From alexb at ripe.net Mon Jan 3 09:52:57 2011 From: alexb at ripe.net (Alex Band) Date: Mon, 3 Jan 2011 09:52:57 +0100 Subject: [ncc-services-wg] RIPE NCC Resource Certification Service Launch Message-ID: Dear colleagues, The RIPE NCC is proud to announce the production launch of the RIPE NCC resource certification service. With the support of the RIPE community, we have worked very hard to create a service that will help to make our registry more robust and provide a vital element in making Internet routing more secure. Now, more than ever, it is important to be sure who is the legitimate holder of a block of IP addresses. As a first step, the RIPE NCC (in coordination with the other four RIRs) has created a hosted platform. This means that all LIRs will be able to generate a certificate of holdership that will be held in a repository maintained by the RIPE NCC. The feature set is, as it stands, very limited: the certificate will only cover Provider Aggregatable address space, and it is not yet possible to run your own Certificate Authority or generate "child" certificates to create a chain of trust. All of these capabilities will be rolled out over the course of 2011, based on the wishes and input of the RIPE community. This brings me to an important point. While the technology is now in place, the policy describing the details of the certification system has not yet passed the RIPE Policy Development Process. We have decided, however, to launch the system with the most limited feature set possible, so that the membership can try it out. Our hope is that this will make resource certification more tangible, and assist the community in making an informed decision about what the system should offer, now and in the future. I invite and encourage you to discuss this on the RIPE NCC Services Working Group mailing list: http://www.ripe.net/ripe/wg/ncc-services/index.html Ongoing development of the RIPE NCC certification service will, of course, be planned in accordance with the certification policy that is agreed on by the RIPE community. For more information, please visit: http://ripe.net/certification If you have any questions or comments, please email . Best regards, Alex Band Product Manager, RIPE NCC From Alexander.Koeppe at merck.de Mon Jan 3 13:07:31 2011 From: Alexander.Koeppe at merck.de (Alexander.Koeppe at merck.de) Date: Mon, 3 Jan 2011 13:07:31 +0100 Subject: [ncc-services-wg] How to certify resources Message-ID: Hello List, I'm still a bit confused, what I've to do with this new certification approach. My LIR portal user has the "certification" permission. When I'm clicking on "certification" in the left pane, it says me that I don't have a CA yet. Well of course not. Not in the Internet. Do I need to create a CA over the portal frontend? And if yes, do I have to provide a server running a CA service in the Internet? Somehow I jumped around some sites and reached the following messages inside the LIR portal: "Congratulations! You now have a digital certificate covering your Provider Aggregatable (PA) address space." Well now I'm totally confused. Does that mean, that my resources are certified already? Hope some of you can help to bring some clarity to me about this topic. Thanks&Regards Alexander Koeppe This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click http://disclaimer.merck.de to access the German, French, Spanish and Portuguese versions of this disclaimer. From alexb at ripe.net Mon Jan 3 13:34:27 2011 From: alexb at ripe.net (Alex Band) Date: Mon, 3 Jan 2011 13:34:27 +0100 Subject: [ncc-services-wg] How to certify resources In-Reply-To: References: Message-ID: <1F95C421-8AC3-4DB4-983B-06CE45DA37B0@ripe.net> Hello Alexander, On 3 Jan 2011, at 13:07, Alexander.Koeppe at merck.de wrote: > > Hello List, > > I'm still a bit confused, what I've to do with this new certification > approach. > > My LIR portal user has the "certification" permission. > When I'm clicking on "certification" in the left pane, it says me > that I > don't have a CA yet. > Well of course not. Not in the Internet. > Do I need to create a CA over the portal frontend? > And if yes, do I have to provide a server running a CA service in the > Internet? The resource certification service is solely a hosted platform at the moment. It means that you create a Certificate Authority for your address space on our system. We take care of all of the crypto operations like signing, re-signing, etc. as well as publication of certificates and ROAs. The ability to run your own Certificate Authority on your own systems, which interacts with ours, will be introduced later in 2011. > Somehow I jumped around some sites and reached the following messages > inside the LIR portal: > > "Congratulations! You now have a digital certificate covering your > Provider > Aggregatable (PA) address space." > > Well now I'm totally confused. Does that mean, that my resources are > certified already? Yes, clicking 'I agree. Certify my resources.' on the Terms and Conditions page creates a resource certificate for all of your Provider Aggregatable address space. The only thing you have to do now is create Route Origin Authorisation specifications, indicating from which Autonomous System(s) you will be announcing your prefixes. Creation and publication will happen automatically. After this, anyone will be able to validate if your BGP announcements have a valid ROA attached to them, using one of the validation tools: http://www.ripe.net/certification/validation/ Kind regards, Alex Band From Niall.oReilly at ucd.ie Wed Jan 5 10:25:25 2011 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Wed, 5 Jan 2011 09:25:25 +0000 Subject: [ncc-services-wg] RIPE NCC Resource Certification Service Launch In-Reply-To: References: Message-ID: <26B75CD9-C337-4B0B-9F19-3AC63CAEA72E@ucd.ie> On 3 Jan 2011, at 08:52, Alex Band wrote: > The RIPE NCC is proud to announce the production launch of the RIPE NCC resource certification service. [much text omitted] I'm glad to see this progress, and look forward to the next stages, especially on the policy side. Happy New Year! Niall O'Reilly From markd at ripe.net Wed Jan 5 16:13:40 2011 From: markd at ripe.net (Mark Dranse) Date: Wed, 05 Jan 2011 16:13:40 +0100 Subject: [ncc-services-wg] RIPE NCC to Discontinue Hostcount Message-ID: <4D248AA4.3060602@ripe.net> [Apologies for duplicates] Dear colleagues, For the past 20 years, the RIPE NCC has maintained Hostcount, a measurement of the number Address Resource Records (A RRs) in country code Top Level Domains (ccTLDs) in the RIPE NCC service region. The aim of this project has been to gain insight into the size and the growth rate of the Internet. It has been clear for some time though, that Hostcount no longer provides a reliable indication of these things. Therefore, as of January 2011, the RIPE NCC will discontinue Hostcount. More background information on this project and its closure can be found on RIPE Labs: http://labs.ripe.net/Members/markd/hostcount Kind Regards, Mark Dranse Information Services Manager, RIPE NCC From mir at ripe.net Tue Jan 11 15:55:34 2011 From: mir at ripe.net (Mirjam Kuehne) Date: Tue, 11 Jan 2011 15:55:34 +0100 Subject: [ncc-services-wg] Improved RIPE Registry Global Resource Service - now accessible via RESTful API In-Reply-To: <4CC19930.10004@ripe.net> References: <4CC19930.10004@ripe.net> Message-ID: <4D2C6F66.6080002@ripe.net> Dear colleagues, The RIPE Registry Global Resource Service (GRS) that was announced earlier on this list is now accessible via the RIPE Database RESTful web services API. In addition to that we also added support for GRS to the new prototype search form. Read more on RIPE Labs: http://labs.ripe.net/Members/Paul_P_/grs-sources-and-the-ripe-database-api Kind Regards, Mirjam Kuehne RIPE NCC Mirjam Kuehne wrote: > > [Apologies for duplicate emails] > > Dear colleagues, > > We have redesigned and improved the way we mirror other databases > (Thanks to the RIPE NCC Database staff!). We now have a method of > translating the operational data from other registries (for instance > from other RIRs or the RADb) into the RIPE Database structure. > > This means the RIPE Database will contain the most complete set of > operational data in (RIPE) RPSL format that has ever been available in > one place. > > Read more on RIPE Labs: > > http://labs.ripe.net/Members/Paul_P_/ripe-registry-global-resource-service > > Kind Regards, > Mirjam Kuehne > RIPE NCC > From rbarnes at bbn.com Tue Jan 11 19:55:34 2011 From: rbarnes at bbn.com (Richard L. Barnes) Date: Tue, 11 Jan 2011 13:55:34 -0500 Subject: [ncc-services-wg] Re: [db-wg] Improved RIPE Registry Global Resource Service - now accessible via RESTful API In-Reply-To: <4D2C6F66.6080002@ripe.net> References: <4CC19930.10004@ripe.net> <4D2C6F66.6080002@ripe.net> Message-ID: Hey Mirjam, Forgive me for not looking this up myself, but are you guys using the same RESTful API that ARIN is using? --Richard On Jan 11, 2011, at 9:55 AM, Mirjam Kuehne wrote: > Dear colleagues, > > The RIPE Registry Global Resource Service (GRS) that was announced earlier on this list is now accessible via the RIPE Database RESTful web services API. In addition to that we also added support for GRS to the new prototype search form. > > Read more on RIPE Labs: > > http://labs.ripe.net/Members/Paul_P_/grs-sources-and-the-ripe-database-api > > Kind Regards, > Mirjam Kuehne > RIPE NCC > > > Mirjam Kuehne wrote: >> [Apologies for duplicate emails] >> Dear colleagues, >> We have redesigned and improved the way we mirror other databases (Thanks to the RIPE NCC Database staff!). We now have a method of translating the operational data from other registries (for instance from other RIRs or the RADb) into the RIPE Database structure. >> This means the RIPE Database will contain the most complete set of operational data in (RIPE) RPSL format that has ever been available in one place. >> Read more on RIPE Labs: >> http://labs.ripe.net/Members/Paul_P_/ripe-registry-global-resource-service >> Kind Regards, >> Mirjam Kuehne >> RIPE NCC > From ppalse at ripe.net Wed Jan 12 16:56:09 2011 From: ppalse at ripe.net (Paul Palse) Date: Wed, 12 Jan 2011 16:56:09 +0100 Subject: [ncc-services-wg] Re: [db-wg] Improved RIPE Registry Global Resource Service - now accessible via RESTful API In-Reply-To: References: <4CC19930.10004@ripe.net> <4D2C6F66.6080002@ripe.net> Message-ID: <20F34B23-D6B3-412B-B165-CEE80907F2E7@ripe.net> Dear Richard, We are using a different system built on top of our RIPE Database software. The adoption of a common schema between ARIN and RIPE database is currently not possible. With the exception of a small subset of RPSL, the two data models are very different. Having said this, one of the powers of XML is in the ease with which it can be transformed using XSL for instance. In one of our first articles about our REST services we describe how we are using XSL to return our responses in multiple representation formats like JSON and HTML. Using this approach you may find that, especially for the subset of object types that may match between ARIN and the RIPE database like routing data for example, it is not difficult to transform objects from ARIN to the RIPE XML and vice versa. This way you could end up with a single view of both data sets. GRS on the other hand is an attempt to provide a global view of internet and operational data using a single XML representation already. In our last article on RIPE Labs about GRS sources we explain how it is possible to access the GRS data for ARIN and the other registries not only using the "-s" flag on port 43 but also using our REST interfaces. If you want to know more about RIPE's REST services you can find some examples in our API documentation and try to run them: http://labs.ripe.net/ripe-database/database-api/api-documentation I hope you find this information useful. Kind regards Paul Palse -- Database Group Manager at RIPE NCC http://www.ripe.net/info/ncc/contact.html On 11 Jan, 2011 Week: 3, at 19:55 PM, Richard L. Barnes wrote: > Hey Mirjam, > > Forgive me for not looking this up myself, but are you guys using the same RESTful API that ARIN is using? > > --Richard > > > > On Jan 11, 2011, at 9:55 AM, Mirjam Kuehne wrote: > >> Dear colleagues, >> >> The RIPE Registry Global Resource Service (GRS) that was announced earlier on this list is now accessible via the RIPE Database RESTful web services API. In addition to that we also added support for GRS to the new prototype search form. >> >> Read more on RIPE Labs: >> >> http://labs.ripe.net/Members/Paul_P_/grs-sources-and-the-ripe-database-api >> >> Kind Regards, >> Mirjam Kuehne >> RIPE NCC >> >> >> Mirjam Kuehne wrote: >>> [Apologies for duplicate emails] >>> Dear colleagues, >>> We have redesigned and improved the way we mirror other databases (Thanks to the RIPE NCC Database staff!). We now have a method of translating the operational data from other registries (for instance from other RIRs or the RADb) into the RIPE Database structure. >>> This means the RIPE Database will contain the most complete set of operational data in (RIPE) RPSL format that has ever been available in one place. >>> Read more on RIPE Labs: >>> http://labs.ripe.net/Members/Paul_P_/ripe-registry-global-resource-service >>> Kind Regards, >>> Mirjam Kuehne >>> RIPE NCC >> > From mir at ripe.net Thu Jan 20 10:52:49 2011 From: mir at ripe.net (Mirjam Kuehne) Date: Thu, 20 Jan 2011 10:52:49 +0100 Subject: [ncc-services-wg] Public demo sessions to develop RIPEstat Toolbox Message-ID: <4D3805F1.2040408@ripe.net> [apologies for duplicates] Dear colleagues, The RIPE NCC is working on a toolbox, called RIPEstat, that will make it easier to access the various datasets maintained by the RIPE NCC. This toolbox will be developed in close cooperation with the community. We have scheduled a series of public demo sessions. The first one will take place next week Tuesday. Please find more details on RIPE Labs: http://labs.ripe.net/Members/dfk/ripestat-the-ripe-ncc-information-toolbox Kind Regards, Mirjam Kuehne RIPE NCC From customerservices at ripe.net Tue Jan 25 14:29:57 2011 From: customerservices at ripe.net (RIPE NCC Customer Services) Date: Tue, 25 Jan 2011 14:29:57 +0100 Subject: [ncc-services-wg] [members-discuss] Re: NCC#2011014211 NCC Registration Help - Please In-Reply-To: <1FDA5981EDC412468EB2B53995D2C945139E43C0A5@hxp20122.hiscox.com>; from Hodges Paul on Tue, 25 Jan 2011 11:15:56 +0000 References: <1FDA5981EDC412468EB2B53995D2C945139E43C0A5@hxp20122.hiscox.com> Message-ID: <201101251329.p0PDTvqv030998@cat.ripe.net> Dear Paul, Please be aware that if your company has legally changed its name, a new Standard Service Agreement with the RIPE NCC is required. The current Standard Service Agreement can be found online (for you to view) via the following link: http://www.ripe.net/ripe/docs/service-agreement.html Before we send the new Service Agreement, we need the following three things: 1. A copy of your organisation's legal registration papers (please send by email in a pdf) Official registration papers are the trade register documents that prove your organisation is a registered legal entity, authorised to carry out business activities in your country. Your local Chamber of Commerce usually issues these. 2. A proof of company namechange (Please send by email in a pdf) Please provide some proof that *COMPANY X* is now *COMPANY Y*. We prefer a certificate from the chamber of commerce, if this is not possible; a letter on company letterhead paper of the old company will do. The letter should be signed by both managing directors (Old and new company). 3. Please fill in the fields below In order for RIPE NCC to be able to send you the service agreements with the correct information, please make sure that the fields below are correct: =========================== Name of organisation: [your organisation's new legal name and type of business entity] [Must match with the name on your company registration papers] Your organisation's legal address (No PO box please): legal-addr-street: legal-addr-zip: legal-addr-city: legal-addr-country: Your organisation's postal address to where the contracts will be sent: post-addr-company: post-addr-person: post-addr-street: post-addr-zip: post-addr-city: post-addr-country: Your organisation's billing details: bill-addr-company: bill-addr-person: bill-addr-street: bill-addr-postcode: bill-addr-city: bill-addr-country: bill-mail: bill-ref: bill-vatno: ==================== When we have received all the information and documents, we will send you two copies of the new Standard Service Agreement. Please sign both copies and return one to our offices in Amsterdam. We will let you know when we will post the Service Agreements. -- If you have any questions, please feel free to contact us. Best regards, Smahena Amakran Customer Services RIPE NCC ============================================================ Visit www.IPv6ActNow.org, the one-stop website that explains eveerything you need to know about IPv6. ============================================================ On Tue, 25 Jan 2011 11:15:56 +0000, Hodges Paul wrote: > Hello > > I have am trying to update the Hiscox Group Company name and Postal Address information, but it is requesting that I enter: > > Field 'NCC members discussion' is required. > > So when I then go to the info button and follow the link (http://www.ripe.net/membership/lists.html.) through to create a NCC email address, it then re directs me to > > IPE NCC members can subscribe to this list through the RIPE NCC LIR Portal. More information on how to change or add subscriptions is available at: http://www.ripe.net/membership/subscribe-membership.html > > Which I then click on and it tells me to do: > > Change or Add Subscription Addresses > > To change or add subscription e-mail addresses, please follow these steps: > > 1. Log in to the LIR Portal > 2. Click the "General" link at the top-left of the screen > 3. Click the "edit" button at the top of the screen > 4. Scroll down to the section "Subscribed Mailing Lists" > 5. Change the e-mail address in the box, or click the "Add" button to add another e-mail address > 6. Click "Update" to save your changes > So I seem to be stuck in this loop, please can you direct me to the exact URL, so that I can register a NCC email address and then in turn update the Company profile information, so that when RIPE are trying to contact Hiscox, you get directed to the correct person other than someone who has left. > Please feel free to contact me if you wish, > Regards > Paul > > > Paul Hodges > Networks and Security Technology Lead > IT Infrastructure > Hiscox plc > T +44 (0)1206 773840 > M +44 (0)7826523789 > www.hiscox.com > > > ________________________________ > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. No one else is authorised to distribute, forward, print, copy or act upon any information contained in this email. If you have received this email in error, please notify the sender. > > Hiscox Syndicates Limited, Hiscox Insurance Company Limited, Hiscox Underwriting Limited and Hiscox ASM Limited are authorised and regulated by the Financial Services Authority. Hiscox plc is a company registered in England and Wales under company registration number 2837811 and registered office at 1 Great St Helen's, London EC3A 6HX. ---- If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses. From laura at ripe.net Wed Jan 26 13:46:39 2011 From: laura at ripe.net (Laura Cobley) Date: Wed, 26 Jan 2011 13:46:39 +0100 Subject: [ncc-services-wg] [members-discuss] Re: NCC Registration Help - Please In-Reply-To: <201101251329.p0PDTvqv030998@cat.ripe.net> References: <1FDA5981EDC412468EB2B53995D2C945139E43C0A5@hxp20122.hiscox.com> <201101251329.p0PDTvqv030998@cat.ripe.net> Message-ID: <4D4017AF.7000007@ripe.net> Dear colleagues, Please disregard previous emails with the subject "NCC Registration Help - Please". The messages were inadvertently sent to the member-discuss list. We apologise for any confusion this may have caused. Best Regards, Laura Cobley RIPE NCC Customer Services Manager Questions about RIPE NCC services? Email us at . ---- If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses. From denis at ripe.net Wed Jan 26 16:25:48 2011 From: denis at ripe.net (Denis Walker) Date: Wed, 26 Jan 2011 16:25:48 +0100 Subject: [ncc-services-wg] Proposed Implementation Plan for Policy Proposal 2010-06 in the RIPE Database Message-ID: <4D403CFC.9050100@ripe.net> [Apologies for duplicate emails] Dear Colleagues, To prepare for the possible acceptance of RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments", the Database Group at the RIPE NCC proposes the following implementation plan. We will implement a new attribute ("assignment-size:") in INET6NUM objects, add some business logic for its use and add a new value (AGGREGATED-BY-LIR) for the "status:" attribute of an INET6NUM object. Schema and syntax changes in INET6NUM objects: - New attribute "assignment-size:" - Syntax is numeric value > 0 - INET6NUM object will include "assignment-size:" as an optional, single attribute - "assignment-size:" will not be an inverse searchable attribute - New value for the "status:" attribute of an INET6NUM object will be AGGREGATED-BY-LIR Business rules: - "assignment-size:" is optional in INET6NUM objects but required if "status:" is AGGREGATED-BY-LIR - The value of "assignment-size:" must be greater than the prefix size of the INET6NUM object containing the attribute - Parent status of INET6NUM object with status AGGREGATED-BY-LIR can be: ALLOCATED-BY-RIR ALLOCATED-BY-LIR AGGREGATED-BY-LIR - If parent status is AGGREGATED-BY-LIR, grandparent status cannot be AGGREGATED-BY-LIR - If an object has the status AGGREGATED-BY-LIR, a more specific object can only have the status AGGREGATED-BY-LIR (subject to the aforementioned constraints) We will prepare implementation of this plan during the week commencing 31 January 2011. It will be deployed during the week commencing 7 February 2011 should RIPE Policy Proposal 2010-06 be formally approved. Regards, Denis Walker Business Analyst RIPE NCC Database Group From alexb at ripe.net Mon Jan 31 09:30:25 2011 From: alexb at ripe.net (Alex Band) Date: Mon, 31 Jan 2011 09:30:25 +0100 Subject: [ncc-services-wg] RIPE NCC Resource Certification service update Message-ID: Dear colleagues, It's been one month since I sent the announcement about the RIPE NCC Resource Certification service. I would like to give you an overview of the current status. The facts by numbers: ------------------------------ LIRs who have enabled the service: 219 Number of Route Origin Authorisations they created: 170 Number of prefixes covered by these ROAs: 469 Total IPv4 space covered by ROAs in the RIPE region: 40159 /24s Total IPv6 space covered by ROAs in the RIPE region: 7340035 /48s Unique visitors to ripe.net/certification: 1564 Downloads of the RIPE NCC Validator: 117 So while 219 LIRs have enabled the service, and very diligently created a large number of ROAs to specify their routing policy, unfortunately nobody gave any feedback on any of the mailing lists. It is very important that you let your voice be heard and provide input on policy proposal 2008-08: http://ripe.net/ripe/policies/proposals/2008-08.html Please note that version 3.0 of this proposal will be published very soon. As soon as it is available, I urge you to read it and provide feedback, because the fact that the current service not backed by a policy is not a sustainable state of affairs. Kind regards, Alex Band Product Manager, RIPE NCC http://ripe.net/certification P.S. Here are some links courtesy of LACNIC in case you would like to track the progress: http://www.labs.lacnic.net/~rpki/rpki-monitor/rpki-ta-status.xml http://www.labs.lacnic.net/~rpki/rpki-evolution-report_EN.txt http://www.labs.lacnic.net/~rpki/rpki-heatmaps/latest/ripe-roa-heatmap.png -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1728 bytes Desc: not available URL: