RIPE NCC Services Working Group Minutes - RIPE 77

Wednesday, 17 October 2018, 16:00 - 17:45
Co-Chairs: Kurtis Lindqvist, Bijal Sanghani
Scribe: Pedro Vaz
Status: Draft


A. Administrative Matters - Kurtis Lindqvist

The presentation is available at:
https://ripe77.ripe.net/archives/video/2257/

Kurtis welcomed everyone to their "favourite working group" and reminded everyone to register for the GM.

Hans Petter Holen publicly recognised Jaap Akkerhuis for his years of work as DNS WG chair.

Kurtis thanked the scribe and asked for comments on the minutes from RIPE 76. There were no comments and the minutes were declared approved.

Kurtis ran through the agenda and asked for questions.

There were no questions.

Kurtis gave an update on the co-chair election status, mentioning that Bijal had stepped down and there was a call for volunteers to take her place. There was one volunteer: Bijal. There was support for her to continue as co-chair on the mailing list.

Kurtis encouraged more people to volunteer as WG chair.

B. RIPE NCC Update - Axel Pawlik, RIPE NCC

The presentation is available at:
https://ripe77.ripe.net/archives/video/2258

 There were no questions.

C. RIPE NCC Community Projects Fund - Alastair Strachan, RIPE NCC and Mieke van Heesewijk

The presentation is available at:
https://ripe77.ripe.net/archives/video/2259

Alastair presented the initiative.

Mieke announced the selected projects. These were:

  • Aethra (Columbia University/ UFMG/ Lancaster University)
  • My Data Done Right (Bits of Freedom)
  • Internet Health Report (IIJ/ WIDE/ Waseda University)
  • Open Source RPKI Certificate Authority (NLnet Labs)
  • A condensation-based approach to Anonymise Network Logs (Yarmouk University)

 Jim Reid, rtfm llp, had a comment about last year’s awards. He said that he had some reservations about using Community Projects Fund money to pay for route server instances. He said that this was a good project, but it should come out of a separate pocket of the NCC’s money. Alastair said that other people had voiced similar concerns and the NCC was aware of this.

D. RIPE NCC Operational Update - Felipe Victolla Silveira, RIPE NCC

The presentation is available at:
https://ripe77.ripe.net/archives/video/2260/
https://ripe77.ripe.net/archives/video/2261/

Randy Bush, IIJ, asked about the fraud cases that the RIPE NCC is running into, if it was about small cases of invalid LIRs, or larger situations. Felipe answered that the NCC has been running into both types of fraud but had definitely also found cases of larger-scale fraud attempts.

Elvis Velea, V4Escrow LLC, made a remark about the ticketing systems used by the RIPE NCC. He said that when tickets are opened by emails in the ticketing system and these emails are then forwarded to a third party (a broker, for example), the third party can have access to some potentially private information that is present in the original email. Felipe said he was not aware of this issue, agreed that it is not ideal and that the NCC would check how to prevent this.

Regarding the automation of RIPE NCC procedures, Alexander Isavnin (Internet Protection Society) asked how much the membership fees will decrease after all processes have been automated.

Felipe answered that he didn’t have detailed numbers with him, but that the idea is to measure the time that takes from the moment that a request is submitted up to the moment that it’s completed, and it’s expected that with more automated processes, this time will decrease. Measuring customer satisfaction and the cost per member are activities that are also being carried out.

 Felipe also clarified that the NCC hasn’t just begun this automation process. It has been an ongoing activity for a while already. There has just been a greater focus on it.

Ruediger Volk (Deutsche Telekom) asked if Felipe is also responsible not just for tickets related to request for resources, but also for other process that have more to do with tracking of operations, for example, error reports in the RIPE Database. Ruediger mentioned that the current ticketing system is inadequate for these types of issues.

Felipe answered that the NCC doesn’t use the ticketing system for this type of problem reporting. It ends up in the RIPE Database team’s internal bug tracking system, but that they could look into it and maybe find up a way to make it more transparent.

E. Training Services Credentialing Initiative - Rumy Kanis, RIPE NCC 

The slides are available at:
https://ripe77.ripe.net/archives/video/2262

Erik Bais, A2B Internet, stated his support for the project. 

F. Policy Proposal - Publication of Legal Address of Internet Number Resource Holders - Sara Veronica Marcolla, Europol

The presentation is available at:
https://ripe77.ripe.net/archives/video/2263/

Ruediger Volk mentioned that there are still weak spots in the policy proposal and asked if there will be a new version. He proposed that more specific details on the amendments to the database scheme be made.

Kurtis said that it was a planned decision to start the discussion here but there will be further discussion elsewhere regarding implementation details.

Sara said that there will be a new version of the policy and asked for everyone to send all specific remarks to the mailing list, to be incorporated into the new version.

Erik Bais mentioned that it’s not feasible to list the location of specific LIRs in the RIPE Database. The RIPE NCC already has that information internally, and so has the respective country’s Chamber of Commerce. This is not what the whois has been created for. He also added that with this, Europol is asking the network operators to do Europol’s job. Erik stated that he doesn’t support the policy.

Jim Reid welcomed the fact that there is a dialogue about this and said that it was a pity that it hadn’t taken place before the proposal was made. He mentioned that the concept of ‘address holder’ is vague and not practical. He also said that if the focus is on the whois, then they are looking at the wrong place. The focus should be on the internal NCC database, not to break the whois.

Sara acknowledged that LEAs are very new in the community, so this was useful input.

Raymond Jetten, Elisa Oyj, remarked that the Chambers of Commerce have their own databases. The engineers’ data is located in the whois. The whois has nothing to do with the legal information and user data. Therefore he did not agree with the idea.

Sara said that if the engineers are the only point of contact then the LEAs will have to bother them to get the information they need.

Neofytos Kountardas (Hellenic Police Cybercrime Division) made the remark that there was no mention of ‘child porn’ in the examples of problems of stated in the slides. Sara said that it was contained in the last point.

He said that it was a very good thing to see the policy being discussed. He mentioned that despite all the people here being network operators, 90% of all people in Greece are not, so these policies should be there to protect them.

Alexander Isavnin asked why a country, which is not part of Europe, should do Europol’s job. He said that this type of policy will help Russian police to chase activists and political opposition. He asked why a policy which works in an opposite direction to GDPR should be implemented. Kurtis mentioned that the discussion about the GDPR had been brought to the mailing list already.

Peter Koch, DENIC, asked how the cybercrime examples shown in the slides relate to the whois. Where is the problem statement? He stated that the purpose of the RIPE Database is not in line with what was being discussed here, and that we should step back. He also mentioned that we shouldn’t apply this to legacy resources, in any case.

Randy Bush complimented Sara for starting the dialogue. He stated that adding this burden to the RIPE Database was not going to solve the problem. The RIPE Database is already problematic, adding this will cause more problems.

He said that the real data that the LEAs want is in the RIPE NCC internal database, and that if the LEAs want this data then they need to get a warrant.

 Sara asked if improving the RIPE Database could be an idea to work on.Randy responded that it would be quite difficult. And in any case, Europol’s needs are different to the network operators’ needs.

Jordi Palet, Moremar, thanked Sara for the proposal. He said if that the aim was to have direct access to the RIPE NCC data, then maybe the policy direction should be changed into creating that direct access.

Tahar Schaa, Germany Ministry of Interior, made the remark that Europol should think if they really wanted this, because the policy will apply to Europol as well.

 Juri Bogdanov, IP4MARKET, said that this is a good proposal and that it will make the RIPE Database cleaner. He stated his support for the policy.

 Hans Petter Hollen said that if the technical community made the mess, then it should be the one to clean it up. He mentioned that it is a broken service with inaccurate data because the database is not managed by the RIPE NCC. And that maybe we should take all the incorrect data out and leave the accurate data there.

G. Open Microphone Session 

There were no comments.

 

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum