling the community to ignore Address Policy because it was expensive.

Hans Petter Holen, RIPE NCC, said these issues had been raised several times over the years, but this argument often prevented them from being discussed at all. He said the topics touched on services, the charging scheme and policy. The RIPE NCC needed to find a way to discuss all of these aspects. He agreed that policy discussions should go to the Address Policy Working Group, but any issues identified around the relationship between policy and the charging scheme should be noted and brought to the appropriate places, including the Board, General Meeting and the RIPE NCC Services Working Group. He said the intention in putting the topic on the agenda here was to start the discussion so they could find a better solution than what they currently had.

Niall O'Reilly, said he wanted to quickly note that four of the co-authors of the the proposal 2012-07, "RIPE NCC Services to Legacy Internet Resource Holders" were currently at the meeting and could help with this. It was clear that this needed to be solved, but various legitimate interests would need to be taken into account.

End of session.