From avangaev at gmail.com Wed Jun 4 20:58:57 2014 From: avangaev at gmail.com (Alain Van Gaever) Date: Wed, 4 Jun 2014 19:58:57 +0100 Subject: [cooperation-wg] Minutes of the Coop-WG meeting during RIPE 68 in Warsaw Message-ID: Dear all, Please find below the minutes of the Coop-WG meeting during RIPE 68 in Warsaw. WG members are welcome to suggest further edits or changes. Hope to see you all in London for RIPE-69 ! Meredith, Maria & Alain Co-Chairs of the Coop-WG PS Thanks for Chris for producing the notes! ---- beginning of minutes ---- Location: Warsaw, Poland Attendance: Approximately 150 - Minutes of the session - Full transcript of the session - Video of the session and information slide-pack Major points coming out of the discussion: 1. The RIR communities need to assert their ownership of issues regarding the distribution and registration of Internet number resources. This transition is an opportunity to more solidly formalise that ownership, with minimal change to the existing policy-making and operational processes. 2. While the IANA functions (as a bundle) present a number of complex issues, identifying a future model for the IANA Internet number registry functions should be straightforward. The policy-making and operational processes relating to the IANA Internet number registry functions are solid and have been in place for many years, and they have never included an explicit oversight role for the NTIA. 3. The Regional Internet Registries must ensure that their processes and policies are clearly defined, well documented, transparent and accessible. 4. While the RIPE NCC will facilitate discussion of these issues throughout the service region (including at community regional events), the RIPE Cooperation Working Group will serve as the central venue for RIPE community discussion and development of any proposal relating to the future of the IANA functions. Some additional points made during the discussion: - Speakers reported on the progress of the Internet Architecture Board (IAB) and the Internet Engineering Task Force (IETF) in establishing their ownership and authority over protocol parameter registries maintained by IANA. - Several speakers noted the dangers arising from this process, particularly the potential for an outcome that does not solidly define and protect the community-driven, bottom-up control and development of IANA policy. - Several speakers noted the interest that governments throughout the world are taking in this process and that government voices will be a factor in the final outcome. - Several speakers stressed the importance of reaching RIPE community consensus on a proposal or position, with this process potentially seen as a test-case for bottom-up policy making. - Several speakers argued strongly that any RIR proposal should aim to separate the IANA number management functions from oversight of the other IANA functions. --------- End of minutes ------ -------------- next part -------------- An HTML attachment was scrubbed... URL: From avangaev at gmail.com Thu Jun 5 10:15:40 2014 From: avangaev at gmail.com (Alain Van Gaever) Date: Thu, 5 Jun 2014 09:15:40 +0100 Subject: [cooperation-wg] Minutes of the Coop-WG meeting during RIPE 68 in Warsaw - Part 2 Message-ID: Dear all, The text in my mail yesterday was the summary of the IANA discussion - the full minutes of the working groups session are now below. My apologies for the confusion! Alain > > ------- Beginning of Minutes ------- > > Cooperation Working Group Draft Agenda > > Thursday, 15 May, 11:00 ? 12:30 > > A. Administrative Matters > > The co-chairs opened the meeting. New co-chairs Meredith Whittaker and > Alain Van Gaever introduced themselves and briefly outlined their hopes for > the working group, specifically ensuring that the content is relevant and > of practical use to the RIPE community. > > The minutes from RIPE 67 were approved, as was the agenda for RIPE 68. > > > B. Content Blocking > > ? B1. A Technical Overview of Content Blocking Methods ? Pier Carlo > Chiodi, Olaf Kolkman > > Olaf Kolkman gave an overview of the work done by Pier Carlo Chiodi on > content blocking on the Internet and other work in the same area. Outlining > a number of strategies employed by those wishing to block content, he noted > that blocking is done most effectively at the end-point (or origin of the > content), and that blocking in the network involves a variety of trade-offs. > > Lars-Johan Liman noted that even ?legitimate? blocking has collateral > damage, and pointed to the example of the hotel network, where the > interception of traffic prevents the use of DNSSEC. He suggested that in > such situations it is best if the effects of the blocking are stated > upfront for users. > > Andrei Robachevsky recalled a paper produced by ISOC (prepared around the > time of the SOCA/PIPA/ACTA legislative proposals), and noted that security > and hidden costs are all important, and public policy makers need to be > made aware of these negative impacts. Olaf pointed out that users will do > whatever they can to get to blocked content, and that this can also have > potential negative effects (including a greater viral footprint or exposing > backdoors to computer systems). > > Alexander Isavnin asked participants in the room who thought their > countries were doing blocking, and whether they thought it was being abused. > > Richard Barnes noted that these issues reinforce the importance of an > end-to-end strategy, and agreed that the hotel network is a good example of > how blocking can break important security elements like DNSSEC. > > Jim Reid noted that blocking access to specific content can mean that > broader services are blocked. He noted a case that he had provided advice > on, where one of the questions asked was "what would happen if we switched > off port 80 access on this particular domain?? - the only person who knows > is the webmaster of the domain, but that person is unlikely to happily > cooperate in the blocking of their domain. > > ? B2. Telex: A Proposal For Circumventing Censorship in the Network ? Eric > Wustrow > > Eric Wustrow outlined the Telex project, which has been developed to > circumvent content blocking measures. The system provides a means of > connecting users to blocked content via a mechanism that is invisible to > the censoring technology. He encouraged ISPs to contribute to the work with > advice and prototype deployment assistance. > > Robert Kisteleki noted that PGP key distribution may be a bottleneck in > the Telex system. Eric noted that the paper discusses some of these issues, > including preventing censors from distributing ?bad? public keys. He > suggested that having a central Telex entity that is known and trusted will > be important to mitigate these risks. He also noted that getting > information into areas subjected to censorship is often less difficult than > might be supposed. > > ? B3. Web Censorship Circumvention: Challenges and Opportunities ? Walid > Al-Saqaf > > Walid Al-Saqaf outlined his project to map URL filtering via > crowdsourcing, which is developing longitudinal data, while allowing > contributing users to access blocked websites via his own servers. He > presented a range of data and analysis obtained from this work, including > content blocking methods and strategies. He noted the need to make people > more aware of the range of circumvention tools and solutions available, and > that speed, security and anonymity are all important to users. He also > described his plans for the future, including open-sourcing his own project > and cooperating with similar projects. > > Andrei Robachevsky asked whether the project looked at which means of > blocking were most common. Walid stated that he has done some analysis of > this, using the packet headers - the more data he can get, the better this > analysis will be. > > Meredith Whittaker noted that the Open Observatory of Network Interference > (OONI) project, coordinated by the Tor team, is also doing work in this > area and is generating public data. > > Alexander Isavnin suggested that a RIPE task force might be a useful > vehicle for RIPE community members interested in this issue. Walid agreed > that the technical community, and particularly its relationship to civil > society actors in this space, needs to be further explored and understood. > > C. IANA Transition > > Chris Buckridge and Paul Rendek of the RIPE NCC presented background > information on the U.S. Government?s announcement of its intention to > transition out of its IANA functions oversight role. They noted that any > proposal for a future model of IANA administration needs to come from a > global, multi-stakeholder development process, and that RIPE and the RIPE > NCC are key IANA stakeholders. They suggested that the RIPE community?s > discussion of these issues should be centred around the Cooperation Working > Group, with the RIPE NCC assisting in facilitating input to that process > from regional events and voices. > > Rob Blokzijl warned that any process involving ICANN will necessarily be > complicated and political. On a technical point, he noted that future RIPE > NCC presentations on this subject should include the RIPE NCC?s reverse DNS > interactions with IANA, which may be more regular than the number resource > requests already noted. He further noted that the RIPE NCC?s direct > interactions with the NTIA itself were non-existent, and stressed that the > processes developed by RIPE and the other RIR communities already met the > requirements laid out by the NTIA as necessary for oversight of the IANA > functions. > > Danniel Karrenberg recalled that this is not the first time this > discussion has taken place, and that the RIPE community has been vocal in > its preference for the US government stepping away from this oversight role > since the late 1990s. He stressed the success of the RIR community > processes in policy-making and argued against over-complicating the > situation. He also noted that the IANA is three distinct groups of > functions (number resources, the DNS root zone and protocol parameters), > and the RIPE community discussions should focus primarily on the number > resource functions; if difficulties in defining governance processes for > the DNS root zone threaten to derail the oversight transition process, the > community should be explicitly prepared to propose unbundling those > functions and taking oversight of the numbering functions. > > Malcolm Hutty disagreed with the perception that NTIA oversight was not > important, and stressed that this oversight has protected the policy-making > relationship with ICANN itself. He noted that policy regarding the DNS is > determined by the ICANN community and imposed on registrars, meaning that > users essentially have to submit to ICANN policies. RIPE and the RIR > communities determine their own policies with regard to Internet number > management, but it may be conceivable that ICANN would decide it wants to > set these policies in future and impose them on the RIPE community. He > argued that a credible external oversight function must be retained to > prevent this. > > Nurani Nimpuno argued that the RIR communities should take ownership of > this issue, as custodians of the Internet number resources, and that the > community members should be contributing to the broader discussion, while > maintaining a focus on the numbering functions. She also stressed that the > communities should be pro-active in defining terms like ?multi-stakeholder? > and ?openness? which appear in the NTIA requirements. > > Jim Reid agreed with Malcolm Hutty on the importance of preventing ICANN > mission-creep, and on the need to tightly define the relationship between > the IANA operator and the RIR communities. He also warned that achieving > consensus on a community proposal may be difficult, and suggested that > there should be a fallback position to allow for RIPE and the RIPE NCC to > make a meaningful contribution to the global discussion. > > Jari Arkko noted the evolution that has occurred in how the IETF and IAB > manage oversight of the protocol parameters and their relationship to IANA. > He agreed that the RIPE community needs to take ownership of this and take > charge of what needs to change or not change. > > Olaf Kolkman, also an active participant in the IETF, noted the efforts in > the IETF to align on a principle-based approach, with the most important > principle being that the IETF controls its own destiny. Ensuring that > people are empowered to participate in these discussions will help the > debate going forward, and the community needs to provide guidance - > developing a set of principles may be a good first step. Olaf suggested RFC > 6220 as a good starting point. > > Salam Yamout provided some perspective from the government side, > particularly in the Arab world - notably the perception that the United > States has control of the Internet, and governments? strong focus on > DNS-related issues. She noted that governments concerns centre primarily > around ICANN. > > Phil Rushton urged the community to be aware of events in other forums, > including the UN, WSIS and the ITU - while there is not the need for > everyone to be directly involved, we need to be aware of what governments > are thinking and the where they still need to be convinced by the RIR > communities. > > Daniel Karrenberg argued that the community does not need another level of > oversight for protection, and noted that the RIR communities already have > solid agreements in place with ICANN, which ICANN cannot unilaterally > change. He stressed the importance (and his optimism) of achieving > community consensus on a proposal. He again suggested that the RIR > communities should make every effort to unlink the number-related IANA > functions from the DNS. > > Paul Wilson noted that the IANA functions comprise three quite different > areas (numbers, protocol parameters and DNS), and that only one of these > (the DNS) is controversial - the IAB has stated its readiness to take > responsibility for the protocol parameters, and the RIR communities should > also, in the very near future, be ready to make such a statement regarding > the number functions. He and Adiel Akplogan agreed that strengthening the > RIR processes, ensuring that they are consistent, clear, accessible and > well documented, is vital. > > Sandy Murphy warned that the outcome of this process may impact our > current model of Internet governance, and stressed the need for the RIR > communities to have their voice heard. She also asked about the ICANN > consultation timeline, specifically the call for comments on its proposed > process, and whether this process is now set. Paul Rendek noted that there > is expected to be more information on ICANN?s planning in time of the ICANN > 50 Meeting, which takes place in London in June. > > Chris Buckridge also noted that all relevant information, including links > to the relevant ICANN web, is posted on the ripe.net website. > > D. Interconnection > > ? D1. The Internet, the Internets, and Splinternets ? Peter Koch > > Peter Koch discussed the proposals coming from Germany for establishing a > separate ?German? Internet. > > Randy Bush noted the experience of the Saudi industry, after the regulator > decided that no traffic between two Saudi users should leave the country, > and pointed out that IXPs are a key element facilitating this. > > There was a question as to whether the German-only email system used the > DNS (which would generate its own cross-border traffic). Peter noted that > the one he mentioned uses special domains, but DNS leakage was of less > concern than the actual content of the messages. > > Alain Van Gaever asked about the rate of take-up. Peter didn?t have > figures to hand, but noted that there are incentives, it is early in the > deployment, and the operators are targeting users of existing email > services. > > Brian Nisbet said that while he can see what?s being attempted, it never > succeeds and generally breaks things that the users want to do. Peter > stressed that walking away from the discussion probably isn?t the right > strategy, and that users often learn what they want from marketing > campaigns. Expanding on the question of what users want, Meredith Whittaker > noted that users want security, and the technical community needs to be a > public voice stating that this is not the way to achieve that. > > Marco Davids noted an initative in the Netherlands using a closed user > group in BGP - this doesn't combat traffic monitoring, but rather helps > mitigate DDOS attacks, and if users (such as banks) are under attack the > group can be closed to users outside the Netherlands. > > Olaf Kolkman asked whether any EU research funding had been channeled to > this, and whether the project could lead to some sort of European > standardisation. Peter noted that the work is based on IETF standards. Jean > Jacque Sahel noted that the European Commission has publicly said that this > is all a very bad idea. > > Jaap Akkerhuis recalled a proposal from Italy to establish a trusted > network for digital mail. > > Olaf Kolkman and Peter Koch, summarising some of the discussion?s key > points, suggested that we are moving intelligence to the core of the > network, and the core is represented by big players. The technical > community cannot just dismiss these initiatives - there are some laudable > goals behind them, and we need to engage in the discussion. > > > ? D2. Interconnection: Russia, the EU, and Internet Cooperation and > Governance ? Igor Milashevskiy > > Igor Milashevskiy, representing the Russian government in its first RIPE > Meeting, shared some perspectives on that government?s view of the Internet > and related public policy. The Russian government sees the Internet as a > driver of development, with the Russian Internet market the biggest in > Europe - 68 million users, more than 56 million people use Internet every > day, including a significant percentage outside big cities. The Russian > language is also the second largest in Internet, there are slightly fewer > than five million .ru domains and more than 800,000 .?? domains. > > Speaking from personal perspective, he noted that the RIPE NCC is a > reference organisation in the Internet space, and the target is to restore > trust and confidence to the Internet environment, and develop international > tools for preventing improper use of the Internet. > > Ho noted that the main actor in the Intenet is the user, and if those > users have certain rights in the offline world - access to information, > privacy, secrecy of communication and freedom of opinion - we have to > protect those rights online. The process to do this has just begun, and the > Russian government believes there are no rights without duties, no freedom > without responsibility. > > He also suggested that the role of governments in Internet governance > needs to be recognised. NETmundial was a good and innovative attempt to > include all stakeholders, but the outcome document doesn?t reflect all the > contributions. > > Ciprian Nica, participating remotely, asked how and who should define the > proper purposes of using the Internet. Igor explained that the Internet is > a universal tool, and can be used for a wide range of purposes, but that > its primary purpose should be to make users? lives richer. > > Desiree Milosevich asked if there could be some elaboration on the Russian > government?s issues with the NETmundial statement. Igor noted that this is > in the public record of the Russian statements. > > Paul Rendek extended his thanks to Igor and the Russian government for > their increased willingness to engage with the RIPE community and RIPE NCC, > and welcomed Igor's attendance at the RIPE Meeting. > > > E. Making the Internet a Little Bit Safer Cryptographically - Randy Bush > > Randy Bush discussed the development of an open public architecture for > hardware security modules. The goal is a design (not a product) that is > scalable, composable and assured. He stressed that the project needs people > to audit the code. > > Aaron Kaplan asked where to get a development board. Randy noted that the > boards are available for 170 USD. Aaron also noted that it would be a good > idea to have the testing procedure online and publicly available. > > Eric Wuster agreed that this is good work and asked why go the FPGA route > rather than using a small embedded chip. Randy noted that some of the > applications need speed, particularly some of the encryption stuff. > Regarding chips though, Randy noted that the FPGA Verilog was first done in > Python, meaning there is a Python version and a Verilog version. > > Eric also asked about how the project is sourcing hardware random number > generators. Randy replied that they are currently investigating this issue. > > F. Policy Radar > > ? F1. RIPE NCC Updates, including NETmundial and IGF Developments ? Chris > Buckridge > > Chris Buckridge gave an update on the wide range of Internet governance > events taking place in the coming months, including the ITU Plenipotentiary > 2014 that is scheduled to take place in October. He highlighted the links > between many of these events, particularly in terms of broader strategies. > He noted suggestions from earlier sessions that the RIPE NCC provide more > targeted information for the community, and reported that the RIPE NCC is > investigating the best method for doing this. > > Phil Rushton noted that the technical community can have significant > impact on events at the Plenipotentiary via their input to Member State > delegations. He also noted that while NETmundial produced a good outcome > for the multi-stakeholder model, other forums, such as the CSTD Working > Group on Enhanced Cooperation, saw much less support for multi-stakeholder > processes and governance. > > ? F2. Co-chair Updates and Working Group Initiatives > > Meredith Whittaker closed the session by reiterating the goals of > co-chairs, particularly the need to engage people who are affected by > Internet governance and public policy issues, but don't currently take an > active interest. She noted options such as producing white papers, using > RIPE Meeting time for more workshop-style events, and other ideas for the > working group to serve as a RIPE community ?brains trust? for those > involved in public policy discussions. > > Nurani Nimpuno noted her support for the co-chairs? approach and stressed > the need to bring discussions back to specific issues and make the topics > practical for RIPE community participants. > > The co-chairs closed the meeting. --------------------- End of Minutes --------------------------------- On Wed, Jun 4, 2014 at 7:58 PM, Alain Van Gaever wrote: > Dear all, > > Please find below the minutes of the Coop-WG meeting during RIPE 68 in > Warsaw. > WG members are welcome to suggest further edits or changes. > > Hope to see you all in London for RIPE-69 ! > > Meredith, Maria & Alain > Co-Chairs of the Coop-WG > > > PS Thanks for Chris for producing the notes! > > ---- beginning of minutes ---- > > Location: Warsaw, Poland > > Attendance: Approximately 150 > > - Minutes of the session > - Full transcript of the session > > - Video of the session and information slide-pack > > > Major points coming out of the discussion: > > 1. The RIR communities need to assert their ownership of issues > regarding the distribution and registration of Internet number resources. > This transition is an opportunity to more solidly formalise that ownership, > with minimal change to the existing policy-making and operational processes. > 2. While the IANA functions (as a bundle) present a number of complex > issues, identifying a future model for the IANA Internet number registry > functions should be straightforward. The policy-making and operational > processes relating to the IANA Internet number registry functions are solid > and have been in place for many years, and they have never included an > explicit oversight role for the NTIA. > 3. The Regional Internet Registries must ensure that their processes > and policies are clearly defined, well documented, transparent and > accessible. > 4. While the RIPE NCC will facilitate discussion of these issues > throughout the service region (including at community regional events), the > RIPE Cooperation Working Group will serve as the central venue for RIPE > community discussion and development of any proposal relating to the future > of the IANA functions. > > > > Some additional points made during the discussion: > > - Speakers reported on the progress of the Internet Architecture Board > (IAB) and the Internet Engineering Task Force (IETF) in establishing their > ownership and authority over protocol parameter registries maintained by > IANA. > - Several speakers noted the dangers arising from this process, > particularly the potential for an outcome that does not solidly define and > protect the community-driven, bottom-up control and development of IANA > policy. > - Several speakers noted the interest that governments throughout the > world are taking in this process and that government voices will be a > factor in the final outcome. > - Several speakers stressed the importance of reaching RIPE community > consensus on a proposal or position, with this process potentially seen as > a test-case for bottom-up policy making. > - Several speakers argued strongly that any RIR proposal should aim to > separate the IANA number management functions from oversight of the other > IANA functions. > > > > --------- End of minutes ------ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrisb at ripe.net Thu Jun 5 10:32:55 2014 From: chrisb at ripe.net (Chris Buckridge) Date: Thu, 5 Jun 2014 10:32:55 +0200 Subject: [cooperation-wg] IANA discussions: ENOG 7 Message-ID: Dear colleagues, Following on from Alain?s email, I would like to note a couple of items relating to discussions of the IANA oversight transition in the RIPE community. The Eurasian Network Operators' Group (ENOG) held its seventh meeting in Moscow on 26-27 May, the week after RIPE 68. There was a discussion of the IANA oversight transition at that meeting, and a brief summary of that discussion is provided below: > ENOG 7, 27 May 2014 > Attendance: Approximately 150 > > Major points coming out of the discussion: > - Additional ways in which the RIPE NCC interacts with the IANA include reverse DNS and running the K-root name server. > - It is important to note that the oversight function will not transition to a government-based body. > - The technical community has not had any issues with the U.S. government's conduct of its oversight of these functions for the past 20+ years - any new model should not complicate the current system and processes. > - The RIPE NCC is not interested in DNS operations and should not be put under that umbrella. > - The community should ensure that operators are protected from possible commercial interests, given that some of ICANN?s activities, such as the registration of domain names, are profit-making. As noted in the RIPE 68 session, the RIPE Cooperation Working Group is the official venue for community discussion of this issue. For this reason, the RIPE NCC will ensure that any discussion in other RIPE community forums is fed back to this list. Summaries of these discussions will also be posted on the RIPE website: http://ripe.net/iana-discussions Any comments or responses to this process or on the substance of the summaries should be posted to this mailing list. Best regards, Chris Buckridge Senior External Relations Officer, RIPE NCC -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2608 bytes Desc: not available URL: From twolf.om at gmail.com Thu Jun 5 10:57:12 2014 From: twolf.om at gmail.com (Tim Roy) Date: Thu, 5 Jun 2014 12:57:12 +0400 Subject: [cooperation-wg] IANA discussions: ENOG 7 In-Reply-To: References: Message-ID: I would think that RIPE NCC would have an interest in DNS operations since it relates to the numbers. Sent from my iPhone > On Jun 5, 2014, at 12:32, Chris Buckridge wrote: > > Dear colleagues, > > Following on from Alain?s email, I would like to note a couple of items relating to discussions of the IANA oversight transition in the RIPE community. > > The Eurasian Network Operators' Group (ENOG) held its seventh meeting in Moscow on 26-27 May, the week after RIPE 68. There was a discussion of the IANA oversight transition at that meeting, and a brief summary of that discussion is provided below: > >> ENOG 7, 27 May 2014 >> Attendance: Approximately 150 >> >> Major points coming out of the discussion: >> - Additional ways in which the RIPE NCC interacts with the IANA include reverse DNS and running the K-root name server. >> - It is important to note that the oversight function will not transition to a government-based body. >> - The technical community has not had any issues with the U.S. government's conduct of its oversight of these functions for the past 20+ years - any new model should not complicate the current system and processes. >> - The RIPE NCC is not interested in DNS operations and should not be put under that umbrella. >> - The community should ensure that operators are protected from possible commercial interests, given that some of ICANN?s activities, such as the registration of domain names, are profit-making. > > As noted in the RIPE 68 session, the RIPE Cooperation Working Group is the official venue for community discussion of this issue. For this reason, the RIPE NCC will ensure that any discussion in other RIPE community forums is fed back to this list. Summaries of these discussions will also be posted on the RIPE website: > http://ripe.net/iana-discussions > > Any comments or responses to this process or on the substance of the summaries should be posted to this mailing list. > > Best regards, > > Chris Buckridge > Senior External Relations Officer, RIPE NCC > > From daniel.karrenberg at ripe.net Thu Jun 5 12:13:33 2014 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Thu, 05 Jun 2014 12:13:33 +0200 Subject: [cooperation-wg] Minutes of the Coop-WG meeting during RIPE 68 in Warsaw - Part 2 In-Reply-To: References: Message-ID: <539042CD.7060602@ripe.net> Dear all, allow me some comments on the draft minutes: > Danniel Karrenberg recalled that this is not the first time this > discussion has taken place, ... and that the RIPE community has been > vocal in its preference for the US government stepping away from > this oversight role since the late 1990s. I do not recall making reference to specific positions. Rather I said that "the RIPE community has taken an active part in the discussion around the formation of ICANN and the organisation and delivery of IANA services. > ... He stressed the success of > the RIR community processes in policy-making ... I recall specifically mentioning the "legitimacy and credibility" of our policy making process ... and argued against > over-complicating the situation. He also noted that the IANA is > three distinct groups of functions (number resources, the DNS root > zone and protocol parameters), and the RIPE community discussions > should focus primarily on the number resource functions; if > difficulties in defining governance processes for the DNS root zone > threaten to derail the oversight transition process, the community > should be explicitly prepared to propose unbundling those functions > and taking oversight of the numbering functions. ... > Daniel Karrenberg argued that the community does not need another > level of oversight for protection, and noted that the RIR > communities already have solid agreements in place with ICANN, which > ICANN cannot unilaterally change. He stressed the importance (and > his optimism) of achieving community consensus on a proposal. ... > He > again suggested that the RIR communities should make every effort to > unlink the number-related IANA functions from the DNS. I most definitely did not utter the last sentence. I recall saying that "the RIPE community should avoid being drawn into the discussions about governance and oversight of DNS root zone management and stick to its purview of Internet number resources." So far about the minutes. --- For clarity let me re-state my advice to the community and this WG in particular once more: - This discussion is not new. It is part of our ongoing engagement in the development of ICANN and IANA. Those who may not be aware of this engagement should make themselves aware for continuity's sake. This is all well documented in RIPE minutes and RIPE NCC/NRO statements. We are stronger when we are consistent and refer back to long standing positions. We should see this discussion as an evolution rather than such a Big Deal(TM) and stick to our principles. - With respect to the IANA services, RIPE is about Internet number resources only, which includes the associated reverse DNS delegations. We need to avoid being drawn into discussions about governance and oversight of DNS root zone maintenance or the protocol parameters. There are other fora for this. Straying into these areas will confuse our discussion and undermine the legitimacy of our process. Detail: Technically the RIPE NCC is also a customer of IANA whenever we need to change the address(es) of k.root-servers.net. Under the current IANA arrangements this has happened exactly once, when we added an IPv6 address; that worked flawlessly and it is not likely to happen again in the foreseeable future. So we could discuss this aspect if we feel it is really necessary. ;-) - The RIPE governance process has a longer history than ICANN and a much longer standing than the current IANA arrangements. We have considerable credibility and legitimacy. There are no serious challenges to the legitimacy of the number resource policy process of RIPE and the other RIRs. We have successfully managed the run-out of IPv4 address space, a finite resource! We should be proud of our achievements and be assertive about oversight when necessary. - We should be prepared to to separate the number resource aspects of the IANA service and create our own mechanism for this part of the IANA service *if, and only if,* the DNS root zone oversight discussions threaten to derail a consensus about the evolution of IANA or push it in a direction that is unacceptable to us. The IETF has already taken such a position w.r.t. the protocol parameter part of the IANA service. While I am no lawyer and do not play one on TV either ;-), personally I would be very comfortable with oversight over the IANA functions exercised by ICANN based on legal agreements between the RIRs and ICANN. Failing that I would be comfortable with the RIRs contracting such a function directly with an appropriate party. Both of these options would of course be based on a legitimate and credible RIPE that evolves as necessary. Daniel From daniel.karrenberg at ripe.net Thu Jun 5 12:35:05 2014 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Thu, 05 Jun 2014 12:35:05 +0200 Subject: [cooperation-wg] IANA discussions: ENOG 7 In-Reply-To: References: Message-ID: <539047D9.7030004@ripe.net> On 5.06.14 10:57 , Tim Roy wrote: > I would think that RIPE NCC would have an interest in DNS operations since it relates to the numbers. > >> On Jun 5, 2014, at 12:32, Chris Buckridge wrote: >> ... >>> - The RIPE NCC is not interested in DNS operations and should not be put under that umbrella. Unfortunate choice of words. I assume what was intended was something like "RIPE and RIPE NCC are not interested in the oversight of maintenance of the DNS root zone." Of course the RIPE NCC is interested in DNS operations as we maintain and serve reverse DNS. We also operate k.root-servers.net and provide measurements and statistics about DNS. Daniel From jim at rfc1035.com Thu Jun 5 13:41:25 2014 From: jim at rfc1035.com (Jim Reid) Date: Thu, 5 Jun 2014 12:41:25 +0100 Subject: [cooperation-wg] consensus on the NTIA-IANA proposal In-Reply-To: <539047D9.7030004@ripe.net> References: <539047D9.7030004@ripe.net> Message-ID: <5ADEF603-5D12-473A-B74D-006B9A261D0D@rfc1035.com> On 5 Jun 2014, at 11:35, Daniel Karrenberg wrote: > Unfortunate choice of words. I assume what was intended was something > like "RIPE and RIPE NCC are not interested in the oversight of > maintenance of the DNS root zone." While I'm not going to put words in your mouth Daniel, it seems likely that the DNS WG part of RIPE may well disagree with the above. :-) Of course they may or may not choose to voice those opinions outside the DNS WG through fora like CENTR or the ccNSO. I suppose it also depends on the definition and meaning of "oversight of maintenance". YMMV. This is why I suggested at the mike in Warsaw that preparing a Plan B would be prudent. It would be great for RIPE and the NCC to get consensus and speak with one voice on the NTIA's proposal. I hope that is achieved. However I feel the community could be too diffuse and may well have contradictory views and priorities on what should happen to IANA if/when NTIA cuts the strings. We experienced the difficulties of managing consensus in the DNS WG a few years ago. It was hard work to get a consensus statement from the WG (and then RIPE) on the root zone signing proposal. At first glance that should have been straightforward but it turned out some WG members held mutually exclusive positions on the topic. That consensus statement eventually emerged just before the deadline for comments. For a while it looked as if no statement would come at all. Focusing here on the IANA-RIR relationship might help. OTOH it may mean comments on other key aspects of NTIA oversight of the IANA function get missed or have no platform to be heard. So I'm not sure if we should be ruling these thing in or out of scope at the moment. From twolf.om at gmail.com Thu Jun 5 14:02:35 2014 From: twolf.om at gmail.com (Tim Roy) Date: Thu, 5 Jun 2014 16:02:35 +0400 Subject: [cooperation-wg] IANA discussions: ENOG 7 In-Reply-To: <539047D9.7030004@ripe.net> References: <539047D9.7030004@ripe.net> Message-ID: <4D9BD139-662D-4C60-9711-9C85B6F95681@gmail.com> That makes more sense and much better phrased for the correct meaning. I thought that is what you meant but wanted to be sure. Thanks for the clarification Tim Sent from my iPhone > On Jun 5, 2014, at 14:35, Daniel Karrenberg wrote: > >> On 5.06.14 10:57 , Tim Roy wrote: >> I would think that RIPE NCC would have an interest in DNS operations since it relates to the numbers. >> >>>> On Jun 5, 2014, at 12:32, Chris Buckridge wrote: >>>> ... >>>> - The RIPE NCC is not interested in DNS operations and should not be put under that umbrella. > > > Unfortunate choice of words. I assume what was intended was something > like "RIPE and RIPE NCC are not interested in the oversight of > maintenance of the DNS root zone." > > Of course the RIPE NCC is interested in DNS operations as we maintain > and serve reverse DNS. We also operate k.root-servers.net and provide > measurements and statistics about DNS. > > Daniel > From daniel.karrenberg at ripe.net Fri Jun 6 11:27:59 2014 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Fri, 06 Jun 2014 11:27:59 +0200 Subject: [cooperation-wg] consensus on the NTIA-IANA proposal In-Reply-To: <5ADEF603-5D12-473A-B74D-006B9A261D0D@rfc1035.com> References: <539047D9.7030004@ripe.net> <5ADEF603-5D12-473A-B74D-006B9A261D0D@rfc1035.com> Message-ID: <5391899F.5020603@ripe.net> On 5.06.14 13:41 , Jim Reid wrote: > On 5 Jun 2014, at 11:35, Daniel Karrenberg wrote: > >> Unfortunate choice of words. I assume what was intended was something >> like "RIPE and RIPE NCC are not interested in the oversight of >> maintenance of the DNS root zone." > > While I'm not going to put words in your mouth Daniel, it seems likely that the DNS WG part of RIPE may well disagree with the above. :-) .... While anything is possible that would be a new development. The RIPE community has always taken great care to stay well clear of the **oversight** of the DNS and the **maintenance** of the DNS root zone. Indeed we have sometimes chosen to give our views and advice on these matters. We have done that when decisions in that area affected our community. However to my knowledge we have never seriously considered to get involved with the *governance* of the DNS. Personally I have always agreed that we should leave this area to others. In retrospect I consider this to be one of the key decisions that contributed to the success and credibility of RIPE. But of course we can decide otherwise. I just hope we do not do this without careful consideration. Of course this is completely the other way around when it comes to Internet number resources. Here we firmly want to play a significant role in the *governance* while taking the views and advice of others into consideration. As I said at the previous WG meeting: I consider it absolutely necessary that we speak with one voice about the governance in the numbers area and about the implementation of that part of the IANA service. If we cannot achieve that, our community and our processes loose a lot of their credibility. At the present time we should avoid to discuss anything but the numbers part. It will help us focus and it will prevent confusion. Daniel From chrisb at ripe.net Tue Jun 10 16:41:36 2014 From: chrisb at ripe.net (Chris Buckridge) Date: Tue, 10 Jun 2014 16:41:36 +0200 Subject: [cooperation-wg] Minutes of the Coop-WG meeting during RIPE 68 in Warsaw - Part 2 In-Reply-To: References: Message-ID: <82CAB473-8382-4AF4-BF25-30D894BBB3F1@ripe.net> Hi Alain, I?ve just reflected Daniel?s changes in the following draft of the minutes - if you?re happy with that, please forward to the list. Cheers Chris ------- Beginning of Minutes ------- Cooperation Working Group Draft Agenda Thursday, 15 May, 11:00 ? 12:30 A. Administrative Matters The co-chairs opened the meeting. New co-chairs Meredith Whittaker and Alain Van Gaever introduced themselves and briefly outlined their hopes for the working group, specifically ensuring that the content is relevant and of practical use to the RIPE community. The minutes from RIPE 67 were approved, as was the agenda for RIPE 68. B. Content Blocking ? B1. A Technical Overview of Content Blocking Methods ? Pier Carlo Chiodi, Olaf Kolkman Olaf Kolkman gave an overview of the work done by Pier Carlo Chiodi on content blocking on the Internet and other work in the same area. Outlining a number of strategies employed by those wishing to block content, he noted that blocking is done most effectively at the end-point (or origin of the content), and that blocking in the network involves a variety of trade-offs. Lars-Johan Liman noted that even ?legitimate? blocking has collateral damage, and pointed to the example of the hotel network, where the interception of traffic prevents the use of DNSSEC. He suggested that in such situations it is best if the effects of the blocking are stated upfront for users. Andrei Robachevsky recalled a paper produced by ISOC (prepared around the time of the SOCA/PIPA/ACTA legislative proposals), and noted that security and hidden costs are all important, and public policy makers need to be made aware of these negative impacts. Olaf pointed out that users will do whatever they can to get to blocked content, and that this can also have potential negative effects (including a greater viral footprint or exposing backdoors to computer systems). Alexander Isavnin asked participants in the room who thought their countries were doing blocking, and whether they thought it was being abused. Richard Barnes noted that these issues reinforce the importance of an end-to-end strategy, and agreed that the hotel network is a good example of how blocking can break important security elements like DNSSEC. Jim Reid noted that blocking access to specific content can mean that broader services are blocked. He noted a case that he had provided advice on, where one of the questions asked was "what would happen if we switched off port 80 access on this particular domain?? - the only person who knows is the webmaster of the domain, but that person is unlikely to happily cooperate in the blocking of their domain. ? B2. Telex: A Proposal For Circumventing Censorship in the Network ? Eric Wustrow Eric Wustrow outlined the Telex project, which has been developed to circumvent content blocking measures. The system provides a means of connecting users to blocked content via a mechanism that is invisible to the censoring technology. He encouraged ISPs to contribute to the work with advice and prototype deployment assistance. Robert Kisteleki noted that PGP key distribution may be a bottleneck in the Telex system. Eric noted that the paper discusses some of these issues, including preventing censors from distributing ?bad? public keys. He suggested that having a central Telex entity that is known and trusted will be important to mitigate these risks. He also noted that getting information into areas subjected to censorship is often less difficult than might be supposed. ? B3. Web Censorship Circumvention: Challenges and Opportunities ? Walid Al-Saqaf Walid Al-Saqaf outlined his project to map URL filtering via crowdsourcing, which is developing longitudinal data, while allowing contributing users to access blocked websites via his own servers. He presented a range of data and analysis obtained from this work, including content blocking methods and strategies. He noted the need to make people more aware of the range of circumvention tools and solutions available, and that speed, security and anonymity are all important to users. He also described his plans for the future, including open-sourcing his own project and cooperating with similar projects. Andrei Robachevsky asked whether the project looked at which means of blocking were most common. Walid stated that he has done some analysis of this, using the packet headers - the more data he can get, the better this analysis will be. Meredith Whittaker noted that the Open Observatory of Network Interference (OONI) project, coordinated by the Tor team, is also doing work in this area and is generating public data. Alexander Isavnin suggested that a RIPE task force might be a useful vehicle for RIPE community members interested in this issue. Walid agreed that the technical community, and particularly its relationship to civil society actors in this space, needs to be further explored and understood. C. IANA Transition Chris Buckridge and Paul Rendek of the RIPE NCC presented background information on the U.S. Government?s announcement of its intention to transition out of its IANA functions oversight role. They noted that any proposal for a future model of IANA administration needs to come from a global, multi-stakeholder development process, and that RIPE and the RIPE NCC are key IANA stakeholders. They suggested that the RIPE community?s discussion of these issues should be centred around the Cooperation Working Group, with the RIPE NCC assisting in facilitating input to that process from regional events and voices. Rob Blokzijl warned that any process involving ICANN will necessarily be complicated and political. On a technical point, he noted that future RIPE NCC presentations on this subject should include the RIPE NCC?s reverse DNS interactions with IANA, which may be more regular than the number resource requests already noted. He further noted that the RIPE NCC?s direct interactions with the NTIA itself were non-existent, and stressed that the processes developed by RIPE and the other RIR communities already met the requirements laid out by the NTIA as necessary for oversight of the IANA functions. Danniel Karrenberg recalled that this is not the first time this discussion has taken place, and that the RIPE community has historically taken an active part in the discussion around the formation of ICANN and the organisation and delivery of IANA services. He stressed the legitimacy and credibility of the RIR community processes in policy-making and argued against over-complicating the situation. He also noted that the IANA is three distinct groups of functions (number resources, the DNS root zone and protocol parameters), and the RIPE community discussions should focus primarily on the number resource functions; if difficulties in defining governance processes for the DNS root zone threaten to derail the oversight transition process, the community should be explicitly prepared to propose unbundling those functions and taking oversight of the numbering functions. Malcolm Hutty disagreed with the perception that NTIA oversight was not important, and stressed that this oversight has protected the policy-making relationship with ICANN itself. He noted that policy regarding the DNS is determined by the ICANN community and imposed on registrars, meaning that users essentially have to submit to ICANN policies. RIPE and the RIR communities determine their own policies with regard to Internet number management, but it may be conceivable that ICANN would decide it wants to set these policies in future and impose them on the RIPE community. He argued that a credible external oversight function must be retained to prevent this. Nurani Nimpuno argued that the RIR communities should take ownership of this issue, as custodians of the Internet number resources, and that the community members should be contributing to the broader discussion, while maintaining a focus on the numbering functions. She also stressed that the communities should be pro-active in defining terms like ?multi-stakeholder? and ?openness? which appear in the NTIA requirements. Jim Reid agreed with Malcolm Hutty on the importance of preventing ICANN mission-creep, and on the need to tightly define the relationship between the IANA operator and the RIR communities. He also warned that achieving consensus on a community proposal may be difficult, and suggested that there should be a fallback position to allow for RIPE and the RIPE NCC to make a meaningful contribution to the global discussion. Jari Arkko noted the evolution that has occurred in how the IETF and IAB manage oversight of the protocol parameters and their relationship to IANA. He agreed that the RIPE community needs to take ownership of this and take charge of what needs to change or not change. Olaf Kolkman, also an active participant in the IETF, noted the efforts in the IETF to align on a principle-based approach, with the most important principle being that the IETF controls its own destiny. Ensuring that people are empowered to participate in these discussions will help the debate going forward, and the community needs to provide guidance - developing a set of principles may be a good first step. Olaf suggested RFC 6220 as a good starting point. Salam Yamout provided some perspective from the government side, particularly in the Arab world - notably the perception that the United States has control of the Internet, and governments? strong focus on DNS-related issues. She noted that governments concerns centre primarily around ICANN. Phil Rushton urged the community to be aware of events in other forums, including the UN, WSIS and the ITU - while there is not the need for everyone to be directly involved, we need to be aware of what governments are thinking and the where they still need to be convinced by the RIR communities. Daniel Karrenberg argued that the community does not need another level of oversight for protection, and noted that the RIR communities already have solid agreements in place with ICANN, which ICANN cannot unilaterally change. He stressed the importance (and his optimism) of achieving community consensus on a proposal. He suggested that the RIPE community should avoid being drawn into the discussions about governance and oversight of DNS root zone management and stick to its purview of Internet number resources. Paul Wilson noted that the IANA functions comprise three quite different areas (numbers, protocol parameters and DNS), and that only one of these (the DNS) is controversial - the IAB has stated its readiness to take responsibility for the protocol parameters, and the RIR communities should also, in the very near future, be ready to make such a statement regarding the number functions. He and Adiel Akplogan agreed that strengthening the RIR processes, ensuring that they are consistent, clear, accessible and well documented, is vital. Sandy Murphy warned that the outcome of this process may impact our current model of Internet governance, and stressed the need for the RIR communities to have their voice heard. She also asked about the ICANN consultation timeline, specifically the call for comments on its proposed process, and whether this process is now set. Paul Rendek noted that there is expected to be more information on ICANN?s planning in time of the ICANN 50 Meeting, which takes place in London in June. Chris Buckridge also noted that all relevant information, including links to the relevant ICANN web, is posted on the ripe.net website. D. Interconnection ? D1. The Internet, the Internets, and Splinternets ? Peter Koch Peter Koch discussed the proposals coming from Germany for establishing a separate ?German? Internet. Randy Bush noted the experience of the Saudi industry, after the regulator decided that no traffic between two Saudi users should leave the country, and pointed out that IXPs are a key element facilitating this. There was a question as to whether the German-only email system used the DNS (which would generate its own cross-border traffic). Peter noted that the one he mentioned uses special domains, but DNS leakage was of less concern than the actual content of the messages. Alain Van Gaever asked about the rate of take-up. Peter didn?t have figures to hand, but noted that there are incentives, it is early in the deployment, and the operators are targeting users of existing email services. Brian Nisbet said that while he can see what?s being attempted, it never succeeds and generally breaks things that the users want to do. Peter stressed that walking away from the discussion probably isn?t the right strategy, and that users often learn what they want from marketing campaigns. Expanding on the question of what users want, Meredith Whittaker noted that users want security, and the technical community needs to be a public voice stating that this is not the way to achieve that. Marco Davids noted an initative in the Netherlands using a closed user group in BGP - this doesn't combat traffic monitoring, but rather helps mitigate DDOS attacks, and if users (such as banks) are under attack the group can be closed to users outside the Netherlands. Olaf Kolkman asked whether any EU research funding had been channeled to this, and whether the project could lead to some sort of European standardisation. Peter noted that the work is based on IETF standards. Jean Jacque Sahel noted that the European Commission has publicly said that this is all a very bad idea. Jaap Akkerhuis recalled a proposal from Italy to establish a trusted network for digital mail. Olaf Kolkman and Peter Koch, summarising some of the discussion?s key points, suggested that we are moving intelligence to the core of the network, and the core is represented by big players. The technical community cannot just dismiss these initiatives - there are some laudable goals behind them, and we need to engage in the discussion. ? D2. Interconnection: Russia, the EU, and Internet Cooperation and Governance ? Igor Milashevskiy Igor Milashevskiy, representing the Russian government in its first RIPE Meeting, shared some perspectives on that government?s view of the Internet and related public policy. The Russian government sees the Internet as a driver of development, with the Russian Internet market the biggest in Europe - 68 million users, more than 56 million people use Internet every day, including a significant percentage outside big cities. The Russian language is also the second largest in Internet, there are slightly fewer than five million .ru domains and more than 800,000 .?? domains. Speaking from personal perspective, he noted that the RIPE NCC is a reference organisation in the Internet space, and the target is to restore trust and confidence to the Internet environment, and develop international tools for preventing improper use of the Internet. Ho noted that the main actor in the Intenet is the user, and if those users have certain rights in the offline world - access to information, privacy, secrecy of communication and freedom of opinion - we have to protect those rights online. The process to do this has just begun, and the Russian government believes there are no rights without duties, no freedom without responsibility. He also suggested that the role of governments in Internet governance needs to be recognised. NETmundial was a good and innovative attempt to include all stakeholders, but the outcome document doesn?t reflect all the contributions. Ciprian Nica, participating remotely, asked how and who should define the proper purposes of using the Internet. Igor explained that the Internet is a universal tool, and can be used for a wide range of purposes, but that its primary purpose should be to make users? lives richer. Desiree Milosevich asked if there could be some elaboration on the Russian government?s issues with the NETmundial statement. Igor noted that this is in the public record of the Russian statements. Paul Rendek extended his thanks to Igor and the Russian government for their increased willingness to engage with the RIPE community and RIPE NCC, and welcomed Igor's attendance at the RIPE Meeting. E. Making the Internet a Little Bit Safer Cryptographically - Randy Bush Randy Bush discussed the development of an open public architecture for hardware security modules. The goal is a design (not a product) that is scalable, composable and assured. He stressed that the project needs people to audit the code. Aaron Kaplan asked where to get a development board. Randy noted that the boards are available for 170 USD. Aaron also noted that it would be a good idea to have the testing procedure online and publicly available. Eric Wuster agreed that this is good work and asked why go the FPGA route rather than using a small embedded chip. Randy noted that some of the applications need speed, particularly some of the encryption stuff. Regarding chips though, Randy noted that the FPGA Verilog was first done in Python, meaning there is a Python version and a Verilog version. Eric also asked about how the project is sourcing hardware random number generators. Randy replied that they are currently investigating this issue. F. Policy Radar ? F1. RIPE NCC Updates, including NETmundial and IGF Developments ? Chris Buckridge Chris Buckridge gave an update on the wide range of Internet governance events taking place in the coming months, including the ITU Plenipotentiary 2014 that is scheduled to take place in October. He highlighted the links between many of these events, particularly in terms of broader strategies. He noted suggestions from earlier sessions that the RIPE NCC provide more targeted information for the community, and reported that the RIPE NCC is investigating the best method for doing this. Phil Rushton noted that the technical community can have significant impact on events at the Plenipotentiary via their input to Member State delegations. He also noted that while NETmundial produced a good outcome for the multi-stakeholder model, other forums, such as the CSTD Working Group on Enhanced Cooperation, saw much less support for multi-stakeholder processes and governance. ? F2. Co-chair Updates and Working Group Initiatives Meredith Whittaker closed the session by reiterating the goals of co-chairs, particularly the need to engage people who are affected by Internet governance and public policy issues, but don't currently take an active interest. She noted options such as producing white papers, using RIPE Meeting time for more workshop-style events, and other ideas for the working group to serve as a RIPE community ?brains trust? for those involved in public policy discussions. Nurani Nimpuno noted her support for the co-chairs? approach and stressed the need to bring discussions back to specific issues and make the topics practical for RIPE community participants. The co-chairs closed the meeting. --------------------- End of Minutes --------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2608 bytes Desc: not available URL: From avangaev at gmail.com Wed Jun 11 11:03:19 2014 From: avangaev at gmail.com (Alain Van Gaever) Date: Wed, 11 Jun 2014 10:03:19 +0100 Subject: [cooperation-wg] Minutes of the Coop-WG meeting during RIPE 68 in Warsaw - Updated Message-ID: Dear All, Following modifications proposed by Jim and Daniel, please find below the updated minutes of the Coop-WG meeting in Warsaw In case you have any further comments/updates please let us know Alain ------- Beginning of Minutes ------- Cooperation Working Group Draft Agenda Thursday, 15 May, 11:00 ? 12:30 A. Administrative Matters The co-chairs opened the meeting. New co-chairs Meredith Whittaker and Alain Van Gaever introduced themselves and briefly outlined their hopes for the working group, specifically ensuring that the content is relevant and of practical use to the RIPE community. The minutes from RIPE 67 were approved, as was the agenda for RIPE 68. B. Content Blocking ? B1. A Technical Overview of Content Blocking Methods ? Pier Carlo Chiodi, Olaf Kolkman Olaf Kolkman gave an overview of the work done by Pier Carlo Chiodi on content blocking on the Internet and other work in the same area. Outlining a number of strategies employed by those wishing to block content, he noted that blocking is done most effectively at the end-point (or origin of the content), and that blocking in the network involves a variety of trade-offs. Lars-Johan Liman noted that even ?legitimate? blocking has collateral damage, and pointed to the example of the hotel network, where the interception of traffic prevents the use of DNSSEC. He suggested that in such situations it is best if the effects of the blocking are stated upfront for users. Andrei Robachevsky recalled a paper produced by ISOC (prepared around the time of the SOCA/PIPA/ACTA legislative proposals), and noted that security and hidden costs are all important, and public policy makers need to be made aware of these negative impacts. Olaf pointed out that users will do whatever they can to get to blocked content, and that this can also have potential negative effects (including a greater viral footprint or exposing backdoors to computer systems). Alexander Isavnin asked participants in the room who thought their countries were doing blocking, and whether they thought it was being abused. Richard Barnes noted that these issues reinforce the importance of an end-to-end strategy, and agreed that the hotel network is a good example of how blocking can break important security elements like DNSSEC. Jim Reid noted that blocking access to specific content can mean that broader services are blocked. He had advised on a case where one of the questions asked was "what else would be affected if we prevented port 80 access for this particular domain??. The only person who could provide a definitive answer would be the administrator of the web server at that IP address and they would be unlikely to cooperate with anyone intending to blocking traffic for that address. ? B2. Telex: A Proposal For Circumventing Censorship in the Network ? Eric Wustrow Eric Wustrow outlined the Telex project, which has been developed to circumvent content blocking measures. The system provides a means of connecting users to blocked content via a mechanism that is invisible to the censoring technology. He encouraged ISPs to contribute to the work with advice and prototype deployment assistance. Robert Kisteleki noted that PGP key distribution may be a bottleneck in the Telex system. Eric noted that the paper discusses some of these issues, including preventing censors from distributing ?bad? public keys. He suggested that having a central Telex entity that is known and trusted will be important to mitigate these risks. He also noted that getting information into areas subjected to censorship is often less difficult than might be supposed. ? B3. Web Censorship Circumvention: Challenges and Opportunities ? Walid Al-Saqaf Walid Al-Saqaf outlined his project to map URL filtering via crowdsourcing, which is developing longitudinal data, while allowing contributing users to access blocked websites via his own servers. He presented a range of data and analysis obtained from this work, including content blocking methods and strategies. He noted the need to make people more aware of the range of circumvention tools and solutions available, and that speed, security and anonymity are all important to users. He also described his plans for the future, including open-sourcing his own project and cooperating with similar projects. Andrei Robachevsky asked whether the project looked at which means of blocking were most common. Walid stated that he has done some analysis of this, using the packet headers - the more data he can get, the better this analysis will be. Meredith Whittaker noted that the Open Observatory of Network Interference (OONI) project, coordinated by the Tor team, is also doing work in this area and is generating public data. Alexander Isavnin suggested that a RIPE task force might be a useful vehicle for RIPE community members interested in this issue. Walid agreed that the technical community, and particularly its relationship to civil society actors in this space, needs to be further explored and understood. C. IANA Transition Chris Buckridge and Paul Rendek of the RIPE NCC presented background information on the U.S. Government?s announcement of its intention to transition out of its IANA functions oversight role. They noted that any proposal for a future model of IANA administration needs to come from a global, multi-stakeholder development process, and that RIPE and the RIPE NCC are key IANA stakeholders. They suggested that the RIPE community?s discussion of these issues should be centred around the Cooperation Working Group, with the RIPE NCC assisting in facilitating input to that process from regional events and voices. Rob Blokzijl warned that any process involving ICANN will necessarily be complicated and political. On a technical point, he noted that future RIPE NCC presentations on this subject should include the RIPE NCC?s reverse DNS interactions with IANA, which may be more regular than the number resource requests already noted. He further noted that the RIPE NCC?s direct interactions with the NTIA itself were non-existent, and stressed that the processes developed by RIPE and the other RIR communities already met the requirements laid out by the NTIA as necessary for oversight of the IANA functions. Danniel Karrenberg recalled that this is not the first time this discussion has taken place, and that the RIPE community has historically taken an active part in the discussion around the formation of ICANN and the organisation and delivery of IANA services. He stressed the legitimacy and credibility of the RIR community processes in policy-making and argued against over-complicating the situation. He also noted that the IANA is three distinct groups of functions (number resources, the DNS root zone and protocol parameters), and the RIPE community discussions should focus primarily on the number resource functions; if difficulties in defining governance processes for the DNS root zone threaten to derail the oversight transition process, the community should be explicitly prepared to propose unbundling those functions and taking oversight of the numbering functions. Malcolm Hutty disagreed with the perception that NTIA oversight was not important, and stressed that this oversight has protected the policy-making relationship with ICANN itself. He noted that policy regarding the DNS is determined by the ICANN community and imposed on registrars, meaning that users essentially have to submit to ICANN policies. RIPE and the RIR communities determine their own policies with regard to Internet number management, but it may be conceivable that ICANN would decide it wants to set these policies in future and impose them on the RIPE community. He argued that a credible external oversight function must be retained to prevent this. Nurani Nimpuno argued that the RIR communities should take ownership of this issue, as custodians of the Internet number resources, and that the community members should be contributing to the broader discussion, while maintaining a focus on the numbering functions. She also stressed that the communities should be pro-active in defining terms like ?multi-stakeholder? and ?openness? which appear in the NTIA requirements. Jim Reid agreed with Malcolm Hutty on the importance of preventing ICANN mission-creep, and on the need to tightly define the relationship between the IANA operator and the RIR communities. He also warned that achieving consensus on a community proposal may be difficult, and suggested that there should be a fallback position to allow for RIPE and the RIPE NCC to make a meaningful contribution to the global discussion. Jari Arkko noted the evolution that has occurred in how the IETF and IAB manage oversight of the protocol parameters and their relationship to IANA. He agreed that the RIPE community needs to take ownership of this and take charge of what needs to change or not change. Olaf Kolkman, also an active participant in the IETF, noted the efforts in the IETF to align on a principle-based approach, with the most important principle being that the IETF controls its own destiny. Ensuring that people are empowered to participate in these discussions will help the debate going forward, and the community needs to provide guidance - developing a set of principles may be a good first step. Olaf suggested RFC 6220 as a good starting point. Salam Yamout provided some perspective from the government side, particularly in the Arab world - notably the perception that the United States has control of the Internet, and governments? strong focus on DNS-related issues. She noted that governments concerns centre primarily around ICANN. Phil Rushton urged the community to be aware of events in other forums, including the UN, WSIS and the ITU - while there is not the need for everyone to be directly involved, we need to be aware of what governments are thinking and the where they still need to be convinced by the RIR communities. Daniel Karrenberg argued that the community does not need another level of oversight for protection, and noted that the RIR communities already have solid agreements in place with ICANN, which ICANN cannot unilaterally change. He stressed the importance (and his optimism) of achieving community consensus on a proposal. He suggested that the RIPE community should avoid being drawn into the discussions about governance and oversight of DNS root zone management and stick to its purview of Internet number resources. Paul Wilson noted that the IANA functions comprise three quite different areas (numbers, protocol parameters and DNS), and that only one of these (the DNS) is controversial - the IAB has stated its readiness to take responsibility for the protocol parameters, and the RIR communities should also, in the very near future, be ready to make such a statement regarding the number functions. He and Adiel Akplogan agreed that strengthening the RIR processes, ensuring that they are consistent, clear, accessible and well documented, is vital. Sandy Murphy warned that the outcome of this process may impact our current model of Internet governance, and stressed the need for the RIR communities to have their voice heard. She also asked about the ICANN consultation timeline, specifically the call for comments on its proposed process, and whether this process is now set. Paul Rendek noted that there is expected to be more information on ICANN?s planning in time of the ICANN 50 Meeting, which takes place in London in June. Chris Buckridge also noted that all relevant information, including links to the relevant ICANN web, is posted on the ripe.net website. D. Interconnection ? D1. The Internet, the Internets, and Splinternets ? Peter Koch Peter Koch discussed the proposals coming from Germany for establishing a separate ?German? Internet. Randy Bush noted the experience of the Saudi industry, after the regulator decided that no traffic between two Saudi users should leave the country, and pointed out that IXPs are a key element facilitating this. There was a question as to whether the German-only email system used the DNS (which would generate its own cross-border traffic). Peter noted that the one he mentioned uses special domains, but DNS leakage was of less concern than the actual content of the messages. Alain Van Gaever asked about the rate of take-up. Peter didn?t have figures to hand, but noted that there are incentives, it is early in the deployment, and the operators are targeting users of existing email services. Brian Nisbet said that while he can see what?s being attempted, it never succeeds and generally breaks things that the users want to do. Peter stressed that walking away from the discussion probably isn?t the right strategy, and that users often learn what they want from marketing campaigns. Expanding on the question of what users want, Meredith Whittaker noted that users want security, and the technical community needs to be a public voice stating that this is not the way to achieve that. Marco Davids noted an initative in the Netherlands using a closed user group in BGP - this doesn't combat traffic monitoring, but rather helps mitigate DDOS attacks, and if users (such as banks) are under attack the group can be closed to users outside the Netherlands. Olaf Kolkman asked whether any EU research funding had been channeled to this, and whether the project could lead to some sort of European standardisation. Peter noted that the work is based on IETF standards. Jean Jacque Sahel noted that the European Commission has publicly said that this is all a very bad idea. Jaap Akkerhuis recalled a proposal from Italy to establish a trusted network for digital mail. Olaf Kolkman and Peter Koch, summarising some of the discussion?s key points, suggested that we are moving intelligence to the core of the network, and the core is represented by big players. The technical community cannot just dismiss these initiatives - there are some laudable goals behind them, and we need to engage in the discussion. ? D2. Interconnection: Russia, the EU, and Internet Cooperation and Governance ? Igor Milashevskiy Igor Milashevskiy, representing the Russian government in its first RIPE Meeting, shared some perspectives on that government?s view of the Internet and related public policy. The Russian government sees the Internet as a driver of development, with the Russian Internet market the biggest in Europe - 68 million users, more than 56 million people use Internet every day, including a significant percentage outside big cities. The Russian language is also the second largest in Internet, there are slightly fewer than five million .ru domains and more than 800,000 .?? domains. Speaking from personal perspective, he noted that the RIPE NCC is a reference organisation in the Internet space, and the target is to restore trust and confidence to the Internet environment, and develop international tools for preventing improper use of the Internet. Ho noted that the main actor in the Intenet is the user, and if those users have certain rights in the offline world - access to information, privacy, secrecy of communication and freedom of opinion - we have to protect those rights online. The process to do this has just begun, and the Russian government believes there are no rights without duties, no freedom without responsibility. He also suggested that the role of governments in Internet governance needs to be recognised. NETmundial was a good and innovative attempt to include all stakeholders, but the outcome document doesn?t reflect all the contributions. Ciprian Nica, participating remotely, asked how and who should define the proper purposes of using the Internet. Igor explained that the Internet is a universal tool, and can be used for a wide range of purposes, but that its primary purpose should be to make users? lives richer. Desiree Milosevich asked if there could be some elaboration on the Russian government?s issues with the NETmundial statement. Igor noted that this is in the public record of the Russian statements. Paul Rendek extended his thanks to Igor and the Russian government for their increased willingness to engage with the RIPE community and RIPE NCC, and welcomed Igor's attendance at the RIPE Meeting. E. Making the Internet a Little Bit Safer Cryptographically - Randy Bush Randy Bush discussed the development of an open public architecture for hardware security modules. The goal is a design (not a product) that is scalable, composable and assured. He stressed that the project needs people to audit the code. Aaron Kaplan asked where to get a development board. Randy noted that the boards are available for 170 USD. Aaron also noted that it would be a good idea to have the testing procedure online and publicly available. Eric Wuster agreed that this is good work and asked why go the FPGA route rather than using a small embedded chip. Randy noted that some of the applications need speed, particularly some of the encryption stuff. Regarding chips though, Randy noted that the FPGA Verilog was first done in Python, meaning there is a Python version and a Verilog version. Eric also asked about how the project is sourcing hardware random number generators. Randy replied that they are currently investigating this issue. F. Policy Radar ? F1. RIPE NCC Updates, including NETmundial and IGF Developments ? Chris Buckridge Chris Buckridge gave an update on the wide range of Internet governance events taking place in the coming months, including the ITU Plenipotentiary 2014 that is scheduled to take place in October. He highlighted the links between many of these events, particularly in terms of broader strategies. He noted suggestions from earlier sessions that the RIPE NCC provide more targeted information for the community, and reported that the RIPE NCC is investigating the best method for doing this. Phil Rushton noted that the technical community can have significant impact on events at the Plenipotentiary via their input to Member State delegations. He also noted that while NETmundial produced a good outcome for the multi-stakeholder model, other forums, such as the CSTD Working Group on Enhanced Cooperation, saw much less support for multi-stakeholder processes and governance. ? F2. Co-chair Updates and Working Group Initiatives Meredith Whittaker closed the session by reiterating the goals of co-chairs, particularly the need to engage people who are affected by Internet governance and public policy issues, but don't currently take an active interest. She noted options such as producing white papers, using RIPE Meeting time for more workshop-style events, and other ideas for the working group to serve as a RIPE community ?brains trust? for those involved in public policy discussions. Nurani Nimpuno noted her support for the co-chairs? approach and stressed the need to bring discussions back to specific issues and make the topics practical for RIPE community participants. The co-chairs closed the meeting. --------------------- End of Minutes --------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From koalafil at gmail.com Thu Jun 12 11:22:01 2014 From: koalafil at gmail.com (Filiz Yilmaz) Date: Thu, 12 Jun 2014 11:22:01 +0200 Subject: [cooperation-wg] Open Call to join IGF Best Practices Forums Preparatory Process Message-ID: Dear all, Please note this call: http://www.intgovforum.org/cms/open-call-to-join-igf-best-practices-forums-preparatory-process Kind regards Filiz -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrisb at ripe.net Mon Jun 16 10:54:10 2014 From: chrisb at ripe.net (Chris Buckridge) Date: Mon, 16 Jun 2014 10:54:10 +0200 Subject: [cooperation-wg] Updated IANA Oversight Transition Process References: <2CCEAF47-07AF-4944-B76A-05C46DB0B1B3@ripe.net> Message-ID: Dear colleagues, Following a public comment period during which more than 50 submissions were received, ICANN has posted an updated description of the ?Process to Develop the Proposal and Next Steps? in relation to the transition of the NTIA?s stewardship of the IANA functions: https://www.icann.org/news/announcement-2014-06-06-en The page details all of the changes made to the initial draft, which was published in April. A couple of key points: - The title "Coordination Group? has replaced the original "Steering Group" - The number of participants has increased from 22 participants to 25, including the addition of numerous stakeholder groups and an IANA expert liaison - The number of representatives from the Address Supporting Organization (ASO) has decreased from two to one - Representatives are to be selected by their communities, not by the ICANN Board and Government Advisory Committee (GAC) - Coordination Group members are to be announced by 2 July (but preferably before or during the ICANN 50 meeting, which runs from 22-26 June), with an expected first public meeting to be held in mid-July The number of Internet number resource community representatives on the Coordination Group totals three - two from the Number Resource Organization (NRO), and one from the Address Supporting Organization (ASO). More information on the RIPE community contribution to the development of a proposal regarding transition of the NTIA?s oversight of IANA, including summaries of discussions at recent RIPE community events, is available at: https://ripe.net/iana-oversight-transition Best regards, Chris Buckridge Senior External Relations Officer, RIPE NCC -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2608 bytes Desc: not available URL: From chrisb at ripe.net Mon Jun 30 17:15:05 2014 From: chrisb at ripe.net (Chris Buckridge) Date: Mon, 30 Jun 2014 17:15:05 +0200 Subject: [cooperation-wg] ICANN 50: Talking IANA and Accountability Message-ID: <54A4939F-3AA8-4182-B85F-2B3063AF6500@ripe.net> Dear colleagues, The RIPE NCC has published a brief summary of discussions at last week?s ICANN 50 meeting on issues including the IANA oversight transition and ICANN accountability. The news item also includes links to the transcripts and audio archives of these sessions: https://www.ripe.net/internet-coordination/news/industry-developments/icann-50-talking-iana-and-accountability Best regards, Chris Buckridge, RIPE NCC -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2608 bytes Desc: not available URL: