RIPE 46

RIPE Meeting: 46
Working Group: RIPE NCC Services
Status: Final
Revision Number: 1

Working Group: Ripe NCC Services
Chair: Kurt Erik Lindqvist
Scribe: Isabel Pinto Coelho Sena

Agenda:

Slot 1, Tuesday 2/9 14.00-15.30

1. NCC Services WG Charter (Kurtis)
2. RIPE NCC Services Direction (Axel Pawlik)
Service level and activities 2004
3. RIPE NCC Information Services
4. Discussion & input time / Open Mic session

Slot 2, Thursday 4/9 11.00-12.30

5. Presentation on X.509 and certificates (Dirk-Willem van
Gulik).
Discussions around the x.509 implementation of the RIPE NCC
and what other RIRs have done.
6. DNS Services - Modification Plans
7. Proposals from the community
8. Discussion & input time / Open Mic session
X. AOB
Z. Close
________________________________________________________________

1. NCC Services WG Charter

WG Charter presented. No objections were made to it's content.

2. RIPE NCC Services Direction (Axel Pawlik, Managing Director
RIPE
NCC)
Service level and activities 2004

See Axel's presentation at

http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-ncc-services.pdf

Kurtis Lindqvist : Who has read/seen the Member Update?
[~20 people raised their hands]
Kurtis Lindqvist : Who here are Members?
[~60 people raised their hands]

3. RIPE NCC Information Services

See Axel's previous presentation from slide 27 onwards

http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-ncc-services.pdf

4. Discussion & input time / Open Mic session


Kurtis Lindqvist : Are there any questions for Axel?
[No one had questions]

Kurtis Lindqvist : I have one myself: You spoke of the data you have
that can be used to educate journalists, where do you want to push
them, just as a general awareness?

Axel Pawlik (MD RIPE NCC): We want them to know that we are working
well, we want the industry to tell them "do not interfere, they work
well". As an example: name servers

Kurtis Lindqvist: Any other questions?
[None were raised]

Kurtis Lindqvist : please register for the GM

Axel Pawlik : there was a heated discussion on the mailing lists?
None now?
[None responded]

Rob Blokzijl (RIPE Chairman): I'm surprised that there is no one that
is willing to discuss the issues off the mailing-list, so I will bring
up 2 issues that were often discussed. First one is: Whether all these
services that the RIPE NCC offers are needed? I would like also to
point that there was no discussion on whether they are _useful_
however. Then there was the issue of a flat free financial
contribution versus a supermarket scenario? Meaning that one could
pick and choose the services one is willing to pay and have use for.

Wilfried Woeber (Vienna University - ACOnet): I've observed through
the years another organization where the same discussion was going on
for years, started out as a flat free and then some started to object
to this model. In the end, they found the most reasonable solution:
you buy all or nothing. It is difficult to find out which activities
are optional and which mandatory. Individual amount, increasing the
administration overhead that goes along with keeping up with this
supermarket model, this will not come for free... The complexity that
we might inject into the subject is not going to be easy. It also
splits the RIPE Community into 2 / 3 / 4 camps. Copyrighting on
certain Services, making people pay for copies. It will de-stabilise
the RIPE NCC and the Community.

Kurtis Lindqvist: Well, a number of people are questioning the order
and priority of the activities.

Rob Blockzijl (RIPE Chair): I hope that one of the results of having
this WG is to make people remember why certain services were created
in the past, as the NCC did not just came up on a idle afternoon with:
"let's create an activity". The NCC has always listened to the
Community's input. It might not have been clear as to where and when
the decisions were taken, that's why I'm glad we have this WG. Having
it, it is possible to revisit the past and re-evaluate current
services, although it might be more constructive to look at the future
and we can improve.

Kurtis Lindqvist : How many of you have read the Activity Plan?
[~10 max raised their hands]
I'm concerned because some people on the mailing list indicated that
they can not influence the AP, but most here have not read it.

Kurtis Lindqvist : If there are no other questions I'll see you all on
Thursday.

FINISH

NO ACTIONS

_______________________________________________________________

Slot 2, Thursday 4/9 11.00-12.30

5. Presentation on X.509 and certificates (by
Dirk-Willem van Gulik - apache)
Discussions around the x.509 implementation of the RIPE NCC
and what other RIRs have done.
6. DNS Services - Modification Plans (Olaf Kolkman)
7. Proposals from the community
8. Discussion & input time / Open Mic session
X. AOB
Z. Close

________________________________________________________________

5. Presentation on X.509 and certificates (by
Dirk-Willem van Gulik - apache)
Discussions around the x.509 implementation of the RIPE NCC
and what other RIRs have done.

Kurtis Lindqvist: As there were quite a lot of questions on the
mailing list about X.509, we will have a presentation about it and
also invite the other RIRs to explain what they are doing in their
region. Also, at the last session I forgot to mention that we might
require a co-chair, as it is mentioned in the charter.

Dirk-Willem van Gulik: This presentation focuses mainly on the issue
of trust, not as much on the technical aspects of X.509

http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-pki-x509.pdf

Kurtis Lindqvist : any questions ?
[None]

Presentation by Andrei Robachevsky, Chief Technical Officer, Ripe NCC

"PKI development at the RIPE NCC"
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-pki.pdf

Kurtis Lindqvist: any questions?

Taiji Kimura from JPNIC: are there plans for non-repudiation of the
query, validate queries to the DB?

Andrei Robachevsky : no, this is not about the DB itself, but more
about correspondence with the NCC.

Wilfried Woeber (DB WG Chair): We have been discussing whether we want
to introduce a system to tag objects in the DB with the auth method
that was used for the last update of the object. This is an idea that
we have been playing with, if the community wants this, then please
come forward with a plan.

Wilfried Woeber: About integrating a Certification Authority across
RIRs, I would recommend to first try it in our region, find out if it
works well. I'm not a fan of having hierarchy in the trust
model. Individual registries should do it in their region, then we
find out what we need to cross the borders. I would not like RIRs to
all go to Verisign for instance.

Janos Zsako (RIPE NCC Executive Board): about message signing, we live
with the assumptions that the db is in a secure server, so whether
after the modification/update with PKI the data is still stable is
questionable. We can store the update method, again assuming that the
db cannot be corrupted in the mean time. So we need a system that
verifies that the db has not been corrupted.

Kurtis Lindqvist: in conclusion, issue is if queries and/or DB entries
must be signed, and whether the content of the DB is secure, but this
is maybe more a topic for the DB WG.

ARIN - Ginny Listman:

http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-arin-x509.pdf

APNIC - Anne Lord: we are doing the same as Ripe NCC, issuing
certificates for our equivalent of the LIR Portal, MyApnic. We have
issued 500 certificates so far.

LACNIC Raul Echeberria: we would like to implement a certification
system before 2004. Right now we are still working on the budget that
would be needed for it.

Kurtis Lindqvist: Thank you all.

6. DNS Services - Modification Plans (Olaf Kolkman)

http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-
nccserv-rdns.pdf

Kurtis Lindqvist : I like the idea, any questions ?
[None]

7. Proposals from the community
8. Discussion & input time / Open Mic session

Kurtis Lindqvist: Now we have the open mike session: floor is open. In
future sessions I would like to have people's presentations or
proposals in writing on the mailing list before they are presented at
RIPE Meetings

Hank Nussbacher (IUCC): I have been asked by many people to speak up
during this WG as I have sent some emails to the mailing list. My view
is that a lot of the members had their budget cut and the NNC has not
had their budget cut in the same fashion. We are apathetic, 2250 euro
is not that much to warrant that people can spend 250 euro/1 hour of
their time on the mailing list. There are many good things in the NCC:
DB group is the world leader. But to evaluate how the NCC is spending
their money we need a more transparent Activity Plan. For instance for
the trainings, they are free of charge. I would like to know the
budget and man-power needed for these free trainings. Instead, it's
budget is incorporated in the RS budget, there is no way to know how
much of that is used for the trainings, there is no break-down of the
costs. The TTM group, IRT - there has been nothing mentioned about it
at this meeting BTW - there is nothing about it in the AP, therefore
we do not know the manpower and budget it needs, the only way to know
for the membership is to have a break-down and it does not exist. 10
to 20 people have responded to my mails, which is not really enough to
know what the majority of the community thinks about these issues.

Kurtis Lindqvist : yes, people do not care, like we saw at the last
session on Tuesday, that only a handful read the AP. I guess the
majority is happy, but that is difficult to double-check, people do
not go on the mailing list only to say that they are happy. Next year
at the RIPE Meeting in May, the NCC will give more insight on the
budget & AP and there will be more time for comment before the Annual
Meeting 3 months later.

Axel Pawlik: The level of detail we give in the financial report,
question is: how deep should we go into detail? For the trainings yes,
not so difficult. I will work together with the Board to see what we
can adapt. And I would like to clarify that the IRT is not really an
incident response team, it is not a separate team as such. It is an
activity.

Hank Nussbacher : let's say that the TTM group costs a 300.000
euros/year, but we can get the same service from a commercial
company. Why not do a market survey before introducing a new activity?

Axel Pawlik: About the TTM, there is a lot of info about it in the AP.

Daniel Karrenberg: I worry because of economic problems. Training, if
the membership wants more transparency, OK, but whether it is really
necessary? Why train New LIRs, what do I care? As one of the persons
who started with these trainings, I would like to clarify that they
are not done only for the benefit of the trainee, but to the whole
community as well. Creating a well oiled community. The better things
work, the less interaction at the NCC. Also, the NCC would not be as
accepted without trainings. For many people, it is only by attending
the courses that they understand and accept the NCC's role. Just
looking at it from a financial point of view, if you do that too much,
you might risk the NCC as a whole organisation. You want and need the
NCC to be more stable than the rest of the members. The impact of the
NCC crumbling is a whole lot different. I also would like to remind
people that one of the ways for us to ensure impartiality and
neutrality is by hiring international staff, this is expensive. Were
we to be driven only by financials, we would not hire from Turkey or
Africa. Yes, lets have a look at the financials, but lets us not be
driven by it. Because it might be good for today, but not for
tomorrow.

Kurtis Lindqvist: I agree, but showing the members the budget is not
saying that you are doing things bad. There are 2 issues:
1) transparency on costs and
2) evaluation of activities and how they benefit the community.

Hank Nussbacher: Some services are excellent. But whether it benefits
the community that someone goes to all the ICANN Meetings, it is
needed, but the members might think it is not. In the same way that
the Membership would live, accept to still have mail-from auth, but we
have it better.

Kurt Kayser (N-IX Nurnberg Internet eXchange) : About the trainings, a
while back I proposed to find partners in countries, we could offer
the service to train people in German, since we are very familiar with
all the policies & procedures. But I never heard anything about this
from the NCC.

Axel Pawlik : We are looking at better ways of doing our
trainings. People like our trainings but it does not scale, your
proposal does scale. But how do we do it, how is that training
standardised, do we need to certify trainers ??? But we are definitely
looking at it.

Daniel Bovio (RIPE NCC Board): Hank said that the "silent majority" do
not care to show up at meetings, or communicate on the
mailing-list. This is a problem, they do not know what the activities
are. We, the RIPE Community, have always been the main source for
ideas to the NCC and their activities. The Board needs to go on with
these activities anyway, try to involve members, find out what they
want, the survey was good in this respect. This group is the main
source of the main ideas, there is a vast group that don't care,
others do and those end up leading were the ship is going. We do not
get enough feedback.

Kurtis: Thank you all for coming

FINISH

NO ACTIONS