From agowland at ripe.net Wed Dec 1 15:12:07 2010 From: agowland at ripe.net (Amanda Gowland) Date: Wed, 01 Dec 2010 15:12:07 +0100 Subject: [ncc-services-wg] NCC Services draft minutes from RIPE 61 Message-ID: <4CF657B7.9010904@ripe.net> Hi Kurtis and Bijal, Please find attached the draft minutes from RIPE 61. Can you please distribute to the WG for comment? Once we've received your approval, we will publish the draft minutes to the website. Many thanks, Amanda -------------------------- Minutes from RIPE 61 RIPE Meeting: 61 Working Group: RIPE NCC Services Status: Draft Revision Number: 1 * Content to the Chair of the working group. * Format to webmaster at ripe.net. RIPE 61 RIPE NCC Services Working Group Rome, 17 November 2010, 16:00 ? 17:30 Co-Chairs: Kurtis Lindqvist, Bijal Sanghani (not present) A: Administrative Matters Kurtis Lindquist started the session at 16:00 local time. He welcomed the attendees, announced that the minutes from RIPE 60 were approved, and introduced the RIPE NCC senior management team. B. RIPE NCC Update - RIPE NCC Senior Management Team RIPE NCC?s Axel Pawlik, Daniel Karrenberg, Paul Rendek, Jochem de Ruig and Andrei Robachevsky gave updates on the RIPE NCC?s current activities. The presentations are available at: http://ripe61.ripe.net/presentations/331-Update_RIPE_NCC_R61.pdf Brian Nisbet, Anti-Abuse Working Group chair, asked the RIPE NCC to come up with a single plan to deal with all of the proposals being put forth with regards to the registry (anti-abuse and the membership, proactive checks on information, relationship towards sponsoring LIRs). He asked when the RIPE NCC might be able to produce such a plan. Daniel Karrenberg answered that the RIPE NCC are doing quite a lot already, including developing some ideas about data accuracy and maintenance in the database. He added that they haven?t done much with reputation issues yet, but that Training Services have surveyed attendees at LIR training courses and we were currently studying the results. Daniel said that the RIPE NCC would work quickly on such a plan if they got clear direction from the community. He suspected that there might be some conflict of interest in what the anti-abuse working group wanted and other members of the community and that there needed to be consensus. He added that RIPE NCC was committed to working with the community on any such plan. Brian Nisbet added that the immediacy for the request was that 2010-09 and 10 were in discussion phase in the Anti-Abuse Working Group (and Database WG) and he doesn?t want a lot of work to go into it unnecessarily. What they want to achieve is giving people what they want in the best way that the database and registry can provide. Brian said that he spoke to the proposers and they are willing to hold back discussions until the RIPE NCC comes up with an answer, but dates or an arrangement will have to be put in place some point in the near future. Daniel agreed and said the best strategy is to talk to each other about it to make sure everyone?s going in the same direction. Shane Kerr from Internet Systems Consortium (ISC) praised the work going into governance and documenting processes. He asked Jochem de Ruig if the documentation process had any implications on the Policy Development Process. Jochem said it was a good point and that?s why the RIPE NCC is going to carefully bring such documents forward to the community, and when there is a conflict, it needs to be discussed. He added that perhaps some pieces of a document would have to become a policy document, rather than a procedural document. Shane asked if these documents would be published through the RIPE NCC Services Working Group. Jochem replied that the documents would be published through the RIPE NCC Services Group and any other relevant Working Groups. C. RIPE NCC Processes and IPv4 Address Space End Game ? Andrea Cima Andrea Cima from the RIPE NCC gave an update on the RIPE NCC Processes and IPv4 Address Space End-Game The presentation is available at: http://ripe61.ripe.net/presentations/332-andrea_PPt_Nov_2010-3.pdf James Blessing from Limelight Networks asked if the reason to have to agents checking each request was to speed the process up. Andrea said that was one part of it, and that it?s also for improved consistency when they?re down to the last few resources. James asked if there would be a delay in dealing with requests while people get used to having two people for every request. Andrea replied that he didn?t foresee any big delays because having two people evaluating requests might actually speed it up. Alain Bidron from France Telecom asked about seeing firmer visibility on the depletion of the RIPE NCC?s IPv4 pool. Andrea said that maximizing transparency was being discussed and he could not say if there would be a IPv4 depletion counter posted on the RIPE NCC website in the future. Niall O?Reilly from University College Dublin asked when the RIPE NCC would be in a position to say something about the introduction of non-allocation related registration services, particularly for the ERX community and for transfers rather than allocations. Andrea asked if he was asking about when the RIPE NCC runs out of IPv4. Niall said that there were two aspects of it. The first aspect is when IPv4 runs out and he expects a need to track transfers. The second aspect is the formalisation of the relationship with legacy resource holders. Andrea replied that in some cases, the ERX space holders are already members of the RIPE NCC and that they?ve moved their resources under the LIR umbrella. Andrea said that Rob could better answer the rest of the question. Rob Blokzijl, RIPE Chair, said that work was going on to define the registry of Internet resources currently in the RIPE NCC service region. He added that this was a registry of resources, not a list of resource holders. He emphasized that in one year, it will be difficult to explain to ?new kids on the block? the difference between a resource and a historical resource (ERX), which the RIPE NCC has administrative responsibility for. He added that in many cases, the RIPE NCC doesn?t have a formal relationship with ERX holders, but that was a problem we needed to solve. Rob then proposed working on a unified registration policy. In short, Rob and the RIPE NCC are working on it and as soon as something is on paper, it will go out to the community. Daniel Karrenberg pointed out that the framework for this was already presented at RIPE 60. D. Update on the 2007-1 Project ? Arne Kiessling Arne Kiessling from the RIPE NCC gave an update on 2007-01. The presentation is available here: http://ripe61.ripe.net/presentations/333-RIPE_61_Arne_Kiesslingv2.pdf There were no questions. E. Resource Certification ? Alex Band Alex Band from the RIPE NCC gave an update on Resource Certification. The presentation is available here: http://ripe61.ripe.net/presentations/233-Certification-update-RIPE61.key James Blessing from Limelight Networks asked Alex to also keep a simple version for 2 a.m. emergencies and Alex agreed to it. F. LIR Closure and Deregistration Procedure ? Athina Fragkouli Athina Fragkouli from the RIPE NCC gave an update on the Local Internet Registry (LIR) Closure and Deregistration Procedure document. The presentation is available here: http://ripe61.ripe.net/presentations/234-Closure_of_LIR_and_deregistration_of_resources.pdf Sander Steffann asked how it could be the contributor?s responsibility to de-register if they?ve gone bankrupt. He also asked Athina to clarify the usage of ?responsibility.? Athina said that the contributors manage resources, so if something happens the contributor, the procedure dictates that the NCC will take over. Rudiger Volk from Deutsche Telecom gave thanks for the difficult work that went into the document, a document that presented the big picture. He then asked about different meanings of failing for bankruptcy in different jurisdictions. He said that in Germany, legal system bankruptcy was not the right time for returning resources as they would be getting legal protection and could continue operations, so that was the point still to be ironed out. Athina agreed with Rudiger. Alain Bidron from France Telecom asked about having to comply with these rules within the RIPE NCC service region. Athina said that RIPE NCC is governed by Dutch law and must comply with Dutch court orders only. Lu Heng from Outside Heaven asked if the RIPE NCC has to validate legal orders from Dutch court only. Athina confirmed it that this was the case. Wilfried Woeber from ACOnet/Vienna University asked about the definition of a court order delivered by a local infrastructure, as he saw a potential hardship for End User assignments: If the sponsoring LIR got into trouble, the assignment would be lost. Athina said this needed further clarification but there was another document on contractual relationship changes between End User and a sponsoring LIR (the End User has to find another Sponsoring LIR). Yakovenko Volodymyr from Google asked what happens if the LIR is unresponsive to emails due to technical difficulties. Athina replied that there are several ways of contacting LIRs and this procedure is described in the document. Yakovenko then asked if the Dutch law jurisdiction is universal and applied everywhere in the world (as it is the case with UK law). Athina said that national authorities may have agreements between each other, but she could not specify the details. As time for the session was running out , Kurt suggested that further discussion on the topic should be taken to the mailing list. Z.A.O.B. There were no AOBs. Kurtis ended the session at 17:40 local time. From alexb at ripe.net Wed Dec 1 17:15:59 2010 From: alexb at ripe.net (Alex Band) Date: Wed, 1 Dec 2010 17:15:59 +0100 Subject: [ncc-services-wg] RIPE NCC Resource Certification System: Initial Deployment 1 January 2011 Message-ID: <49C756F5-32D3-4DB6-A105-BBA4E145905E@ripe.net> Dear colleagues, With just seven IPv4 address blocks available in the IANA pool, we are hurtling towards the end of an era. With this prospect, the registry function of the five Regional Internet Registries (RIRs) is going to be crucial to the Internet community. More than ever, it is important to know who is the legitimate holder of a block of IP addresses. With this as a primary driver, the RIPE NCC (in coordination with the other four RIRs) is planning to deploy a system that attaches digital certificates to Internet number resources (IP address blocks and Autonomous System (AS) Numbers). A more complete description of the benefits of resource certification can be found at: http://www.ripe.net/certification/ The RIPE NCC has had a beta platform for certification up and running for several months now. More than 100 RIPE NCC members have enabled certification under this pilot program, providing the RIPE NCC with valuable feedback. On 1 January 2011, the RIPE NCC will launch a hosted production system, which will allow all LIRs to generate a certificate of holdership, which will be held in a repository maintained by the RIPE NCC. Network operators will also be able to start making routing decisions based on the system as of this date. Further iterations of this system will be deployed over the coming 12 months, including the option for LIRs to host their own Certificate Authority and generate certificates for their own customers. Digital certificates have helped make business on the Internet more secure. Now we are using resource certificates to make the Internet itself more secure. For more information, please visit: http://ripe.net/certification If you have any questions or comments, please email . Best regards, Alex Band Product Manager, RIPE NCC -------------- next part -------------- An HTML attachment was scrubbed... URL: From randy at psg.com Wed Dec 1 19:35:41 2010 From: randy at psg.com (Randy Bush) Date: Thu, 02 Dec 2010 03:35:41 +0900 Subject: [ncc-services-wg] RIPE NCC Resource Certification System: Initial Deployment 1 January 2011 In-Reply-To: <49C756F5-32D3-4DB6-A105-BBA4E145905E@ripe.net> References: <49C756F5-32D3-4DB6-A105-BBA4E145905E@ripe.net> Message-ID: > On 1 January 2011, the RIPE NCC will launch a hosted production > system, which will allow all LIRs to generate a certificate of > holdership, not exactly. it will allow LIRs to ask NCC to generate a cert for the LIR's holdings. > which will be held in a repository maintained by the RIPE NCC. along with the LIR's [not so} private keys. this is sorely broken. > Network operators will also be able to start making routing decisions > based on the system as of this date. Further iterations of this system > will be deployed over the coming 12 months, including the option for > LIRs to host their own Certificate Authority and generate certificates > for their own customers. and hold their own private keys. randy From Woeber at CC.UniVie.ac.at Wed Dec 1 19:43:18 2010 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Wed, 01 Dec 2010 18:43:18 +0000 Subject: [ncc-services-wg] RIPE NCC Resource Certification System: Initial Deployment 1 January 2011 In-Reply-To: References: <49C756F5-32D3-4DB6-A105-BBA4E145905E@ripe.net> Message-ID: <4CF69746.5000705@CC.UniVie.ac.at> Randy Bush wrote: > > >>On 1 January 2011, the RIPE NCC will launch a hosted production >>system, which will allow all LIRs to generate a certificate of >>holdership, > > > not exactly. it will allow LIRs to ask NCC to generate a cert for the > LIR's holdings. Regarding the "ask" - one of my private comments regarding the proposed certification policy was to suggest that the NCC, upon request, MUST (in IETF terminology] issue such a certificate. :-) >>which will be held in a repository maintained by the RIPE NCC. > > > along with the LIR's [not so} private keys. this is sorely broken. > > >>Network operators will also be able to start making routing decisions >>based on the system as of this date. Further iterations of this system >>will be deployed over the coming 12 months, including the option for >>LIRs to host their own Certificate Authority and generate certificates >>for their own customers. > > > and hold their own private keys. > > randy Wilfried From denis at ripe.net Thu Dec 9 14:00:08 2010 From: denis at ripe.net (Denis Walker) Date: Thu, 09 Dec 2010 14:00:08 +0100 Subject: [ncc-services-wg] Changes to Reverse DNS DOMAIN Objects in the RIPE Database Message-ID: <4D00D2D8.6030102@ripe.net> [Apologies for duplicate mails] Dear colleagues, It was agreed at RIPE 59 in Lisbon that reverse DNS zones in the RIPE Database should not have child objects. Documentation relating to this decision and the discussion surrounding it can be found in the minutes of the RIPE 59 DNS and Database Working Groups: http://www.ripe.net/ripe/wg/dns/r59-minutes.html http://www.ripe.net/ripe/wg/db/minutes/ripe-59.html The RIPE NCC is now ready to deploy this change and clean-up the existing data. This will be done in the week commencing 13 December 2010. After deployment it will not be possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists. During the data clean-up you may receive a notification that your DOMAIN object has been deleted. If this is the case there will be a less specific DOMAIN object in the database. Your object was only for documentation purposes and did not have any effect on reverse DNS. If you have any questions please contact us at . Regards, Denis Walker Business Analyst RIPE NCC Database Group From noreply at ripe.net Tue Dec 21 16:08:34 2010 From: noreply at ripe.net (Arne Kiessling) Date: Tue, 21 Dec 2010 16:08:34 +0100 Subject: [ncc-services-wg] 2007-01 Policy Implementation - 4 January 2011 Last Day to submit End User Documentation Message-ID: <4D10C2F2.1080607@ripe.net> Dear Colleagues, The RIPE NCC will finish Phase Two of the 2007-01 policy implementation "Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region" at the beginning of January 2011, as was announced during the RIPE NCC Services Working Group session at RIPE 61. LIRs have until 4 January 2011 to upload the required documentation for the independent resources they have marked as "My End User". This is a hard deadline; the uploading tool will no longer be available on the LIR Portal after 4 January 2011. This step is necessary to start Phase Three of the policy implementation in January 2011. The RIPE NCC will publish the procedure document for Phase Three of the policy implementation, and any other necessary information, before Phase Three starts. Draft procedure document: http://www.ripe.net/news/2007-01-phase3.html Information on the documentation required: http://ripe.net/rs/pi-existing-assignments.html Please contact if you have any questions or comments. Kind regards, Arne Kiessling IP Resource Analyst RIPE NCC From andrea at ripe.net Mon Dec 27 16:51:13 2010 From: andrea at ripe.net (Andrea Cima) Date: Mon, 27 Dec 2010 16:51:13 +0100 Subject: [ncc-services-wg] New RIPE NCC PGP Key Message-ID: <4D18B5F1.4040107@ripe.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Apologies for duplicate e-mails] Dear Colleagues, On Wednesday, 5 January 2011 we will start using our 2011 key to sign e-mail from our ticketing system. The new key has been signed by the old key as described in the key-management policy on our web site: https://www.ripe.net/rs/pgp/index.html The old key remains valid until Thursday, 3 February 2011. If you have any questions about this, please contact . Kind Regards, Andrea Cima RIPE NCC -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAk0YtfEACgkQXOgsmPkFrjOY9wCgtImM+qFN1KAqyVniORJ8jbf8 P9UAoKn11gqoeDn1QCx+S4A0YkBqeHgR =fHuQ -----END PGP SIGNATURE-----