RIPE 65 - RIPE NCC Services Working Group
Scribe: Rob Allen
WG co-Chairs: Bijal Sanghani, Kurtis Lindqvist
Wednesday, 26 September 2012, 16:00-17:30
A. Administrative Matters
Kurtis Lindqvist, WG co-Chair, opened the meeting at 16:03 and ran through the administrative items. The minutes of the last meeting were formally approved.
B. Arbiters Update
- David Kessens, Nokia Siemens Networks
The presentation is available at:
Samuel Weiler, SPARTA, noted that he was delighted to see that the issue of the allocation incident from a year ago was being taken up. He added that he thought that the process was not handled correctly.
David Kessens replied that in this context he was simply performing a bureaucratic role in relation to an arbitration request. He added that in this particular case the job of the arbiters has been done. He noted that the question is what the community wants to do in relation to this. He suggested that one of the RIPE NCC’s Senior Management could comment.
Axel Pawlik, RIPE NCC, noted that the question here was what the community wanted. He added that when this occurred a year ago he informed the community that he retracted the particular request because it was clear that the way it went was not appreciated.
C. Report from RIPE NCC
- Axel Pawlik, RIPE NCC
The presentation is available at:
Andy Davidson, 2Connect and LONAP, asked what the expected cost and benefit would be for auditing all of the RIPE NCC members over the next three years.
Axel replied that the benefit is keeping the registry up to date and reliable. He noted that costs would be discussed in the RIPE NCC General Meeting. He added that he didn’t expect this activity to cause any extra cost. Axel explained that the allocation of IPv4 address space was decreasing a little bit and this was where the potential problem was due to the fact that the RIPE NCC didn’t interact with members that frequently.
Andy Davidson noted that from his point of view as a Local Internet Registry (LIR), audits were time-consuming and expensive. He added that he thought it must be time consuming and expensive for the RIPE NCC as well and thus also expensive for members. He noted that he didn’t see the benefit as IPv4 would still run out. He added that he didn’t think these audits were the best use of time and recommended that the RIPE NCC rethink the idea.
Axel replied that the focus of audits would move from preserving address space to assuring that we knew where address space was being used. He added that the RIPE NCC was looking at ways of having audits that were similar in level of quality but involved less intrusive work on both sides.
Andy replied that he thought that maybe this was an idea that needed future discussion before it was put into action.
Axel agreed with this.
Shane Kerr, ISC, stated that he had noticed a lot of new activities at the RIPE NCC that were being tagged as member-only services. He added that, as far as he was concerned, it was not logical to tag a lot of these activities as member-only services and that this prevented organisations such as the one he is working for from accessing these services.
He stated that he doesn’t like this new direction and wanted to suggest that, in most cases, where it didn’t cost any more money to make a service public, it should be made public. He added that he thought that there were services that made sense as member-only services and that this was also applicable where there were privacy or contractual constraints. He noted that as his organisation was not a member and not paying a membership fee he was just offering advice that could be ignored. But he added that he thought that given the RIPE NCC’s mission of being a registry run for the good of the Internet, especially in this region, it was the right thing to do to make the RIPE NCC’s services available for everyone.
Axel thanked Shane for the comment and noted that the RIPE NCC was aware of this and was trying to strike a balance between making some services available generally but also having some features that were appropriate just for members. He added that finding the balance was the interesting question and that he took Shane’s points on board. He stated that this was a process the RIPE NCC needed to engage with and that the RIPE NCC needed to hear what members and non-members were saying here.
Shane replied that when he was watching Axel’s presentation he noticed some new services that were going to be made member only. He noted that he thought that this had happened with no discussion either with the community or the members and that the RIPE NCC management had made the decision to make certain services member-only. He added that he thought it would have been better to have checked first.
Axel replied that the decision has been made that the RIPE NCC wants to have a number of services or service variations that were member only. He added that this was a general strategic direction that was presented earlier. He noted that the extent to which the RIPE NCC does this for any particular service will depend on what the community and members tell the RIPE NCC.
Shane noted that the RIPE NCC didn’t ask about this.
Gert Doering, SpaceNet AG, noted that there was something in one of the slides that Axel went over quickly which he wanted to discuss. He added that this was to do with RPKI, PI holders and ERX holders and the idea of making them all members. He acknowledged that there were different views on this but noted that he didn’t think it was a good idea to bring in 40,000 or 50,000 new members because it would generate too much paperwork for the RIPE NCC’s accountants.
Axel replied that he thought the members would be happy with the prices dropping in general.
Gert replied that he didn’t think the members would be happy as there would be 50,000 new members who were used to paying 50 EUR per year who would now have to pay 500 EUR per year. He added that looking at what the RIPE NCC did with ERX holders, it might be a good idea to consider whether what the RIPE NCC is considering doing here is good for the community and good for the RIPE NCC as a whole. He noted that with the ERX holders, the RIPE NCC made a horrible mess and this resulted in a lot of alienated address holders. He added that the RIPE NCC should not repeat this mistake with PI holders. He urged the RIPE NCC to think about this and to bring it to the Working Groups and get the members to voice their opinions on this issue.
Axel replied that this was the current position but that the RIPE NCC was listening.
Randy Bush, IIJ, noted that according to the RIPE NCC process, PI holders are in control of their whois data and that there is a MAINTAINER for that. He added that when the RIPE NCC issues a certificate, it was not attesting to somebody's identity but was merely saying that somebody who had a private key that matched the public key was in control of that address space. He noted that in the whois data, there was a MAINTAINER object and that was really very close to a public key. He explained that the private key was the BGP key or whatever the password that was used to authenticate against that MAINTAINER. He added that this meant that the RIPE NCC had, and was currently exercising, the relationship to the PI holder. He noted that there was nothing structurally in the RPKI CPCS that said that the RIPE NCC did not have a sufficient relationship to issue a certificate. He added that, as a result, the tens of thousands of PI holders would see that red box [in Axel’s presentation, slide 25] as coercing and extorting money from them.
Axel replied that he heard these concerns.
Erik Bais, A2B Internet, noted that there was a sufficient paper trail that the RIPE NCC had through a sponsoring LIR or directly to provide services like RPKI without forcing PI holders into becoming members. He noted that he thought that this would be a very bad idea.
Axel thanked him for his comment.
Wilfried Woeber, UniVie / ACOnet / VIX, noted he was speaking as both an LIR manager and from an organisation that held legacy space. He stated that this discussion of PI space reminded him of the Vienna RIPE Meeting where some stuff came out of the blue with no prior discussion and not enough supporting documentation. He added that, from his perspective, this read like a very high-level management summary, which was not sufficient to discuss the real issue. He stated that he thought this was leading towards another mismatch of procedures being developed, such as having ERX holders capable of signing up with a sponsoring LIR like PI holders and others could. He added that if any of these groups saw the box [in Axel’s presentation, slide 25], they would either conclude that the RIPE community was stupid, or the RIPE NCC was stupid. He noted that he didn’t like either of these alternatives and that before the RIPE NCC set anything in stone and made things public without supporting documentation, he urged them to go to the working groups and the mailing lists to collect their feedback and use this to brief the RIPE NCC management before making any public statements.
Axel said he agreed with this and noted that was why he was presenting this and talking about it at the meeting. He added that this was just current thinking and that there was still not even policy in place for PI or certificates.
Wilfried noted that care was needed as Axel’s slides would be going up on the public website which meant that this was not only a discussion but also a public statement.
Hans Petter Holen, Visma, noted that, as far as he was concerned from his experience of the commercial world, if he wanted a service, he expected to pay for it. He noted that if there was disagreement on this then there was a fundamental problem. He added that the question was about how much should be paid and how the relationship should be made to make payment possible. He stated that there were lots of other certificates available for useful and not so useful purposes. He noted that this meant that was a market price for having someone sign a digital certificate that gives some legal value in transactions with banks, e-commerce etc. He added that it was possible to figure out what the fair market price for this service would be. He noted that if you didn’t want the service from the RIPE NCC you could get someone else to sign the certificate for you but that whether that had a practical value for the address holder was a completely different question. He added that he didn’t think there was a problem with putting a price on the service but that the key question was whether the price was fair.
Sander Steffan, SJM Steffann, noted that he agreed with Shane and that when he looked at the presentation especially in terms of offering services to non-members, he had the feeling that the RIPE NCC was becoming a more and more commercial entity instead of a member-based association. He added that he was afraid by this. He noted that the RIPE NCC was made to serve the Internet community and he hoped that this would be kept in mind.
Axel replied that this was what the RIPE NCC wanted to continue to do. He added that the key was to the find the right balance with the help of the members and the community.
D. IP Analyser
- Alex Band, RIPE NCC
The presentation is available at:
Nina Hjorth Bargisen, TDC A/S, noted that she wanted to congratulate the RIPE NCC on doing what she asked for at the last RIPE Meeting and that applause was in order. She noted that from the testing that she had been doing, the system could even deal with her numbers of invalids and registrations and small amounts of free space. She added that she thought the RIPE NCC had done a great job on scaling and getting the data out of the system fast. She noted that she really appreciated that as well as the fact that the system offers text for people like her who like that but also fancier formats for people who would prefer it. She noted that she had a question about one of the potential improvements that Alex mentioned in his slides and whether this improvement was worth the effort. She noted that while the increased integration into the database with updates might be a good thing for a very small LIR, it might be better for small LIRs to have their registration integrated into their provisioning tools instead of them having to work in two systems. She added that it might be a good idea to look at ways for interfacing people’s tools instead of having fancy web applications.
Alex thanked her for her comments.
Tore Anderson, Redpill Linpro AS, asked whether the RIPE NCC had considered a public and unauthenticated version of the IP Analyser that would show the same information as ASused would for any arbitrary LIR.
Alex replied that the RIPE NCC had not considered this but that it was something they could think about. He added that the current thinking was that when, eventually, the IP Analyser eventually contained all of the information that you could possibly get, then the RIPE NCC would deprecated ASused as it would no longer serve a purpose. He noted that he would have to think about the particular use case suggested by Tore Anderson. He added that there were only a limited amount of resources available for this but that in the next few weeks a couple of the features could be implemented and then the RIPE NCC could gather feedback on the current implementation before continuing work on this later in 2013.
Wilfried Woeber, UniVie/ACOnet/VIX, stated that, in reaction to the proposal, he suggested caution in implementing certain things. He noted that the authoritative information that is public is actually registry data accessible from the whois database. Other information, for example whether someone adheres to rules and procedures, Assignment Windows and other details, is something between the RIPE NCC and an LIR. He stated that he did not see any good reason why the sort of information that could be potentially pulled up by this new tool should be publicly accessible. He added that he thought great care was necessary so as to limit things to those who have good reason to access the information.
Alex replied that he agreed with this and that anything that was private between the RIPE NCC and an LIR would always be protected by some means of authentication. He added that the RIPE NCC would never make something public that used to be private. He stated that the IP Analyser was still in beta mode and that the RIPE NCC was working hard to iron out all the little differences and discrepancies between what used to be available in ASused and what is now available with the IP Analyser. He asked that if anyone noticed a difference between ASused and IP Analyser that they let the RIPE NCC know so that the RIPE NCC can determine whether the difference is a result of a bug in ASused or whether there has been a problem with the implementation of IP Analyser. He added that once the RIPE NCC was confident that the IP Analyser was 100% correct in all cases, the beta label would be removed.
E. IPv4 Final Distribution Update
- Andrea Cima, RIPE NCC
The presentation is available at:
There were no questions related to this presentation.
F. Proposed Policy for RIPE NCC Services to Legacy Internet Resource Holders
- Niall O’ Reilly, University College Dublin
The presentation is available at:
Kurtis Lindqvist, netnod, noted that he would start a formal time count for this policy proposal when the updated version of the proposal was available.
G. Publication of Sponsoring Organisation for Direct Assignments
- Nick Hilliard, INEX
The presentation is available at:
Piotr Strzyzewski, Silesian University of Technology, Computer Centre, asked whether this was a reincarnation of the 2010-10 proposal. He noted that the 2010-10 proposal was from two years ago, that he had been the proposer and that there had been a lack of community support for this proposal.
Nick Hilliard replied that he didn’t know the numbers of all the policy proposals.
Emilio Madaio, RIPE NCC, clarified that 2010-10 was in the archive of policy proposals on the RIPE NCC website. He noted that 2010-10 was focused on changing contractual relationships whereas the current policy under discussion had a similar scope but a different approach.
Sander Steffan noted that the 2010-10 policy proposal was titled “Adding Reference to Sponsoring LIR in INETNUM, INET6NUM and AUT-NUM objects” and that it had been withdrawn.
Kurtis suggested that Nick Hilliard re-read the 2010-10 policy proposal.
Nick Hilliard said he would check through the mailing list archives and take a look at this and thanked the audience for bring this up.
Kurtis asked whether Nick Hilliard was considering making a formal proposal on this and how he wanted to proceed.
Nick replied that he and David Freedman had sent in a first draft of the proposal and that it was going through the mechanism of changing from a first draft to a version that could be submitted to the Policy Development Process (PDP) through the RIPE NCC Services Working Group.
H. Open Microphone Session
Kurtis asked if anyone had any further comments.
Wilfried Woeber, UniVie/ACOnet/VIX, noted that there had been a discussion in the RIPE Database Working Group about the potential merits, uses and flaws of geolocation functionality in the RIPE Registry. He noted that attempts to get feedback on this from the RIPE Database Working Group had not been successful. He added that there were ideas to broaden the spread of information that this functionality has as a test case. He noted that the RIPE NCC Services Working Group might see a couple of questions, a short write-up or a request for input on this. He stated that from the RIPE Database Working Group point of view, it did not want to have the RIPE NCC spending resources on something that was not used. He added that, at the same time, the RIPE Database Working Group did not want to stop this unless it was confirmed that there really was no interest.
There was no other business.
Kurtis closed the meeting at 5:41pm.