Cooperation Working Group Minutes RIPE 73

Thursday, 27 October, 10:00-11:30
WG co-Chairs: Johan (Julf) Helsingius and Achilleas Kemos
Scribe: Gergana Petrova
Status: Final

The two new chairs began the session by introducing themselves to the crowd. Julf is Chairman of the board of BaseN, an IRT organisation and also sits on the GNSO Council of ICANN. He explained that now that the IANA transition is completed, the work around accountability is just beginning and there are many details to work out for all the Working Groups on Work Stream 2.

Cybersecurity Due Diligence - an ISP Perspective

Joanna Kulesza, University of Lodz, PL

The presentation is available at:
https://ripe73.ripe.net/presentations/24-kulesza-RIPE-Template.pdf

Jim Reed commented that critical national infrastructure in the Internet context is difficult to identify, due to the large amount of actors involved and the variety of ways in which they interact. It is difficult to explain to policy makers that key pieces of software, which are often open source, such as open SSL libraries (which underpin everything like certificate handling and secure DNS) are also critical national infrastructure. People who are not technical experts can see why a gas pipeline or the electricity grid are critical, while the Internet infrastructure is much more complicated to grasp. A good example of that was the attack on Dyn, the DNS provider. Did it have any impact on national infrastructure? Who would know? How would it be explained?

Joanna agreed with Jim that the list of what constitutes critical infrastructure is not set in stone. However, when the EU NIS directive was discussed, it was in the best interests of businesses to have their business outside the directive's obligations. So businesses would have liked to see as few new elements included as possible. It should be up to the technical experts to tell governments what the critical Internet infrastructure is.

Joanna explained that due diligence is not about successfully preventing the attack, but about doing everything you can to prevent it. If the technical community declares that the affected party could not have done anything to prevent the attack, they would not be liable. The same way a doctor operating on a patient would not be liable if something goes wrong if they did everything they could, if they acted with due diligence. However, if there was something more the doctor could have done and he didn't, then number of legal questions can be asked.

In other words, while critical Internet infrastructure is a very broad term, it might not be best to include every Internet-related element under this umbrella, since every element includes particular obligations, which have financial consequence. The question that the European Commission had in mind when they made the term very broad was: Where is the money going to be taken from to make sure that the Internet infrastructure is secure?

Related to the Dyn incident, the people with technical expertise need to say if this accident could have been expected and prevented, and if not then nobody can be held liable.

Alex Smirnov, The Open Network Association (remote participant) commented that if people are supposed to provide efforts, instead of results, the result would not be good. If we want good results, we need something that can be measured or evaluated.

Joanna answered that she believes judges would love such an approach. She explained that in different sectors they know you can't prevent everything and can't be 100% secure. The question is how secure you want to be and what you want others to do to achieve that level of security. And of course, there is a certain level of uncertainty or ineffectiveness that has to be calculated into the risk.

EU 5G Action Plan

Achilleas Kemos, European Commission

The presentation is available at:
https://ripe73.ripe.net/presentations/161-2016-10-27-RIPE73-v2.pptx

Tahar Schaa, Cassini, German Ministry of Interior, speaking on his own behalf expressed surprise about the focus on 5G. The further in the broadband wireless technology, the nearer the cells are and the smaller they get. To enroll 5G to get the EU connected there needs to be a huge optical network to connect all the cells. If one has the fibre connectivity for such a huge amount of little cells, then technology on the last mile doesn't matter much. From Tahar's perspective, to get Europe connected, there needs to be a backbone of connectivity in fibre, instead of a focus on the last mile – 5G.

Achilleas agreed with the need of an optical backbone and explained that it is part of the EU's plans. The optical backbone and 5G compliment each other. The EU has taken a collaborative approach and has linked with industries to identify needs, markets and prospects for this technology.

Lousewies van der Laan, ICANN Board, commented on her own behalf, that she assumed that the European Commission consulted quite broadly before launching this programme and that the programme still being discussed in the Council. She asked where these discussions are heading, what the contentious issues are and which countries or political parties are expected to throw obstacles or blockages?

Achilleas explained that this project is a communication to the other institutions, rather than regulation, which has to be voted on, which makes it less of a conflict. Before launching the 5G action plan this summer there was a public-private partnership consultation. Achilleas shared that his experience of working with the RIPE community has led to good results in the area of Internet of Things (IoT). This lead him to think that the RIPE community would be interested in following the 5G developments as well and the effects this technology would have on network management.

IPv6 and Government Update

Jordi Palet Martinez, Consulintel - Spain, Ecador, Colombia, Tahar Schaa, Cassini – Germany, Andrea Chima, RIPE NCC

The presentation is available at:
https://ripe73.ripe.net/presentations/159-RIPE73-coop-ipv6.pdf

Andrea Cima, RIPE NCC, presented, without slides, the perspective of RIPE NCC's Registration Services (RS) department, which is on the receiving end of government requests. The department evaluates the requests for IPv6 and makes sure that the requirements of the public administrations match the policies that are set in place by the RIPE community. Those types of requests are quite different from the ones that the department receives from ISPs, which provide Internet service to people at home. Governments have additional layers of hierarchy and additional layers of security, which has been a big learning experience for RS. The public administration, together with the private sector, has been working together to change the existing policy, so that their needs can be taken into consideration in an easier way.

Andrea added that apart from this, the RS think they can do more to support governments. They plan to try to be in touch with governments at an earlier stage before a formal request is received in order to help the governments or the public administration calculate how much address space they need, they can justify, what kind of documentation is needed. This way, once the request is submitted, it can be dealt with in a much smoother way.

Marco Hogewoning, RIPE NCC asked if routing issues play a role in the Spanish government.

Jordi responded that in some countries, such as Germany, there is a strict routing policy: all the traffic needs to be aggregated in one connection or have multihoming in different locations. Usually the bigger the country, the more aggregation is required and the stricter routing regulation is. In smaller countries, there is no government or public administration network, but in some cases, there is a network for the research and education sector. These countries may need a single prefix from the RIPE NCC, but need to be more relaxed in the disaggregation of the routing, which is not recommended in IPv6.

Maria Hall, Swedish University Network, asked if there are any collaborations between governments and academia in Germany.

Tahar answered that, from the perspective of the authorities in Germany, academia is an ISP, an DFN network. It is not seen as an internal governmental network and it doesn't have such strict rules. This is why it is easier for academia to deploy IPv6, while governments are slower due to their strict regulations and requirements.

Jordi added that in Spain the National Research Education network has been supporting IPv6 for a long time. Sarah, the public administration, are two different interconnected networks. In terms of public money, Jordi encourages governments to look into syncing their infrastructure. He clarified that doesn't mean that all the traffic should be the same in both networks and that both networks could have different security measures.

Alexander Isavnin, the open Net, commented that this panel is a good example of accountability. He thanked the panellists and encouraged more governments to report to the RIPE community in future.

Carlos Friacas, Foundation of Science and Technology Portugal, asked whether it is more beneficial for all government to be under the same prefix or should several ministries become LIRs and have separate prefixes.

Jordi responded that supporting one infrastructure is cheaper and doesn't reduce the autonomy of each institution, which are the main concerns for governments. The different ministries can still have their own ISPs, if necessary, and disaggregate the big prefix in small chunks.

Tahar responded that a country has to take care about security in a completely different way than a company. German authorities are facing abuse of unannounced addresses. Having separate prefixes and separate LIRs for different authorities might hinder the security of the address space and would make routing be much more complicated. For Germany, it is wise to use one aggregated prefix. It also makes it easier to identify public administration in Germany.

Marco asked Andrea about his opinion on this question and if there is a difference between running one big LIR or a few small ones?

Andrea answered that some governments have only one LIR and others - several. However, especially with IPv6, there is a tendency by public administrations to get one large aggregated block.

RIPE NCC Update - Chris Buckridge, RIPE NCC


The presentation is available at:
https://ripe73.ripe.net/presentations/156-Buckrdge-CoopWG-73.key

Steve Nash, Arbor Networks, commented that the week before the RIPE Meeting, a lot of IoT things were put on the Internet highway that were completely unfit for purpose. He suggested that the ITU might be a good platform to provide minimum international standards for what devices can be connected to the Internet.

Chris responded that security issues and security incidents are central to the IoT discussion and to the interests that many governments have. The issue would be discussed at the BoF session this evening.

Jaap Akkerhuis, NLnet Labs added a comment about the domain discussion in the ITU. The people who wrote Resolution 47 did not have technical expertise. When they refer to ISO 3166, they completely misinterpret what this standard means. He encouraged people to talk to him during the coffee break if they would like to learn more.

Chris mentioned that there is nothing in the ITU resolutions that is immediately concerning or urgent.

Alexander voiced a concern that there is nobody at the ITU who can report back to the RIPE community. He encouraged the RIPE NCC to organise more activities to present to the RIPE community what is happening there.

Chris responded that the RIPE community should be less concerned about the ITU than about the ecosystem, the many different governments, around it. The RIPE NCC has some involvement in the ITU global discussions and sends representatives to Study Group 20, gets involved in the CEPT discussions (the European coordination group of countries) and is going to get more involved with the RCC and the Arab countries, where it has a number of connections.

Julf added that this is also one of the reasons for the existence of the Cooperation WG.

Alexander added that he also has contacts with representatives of the ITU and commented that the RIPE community could try to have an effect on ITU discussions.

Paul Rendeck, RIPE NCC, added that for the transport layer, the issue of IoT is very interesting to the RIPE community. People are trying to figure out who the main IoT players are and where the discussion is going to take place. Different actors such as the IETF, the IEEE, even the ITU, participate in the discussion. The ITU has become quite loud, wanting to be an all-compassing body where all IoT discussions, on standards or anything else, take place. Unless there are discussions taking place elsewhere, like in the RIPE community for instance, member states don't have any other option but to put their focus on what's happening in the ITU. Paul expressed his hope that the RIPE community will find its role in leading or being part of the IoT discussion and debate. RIPE NCC follows the discussions around IoT at the ITU quite closely and will keep the community informed.

Jim added that information exchange is an important part of the work that RIPE NCC does with the ITU, especially reporting back to the RIPE community. It's also very important to have people with a good degree of understanding of how things work in the Internet to try and explain that and articulate that to the people inside Study Group 20 and other ITU study groups. This way ill-informed ideas can be contained in their birth. This is a job not only for the RIPE NCC, but for the entire RIPE community.

Chris added that Study Group 20 is not composed only of member states, but includes a lot of technical experts from the IoT industry. However, there aren't many connections between the IoT industry and the more traditional Internet industry.

Achielleas concluded that IoT should also be an agenda point for the next Cooperation WG.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum