From kurtis at kurtis.pp.se Fri Jan 2 19:03:11 2004 From: kurtis at kurtis.pp.se (Kurt Erik Lindqvist) Date: Fri, 2 Jan 2004 19:03:11 +0100 Subject: [ncc-services-wg] Call for agenda items Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again, if people have something they would like to bring up at the next NCC WG meeting, please send me an email. Best regards, - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBP/WyYaarNKXTPFCVEQIeYQCg5nDrjSUTu/KhOgh+DHzljqbwbrcAn2sR dMArqQhdu93Dv4DFOaFJTqmt =OpOv -----END PGP SIGNATURE----- From ripe-dbm at ripe.net Tue Jan 6 15:59:23 2004 From: ripe-dbm at ripe.net (RIPE Database Manager) Date: Tue, 6 Jan 2004 15:59:23 +0100 Subject: [ncc-services-wg] Domail Clean-up Message-ID: <200401061459.i06ExNWI032022@x61.ripe.net> Dear Colleagues, As of 6 January, 2004, messages concerning inconsistencies between "nserver:" attributes in DOMAIN objects and delegation NS RRs in our zone files will be sent out. The messages will be mailed to various contact addresses for the relevant DOMAIN objects. In addition to the description of the inconsistencies, an indication of the 'default actions' will also be provided. We kindly request data be updated so that the inconsistencies are corrected before 1 March, 2004. About two weeks before 1 March, 2004 we will send a second set of warnings for the remaining inconsistencies. By 1 March, 2004 all remaining inconsistencies will be cleaned by the RIPE NCC, using the 'default actions'. If you receive a warning about inconsistencies we recommend that you fix the data yourself. It may be that you receive multiple mails for multiple domains with multiple inconsistencies. If you want to configure a dedicated mail filter the messages will contain the subject header "Subject: Reverse DNS inconsistencies in the RIPE Database" and originate "From: ". If you have further questions please contact . Background The cleanup is part of the effort to streamline reverse DNS operations [1] and make it easier for network range users to manipulate related DOMAIN objects. The goal of the cleanup [2] is to streamline the contents of DOMAIN objects and zone configuration files so that we can create zone files from the Whois Database. An explanation of the various possible inconsistencies can be found at: http://www.ripe.net/reverse/rdns-project/Cleanup.html. ----- [1]: Original proposal http://www.ripe.net/reverse/proposal.html. Discussion on this proposal has taken place on the RIPE NCC Services WG mailing list and was summarized in: http://www.ripe.net/ripe/mail-archives/ncc-services-wg/2003/msg00361.html [2]: Original cleanup proposal http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00738.html. ----- Can Bican Software Engineering Department Olaf Kolkman New Projects Group RIPE NCC From denis at ripe.net Thu Jan 8 17:46:24 2004 From: denis at ripe.net (Denis Walker) Date: Thu, 08 Jan 2004 17:46:24 +0100 Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance Message-ID: <3FFD8960.6040406@ripe.net> [apologies for duplicate messages] Dear Colleagues, At the RIPE 45 Meeting a proposal was presented to implement an additional form of strong authentication for protecting objects in the RIPE Database and to allow for secure communication by e-mail with the RIPE NCC. This implementation uses the X.509 certificates. A question was raised by some members about how widespread is the compliance of S/MIME within mail clients. The RIPE NCC Software Engineering Department has undertaken a study to evaluate the use of S/MIME by mail clients. The results of this study can be found on our web site at: http://www.ripe.net/ripencc/pub-services/db/mail_client_tests.html Regards, -- Denis Walker Software Engineering Department RIPE NCC From m.mclane at ukerna.ac.uk Thu Jan 8 18:00:35 2004 From: m.mclane at ukerna.ac.uk (Mally Mclane) Date: Thu, 08 Jan 2004 17:00:35 +0000 Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance In-Reply-To: <3FFD8960.6040406@ripe.net> References: <3FFD8960.6040406@ripe.net> Message-ID: <114151968.1073581235@[10.10.25.220]> Hi Denis, --On 08 January 2004 17:46 +0100 Denis Walker wrote: > The results of this study can be found on our web site at: > > http://www.ripe.net/ripencc/pub- services/db/mail_client_tests.html It seems you didn't test Microsoft Outlook, just Outlook Express? As these are two very different products, was there a reason for this, just I would have thought Microsoft Outlook would have been very widely used... Rgds, Mally Mclane JANET-CERT From hank at att.net.il Thu Jan 8 19:43:17 2004 From: hank at att.net.il (Hank Nussbacher) Date: Thu, 8 Jan 2004 20:43:17 +0200 (IST) Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance In-Reply-To: <114151968.1073581235@[10.10.25.220]> Message-ID: On Thu, 8 Jan 2004, Mally Mclane wrote: Very strange that Eudora came in 5th in Appendix B1.1 and 4th according to B1.2 but didn't warrant a test vs. Lotus, Mozilla, The Bat, and Mulberry that came out below Eudora but did warrant a test. Stranger is that section 7 shows that Eudora was tested but in section 4 I can't find any Eudora results. -Hank > Hi Denis, > > --On 08 January 2004 17:46 +0100 Denis Walker wrote: > > > The results of this study can be found on our web site at: > > > > http://www.ripe.net/ripencc/pub- services/db/mail_client_tests.html > > It seems you didn't test Microsoft Outlook, just Outlook Express? As these > are two very different products, was there a reason for this, just I would > have thought Microsoft Outlook would have been very widely used... > > > Rgds, > > > Mally Mclane > JANET-CERT > From denis at ripe.net Thu Jan 8 20:56:14 2004 From: denis at ripe.net (Denis Walker) Date: Thu, 08 Jan 2004 20:56:14 +0100 Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance References: Message-ID: <3FFDB5DE.8080209@ripe.net> Dear Hank, I did try to test Eudora on windows, but at the time I could not get it to receive any mails at all. I think maybe I had too many mail clients installed at that point. I will come back to this one shortly and try again. Regards Denis Walker Software Engineering Department RIPE NCC Hank Nussbacher wrote: > On Thu, 8 Jan 2004, Mally Mclane wrote: > > Very strange that Eudora came in 5th in Appendix B1.1 and 4th according to > B1.2 but didn't warrant a test vs. Lotus, Mozilla, The Bat, and Mulberry > that came out below Eudora but did warrant a test. > > Stranger is that section 7 shows that Eudora was tested but in section 4 > I can't find any Eudora results. > > -Hank > > >>Hi Denis, >> >>--On 08 January 2004 17:46 +0100 Denis Walker wrote: >> >> >>>The results of this study can be found on our web site at: >>> >>>http://www.ripe.net/ripencc/pub- services/db/mail_client_tests.html >> >>It seems you didn't test Microsoft Outlook, just Outlook Express? As these >>are two very different products, was there a reason for this, just I would >>have thought Microsoft Outlook would have been very widely used... >> >> >>Rgds, >> >> >>Mally Mclane >>JANET-CERT >> > From gregory at webcorp.com.pl Thu Jan 8 20:14:23 2004 From: gregory at webcorp.com.pl (Grzegorz BRZESKI) Date: Thu, 8 Jan 2004 20:14:23 +0100 Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance References: <3FFD8960.6040406@ripe.net> Message-ID: <178501c3d61b$a0510070$0a0210ac@abc> > At the RIPE 45 Meeting a proposal was presented to implement an additional form > of strong authentication for protecting objects in the RIPE Database and to > allow for secure communication by e-mail with the RIPE NCC. This implementation > uses the X.509 certificates. A question was raised by some members about how > widespread is the compliance of S/MIME within mail clients. The RIPE NCC > Software Engineering Department has undertaken a study to evaluate the use of > S/MIME by mail clients. Just a quick question, how many man hours did it take to get this study done and compile the report ? How much time would it take on the other hand to implement this _additional_ form of strong authentication without the report ? Regards, -- Grzegorz BRZESKI From denis at ripe.net Fri Jan 9 13:13:00 2004 From: denis at ripe.net (Denis Walker) Date: Fri, 09 Jan 2004 13:13:00 +0100 Subject: [ncc-services-wg] E-mail Client Testing for S/MIME Compliance References: <3FFD8960.6040406@ripe.net> <178501c3d61b$a0510070$0a0210ac@abc> Message-ID: <3FFE9ACC.1040202@ripe.net> Dear Grzegorz, In total I spent about four weeks doing the research on mail clients, installing and configuring them, testing them and preparing the report. But this was spread over a slightly longer period. The implementation including preparing detailed design documents, code changes, writing new test cases for our comprehensive regression testing of dbupdate and running the tests will take a similar amount of time. The time to implement this feature is independent of the report. The reason we spent the time on the report is to address the concerns of some members who wanted to know how widespread the use of this technology is. We would also like to point out that this is not a 'static' document. There are many other mail clients used by some members. It is not practical for the RIPE NCC to test them all. The actual tests are quite quick, but the time consuming part is installing and configuring them. Our first aim was to test some of the most commonly used clients, then secondly to ensure that there was at least a choice of mail clients available on each of the three platforms we used. This second point is why we did not just take the 'top ten' mail clients from the list. But we are hoping that some members will do further testing on other mail clients and feed the results back to the RIPE NCC and we will update the document. Perhaps along with the results some details of any installation options and configuration details needed to enable S/MIME can also be included. Regards, -- Denis Walker Software Engineering Department RIPE NCC Grzegorz BRZESKI wrote: >>At the RIPE 45 Meeting a proposal was presented to implement an additional > > form > >>of strong authentication for protecting objects in the RIPE Database and > > to > >>allow for secure communication by e-mail with the RIPE NCC. This > > implementation > >>uses the X.509 certificates. A question was raised by some members about > > how > >>widespread is the compliance of S/MIME within mail clients. The RIPE NCC >>Software Engineering Department has undertaken a study to evaluate the use > > of > >>S/MIME by mail clients. > > > Just a quick question, how many man hours did it take to get this study done > and compile the report ? How much time would it take on the other hand to > implement this _additional_ form of strong authentication without the report > ? > > Regards, > > -- > Grzegorz BRZESKI From kurtis at kurtis.pp.se Tue Jan 13 07:43:47 2004 From: kurtis at kurtis.pp.se (Kurt Erik Lindqvist) Date: Tue, 13 Jan 2004 07:43:47 +0100 Subject: [ncc-services-wg] Agenda items.... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A small reminder of the agenda for the upcoming RIPE47. So, if you have something you would like to present or discuss.... - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQAOTpaarNKXTPFCVEQKJbQCghHY/8dElwAPC/vNHwuHIDvzJowsAoIi+ Bkvd8wPqlJsuU+Y87SSNGsCn =an2y -----END PGP SIGNATURE----- From olaf at ripe.net Tue Jan 13 20:00:29 2004 From: olaf at ripe.net (Olaf Kolkman) Date: Tue, 13 Jan 2004 20:00:29 +0100 Subject: [ncc-services-wg] Erroneous Domain Cleanup Messages Message-ID: <200401131900.i0DJ0UMF002034@birch.ripe.net> Dear Colleagues, Apologies for duplicate mails. == Introduction We recently informed the Working Groups about the start of a cleanup of inconsistencies between data in our reverse DNS and data in the Whois Database [1]. Since Wednesday 7 January, 2004 we have been sending out warning messages. Unfortunately a number of messages were sent out in error. == The Problem Due to a bug in the script, messages have been sent to contacts for /24 DOMAIN objects that have a more specific /16 object, stating that there are no matching NS RRs in the zone files and that the DOMAIN object will be deleted. This has been done in error and these DOMAIN objects will remain unaltered. The contacts for these /24 DOMAIN objects will be sent a message shortly confirming that their objects will remain unaltered and that no further action is required on their part. == Background The Whois Database holds informational data for domains in the reverse tree. The database holds information about reverse domains corresponding to /8, /16 and /24 address space. The '/8 domain' zone files at the RIPE NCC only contain NS RRs for the delegation corresponding to the most less specific address block. If there is a /16 DOMAIN object and a number of more specific /24 DOMAIN objects in the database only a delegation will be created corresponding to the /16 DOMAIN object. In other words, if the /16 domain has been delegated one cannot delegate its children any longer. Therefore, the absence of the NS resource records corresponding to the "nserver:" attributes in the /24 DOMAIN objects is not an error. Note: for End Users it is not obvious if an NS RR is in the zone files of the RIPE NCC since ns.ripe.net is a secondary DNS server for the /16 zones. Our apologies for any confusion and extra work this may have caused. For further clarification please do not hesitate to contact . --Olaf Kolkman New Projects RIPE NCC [1]: http://www.ripe.net/ripe/mail-archives/dns-wg/2004/msg00000.html Further information about the cleanup project can be found at: http://www.ripe.net/reverse/rdns-project/cleanup.html From kurtis at kurtis.pp.se Sun Jan 18 11:43:14 2004 From: kurtis at kurtis.pp.se (Kurt Erik Lindqvist) Date: Sun, 18 Jan 2004 11:43:14 +0100 Subject: [ncc-services-wg] Agenda for RIPE 47 Message-ID: <1E9BFB84-49A3-11D8-9408-000A95928574@kurtis.pp.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Proposed agenda for RIPE 47 for RIPE NCC Services WG. Note! If you submitted an agenda item and didn't make it, it's because I screwed up and deleted some mails. Please re-submit then! Best regards, - - kurtis - Tue 27/1 14.00-15.30 ==================== A. Agenda bashing / Kurtis Lindqvist 5 minutes - Scribe - minutes - Agenda B. Update from the RIPE NCC / Axel Pawlik C. Co-Chair for the Working Group / Kurtis Lindqvist 5 minutes Wed 29/1 11.00-12.30 ==================== D. Proposal for announcement mailinglist / Wilfried Woeber 10-15 min. E. X.509 Support in the robot / Shane Kerr 10-15 mins F. Regitrations services update / Leo Vegoda 10-15 mins. G. RIPE NCC Training activities / Rumy Kanis 10-15 mins. H. Open mike session -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQApjRaarNKXTPFCVEQL7gwCfSW6kszECw44UCrwV6jnzgrHR7gAAn2yE YDyQiWBbrxyP2g6dbEHkFFZN =3lkb -----END PGP SIGNATURE----- From kurtis at netnod.se Tue Jan 20 09:54:38 2004 From: kurtis at netnod.se (Kurt Erik Lindqvist) Date: Tue, 20 Jan 2004 09:54:38 +0100 Subject: [ncc-services-wg] Updated agenda for NCC-Services WG @ RIPE47 Message-ID: <477D63D6-4B26-11D8-BCF8-000A95928574@netnod.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tue 27/1 14.00-15.30 ==================== A. Agenda bashing / Kurtis Lindqvist 5 minutes - Scribe - minutes - Agenda B. Update from the RIPE NCC / Axel Pawlik C. RIS and TTM service update / Henk Uijterwaal 10 min. D. Co-Chair for the Working Group / Kurtis Lindqvist 5 minutes Wed 29/1 11.00-12.30 ==================== E. Proposal for announcement mailinglist / Wilfried Woeber 10-15 min. F. X.509 Support in the robot / Shane Kerr 10-15 mins G. Regitrations services update / Leo Vegoda 10-15 mins. H. RIPE NCC Training activities / Rumy Kanis 10-15 mins. I. Routability testing / Kurtis Lindqvist / Daniel Karrenberg 10-15 min J. Open mike session - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQAzs1KarNKXTPFCVEQKbwACgjAbBqX/mHb3kupb1wtu/OmBituoAnR0e scVR3eZpVenbm/nKazeDoRKK =kqIp -----END PGP SIGNATURE----- From olaf at ripe.net Wed Jan 21 15:57:46 2004 From: olaf at ripe.net (Olaf Kolkman) Date: Wed, 21 Jan 2004 15:57:46 +0100 Subject: [ncc-services-wg] DNS Related Policy and Procedure Proposals Message-ID: <200401211457.i0LEvkAS030175@birch.ripe.net> Dear Colleagues, Apologies for duplicate mails. Shortly after this mail we will be sending two separate mails to the DNS Working Group mailing list. We will also be posting a draft policy document (see below). These mails also have relevance to the RIPE NCC Services and Database Working Groups. The two messages and revised policy document are part of a project started in October 2003 to streamline and simplify the process of requesting and managing reverse DNS delegation for the holders of the address space allocated or assigned by the RIPE NCC. The original proposal can be found at: http://www.ripe.net/reverse/proposal.html The content of the mails are: - A proposal for the introduction of a new "mnt-domains:" attribute in INETNUM objects to authorise the creation of DOMAIN objects. This proposal also suggests making "mnt-by:" a mandatory DOMAIN object attribute. This authorisation mechanism will enable address space users to delegate the responsibility for maintaining reverse address space to third parties in a flexible manner. - An assessment of the consequences of the introduction of the "mnt-domains:" attribute and of the "mnt-by:" attribute being made mandatory. The reverse delegation policy has been revised, relaxing the terms under which reverse delegation will be serviced and providing the framework to implement the authorisation mechanism described above. The draft "Policy for Reverse Address Delegation of IPv4 and IPv6 Address Space in the RIPE NCC Service Region" can be found at: http://www.ripe.net/ripe/draft-documents/reverse-draft-200401.html We would like to invite your comments on this. Please discuss these proposals on the DNS Working Group mailing list. More information can be found at: http://www.ripe.net/reverse/rdns-project/ -- Olaf Kolkman New Projects Group RIPE NCC From slz at baycix.de Thu Jan 22 02:47:02 2004 From: slz at baycix.de (Sascha Lenz) Date: Thu, 22 Jan 2004 02:47:02 +0100 Subject: [ncc-services-wg] DNS Related Policy and Procedure Proposals In-Reply-To: <200401211457.i0LEvkAS030175@birch.ripe.net> References: <200401211457.i0LEvkAS030175@birch.ripe.net> Message-ID: <400F2B96.6040502@baycix.de> Hay, [I didn't remove ncc-services-wg and db-wg lists since it's also a policy and db-issue] Olaf Kolkman wrote: [...] > The reverse delegation policy has been revised, relaxing the terms > under which reverse delegation will be serviced and providing the > framework to implement the authorisation mechanism described > above. > > The draft "Policy for Reverse Address Delegation of IPv4 and IPv6 > Address Space in the RIPE NCC Service Region" can be found at: > > http://www.ripe.net/ripe/draft-documents/reverse-draft-200401.html > > We would like to invite your comments on this. Please discuss these > proposals on the DNS Working Group mailing list. [...] AFAIR there was no objection to this proposal as long as it comes to relaxing the policy itself. I think we could implement the new draft ASAP. It's short and easy and was updated to IPv6 - all we need. The best part in my eyes is, that with the new policy and the new authorisation system (mnt-domains ect.), every address space holder can again request/update their rDNS delegations on their own (given the correct db authorisation) - as long as they know what they do. (At least I think that's intentionally, since all the parts relating to only LIRs can hand in requests have been removed :-) ) And a personal sidenote: I always kinda liked the current policy, allowing reverse delegation on a /24 block only if there's at least one valid assignment in it. Even though one usually shouldn't route a net without a valid assignment, i merged several LIRs throughout the last years, and I _always_ discovered some routed but not assigned networks. In almost all cases it was hard to get the customer to hand in a correct request for nets he's already been using for a while. The best was to tell the customer, they can't get rDNS until they have a valid Assignment and point to the policy - that often helped, unless they didn't care about rDNS at all. Though, this is rather a social problem of unwilling customers and lazy LIRs. So I do support the relaxed policy. Just saying that in my case the current policy rather helped some times than causing problems due to the restrictions. But i see the advantages of the new draft in general. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz at baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ======================================================================== From kurtis at kurtis.pp.se Wed Jan 21 20:10:12 2004 From: kurtis at kurtis.pp.se (Kurt Erik Lindqvist) Date: Wed, 21 Jan 2004 20:10:12 +0100 Subject: [ncc-services-wg] Fwd: RIPE 46 - Minutes of Ripe NCC Services WG In-Reply-To: <4E053664-F381-11D7-B967-0003936663F8@kurtis.pp.se> References: <4E053664-F381-11D7-B967-0003936663F8@kurtis.pp.se> Message-ID: <704A802A-4C45-11D8-BCF8-000A95928574@kurtis.pp.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As there where no comments I will consider these as final. - - kurtis - On 2003-09-30, at 22.04, Kurt Erik Lindqvist wrote: > > > Please send corrections / comments. > > Best regards, > > - kurtis - > > Begin forwarded message: > >> From: Sabrina Wilmot >> Date: m?n sep 29, 2003 13:06:11 Europe/Stockholm >> To: Kurt Erik Lindqvist >> Subject: RIPE 46 - Minutes of Ripe NCC Services WG >> >> Hi Kurtis, >> >> Please find below the minutes of the Ripe NCC Services WG at RIPE 46. >> >> Regards, >> Sabrina >> RIPE NCC >> >> >>> RIPE 46, Amsterdam >>> >>> Working Group: Ripe NCC Services >>> Chair: Kurt Erik Lindqvist >>> Scribe: Isabel Pinto Coelho Sena >>> >>> Agenda: >>> >>> Slot 1, Tuesday 2/9 14.00-15.30 >>> >>> 1. NCC Services WG Charter (Kurtis) >>> 2. RIPE NCC Services Direction (Axel Pawlik) >>> Service level and activities 2004 >>> 3. RIPE NCC Information Services >>> 4. Discussion & input time / Open Mic session >>> >>> Slot 2, Thursday 4/9 11.00-12.30 >>> >>> 5. Presentation on X.509 and certificates (Dirk-Willem van >>> Gulik). >>> Discussions around the x.509 implementation of the RIPE NCC >>> and what other RIRs have done. >>> 6. DNS Services - Modification Plans >>> 7. Proposals from the community >>> 8. Discussion & input time / Open Mic session >>> X. AOB >>> Z. Close >>> ________________________________________________________________ >>> >>> 1. NCC Services WG Charter >>> >>> WG Charter presented. No objections were made to it's content. >>> >>> 2. RIPE NCC Services Direction (Axel Pawlik, Managing Director >>> RIPE >>> NCC) >>> Service level and activities 2004 >>> >>> See Axel's presentation at >>> >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-ncc-services.pdf >>> >>> Kurtis Lindqvist : Who has read/seen the Member Update? >>> [~20 people raised their hands] >>> Kurtis Lindqvist : Who here are Members? >>> [~60 people raised their hands] >>> >>> 3. RIPE NCC Information Services >>> >>> See Axel's previous presentation from slide 27 onwards >>> >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-ncc-services.pdf >>> >>> 4. Discussion & input time / Open Mic session >>> >>> >>> Kurtis Lindqvist : Are there any questions for Axel? >>> [No one had questions] >>> >>> Kurtis Lindqvist : I have one myself: You spoke of the data you have >>> that can be used to educate journalists, where do you want to push >>> them, just as a general awareness? >>> >>> Axel Pawlik (MD RIPE NCC): We want them to know that we are working >>> well, we want the industry to tell them "do not interfere, they work >>> well". As an example: name servers >>> >>> Kurtis Lindqvist: Any other questions? >>> [None were raised] >>> >>> Kurtis Lindqvist : please register for the GM >>> >>> Axel Pawlik : there was a heated discussion on the mailing lists? >>> None now? >>> [None responded] >>> >>> Rob Blokzijl (RIPE Chairman): I'm surprised that there is no one that >>> is willing to discuss the issues off the mailing-list, so I will >>> bring >>> up 2 issues that were often discussed. First one is: Whether all >>> these >>> services that the RIPE NCC offers are needed? I would like also to >>> point that there was no discussion on whether they are _useful_ >>> however. Then there was the issue of a flat free financial >>> contribution versus a supermarket scenario? Meaning that one could >>> pick and choose the services one is willing to pay and have use for. >>> >>> Wilfried Woeber (Vienna University - ACOnet): I've observed through >>> the years another organization where the same discussion was going on >>> for years, started out as a flat free and then some started to object >>> to this model. In the end, they found the most reasonable solution: >>> you buy all or nothing. It is difficult to find out which activities >>> are optional and which mandatory. Individual amount, increasing the >>> administration overhead that goes along with keeping up with this >>> supermarket model, this will not come for free... The complexity that >>> we might inject into the subject is not going to be easy. It also >>> splits the RIPE Community into 2 / 3 / 4 camps. Copyrighting on >>> certain Services, making people pay for copies. It will de-stabilise >>> the RIPE NCC and the Community. >>> >>> Kurtis Lindqvist: Well, a number of people are questioning the order >>> and priority of the activities. >>> >>> Rob Blockzijl (RIPE Chair): I hope that one of the results of having >>> this WG is to make people remember why certain services were created >>> in the past, as the NCC did not just came up on a idle afternoon >>> with: >>> "let's create an activity". The NCC has always listened to the >>> Community's input. It might not have been clear as to where and when >>> the decisions were taken, that's why I'm glad we have this WG. Having >>> it, it is possible to revisit the past and re-evaluate current >>> services, although it might be more constructive to look at the >>> future >>> and we can improve. >>> >>> Kurtis Lindqvist : How many of you have read the Activity Plan? >>> [~10 max raised their hands] >>> I'm concerned because some people on the mailing list indicated that >>> they can not influence the AP, but most here have not read it. >>> >>> Kurtis Lindqvist : If there are no other questions I'll see you all >>> on >>> Thursday. >>> >>> FINISH >>> >>> NO ACTIONS >>> >>> _______________________________________________________________ >>> >>> Slot 2, Thursday 4/9 11.00-12.30 >>> >>> 5. Presentation on X.509 and certificates (by >>> Dirk-Willem van Gulik - apache) >>> Discussions around the x.509 implementation of the RIPE NCC >>> and what other RIRs have done. >>> 6. DNS Services - Modification Plans (Olaf Kolkman) >>> 7. Proposals from the community >>> 8. Discussion & input time / Open Mic session >>> X. AOB >>> Z. Close >>> >>> ________________________________________________________________ >>> >>> 5. Presentation on X.509 and certificates (by >>> Dirk-Willem van Gulik - apache) >>> Discussions around the x.509 implementation of the RIPE NCC >>> and what other RIRs have done. >>> >>> Kurtis Lindqvist: As there were quite a lot of questions on the >>> mailing list about X.509, we will have a presentation about it and >>> also invite the other RIRs to explain what they are doing in their >>> region. Also, at the last session I forgot to mention that we might >>> require a co-chair, as it is mentioned in the charter. >>> >>> Dirk-Willem van Gulik: This presentation focuses mainly on the issue >>> of trust, not as much on the technical aspects of X.509 >>> >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-pki-x509.pdf >>> >>> Kurtis Lindqvist : any questions ? >>> [None] >>> >>> Presentation by Andrei Robachevsky, Chief Technical Officer, Ripe NCC >>> >>> "PKI development at the RIPE NCC" >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-pki.pdf >>> >>> Kurtis Lindqvist: any questions? >>> >>> Taiji Kimura from JPNIC: are there plans for non-repudiation of the >>> query, validate queries to the DB? >>> >>> Andrei Robachevsky : no, this is not about the DB itself, but more >>> about correspondence with the NCC. >>> >>> Wilfried Woeber (DB WG Chair): We have been discussing whether we >>> want >>> to introduce a system to tag objects in the DB with the auth method >>> that was used for the last update of the object. This is an idea that >>> we have been playing with, if the community wants this, then please >>> come forward with a plan. >>> >>> Wilfried Woeber: About integrating a Certification Authority across >>> RIRs, I would recommend to first try it in our region, find out if it >>> works well. I'm not a fan of having hierarchy in the trust >>> model. Individual registries should do it in their region, then we >>> find out what we need to cross the borders. I would not like RIRs to >>> all go to Verisign for instance. >>> >>> Janos Zsako (RIPE NCC Executive Board): about message signing, we >>> live >>> with the assumptions that the db is in a secure server, so whether >>> after the modification/update with PKI the data is still stable is >>> questionable. We can store the update method, again assuming that the >>> db cannot be corrupted in the mean time. So we need a system that >>> verifies that the db has not been corrupted. >>> >>> Kurtis Lindqvist: in conclusion, issue is if queries and/or DB >>> entries >>> must be signed, and whether the content of the DB is secure, but this >>> is maybe more a topic for the DB WG. >>> >>> ARIN - Ginny Listman: >>> >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-arin-x509.pdf >>> >>> APNIC - Anne Lord: we are doing the same as Ripe NCC, issuing >>> certificates for our equivalent of the LIR Portal, MyApnic. We have >>> issued 500 certificates so far. >>> >>> LACNIC Raul Echeberria: we would like to implement a certification >>> system before 2004. Right now we are still working on the budget that >>> would be needed for it. >>> >>> Kurtis Lindqvist: Thank you all. >>> >>> 6. DNS Services - Modification Plans (Olaf Kolkman) >>> >>> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46- >>> nccserv-rdns.pdf >>> >>> Kurtis Lindqvist : I like the idea, any questions ? >>> [None] >>> >>> 7. Proposals from the community >>> 8. Discussion & input time / Open Mic session >>> >>> Kurtis Lindqvist: Now we have the open mike session: floor is open. >>> In >>> future sessions I would like to have people's presentations or >>> proposals in writing on the mailing list before they are presented at >>> RIPE Meetings >>> >>> Hank Nussbacher (IUCC): I have been asked by many people to speak up >>> during this WG as I have sent some emails to the mailing list. My >>> view >>> is that a lot of the members had their budget cut and the NNC has not >>> had their budget cut in the same fashion. We are apathetic, 2250 euro >>> is not that much to warrant that people can spend 250 euro/1 hour of >>> their time on the mailing list. There are many good things in the >>> NCC: >>> DB group is the world leader. But to evaluate how the NCC is spending >>> their money we need a more transparent Activity Plan. For instance >>> for >>> the trainings, they are free of charge. I would like to know the >>> budget and man-power needed for these free trainings. Instead, it's >>> budget is incorporated in the RS budget, there is no way to know how >>> much of that is used for the trainings, there is no break-down of the >>> costs. The TTM group, IRT - there has been nothing mentioned about it >>> at this meeting BTW - there is nothing about it in the AP, therefore >>> we do not know the manpower and budget it needs, the only way to know >>> for the membership is to have a break-down and it does not exist. 10 >>> to 20 people have responded to my mails, which is not really enough >>> to >>> know what the majority of the community thinks about these issues. >>> >>> Kurtis Lindqvist : yes, people do not care, like we saw at the last >>> session on Tuesday, that only a handful read the AP. I guess the >>> majority is happy, but that is difficult to double-check, people do >>> not go on the mailing list only to say that they are happy. Next year >>> at the RIPE Meeting in May, the NCC will give more insight on the >>> budget & AP and there will be more time for comment before the Annual >>> Meeting 3 months later. >>> >>> Axel Pawlik: The level of detail we give in the financial report, >>> question is: how deep should we go into detail? For the trainings >>> yes, >>> not so difficult. I will work together with the Board to see what we >>> can adapt. And I would like to clarify that the IRT is not really an >>> incident response team, it is not a separate team as such. It is an >>> activity. >>> >>> Hank Nussbacher : let's say that the TTM group costs a 300.000 >>> euros/year, but we can get the same service from a commercial >>> company. Why not do a market survey before introducing a new >>> activity? >>> >>> Axel Pawlik: About the TTM, there is a lot of info about it in the >>> AP. >>> >>> Daniel Karrenberg: I worry because of economic problems. Training, if >>> the membership wants more transparency, OK, but whether it is really >>> necessary? Why train New LIRs, what do I care? As one of the persons >>> who started with these trainings, I would like to clarify that they >>> are not done only for the benefit of the trainee, but to the whole >>> community as well. Creating a well oiled community. The better things >>> work, the less interaction at the NCC. Also, the NCC would not be as >>> accepted without trainings. For many people, it is only by attending >>> the courses that they understand and accept the NCC's role. Just >>> looking at it from a financial point of view, if you do that too >>> much, >>> you might risk the NCC as a whole organisation. You want and need the >>> NCC to be more stable than the rest of the members. The impact of the >>> NCC crumbling is a whole lot different. I also would like to remind >>> people that one of the ways for us to ensure impartiality and >>> neutrality is by hiring international staff, this is expensive. Were >>> we to be driven only by financials, we would not hire from Turkey or >>> Africa. Yes, lets have a look at the financials, but lets us not be >>> driven by it. Because it might be good for today, but not for >>> tomorrow. >>> >>> Kurtis Lindqvist: I agree, but showing the members the budget is not >>> saying that you are doing things bad. There are 2 issues: >>> 1) transparency on costs and >>> 2) evaluation of activities and how they benefit the community. >>> >>> Hank Nussbacher: Some services are excellent. But whether it benefits >>> the community that someone goes to all the ICANN Meetings, it is >>> needed, but the members might think it is not. In the same way that >>> the Membership would live, accept to still have mail-from auth, but >>> we >>> have it better. >>> >>> Kurt Kayser (N-IX Nurnberg Internet eXchange) : About the trainings, >>> a >>> while back I proposed to find partners in countries, we could offer >>> the service to train people in German, since we are very familiar >>> with >>> all the policies & procedures. But I never heard anything about this >>> from the NCC. >>> >>> Axel Pawlik : We are looking at better ways of doing our >>> trainings. People like our trainings but it does not scale, your >>> proposal does scale. But how do we do it, how is that training >>> standardised, do we need to certify trainers ??? But we are >>> definitely >>> looking at it. >>> >>> Daniel Bovio (RIPE NCC Board): Hank said that the "silent majority" >>> do >>> not care to show up at meetings, or communicate on the >>> mailing-list. This is a problem, they do not know what the activities >>> are. We, the RIPE Community, have always been the main source for >>> ideas to the NCC and their activities. The Board needs to go on with >>> these activities anyway, try to involve members, find out what they >>> want, the survey was good in this respect. This group is the main >>> source of the main ideas, there is a vast group that don't care, >>> others do and those end up leading were the ship is going. We do not >>> get enough feedback. >>> >>> Kurtis: Thank you all for coming >>> >>> FINISH >>> >>> NO ACTIONS >>> > -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQA7OlqarNKXTPFCVEQInRQCfQZMLqrivR1SFt6/QjKJ/FFEVHSYAn2wY JX7fTFKeEvDuQjKYbMP/XzaF =xPXV -----END PGP SIGNATURE----- From kurtis at kurtis.pp.se Thu Jan 22 08:00:08 2004 From: kurtis at kurtis.pp.se (Kurt Erik Lindqvist) Date: Thu, 22 Jan 2004 08:00:08 +0100 Subject: [ncc-services-wg] Updated agenda - now with the right dates Message-ID: <9D1C86A6-4CA8-11D8-BCF8-000A95928574@kurtis.pp.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It was pointed out to me that I had the wrong dates..... Tue 27/1 14.00-15.30 ==================== A. Agenda bashing / Kurtis Lindqvist 5 minutes - Scribe - minutes - Agenda B. Update from the RIPE NCC / Axel Pawlik C. RIS and TTM service update / Henk Uijterwaal 10 min. D. Co-Chair for the Working Group / Kurtis Lindqvist 5 minutes Thu 29/1 11.00-12.30 ==================== E. Proposal for announcement mailinglist / Wilfried Woeber 10-15 min. F. X.509 Support in the robot / Shane Kerr 10-15 mins G. Regitrations services update / Leo Vegoda 10-15 mins. H. RIPE NCC Training activities / Rumy Kanis 10-15 mins. I. Routability testing / Kurtis Lindqvist / Daniel Karrenberg 10-15 min J. Open mike session Best regards, - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQA90+qarNKXTPFCVEQJ4/gCgkWnT7Idc9GAQVXf3lj49BvJ51WYAn3ut 5fai3BmmjrEpXDyuQBczPzYb =SbQG -----END PGP SIGNATURE----- From shane at ripe.net Thu Jan 22 16:29:53 2004 From: shane at ripe.net (Shane Kerr) Date: Thu, 22 Jan 2004 16:29:53 +0100 Subject: [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes Message-ID: <400FEC71.2020101@ripe.net> All, The RIPE NCC is nearing completion of the database phase of the "Improved Secure Communications for RIPE NCC Members" project. The next phase will focus on e-mail communication between RIPE NCC members and the Registration Services Department. The attached document presents our ideas regarding this, and also raises some questions for the membership. Please have a look, and comment. There will also be a presentation and discussion at the NCC Services Working Group next week at RIPE 47, for those interested in voicing their opinions in person. -- Shane Kerr Software Engineering Department Manager RIPE NCC Filiz Yilmaz Bican Senior Hostmaster RIPE NCC -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: proposal_rs_mailboxes.txt URL: From contact at ripe.net Fri Jan 23 14:21:19 2004 From: contact at ripe.net (Membership Liason Officer) Date: Fri, 23 Jan 2004 14:21:19 +0100 Subject: [ncc-services-wg] RIPE NCC Services Desk and Liaison Lunch Table at RIPE 47 Message-ID: <20040123142119.7044bad5.contact@ripe.net> Dear colleagues, With respect to the RIPE 47 meeting being held in Amsterdam, the RIPE NCC has planned a RIPE NCC Services Desk and a Liaison Lunch Table. The RIPE NCC Services Desk is a contact point for information about services provided by the RIPE NCC. RIPE NCC members and RIPE Meeting participants are encouraged to give input and feedback on these services. For more information about a specific service, please feel free to speak to one of the RIPE NCC representatives at the Services Desk. They will be happy to answer your questions and/or introduce you to the appropriate RIPE NCC staff member. The RIPE NCC Services Desk will be open at the following times: Monday 14:00 - 17:30 Tuesday 9:00 - 12:30 and 14:00 - 17:30 Wednesday 9:00 - 12:30 and 14:00 - 17:30 Thursday 9:00 - 12:30 and 14:00 - 17:30 Friday 9:00 - 12:30 Liaison Lunch Table RIPE 47 Meeting participants are welcome to join the Liaison Lunch Table in the Wintergarden Restaurant, Monday - Friday between 12:30 and 14:00. Please use this opportunity to join us and talk about the services of the RIPE NCC in an informal manner. Who can you meet at the RIPE NCC Services Desk and the Liaison Lunch Table? Nathalie Dougall has recently joined Sabrina Wilmot as a Membership Liaison Officer (MLO). Nathalie and Sabrina are responsible for planning, implementing, and managing regional outreach to members of the RIPE NCC, throughout its service region. They also organise local meetings within the RIPE NCC service region that include current and potential RIPE NCC members, government representatives, and industry partners. The Membership Liaison Officers are responsible for analysing member needs and identifying opportunities to enhance the RIPE NCC?s service to its members. Matthew Williams is the Customer Liaison Engineer (CLE) in the RIPE NCC New Projects (NP) group. The New Projects department is dedicated to Internet data collection and performance measurements for the benefit of the community. Matthew?s responsibilities are to interact with the users of the various projects in the group, the Routing Information Service (RIS) in particular, and to turn their requirements into new products and services. One example is the myASn project, which provides a notification system for BGP in cases of unexpected routing behaviour and is integrated into the RIPE NCC LIR Portal. Other services developed by New Projects include RISwhois, DNS Monitoring (DNSMon) and Test Traffic Measurements (TTM). Carsten Schiefner is part of the Communications Group and is responsible for various aspects of RIPE NCC external relations. This includes interacting with entities that are not members of the RIPE NCC, such as governments, regulators, ISP and Telco associations, as well as European institutions and the ITU. The main goal is to increase the RIPE NCC?s outreach and to develop greater awareness of the principles of RIPE, the RIPE NCC and the traditional Internet model of bottom-up, consensus-based industry self-regulation. We look forward to seeing you at RIPE 47 in Amsterdam! Kind regards, Sabrina Wilmot & Nathalie Dougall Membership Liaison Officers RIPE NCC From matthew at ripe.net Thu Jan 29 15:34:43 2004 From: matthew at ripe.net (Matthew Williams) Date: Thu, 29 Jan 2004 15:34:43 +0100 Subject: [ncc-services-wg] Call for participation: Inter-Domain Routing Workshop, RIPE NCC, Amsterdam (May 1-2, 2004) Message-ID: <000d01c3e675$0925a510$f40800c1@rockstar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Apologies for duplicate mails] Dear All, The Inter-Domain Routing Workshop will take place at the RIPE NCC in Amsterdam during the weekend before RIPE 48 (May 1-2, 2004). This RIPE meeting will also be held in Amsterdam. The goal of the workshop is to bring together a small, focused group of operators, vendors, and researchers to discuss important mid- and long-term operational problems, measurement techniques, router features and network management tools in an open forum. We hope that these discussions will become invigorating and lively affairs. The organisers are: * Intel Research * Universit?t Karlsruhe Institut f?r Telematik * Technische Universit?t M?nchen, Computer Science Department * RIPE NCC * Schlund+Partner AG, Karlsruhe See URL for more information: http://www.tm.uka.de/idrws/ Please feel free to contact us at idrws at ripe.net. Kind regards, Matthew Williams --- > Matthew Williams (MW243-RIPE) > Customer Liaison Engineer > RIPE NCC - http://www.ripe.net/np/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBQBkZ7cHkFbJe+GdoEQJKbQCgyTm+QIa56CitJWmwUYo+npNBaXkAoMWx X5ARDhRm+LKb9TOzn81pBHgO =Xpyi -----END PGP SIGNATURE-----