Database Working Group Minutes RIPE 74

Date: Thursday, 11 May 14:00 - 15:30
WG chairs: William Sylvester, David Hilario, Denis Walker
Scribe: Alex Band
Status: Draft

A. Introduction [5 min]

Welcome, thanking the scribe, approving minutes, etc.

B. Operational Update RIPE Database [10 min]

Tim Bruijnzeels, RIPE NCC

This presentation is available at:
https://ripe74.ripe.net/presentations/143-RIPE-Database-Operational-Update-RIPE-74.pdf

C. Usability Improvements in the RIPE Database Web UI [30 min]

Tim Bruijnzeels, RIPE NCC

This presentation is available at:
https://ripe74.ripe.net/presentations/144-RIPE-Database-Usability-RIPE-74.pdf

D. DB-WG Mailing Challenges and Participation [5 min]

William Sylvester

No slides were used.

E. NWI - Open Proposals [10 mins]

David Hilario

No slides were used.

Piotr Strzyzewski suggests that the chairs contact all authors of the different work items and ask if there are still interested in pursuing the matter. Nick Hilliard fron INEX thinks there is a lot of legitimacy in the many of the proposals. David and Nick agree that they should be brought back to the list one at a time so the working group can look at each individually. Sebastian Wiesinger from Noris Networks remarks that there seems to be consensus on his proposal to add an abuse-c to every inetnum. He would therefore like it to be moved forward.

F. Solving the Unsolvable (recorded with live Q&A) [15 mins]

Denis Walker

This presentation is available at:
https://ripe74.ripe.net/presentations/12-SolvingTheUnsolvableWithAudio.pdf

Brian Nisbet from HEAnet wondered if we were going to do something or whether that was going to disappear into the ether like a lot of the other things that they were talking about.

Randy Bush observed that if nothing gets done, it's really a feature and not a bug. Ruediger Volk agreed with Randy, and added that if you're moving around in thick fog, you might end up in an abyss.

Denis used out-of-region route objects as an example, it was discussed for four RIPE Meetings in a row, and then all of a sudden it was dropped. But if it's still considered to be a problem, let's fix it.

Ruediger replied that you can argue that, in that case, it must not have been a big enough problem.

Denis disagreed and said he thought there were some good solutions on the table but nobody made a decision.

Randy said that this was because there were a significant number of people that didn't think they were good solutions.

Brian commented that he would, for example, love to see abuse-c being pushed forward but a lot of these matters don't get resolved because people are too polite, which might be something that governments and law enforcement watching from the sidelines might not understand. He added that they could try some things now and again.

Randy commended Brian for volunteering to write up a solution for this particular problem.

Brian replied that he was willing to take on that challenge if the Working Group would like that.

G. WHOIS Accuracy and Public Safety, Update

Greg Mounier, Europol

This presentation is available at:
https://ripe74.ripe.net/presentations/148-Presentation-DBWG-RIPE-74-Budapest-EUROPOL-Mounier.pdf

Ruediger Volk, Deutsche Telekom, wondered if Greg worked extensively with the RIPE NCC to see what is possible to get from the RIPE Database.

Greg replied that they are in constant dialogue and in particular with Training Services they are establishing the series of webinars to try to increase the knowledge of how the RIPE Database works for all the investigators, so that they can find the information they want.

Ruediger said he would like Greg to be really specific about his requirements; which attributes and objects in the RIPE Database would he actually need.

Greg summarised that it's really an address for a registered company, the organisation which is providing the last connections to the IP.

Peter Koch from DENIC says that it was his understanding that to actually access the database and do your investigations, there is a trinity of legal grounds that you need. One is that the law enforcement officer can actually legally use it. The second one is that by using it for the purpose you or your colleagues use it, not violating the terms and conditions, and that was clarified by Athina from the RIPE NCC. The third part is the purpose of the database which is documented on the RIPE NCC website, specifically in the RIPE Database documentation section 2.1.1. Law enforcement needs are not explicitly mentioned there at all. The one that comes closest to his requirement is to provide accurate registration information, but the definition of 'accurate' might be different in different communities. In essence, the needs of law enforcement have not been codified and might be difficult to get in place.

Randy replied that the primary purpose of the database is for network operators. Law enforcement is welcome to use it but asking operators to change it for LEA use, which would be a serious change, will seriously affect their community. Randy reiterated that making RIPE Database data more accurate so that it becomes usable for LEA purposes is really difficult.

Greg said he was hoping that maybe his interests would be in line with some of the community members and they would also have an interest in a more accurate Database.

Nick Hilliard, INEX, mentioned using he RIPE Database as a mechanism for obfuscating contact details on an intentional basis. They are aware of this problem, but don't necessarily know how to solve it because within the terms and conditions of the registration information that have to be provided to the RIPE NCC, this is strictly and technically correct. He added that what's really happening is that the end user or intermediates are using this technical correctness in order to hide themselves. Another aspect is Provider Independent (PI) address space. What should be done about LIRs who don't maintain their PI address space, this is an enormous problem has been with them since the beginning of the RIPE Database. Nick added that he doesn't really see any way of fixing this because, to be blunt, if they don't maintain the information accurately, there is very little that the RIPE community or the RIPE NCC can do to beat them into line.

Brian commented that he doesn't like the "us and them" kind of feeling. Network operators have had an increasingly good relationship with the law enforcement community. The Internet has got to a point where the RIPE community cannot just be operators. He said he didn't think they could say "this source of information is for us and not for other group". Detectives have got to detect, that's why they get paid whatever non big bucks they get paid. The scope of the problem is massive, and there is no question there. They are the experts who have to work with law enforcement to try and do this. It's not saying to Greg come back to us if you have a solution.

Randy argued that they can't even make the database be accurate to an email address to which they can get an answer from. Optimistically though, they have already got something much more accurate than our database. He added that somewhere in their culture of law enforcement, you have got people that have run traceroutes to everywhere and mapped the Internet down, so that you know where that address actually is. He added that Greg could develop much better data than they have got; what we have got really sucks.

Greg agreed that people came back several times with the fact that the RIPE Database might not be the right tool for the purpose they have. However, they have to keep in mind that they are law enforcement, not intelligence services. They are working in a very tight legal framework.

Carlos Friacas from FCCN, the Portuguese NREN and also the general assembly Chair for the national CSIRT network in Portugal, said that he saw many things in the database that he doesn't like. He tried to report as many of them as he could, he also doesn't have a proper solution though. But there are tools such as stat.ripe.net that help a lot and anyone can access it.

Randy made a final comment that on the hypothesis that LEAs must have a pretty good database based on actual mapping techniques, then they have a serious advertising problem if law enforcement agencies out in the 'boonies' know how to use WHOIS more than they know how to reach their own data.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum