From rv at NIC.DTAG.DE  Sun Jun 26 20:12:41 2016
From: rv at NIC.DTAG.DE (Ruediger Volk)
Date: Sun, 26 Jun 2016 20:12:41 +0200
Subject: [ncc-services-wg] objection to RIPE policy proposla 2016-02
Message-ID: <12881.1466964761@x59.NIC.DTAG.DE>

Dear colleagues,

I spoke up at the Copenhagen meeting objecting to proposal 2016-02.

- the proposal is inappropriate for a RIPE policy

- and at least not acceptable for passing

- and most certainly so in it's current form.

The proposed policy has two sentences. The second sentence looks 
somewhat appropriate for a policy (though the use of "should" seems
strangely fuzzy - at least in the context of the use of "MUST" in
the proposal which looks like trying to invoke RFC 2119).
The first sentence "requests ... NCC implement functionality" actually
implying
	- specification
	- design
	- implementation
	- deployment
	- and appropriate documentation (for various stages)
of a security [related] system - apparently intended to be used globally
as a kind of Internet standard.

It would be fine to request the NCC to develope a technical proposal
(spec, design, interface documentation) or contribute to work on such
- and that's more an issue for activity plan and resource allocation
and certainly NOT for a policy. Of course the questions of other
contributors and venue for the technical work come to mind.

Technically the proposal text is not that clear and complete;
I understand incompleteness is intentional.
So neither the proposal nor a potential future NCC design can
be scrutinized as required for security functionality.
But the proposal - as it stands - would imply commitment to 
deployment when asking for the development. That is not acceptable.

I doubt that the RIPE PDP is adequate for doing serious technical
specifications; referencing of fully developed specs for use in
NCC services is fine in general (though specific cases warrant scrutiny).

Thanks for your attention and consideration.
  Ruediger Volk