From erik at bais.name Thu Apr 4 19:39:45 2019 From: erik at bais.name (Erik Bais) Date: Thu, 4 Apr 2019 17:39:45 +0000 Subject: [address-policy-wg] AP WG co-chair selection - call for volunteers Message-ID: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> Dear working group, Introduction ------------ We will be starting the selection process for the RIPE Address Policy working group co-chair soon. This mail provides information about the process and the call for volunteers. Current Address Policy Working Group Chair Selection Process ------------------------------------------------- The AP working group chair selection process is documented here: https://www.ripe.net/participate/ripe/wg/ap/address-policy-wg-chair-selection-process We have 2 co-chairs and each chair's term is 2 years. About the Process -------------------- Typically until last year, Sander and Gert did this dance together and it was never an actual selection process.. That is, until Sander decided to step down and not run again. To avoid people start on the ML about who they like to support at the beginning with the initial volunteers only, we will do a short call for volunteers of 10 days, by asking the volunteers to send their motivation and intro to the AP-WG Chair email address. ( ap-wg-chairs at ripe.net )? Please submit an intro / bio plus motivation, that you understand the impact of being selected as Co-Chair and your intention to be present at the next RIPE meetings before : April 15, 2019 We will then release the names and statements of all applicants after the call for co-chair volunteers closes. And at that time the WG can provide input on the Mailing list on who they like to support as their co-chair. Or if there is specific opposition to a participant, that can also be voiced. For full transparency, it is possible that Gert's name will be added to the list in random order. The actual appointment will be discussed and decided at the next AP session at the RIPE meeting in Reykjavik, Iceland. The remaining chair will determine whether consensus has been reached. And if that isn't somehow possible, a secret ballot will be done by attendees IN the room and counted by the RIPE NCC staff. As always, please feel free to reach out to any of the chairs directly, to us as a group at mailto:ap-wg-chairs at ripe.net, or discuss this or any other any relevant topic on this mailing list. On behalf of your co-chairs Gert Doering and Erik Bais,?? Kind regards, Erik Bais From gert at space.net Thu Apr 4 20:24:42 2019 From: gert at space.net (Gert Doering) Date: Thu, 4 Apr 2019 20:24:42 +0200 Subject: [address-policy-wg] AP WG co-chair selection - call for volunteers In-Reply-To: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> References: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> Message-ID: <20190404182442.GY97529@Space.Net> Hi, so, now that Erik has said it, it's official :-) - my term is ending, and I might or might not run again. So, opportunities! Please send in your nominations! Gert Doering -- still-chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From jkennedy at libertyglobal.com Tue Apr 9 10:46:55 2019 From: jkennedy at libertyglobal.com (Kennedy, James) Date: Tue, 9 Apr 2019 08:46:55 +0000 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: <268675215.15226408.1553248784300@mail.yahoo.com> References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> Message-ID: <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> Hi everyone, For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database. This is actually required by RIPE policy and is one of the database?s fundamental missions but as flagged during the RIPE77 meeting, on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance. ? Community members have questioned the reliability of the RIPE database today ? Whois has been described as ?broken?, ?a horrible mess?, even ?should be gotten rid of? ? +2M PERSON objects were found in the database though the number of LIRs is less than 22K ? The increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration ? The RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter?s comment during the RIPE NCC Services WG at RIPE77 ? we made the mess, we must clean it up! Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis? mail below for contact detail references in current policies. So we ask the community ? please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type of IP network user ? LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.? Regards, James From: address-policy-wg [mailto:address-policy-wg-bounces at ripe.net] On Behalf Of ripedenis--- via address-policy-wg Sent: 22 March 2019 11:00 To: address-policy-wg at ripe.net Subject: [address-policy-wg] Clarification of policy requirements for contact information Colleagues, Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions. Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies? Below are the quotes and links to the 3 policy documents we looked at. cheers denis co-chair DB-WG In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0: "4.0 Registration Requirements All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations. Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)." and then in 6.2: "6.2 Network Infrastructure and End User Networks IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. [...]" In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3: "3.3. Registration Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users. The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws." The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements. [1] https://www.ripe.net/publications/docs/ripe-708 [2] https://www.ripe.net/publications/docs/ripe-707 [3] https://www.ripe.net/publications/docs/ripe-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From phessler at theapt.org Tue Apr 9 11:16:44 2019 From: phessler at theapt.org (Peter Hessler) Date: Tue, 9 Apr 2019 11:16:44 +0200 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> Message-ID: <20190409091644.GZ67787@gir.theapt.org> At my current job we have a single Org object and a shared mntner object, and each employee within the network group has their own person and mntner objects to avoid sharing passwords and for auditability. As is obvious, this can grow quite quickly even for a small LIR. LIR person accounts all use the same HQ address and phone information. I am *also* an end-user, as I have a few PI allocations issued to my natural person and not to my employer. So I have a separate person and mntner objects for that. I am generally comfortable with the groups I have a contract with having my home address and my home phone number. (to spell it out, my Sponsoring-LIR, and RIPE NCC). I am *not* happy for that data to be published widely on the internet, so I have censored them on purpose (with a reference that the sponsoring-lir has my actual contact details). The email address does get delivered to me. (as a side note: I would like to join RIPE as a LIR, but are not willing to have my home address publicized so I have not done so.) Concrete suggestion: I think that person objects should have the address and phone attributes be changed from mandatory to optional. It may also be worthwhile for there to be a *private* way to register addresses with RIPE NCC so they can use it for verification without violating the privacy of natural persons. -peter On 2019 Apr 09 (Tue) at 08:46:55 +0000 (+0000), Kennedy, James via address-policy-wg wrote: :Hi everyone, :For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database. : :This is actually required by RIPE policy and is one of the database?s fundamental missions but as flagged during the RIPE77 meeting, on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance. :? Community members have questioned the reliability of the RIPE database today ? Whois has been described as ?broken?, ?a horrible mess?, even ?should be gotten rid of? :? +2M PERSON objects were found in the database though the number of LIRs is less than 22K :? The increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration :? The RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources : :It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter?s comment during the RIPE NCC Services WG at RIPE77 ? we made the mess, we must clean it up! : :Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis? mail below for contact detail references in current policies. : :So we ask the community ? please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type of IP network user ? LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.? : :Regards, :James : : :From: address-policy-wg [mailto:address-policy-wg-bounces at ripe.net] On Behalf Of ripedenis--- via address-policy-wg :Sent: 22 March 2019 11:00 :To: address-policy-wg at ripe.net :Subject: [address-policy-wg] Clarification of policy requirements for contact information : :Colleagues, : :Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions. : :Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies? : :Below are the quotes and links to the 3 policy documents we looked at. : :cheers :denis :co-chair DB-WG : : :In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0: : :"4.0 Registration Requirements : :All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations. : :Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)." : :and then in 6.2: : :"6.2 Network Infrastructure and End User Networks : :IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. : :[...]" : :In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3: : :"3.3. Registration : :Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users. : :The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws." : :The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements. : :[1] https://www.ripe.net/publications/docs/ripe-708 :[2] https://www.ripe.net/publications/docs/ripe-707 :[3] https://www.ripe.net/publications/docs/ripe-679 : : -- Flugg's Law: When you need to knock on wood is when you realize that the world is composed of vinyl, naugahyde and aluminum. From frettled at gmail.com Tue Apr 9 11:28:19 2019 From: frettled at gmail.com (Jan Ingvoldstad) Date: Tue, 9 Apr 2019 11:28:19 +0200 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: <20190409091644.GZ67787@gir.theapt.org> References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> <20190409091644.GZ67787@gir.theapt.org> Message-ID: On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler wrote: > > Concrete suggestion: > I think that person objects should have the address and phone attributes > be changed from mandatory to optional. > And that means optional as in opt-in, not opt-out. > > It may also be worthwhile for there to be a *private* way to register > addresses with RIPE NCC so they can use it for verification without > violating the privacy of natural persons. > Yup. Additionally, in the cases where all contact objects are personal with contact information hidden, there needs to be an abuse object that can be used. The quality of actually usable abuse contact information is regrettably low across RIR databases, contact information quality is not a RIPE specific problem. This either means that the LIR needs to be the abuse contact, or there needs to be a delegated abuse contact. I'm nagging about this, because the Internet is full of abuse, and in the absence of functional abuse contact points, IP address ranges get blacklisted or blackholed without any notification reaching the network owner. -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From michiel at klaver.it Tue Apr 9 11:31:43 2019 From: michiel at klaver.it (Michiel Klaver) Date: Tue, 09 Apr 2019 11:31:43 +0200 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> Message-ID: Maybe make more use of the 'role'-objects? Within organisations people come and go, while their departments responsible for network operations and abuse keep rolling. Listing a department as role and using a shared e-mail address would reduce the ever increase of new person-objects in the database. Kennedy, James via address-policy-wg wrote at 2019-04-09 10:46: > Hi everyone, > > For those not already aware of recent discussions on the topic, there > is an ever increasing need primarily for network operators and others > running the internet, but also CSIRTs, certain governmental bodies, > LEAs and more to have contact details for IP networks correct at all > times in the RIPE database. > > This is actually required by RIPE policy and is one of the database's > fundamental missions but as flagged during the RIPE77 meeting, on the > RIPE mailing lists and felt daily by those managing IP networks it is > clear that improvements are very much needed to help contact > registration accuracy and ease of maintenance. > > ? Community members have questioned the reliability of the RIPE > database today - Whois has been described as "broken", "a horrible > mess", even "should be gotten rid of" > > ? +2M PERSON objects were found in the database though the number > of LIRs is less than 22K > > ? The increasing amount of contact data has become more difficult > for operators to manage, which also puts IP number resources at risk of > hijacks and even deregistration > > ? The RIPE NCC is challenged with contacting and validating IP > network holders, with additional pressure stemming from the growing > monetary value of IP resources > > It is our responsibility as the RIPE community to build and implement > improvements as and when needed. To echo Hans Petter's comment during > the RIPE NCC Services WG at RIPE77 - we made the mess, we must clean it > up! > > Rather than just mandating the RIPE NCC to perform validation exercises > on 2M PERSON objects, we would like to start by re-evaluating exactly > what contact info the community actually wants in the database and then > consider if the current RIPE policies sufficiently reflects this. > Please see Denis' mail below for contact detail references in current > policies. > > So we ask the community - please can you please tell us what contact > info do you want to see in the RIPE database? Do it differ per type of > IP network user - LIRs and PA/PI End Users, orgs and individuals (sole > trader or residential), 3rd parties managing IP resources on behalf of > an LIR/org/individual, etc.? > > Regards, > > James > > FROM: address-policy-wg [mailto:address-policy-wg-bounces at ripe.net] ON > BEHALF OF ripedenis--- via address-policy-wg > SENT: 22 March 2019 11:00 > TO: address-policy-wg at ripe.net > SUBJECT: [address-policy-wg] Clarification of policy requirements for > contact information > > Colleagues, > > Elvis, James and myself have started talking about personal data in the > RIPE Database. I said we would bring sub issues to the community when > we need direction or clarification. We looked at three policy documents > maintained by AP-WG and have a few questions. > > Before we look at WHERE and HOW the data is stored, we would like to > get community feedback on exactly WHAT contact details should be > published as per current policies? > > Below are the quotes and links to the 3 policy documents we looked at. > > cheers > > denis > > co-chair DB-WG > > In the "IPv4 Address Allocation and Assignment Policies for the RIPE > NCC Service Region" (ripe-708) [1] first mention about contact data is > 4.0: > > "4.0 Registration Requirements > > All assignments and allocations must be registered in the RIPE > Database. This is necessary to ensure uniqueness and to support network > operations. > > Only allocations and assignments registered in the RIPE Database are > considered valid. Registration of objects in the database is the final > step in making an allocation or assignment. Registration data (range, > contact information, status etc.) must be correct at all times (i.e. > they have to be maintained)." > > and then in 6.2: > > "6.2 Network Infrastructure and End User Networks > > IP addresses used solely for the connection of an End User to a service > provider (e.g. point-to-point links) are considered part of the service > provider's infrastructure. These addresses do not have to be registered > with the End User's contact details but can be registered as part of > the service provider's internal infrastructure. When an End User has a > network using public address space this must be registered separately > with the contact details of the End User. Where the End User is an > individual rather than an organisation, the contact information of the > service provider may be substituted for the End Users. > > [...]" > > In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] > the requirement is even more vague in 3.3: > > "3.3. Registration > > Internet address space must be registered in a registry database > accessible to appropriate members of the Internet community. This is > necessary to ensure the uniqueness of each Internet address and to > provide reference information for Internet troubleshooting at all > levels, ranging from all RIRs and IRs to End Users. > > The goal of registration should be applied within the context of > reasonable privacy considerations and applicable laws." > > The "Autonomous System (AS) Number Assignment Policies" [3] does not > mention anything about contact data requirements. > > [1] https://www.ripe.net/publications/docs/ripe-708 > > [2] https://www.ripe.net/publications/docs/ripe-707 > > [3] https://www.ripe.net/publications/docs/ripe-679 From phessler at theapt.org Tue Apr 9 11:36:19 2019 From: phessler at theapt.org (Peter Hessler) Date: Tue, 9 Apr 2019 11:36:19 +0200 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> <20190409091644.GZ67787@gir.theapt.org> Message-ID: <20190409093619.GA67787@gir.theapt.org> On 2019 Apr 09 (Tue) at 11:28:19 +0200 (+0200), Jan Ingvoldstad wrote: :On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler wrote: : :> :> Concrete suggestion: :> I think that person objects should have the address and phone attributes :> be changed from mandatory to optional. :> : :And that means optional as in opt-in, not opt-out. : Correct. :> It may also be worthwhile for there to be a *private* way to register :> addresses with RIPE NCC so they can use it for verification without :> violating the privacy of natural persons. :> : :Yup. : :Additionally, in the cases where all contact objects are personal with :contact information hidden, there needs to be an abuse object that can be :used. The quality of actually usable abuse contact information is :regrettably low across RIR databases, contact information quality is not a :RIPE specific problem. : I strongly disagree, but that is another topic. -- Bennett's Laws of Horticulture: (1) Houses are for people to live in. (2) Gardens are for plants to live in. (3) There is no such thing as a houseplant. From jkennedy at libertyglobal.com Fri Apr 12 13:17:37 2019 From: jkennedy at libertyglobal.com (Kennedy, James) Date: Fri, 12 Apr 2019 11:17:37 +0000 Subject: [address-policy-wg] Clarification of policy requirements for contact information In-Reply-To: <20190409093619.GA67787@gir.theapt.org> References: <268675215.15226408.1553248784300.ref@mail.yahoo.com> <268675215.15226408.1553248784300@mail.yahoo.com> <13E63C78A6256E4A857726374FBF926E2B067CB7@NLAMSPEXMB022.upcit.ds.upc.biz> <20190409091644.GZ67787@gir.theapt.org> <20190409093619.GA67787@gir.theapt.org> Message-ID: <13E63C78A6256E4A857726374FBF926E2B06A9DD@NLAMSPEXMB022.upcit.ds.upc.biz> Thanks for the feedback so far Peter, Jan and Michiel. All noted. >From my experience of operating multiple medium to very-large orgs\LIRs with many admins and teams of varying roles and responsibilities for RIPE DB maintenance, keeping contact data up-to-date for the different types users/holders of so many IP networks held by us and customers is extremely challenging. Something that I believe is felt by many orgs\LIRs, hence the despairing comments about Whois' condition today at RIPE77 during the Services WG and the ever growing amount of outdated or useless data. IMHO there are just too many open objects and attributes where contact data can be registered that can easily become isolated and extremely difficult to maintain. Not only an admin pain, IP resources become vulnerable to unintentional or nefarious misuse and even deregistration by the NCC! If we can somehow reduce the maintenance burden, it would be a significant step towards a more accurate, reliable, useful IP database. Regards, James -----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces at ripe.net] On Behalf Of Peter Hessler Sent: 09 April 2019 11:36 To: address-policy-wg at ripe.net Subject: Re: [address-policy-wg] Clarification of policy requirements for contact information On 2019 Apr 09 (Tue) at 11:28:19 +0200 (+0200), Jan Ingvoldstad wrote: :On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler wrote: : :> :> Concrete suggestion: :> I think that person objects should have the address and phone attributes :> be changed from mandatory to optional. :> : :And that means optional as in opt-in, not opt-out. : Correct. :> It may also be worthwhile for there to be a *private* way to register :> addresses with RIPE NCC so they can use it for verification without :> violating the privacy of natural persons. :> : :Yup. : :Additionally, in the cases where all contact objects are personal with :contact information hidden, there needs to be an abuse object that can be :used. The quality of actually usable abuse contact information is :regrettably low across RIR databases, contact information quality is not a :RIPE specific problem. : I strongly disagree, but that is another topic. -- Bennett's Laws of Horticulture: (1) Houses are for people to live in. (2) Gardens are for plants to live in. (3) There is no such thing as a houseplant. From gert at space.net Sat Apr 13 20:12:23 2019 From: gert at space.net (Gert Doering) Date: Sat, 13 Apr 2019 20:12:23 +0200 Subject: [address-policy-wg] 2019-01 Review Phase (Clarification of Definition for "ASSIGNED PA") In-Reply-To: References: Message-ID: <20190413181223.GA54457@Space.Net> Dear AP WG; On Mon, Mar 11, 2019 at 01:37:47PM +0100, Marco Schmidt wrote: > Policy proposal 2019-01, "Clarification of Definition for "ASSIGNED PA"" is now in the Review Phase. [..] > We encourage you to read the proposal, impact analysis and draft document and send any comments to before 9 April 2019. Review phase is now over. A number of you have expressed support for the proposal. Nobody voiced any opposing arguments, had any questions, or did post anything else under this subject line which was not clear support. Thus, I declare we have consensus, and have asked Marco to move this proposal to "Last Call". Thanks for your contributions, Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From mschmidt at ripe.net Mon Apr 15 11:14:21 2019 From: mschmidt at ripe.net (Marco Schmidt) Date: Mon, 15 Apr 2019 11:14:21 +0200 Subject: [address-policy-wg] 2019-01 Last Call for Comments (Clarification of Definition for "ASSIGNED PA") Message-ID: Dear colleagues, Proposal 2019-01, "Clarification of Definition for "ASSIGNED PA"", is now in Concluding Phase. This proposal aims to make it clear in the IPv4 Policy that the status "ASSIGNED PA" can also be used for assignments to an LIR's infrastructure. The WG co-chair has declared that rough consensus has been reached and the proposal will now move to Last Call. As per the RIPE Policy Development Process (PDP), the purpose of this four week Concluding Phase is to give an opportunity to present well-justified objections for those who missed the previous two phases and wish to oppose the proposal. Any objection must be made by 14 May 2019 and must be supported by an explanation. If no substantive objections are raised by the end of Last Call, the proposal will complete the PDP and will be evaluated by the WG Chairs for consensus. You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-01 Please e-mail any final comments about this proposal to before 14 May 2019. Regards, Marco Schmidt Policy Officer RIPE NCC Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum From ripedenis at yahoo.co.uk Mon Apr 15 16:17:48 2019 From: ripedenis at yahoo.co.uk (ripedenis at yahoo.co.uk) Date: Mon, 15 Apr 2019 14:17:48 +0000 (UTC) Subject: [address-policy-wg] Clarification of Address Policy wording, Take 3... References: <489353280.1832246.1555337868968.ref@mail.yahoo.com> Message-ID: <489353280.1832246.1555337868968@mail.yahoo.com> Colleagues We really need some help from you guys who understand, and possibly wrote, (parts of) the IPv4 address policy. The most confusing part is this: 6.2 Network Infrastructure and End User Networks When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. Perhaps to some of you the intent of this is clear. But when I read these words I see ambiguity. Does the policy only require (tech/admin/abuse) contacts, or does it require publishing some details about who is operating the network? Help desks can be outsourced. So tech/admin/abuse contacts may not directly relate to the 'End User'. The policy appears to ask for contact details of the 'End User'. Also the second sentence is referring to the 'End User' as an individual or an organisation. Substitute that back into the first sentence and this policy is asking for 'contact details of the individual or organisation'. This is not the same as the tech/admin/abuse contacts. So what does anyone else understand from this wording? Or maybe the question should now be 'what details need to be published in the RIPE Database about these End Users, for what purpose and who needs it?'. cheersdenis co-chair DB-WG -------------- next part -------------- An HTML attachment was scrubbed... URL: From ripedenis at yahoo.co.uk Tue Apr 16 14:18:26 2019 From: ripedenis at yahoo.co.uk (ripedenis at yahoo.co.uk) Date: Tue, 16 Apr 2019 12:18:26 +0000 (UTC) Subject: [address-policy-wg] Contact details for End Users in the RIPE Database In-Reply-To: <489353280.1832246.1555337868968@mail.yahoo.com> References: <489353280.1832246.1555337868968.ref@mail.yahoo.com> <489353280.1832246.1555337868968@mail.yahoo.com> Message-ID: <1396063263.452430.1555417106935@mail.yahoo.com> Colleagues Someone has kindly referred me to the conversation you had last November on this same paragraph 6.2. It's not surprising that there is some reluctance to discuss it again. BUT this is a different discussion. Last time you focussed on defining what type of network needs to be separately registered in the RIPE Database. I want to discuss the next step from that. Once you have decided a type of network needs to be separately registered then what information about that network needs to be entered into the RIPE Database? I will come straight to the point, which should be controversial enough to start a discussion :) MY interpretation of the wording in 6.2 is that the policy, as written, requires an ORGANISATION object to be created for these End Users if you register their network in the RIPE Database. Let me explain my reasoning for this interpretation. The policy refers to the End User as either an individual or an organisation. In other words the End User is the '(legal) entity' that operates the network. Just as the LIR is the (legal) entity that holds the allocation resource. So when the policy requires the contact details of the End User, it is requiring the contact details of this operating entity. That is not the "xxx-c" attributes in the INETNUM object, it is an ORGANISATION object details. This takes us back to the long running discussion we had with "abuse-c:" where many members refused to create separate ORGANISATION objects for End Users just to add an "abuse-c:" for them. But as it is currently written, this is exactly what this policy requires. Perhaps the wording of this paragraph 6.2 doesn't reflect the original intent. So what we must now do is look again at this situation and answer 3 basic questions about these End Users: 1/ What information do we need/want to store about the End User? 2/ What is the reason for storing this information? 3/ Who needs this information? If we can answer these basic questions then perhaps the policy needs to be updated. cheersdenis co-chair DB-WG On Monday, 15 April 2019, 16:18:33 CEST, ripedenis--- via address-policy-wg wrote: 6.2 Network Infrastructure and End User Networks When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. -------------- next part -------------- An HTML attachment was scrubbed... URL: From elvis at velea.eu Thu Apr 18 00:34:35 2019 From: elvis at velea.eu (Elvis Daniel Velea) Date: Wed, 17 Apr 2019 15:34:35 -0700 Subject: [address-policy-wg] Contact details for End Users in the RIPE Database In-Reply-To: <1396063263.452430.1555417106935@mail.yahoo.com> References: <489353280.1832246.1555337868968.ref@mail.yahoo.com> <489353280.1832246.1555337868968@mail.yahoo.com> <1396063263.452430.1555417106935@mail.yahoo.com> Message-ID: Hi everyone, On 4/16/19 05:18, ripedenis--- via address-policy-wg wrote: > Colleagues > > Someone has kindly referred me to the conversation you had last > November on this same paragraph 6.2. It's not surprising that there is > some reluctance to discuss it again. BUT this is a different > discussion. Last time you focussed on defining what type of network > needs to be separately registered in the RIPE Database. I want to > discuss the next step from that. Once you have decided a type of > network needs to be separately registered then what information about > that network needs to be entered into the RIPE Database? Denis, I believe that the first e-mail sent by you was inviting the community to start a conversation. Furthermore, I believe that NOW is the right time to have this discussion and clarify what is required by policy (and maybe look at updating those policies as well) and put it in writing in a new privacy policy. While GDPR is already in effect, the RIPE Database contains millions of contact details of private persons. Some ISPs currently use the RIPE DB as their customer database and register every single assignment they make to organisations or people. I doubt any of the people used by the ISPs as admin-c or tech-c in assignments actually know that their private data is made public in the RIPE DB. Lastly, and this can be fixed easily if we all ask for it, the RIPE NCC is creating every month hundreds of objects that contain personal details with the registration of new LIRs. The current state requires an update of policies and processes and can not continue like this much longer. I doubt that everyone that has a person object (containing personal details - phone, e-mail, address, etc) in the RIPE Database even knows about their personal data being public. I also doubt that every person that registers a new LIR knows that their personal details will be published in the RIPE Database and made publicly available. There are several million person objects in the RIPE Database that (I believe) should have been deleted once GDPR kicked-in _or_ all of those persons should have been asked to confirm that they accept to have their private information made public in the RIPE Database. To quote Peter Hessler "I am *not* happy for that data to be published widely on the internet, so I have censored them on purpose" - this is one way to hide personal details, many other companies/people have chosen to censor or provide less than accurate details. Jan Ingvoldstad wants to see a better usable abuse contact information. This is one of the details that we are asking for. We are trying to make a list of contact information you all would like to see registered in the RIPE Database for resource holders and the questions in Denis' initial e-mail were supposed to start and steer the conversation into finding exactly those details - to then clarify and define where that information should be stored (role object, org object, maintainer, etc) Michiel Klaver had an interesting idea "Maybe make more use of the 'role'-objects? Within organisations people come and go, while their departments responsible for network operations and abuse keep rolling. Listing a department as role and using a shared e-mail address would reduce the ever increase of new person-objects in the database." and I believe that the use of the role objects should trump the use of the person object. I personally believe that we should remove the person object from the RIPE Database and use roles/organizations/maintainers/etc instead. > > I will come straight to the point, which should be controversial > enough to start a discussion :) MY interpretation of the wording in > 6.2 is that the policy, as written, requires an ORGANISATION object to > be created for these End Users if you register their network in the > RIPE Database. > > Let me explain my reasoning for this interpretation. The policy refers > to the End User as either an individual or an organisation. In other > words the End User is the '(legal) entity' that operates the network. > Just as the LIR is the (legal) entity that holds the allocation > resource. So when the policy requires the contact details of the End > User, it is requiring the contact details of this operating entity. > That is not the "xxx-c" attributes in the INETNUM object, it is an > ORGANISATION object details. I believe that first we need to decide what kind of data must be published in the RIPE Database and then decide in which objects to store that data - be it an organisation object, admin-c/tech-c/abuse-c, or a role object. Once this is clear, we can amend current policies or propose a privacy policy and reference it in the other policies. > > > This takes us back to the long running discussion we had with > "abuse-c:" where many members refused to create separate ORGANISATION > objects for End Users just to add an "abuse-c:" for them. But as it is > currently written, this is exactly what this policy requires. Perhaps > the wording of this paragraph 6.2 doesn't reflect the original intent. > So what we must now do is look again at this situation and answer 3 > basic questions about these End Users: > > > 1/ What information do we need/want to store about the End User? I'll bite and provide my answers: - we should not store names of people - people come and go and usually there is one person within a department that creates the objects & requests the resources and then those objects are inherited for many years. I believe that roles/department names should be used. RIPE NCC has always recommended the use of role objects for admin-c/tech-c/abuse-c. I am not sure when the RIPE NCC changed their procedures and forms to include registration and publication of personal data with the registration of every new LIR but I believe they should revert and create role objects instead. - I think we should have an e-mail address and a phone number - none of these should be personal details but the org's contact details instead. - physical address will come with a lot of questions: should this be the legal or the mailing address of the org, of their tech dept, of their outsourced tech dept in an other country, of their lawyer/legal dept, etc... - fax - who is still using fax, will you even think you will need a fax sent to a holder of internet resources? - what else is there? social media contacts? maybe links to forms? how complicated do we want this to be? > > 2/ What is the reason for storing this information? great question. The only reasons I can find are: - someone is breaking my network (hijacks, ddos, peering issues, etc) and I want to be able to swiftly contact them and ask them to stop - someone is sending abuse to my network/customers/contacts and I want them to stop - an LEA wants to be able to track the user of a resource swiftly and, when they need to issue a subpoena, they need to know the country where it should be sent and the right address - the RIPE NCC already knows who is authorized to discuss confidential information, the name should not be public though unless the user really wants to and opts-in for his personal data to be in the RIPE DB. There may be other reasons as well, we'll have to wait for other people to provide their feedback before we can collect it all and do something with it (make a policy proposal). > > 3/ Who needs this information? I think I already answered this question by answering Q2... it would be a network operator, someone receiving abuse, an LEA or the RIR. In cases of (independent) assignments, it may be the LIR as well. > > If we can answer these basic questions then perhaps the policy needs > to be updated. either update the IPv4/IPv6/ASN policies or propose a privacy policy and reference it in the other policies as needed. I believe the second option is better. > > cheers > denis > > co-chair DB-WG > cheers, elvis > > On Monday, 15 April 2019, 16:18:33 CEST, ripedenis--- via > address-policy-wg wrote: > > > > > 6.2 Network Infrastructure and End User Networks > > When an End User has a network using public address space this must be > registered separately with the contact details of the End User. Where > the End User is an individual rather than an organisation, the contact > information of the service provider may be substituted for the End Users. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From erik at bais.name Mon Apr 22 12:51:52 2019 From: erik at bais.name (Erik Bais) Date: Mon, 22 Apr 2019 10:51:52 +0000 Subject: [address-policy-wg] Contact details for End Users in the RIPE Database In-Reply-To: References: <489353280.1832246.1555337868968.ref@mail.yahoo.com> <489353280.1832246.1555337868968@mail.yahoo.com> <1396063263.452430.1555417106935@mail.yahoo.com> Message-ID: <248C5FAA-D94D-418E-A233-878B0D564565@bais.name> In line with this question ? The RIPE NCC still has a working fax machine that prints the SSA?s for those that want to speed up their processing of the membership sign-up process. I hope that the articles of association gets updated soon for this to include a scanned version as well. Erik Bais From: address-policy-wg on behalf of Elvis Daniel Velea Reply-To: "elvis at velea.eu" Date: Thursday 18 April 2019 at 00:35 To: "ripedenis at yahoo.co.uk" , "address-policy-wg at ripe.net" Subject: Re: [address-policy-wg] Contact details for End Users in the RIPE Database - fax - who is still using fax, will you even think you will need a fax sent to a holder of internet resources? -------------- next part -------------- An HTML attachment was scrubbed... URL: From erik at bais.name Mon Apr 22 12:58:21 2019 From: erik at bais.name (Erik Bais) Date: Mon, 22 Apr 2019 10:58:21 +0000 Subject: [address-policy-wg] AP WG co-chair selection - call for volunteers In-Reply-To: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> References: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> Message-ID: Dear working group, We have received one reply to the call for volunteers for the election. I proudly present to you Gert D?ring. For those that are new to the working group : ?On 04/04/2019, 20:06, "Erik Bais" wrote: Dear working group, Introduction ------------ We will be starting the selection process for the RIPE Address Policy working group co-chair soon. This mail provides information about the process and the call for volunteers. Current Address Policy Working Group Chair Selection Process ------------------------------------------------- The AP working group chair selection process is documented here: https://www.ripe.net/participate/ripe/wg/ap/address-policy-wg-chair-selection-process We have 2 co-chairs and each chair's term is 2 years. About the Process -------------------- Typically until last year, Sander and Gert did this dance together and it was never an actual selection process.. That is, until Sander decided to step down and not run again. To avoid people start on the ML about who they like to support at the beginning with the initial volunteers only, we will do a short call for volunteers of 10 days, by asking the volunteers to send their motivation and intro to the AP-WG Chair email address. ( ap-wg-chairs at ripe.net ) Please submit an intro / bio plus motivation, that you understand the impact of being selected as Co-Chair and your intention to be present at the next RIPE meetings before : April 15, 2019 We will then release the names and statements of all applicants after the call for co-chair volunteers closes. And at that time the WG can provide input on the Mailing list on who they like to support as their co-chair. Or if there is specific opposition to a participant, that can also be voiced. For full transparency, it is possible that Gert's name will be added to the list in random order. The actual appointment will be discussed and decided at the next AP session at the RIPE meeting in Reykjavik, Iceland. The remaining chair will determine whether consensus has been reached. And if that isn't somehow possible, a secret ballot will be done by attendees IN the room and counted by the RIPE NCC staff. As always, please feel free to reach out to any of the chairs directly, to us as a group at mailto:ap-wg-chairs at ripe.net, or discuss this or any other any relevant topic on this mailing list. On behalf of your co-chairs Gert Doering and Erik Bais, Kind regards, Erik Bais From erik at bais.name Mon Apr 22 13:07:55 2019 From: erik at bais.name (Erik Bais) Date: Mon, 22 Apr 2019 11:07:55 +0000 Subject: [address-policy-wg] AP WG co-chair selection - call for volunteers In-Reply-To: References: <73AD4D2A-7271-4852-8576-994671C078A7@bais.name> Message-ID: <80FC2231-66EB-4BEC-A90F-334CE570AE28@bais.name> Dear working group, Let's try that again ( We have received one reply to the call for volunteers for the election. I proudly present to you Gert D?ring. For those that are new to the working group, see below his introduction : - Gert Doering * age 47 * shoe size 47, preferrably wearing sandals * university diploma in physics, but into networking since about 26 years * the ISP I work for is SpaceNet, AS5539 - a regional ISP in Munich, DE, who provides mostly "datacenter" and "managed hosting" services these days (but used to provide access, so I know both sides of the medal) * hands-on-geek - network, peering, unix admin - and long-time LIR contact, so I know both the operational side of "IP networks" and the bureaucracy side of "I want a Class C network!" - "here's a /29" haggling. * attending RIPE meetings since RIPE 24 in Berlin, 1996 (missing two since then, Dublin I and Prague II) * address policy working group co-chair since RIPE 44 in Amsterdam, 2003 (https://www.ripe.net/ripe/meetings/ripe-meetings/ripe-44/meeting-report) - then still called the "LIR working group". My plans for the WG are mostly the same as I did in the previous years - help shape address policies for the RIPE region that are workable for all affected users, and do so in a hopefully neutral and constructive way. Further, facilitate a constructive dialogue between the RIPE NCC and the RIPE community regarding address policy issues. (I *still* do expect the WG to eventually wind down, as we seem to have reached the point where IPv4 policies do not succeed anymore due to too vastly conflicting interests, and IPv6 policies seem to be "good enough" for most cases, so the occasional tweak here and there... we'll see :-) ) Gert Doering --- By procedure: The actual appointment will be discussed and decided at the next AP session at the RIPE meeting in Reykjavik, Iceland. The remaining chair will determine whether consensus has been reached. And if that isn't somehow possible, a secret ballot will be done by attendees IN the room and counted by the RIPE NCC staff. There will be an agenda topic for the topic on the next AP-WG meeting in Iceland. Kind regards, Erik Bais Address Policy Working Group Chair On 04/04/2019, 20:06, "Erik Bais" wrote: Dear working group, Introduction ------------ We will be starting the selection process for the RIPE Address Policy working group co-chair soon. This mail provides information about the process and the call for volunteers. Current Address Policy Working Group Chair Selection Process ------------------------------------------------- The AP working group chair selection process is documented here: https://www.ripe.net/participate/ripe/wg/ap/address-policy-wg-chair-selection-process We have 2 co-chairs and each chair's term is 2 years. About the Process -------------------- Typically until last year, Sander and Gert did this dance together and it was never an actual selection process.. That is, until Sander decided to step down and not run again. To avoid people start on the ML about who they like to support at the beginning with the initial volunteers only, we will do a short call for volunteers of 10 days, by asking the volunteers to send their motivation and intro to the AP-WG Chair email address. ( ap-wg-chairs at ripe.net ) Please submit an intro / bio plus motivation, that you understand the impact of being selected as Co-Chair and your intention to be present at the next RIPE meetings before : April 15, 2019 We will then release the names and statements of all applicants after the call for co-chair volunteers closes. And at that time the WG can provide input on the Mailing list on who they like to support as their co-chair. Or if there is specific opposition to a participant, that can also be voiced. For full transparency, it is possible that Gert's name will be added to the list in random order. The actual appointment will be discussed and decided at the next AP session at the RIPE meeting in Reykjavik, Iceland. The remaining chair will determine whether consensus has been reached. And if that isn't somehow possible, a secret ballot will be done by attendees IN the room and counted by the RIPE NCC staff. As always, please feel free to reach out to any of the chairs directly, to us as a group at mailto:ap-wg-chairs at ripe.net, or discuss this or any other any relevant topic on this mailing list. On behalf of your co-chairs Gert Doering and Erik Bais, Kind regards, Erik Bais