Cooperation Working Group Minutes RIPE 74

Thursday, 11 May, 10:00-11:30
WG co-Chairs: Johan (Julf) Helsingius and Achilleas Kemos
Scribe: Gergana Petrova
Status: Draft

The two chairs welcomed attendees to the session. They thanked Chris Buckridge who signaled to the Working Group the work that Europol has been doing on carrier graded network address translation – the first talk.


CGN and Online Crime Attribution

Gregory Mounier, Europol

The presentation is available at:
https://ripe74.ripe.net/wp-content/uploads/presentations/125-CGN-presentation-Greg-Mounier-EC3-RIPE-74-Budapest.pdf

Achilleas informed the audience that in January 2017 Europol sent a discussion paper to the EU Council and organised a meeting of European law enforcement cybercrime specialists. He presented a question written by John Stuart Agnew, a member of the European Parliament, a member of EFDD (Europe for Freedom and Direct Democracy) and a member of UKIP in the UK. The question: “Does the Commission agree that restricting the continued use of CGN, simply on the grounds that Europol finds it inconvenient to monitor, is a retrograde step and an unacceptable interference with the current commercial practice and freedom of technical choice”. Achilleas will inform the Cooperation WG once the answer from the commissioner is made public.

Alain Durand, ICANN and author of RFC 6302, commented that in the late 80s and mid‑90s 2000 people accessed the Internet through the same IP address on university servers, posing the same problem Europol is facing now. Secondly, Alain predicted that IPv6 wouldn't solve law enforcement's problem of attribution, because most of the time people deploying IPv6-only use carrier grade NAT (CGN) to talk to the rest of the world still using IPv4. In addition, some new technologies (Quick from Google or multiple address TCP from Apple or some of the other multi‑homing techniques) allow users to hop from IP address to IP address. Therefore, attribution by IP address is going to be less relevant in the future. Alain encouraged law enforcement to find other ways to identify people and in the meantime push for people to log the port number.

Joseph Provo, Google, speaking for himself, observed that, having run a facilities-based network in the US, one of the problems of enforcing a ratio, is that the IPv4 space is an active market space. Instead of cost avoidance from law enforcement it is a cost-shift towards providers. In the US carriers would be reimbursed for expenses made purely to assist law enforcement. This precedent might be relevant for non‑physical assets like IPv4 when required to it maintain a strict user-ratio.

Jan Zorz, ISOC, replied that even if Alain believes that law enforcement's problem will worsen with IPv6, everybody else will benefit. He asked why the IPv6 adoption in Belgium is above 50%.

Hisham Ibrahim, RIPE NCC, informed the audience that at least three governments in the Middle East are pushing for less CGN, as a result of the Europol discussion paper mentioned by Achilleas. He added that even though Europol focuses on Europe, the Internet is a network of networks, so this document has a positive effect beyond Europe. Government discussed with operators that the CGN boxes are becoming better at keeping logs, so attribution may not be an issue.

Jordi Palet, Consulintel, recommended that the EU Commission put a deadline for using CGN, since the technology is bad for law enforcement and for users, who are getting a restricted Internet.


Digital Object Architecture

Alain Durand, ICANN

The presentation is available at:
https://ripe74.ripe.net/wp-content/uploads/presentations/120-DOA-RIPE74.pdf

Julf commented that in the '80s there was a decent working Internet protocol and the ITU tried to replace it. Julf was involved with EU Internet at the time. Daniel Karrenberg produced a wonderful transition document about migrating to X 400, which nobody was going to touch.

Peter Koch, DENIC, added that the late victory of X 400 looks very much like it. He asked how big DONA is, who they are, if he can join and work on the standards. Alain responded he will try to find out. Peter asked if there is no documented membership. Alain answered that from an external observer DONA looks opaque. Peter added that the website is similarly opaque - one can only look at the bylaws and statues. Alain commented that indeed one can read the statutes, by‑laws and meetings minutes, but not how to participate. He understood that one can participate if invited by a director to replace another director or if one is an MPA. But how one becomes an MPA is not very clear. However, the DONA foundation is a new organization, which started a year‑and‑a‑half ago. With the current state of the technology this structure might be adequate. If this technology takes off, the structure doesn't have to remain the same, there might be a push to open it up.




ITU's IoT Activities

Marco Hogewoning, RIPE NCC  

The presentation is available at:
https://ripe74.ripe.net/wp-content/uploads/presentations/127-RIPE74-COOP-MH_Updated.pdf

Chris Buckridge, RIPE NCC, read a comment from the chat room asking Alain if he concurred with Marco's description of DOA as snake oil.

Alain answered that while he doesn't know what snake oil is one cannot say the DOA is a standard because it has not been standardised anywhere. 

Chris Buckridge, RIPE NCC, speaking on his own behalf, offered a broader context of what is going in the ITU. The ITU cycles happen in different structures. There are important meetings each year. Different cycles work differently. Next year is the next Plenipotentiary, a very high level meeting of the ITU, which sets direction. Chris added that a return to the topic at the heart of the WSIS process in 2012 is looking at getting International Telecommunications Regulations (ITRs) off the ground. A document in 2012 caused controversy by trying to revise those regulations, and breaking consensus, since a significant number of ITU Member States declined to sign those regulations. The ITU is trying to remedy that through an expert group trying to reach a compromise. This work is also building towards the discussion at the Plenipotentiary. RIPE NCC will be following that and updating the Cooperation WG on that. 

Chris added that in Europe this year there are a couple of significant Internet governance events. EuroDIG, the European IGF is taking place on 6-7 June in Tallinn. It would it the 10th such event and will look at issues such as IoT and cyber security, particularly significant given Estonia's strong cyber security culture. The global IGF (Internet Governance Forum) will take place the week before Christmas in Geneva, allowing RIPE Community members to attend an Internet governance discussion without travelling far away. RIPE NCC is trying to get the operational community involved in these discussions. In the coming weeks, they will have the first Internet Governance webinars. Holding the the week proceeding EuroDIG and IGF hopes to introduce people to Internet governance, how to get involved, the hot topics and how these topics are directly relevant to the interests of operators, ISPs and others in the technical community. Over 60 people registered within 48 hours of announcing the first webinar. Chris urged audience members to talk to him or look at ripe.net for more information.

Constanze Buerger, Federal Ministry of Interior, Germany, supported Chris's suggestion. She added that people in different countries and companies code differently. The technical community is less represented in the Internet governance field and should raise their issues and ideas.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum