Archives
The NCC Services Working Group commenced at 4 p.m. on 17th of November, 2010, as follows:
KURTIS LINDQVIST: Right, everyone. So I know you have been bearing through all those other Working Groups and you have finally came here and you can be rest and assured that you have come to your favourite Working Group again, the NCC Services Working Group.
(Applause)
Right. So we will have a brief moment of joy and then you will go back to all those other ones. Before we start, a reminder that some years ago, the NCC Services Working Group is the first Working Group followed directly afterwards by the RIPE General Meeting, which is being held downstairs, so at the moment we are done here, you should all take your GM badges and go downstairs. If you haven't registered for the GM, now might be a really good time to do so.
Anyway, my name is Kurtis Lindqvist, I am one of the Working Group chairs, and we always have some administrative matters, we have the ?? we have a scribe provided by the RIPE NCC and distribute participants list. Mm?hmm. Too much cut and paste there. The agenda is as follows:
NCC updates and then we have an update on 2007?01 project and resource certification by Alex, and then we have some discussion about the LIR closure and administration procedure that was circulated to all the members and to the mail list some time ago.
Regarding the minutes of the last meeting, I don't think there was any comments on the mailing list. I am going to assume they are approved, with that we will get started. And we will get the RIPE NCC senior management team then. I don't know who that is? Is that Axel? He is senior enough, I guess.
AXEL PAWLIK: Hey. Hello. Pretty boys. Thank you. Good. Good afternoon, my name is Axel Pawlik, I am the managing director of the RIPE NCC we want to do it slightly differently from previous times, just to keep us all awake and give you a different face to look at occasionally. So this is the update from the RIPE NCC about things we have been done over the last couple of months. This is meant also to be formal part of the general meeting so we don't have to repeat ourselves again and save you maybe 40 minutes of time.
Having said that, but you probably know, or I expect, you know, you should know, we are here to serve you. We are a membership association, our members tell us what to do and we are happy to do so, so it is, yes, yes, we nearly 20 years, 18 years, actually, teenager of the verge of adulthood and not about to leave the home, I have that case at home, my older son is going to Australia, no we are not doing that; we are staying here, we are doing the laundry and dishes and clean up, whatever you tell us to do.
In general, of course, activities to support the technical cooperation of Internet operators within our service region.
Long list. No dishes on there yet and no lawn mower on there yet but we want to listen to you, if you tell us we do that. You are probably more or less familiar with with all of those, I won't go into great details here.
Obviously, the RIPE NCC is standing three months away, four months away, maybe, from the first bit of the big discontinuity that we call the run out of the IPv4 address pool, and there is a party planned for later next year, we will all go, of course, but the big question for us is, what will we do after that? Obviously, we are known as Regional Internet Registry and quite a lot of our day?to?day work is is revolving around the IPv4 address space, especially over the next couple of months we expect more work but this will change at some point in time. We have already, of course, developed some strategies for the future, what we want to do and how we want to emphasise that we are useful for our members and the wider community and also general stakeholders in this Internet thing and we scratched our head and said, those 18 years ago we were set up as the secretariat for RIPE and to do useful things for the RIPE community so this is what we want to re?emphasise and go back to.
So, why we have three pillars of the strategy, currently we look at this and say there is two major focal points: There is a strong registry, obviously it becomes more important around IPv4 run out but also for the future, we might not be as active allocating now address blocks to you folks, but still, we will be running the registry, we need to maintain it and be comfortable that there is good data, you need to be that there is good data in there. Saying we are commune based organisation, a strong community and strong support from the community is essential for us. If you send us of the ?? send us off the stage and don't want us any more, we have said for about 18 years, if you don't want us, we go away.
Strategic pillars. I think I showed that before, revolving around the registry, maintaining up?to?date good quality data in there, being a reliable source of data, we are sitting on that huge amount of very, very diverse data, we need to make that accessible not only to the geeks and people playing on the command line and other people at the wider stakeholder group. And developing the role of the NCC, engaging stakeholders in the overall Internet governance field, prove utility of what we are doig in the industry, bottom up self?regulation process to regulators and public policy makers in general. We want them to feel at ease, that we are doing the right thing for you and for them and for society in general. And of course, we want to intensify our work so you understand what you need us to do so while we are scratching our heads we also want to you scratch yours and say what is it we want from this RIPE NCC thing.
So we are thinking about lots of improvement, service members, relevance of particular things that we are doing, what should we be doing, quality, is it good enough or not and in general how do we communicate more effectively with you, we see you here twice a year, at RIPE meetings, we see some of you and another people at regional meetings and then all those things are important to us, so this is something that we have started of course years ago to intensify and we want to do that more. Basically that falls under commune engagement of course. We have done two specific things: First regional meetings that came out of a membership survey I think in 2002 and a little bit later we started doing those things. They are insanely popular and more recently we have done the RIPE Labs as a tool, as a forum for community building there as well and community engagement in general.
When we go to regional meetings and other places, other meetings, we get button holed quite often about bringing the big RIPE meeting, we want it in our region, and yes, there are two per year and we are booked out for the next couple of years, and there are some complications here and there so we are thinking about this. And, again, Paul will talk about this further, maybe we can bring days of RIPE meetings to regional meetings and other places or have smaller RIPE meetings in our smaller places. This is something that we need to talk to you about. Also of course, the Working Group chair, we have facilitated a meeting of the Working Group chairman, they have a bit of a task and ?? there are many different things that we can do, if you tell us how to. Membership survey, speaking about membership engagement, there is a survey coming up again next year and please, again, do participate and talk ?? tell your buddies at home as well that this is crucial for us to get a feeling or maybe more than a feeling of what you want from us.
Interesting times, yes, indeed. Running out of IPv4 as we have followed our activities over the last years, you see that we have been building up some stuff to do, specific things like implementing 2007?01, basically responding to community needs around these things, organisation data quality and the like, looking after legacy address space. While this is all good, also it means that we have been building up quite a lot of stuff over the last ten years, since I am roughly there, and they all have historical, each single one of them so I have no qualms about saying we need all those people right now, but in the not?too far future probably need to string a little bit and this is just to assure you and members and greater community and my board that I am looking at this quite regularly together with these people here, and human resources at home, remaining flexible to react to changes in our environment. Shrinkage, when and to what degree I cannot say right now. We need to get some experience for instance, with third phase of 2007?01, getting to those people.
Right. That is the high level overview and now we go through the individual groups here. Now, Andrew who is excused from attending this week due to to other commitments, he says hello and apologises, this is about registration services, basically.
Registration data quality I mentioned before. We have this project going on for quite a while within the RIPE NCC looking at registration data and asking some very fundamental questions here. And this seemed to be very easy and very easy to answer. It's not always the case. For instance, if you have an address block we want to know is this RIPE space, is this RIPE NCC space within our service region, should it be in our registry or not and we have found quite a couple of inconsistencies there and remedied many. Then the next question is, now if it is within our service region do we know who is using this address block? Again, there is quite a lot of work going into this and well, I think this is something that is essential for us and for you.
Reclamation. We have been asked many times, not so often by you but by other people, as we are running out of this IPv4 space, what are you doing to reclaim unused box and the like? Basically, we say no this is not the top most of our priority; however, it's good housekeeping and stewardship to do this. We have talked to people who don't seem to use the space that they are using; also, we have, of course, regularly, members who don't pay and disappear and then we now go and ask them, what is it, where are you going, don't you need that address space, would you like to return some address space? Some of them said "oh, no, we just missed your invoice and please reopen." We do that. In this process, we do reclaim a bit of address space, yes, it won't shift the run?out date significantly. It's a good activity.
Audits, we see a significant strong growth in the audits that we undertake. From '96 to 2008, we have done 343. Within last year more than 300 already and this year we are 415 and counting, still, so again, this is something that we think is important, that is also an activity that over the previous years, we have not done as often due to other pressures as well but now we need to do it.
I mention 2007?01. It went fairly well, it dragged on for a little bit longer through Phase Two. Now, we are looking at Phase 3 and the slides says December this year, January next year, it's not from December to January; we don't know how long this will be going. We will start now. We have to find and contact the often end users who don't have a sponsoring LIR directly with us, it might be relatively easy but I think it's quite a bit of work.
Run?out predictions. I ask them to make the date shift a little bit and it's a slide from yesterday, it says the RIRs were not in September. Apparently, that is not quite true any more, in the prediction it's back to December. Who cares? We will run?out, we have to move.
I mention people who announce space from legacy space in a ?? registered but not aannounced anywhere, maybe we should find them, talk to them and ask them whether they still use the address space or whether they want to return it. We will see, we are starting to do this now.
Oh, sparse allocation, that is something we wanted to do a long time ago. We never figured out how to do it in terms of systems underneath to support us. Now, we are going to do this. That is good.
Lots of statistics, I don't want to go through every single slide and explain what this all is. This is on?line, you can have a look at it. It's all very pretty. This says how many LIRs in percentage of the population in the country have done something about IPv6. IPv6 RIPEness is the same. Oh, God, it's all red, go move and do it. Otherwise you are not invited to the pool party. And basically, that is for me.
SPEAKER: I am the chief financial officer of the RIPE NCC, my area is finance and leg. Well, first and foremost, I want to start with the most important thing, the billing, the invoicing. Probably next week, you get your favourite invoice of the year. So please, pay it quickly, we are very happy to receive your money.
Other things we have been busy with: Annual recurring things are the budget and the charging scheme which will be represented in the general meeting coming up after this. Two big things we worked on in automation of our registration of our finance systems is we have an asset management tool, it's a record of fixed assets and to make automated depreciation bookings, and something I wanted to members, we have implemented document management system which has automated and digitalised all our member contracts so we can access them whenever we need to and also we are going to put all the actual contracts of side.
Treasury statute, we are working together with the board on looking at our management of our reserves and we hope to wrap that up this year and then implement it in the beginning of next year.
Audits: Why do I mention it? Of course it's a recurring financial activity to do annual audits on our financials but this year we are quite specifically looking at our Revenue recognition, as I call it, which is just our billing system, we implement a billing system a year?and?a?half ago so I just want to make sure we are doing the right thing and invoicing the right people, you. And we actually had some interesting findings and they gave us some good advice on how we can control this, as well.
So, for next year, I am planning on some automation improvements. This year, we have been very busy with financial reporting automation, which is mainly internal and for the executive board. And next year, we are planning on to automate some of our financial processes and looking at our banking system, our financial system and our purchase procedures.
Legal:
Well, here you see quite a long list of ongoing legal activities. I won't go much detail with these. I think the list speaks for itself. We support all activities, new activities, we draft terms and conditions, we do the impact analysis on policy proposals, we have had lots of work on 2007?01 dealing with legal issues around it, and of course, we also have incoming requests from lawyers, law enforcement, etc., on information, etc., which we deal with. We always give a response, we can't always help, but we do give a response.
What I want to focus a bit more on is actually quite a big project we have internally, which Athina has worked on and that is enhancement of legal framework and one of the key things is to document our governance, talking to law enforcement and governments we realise we have to document very well what we did and how. We are planning on doing quite a series of documents and one of the first is the closure document, which Athina will present later on, we are looking at the merger document and this morning there was some discussion on it. I think we have to quite swiftly move forward with this and work this out.
We are also looking next RIPE meeting to publish a due diligence document. Why what do we request from our members and why. A bit more internal thing is we have ?? we have asked the membership to approve a new arbitration procedure, the old one was a bit outdated. It was from 1997, which actually is the arbitration exists to facilitate for conflicts between the RIPE NCC and members and members regarding NCC services.
Some of the corporate documents we are working on has been articles of association and we are now looking, also, coming from questions from the community, to look at our corporate structure, is the association structure still the most beneficial structure for the RIPE NCC.
The last thing which we had quite a bit of work on this year was RPKI mainly with the documentation, looking at it from legal perspective and now contracts, etc., and talking to our RIRs how we have to build the whole framework around RPKI.
More and more we have become involved in external activities and proactively talking to law enforcement and European Commission. We have been involved in the data protection consultation. We submitted some of the issues we had and we are participating in the workshops they are doing around that. Another thing is a workshop on cybercrime which we participate in and will continue to do that.
The Council of Europe, quite similar, also have a workshop on looking at Internet governance structures, etc. IGF, we participate in public private cooperation on Internet safety and cybercrime. And two quite big events, the Law Enforcement Round Table which we held in March, together with the eCrime congress in London, and this year we will do it also in March, on the 17th of March we are planning, and that is quite a big event, we get about 100 law enforcers around the globe where we can discuss things around issues that relate to us.
The last thing, but I think we talk about a lot about it tomorrow in anti?abuse, cybercrime working Working Group, the vehicle we use to discuss ongoing operational things with law enforcers and we have had several meetings over this year and tomorrow we will go a bit more in detail what we are actually doing and planning on doing. And that is it from me.
SPEAKER: Good afternoon, I will focus on my update on a few areas which might be interesting to you, starting with information security. This is relatively new activity that we started last year with hiring information security officer and I will focus on setting the information security framework, focusing on basic policies, on awareness, people and secure technology.
One of the ?? that we did this year was classification of information on business and impact analysis and we set up IT security team to coordinate information security on technical level.
DNS, and again here I am just showing highlights because there are more services in DNS since we are running in AMS zero registry, providing technical operations.
K?root, we were quite busy this year supporting signing the root and we are starting from supplying reply test which was published on labs and received quite a lot of attention.
To continuous data collection, we collected the whole period of roll?out of DURZ and we collected all PKup data.
We create a new cluster infrastructure, we are using 32?bit AS number for this and experiencing very little problems, actually no problems at all. We rolled out a new DNSSEC signing infrastructure, we have done secure 64 and updated DNSSEC practice statements which are publically available.
RIPE database. It's very heavy used service. We on average receive 150 queries per second and serve almost 6,000 updates per day. We set up mirroring of registries in RPSL and I think right now it's probably the most complete collection or set of registry data available in one place in RPSL format and the benefit of that is that it's one language so it's very consistent and another benefit is that you can use the full set of RIPE database queries to query other registry data.
And we also publish quite a few prototypes on radio RIPE Labs and I will focus on this on my next slide.
Looking forward, we plan to focus our efforts on newer and easier interfaces to queries and updates, to move database closer to our users and focusing not so much on structured queries but answering users' questions rather than particular query, and also we are working on better representation of the registry data and data ownership in the RIPE database.
So, a few highlights and that we published on labs:
We published API search clients using R E S T technology, also used by ARIN for instance, it's quite promising. We exposed ROAs at the moment from RPKI repositories, and ?? creating a synthetic Internet Routing Registry that people can use with their legacy tools, for instance, and that is based on the original idea by Rudiger.
Abuse finder is one of the tools where said were using more heuristic and data mining rather than trying to answer particular query so we are trying to find the best possible answer in the database to satisfy request for abuse contact.
We rolled out the new free text service and we are working on ?? we actually have a prototype set up where registry data is more clearly separated from the user data which will support our efforts on achieving better quality of data in the RIPE database.
And that concludes my updates so I hand this tool to Daniel.
DANIEL KARRENBERG: Keeping up the pace here, we running a bit behind, this is going to be eleven slides in five minutes so I am not going to bore you with all the ongoing activities, they are here for reference. Questions about them are fair game at any time, either afterwards or off line. One of them I really want to bring to your attention because it has not had all that much attention, it's the last one where Tom Vest actually worked on concentration and diffusion, so the idea here is to actually look at how concentrated is our industry, and what he has done is made these beautiful graphs which we published on labs and circle ID, which show the size of the members in terms of the IPv4 resources. And I don't want to dwell on this very much here but if you are interested sort of to look at how industry looks and if you, just for the sake of knowing it or because you really, really it's your work I can really recommend this labs article, this is the first in a series, the next one is going to be about comparing this to other industries and there is going to be one or two more on the same subject and they are just ?? it's an easy read that is quite enlightening I think.
Of our main thing we have done is RIPE Atlas and if you have been attending this meeting and haven't heard about it then something must be wrong with our PR, and I am quite sure it isn't. So what we are doing is setting out very small probes around the Internet to make actually accurate maps of the network. And I am told that about four left, if you still want one, you have to go out tomorrow morning or just after this session and compete for the last four. The idea here is, instead of building ?? everybody building their own small monitoring infrastructure, which we sometimes do and sometimes don't get around to and we sometimes don't have the necessary means, like money, and stuff, let's work together and build a huge common infrastructure. And it's not purely socialist; there is also something in it for you because the way we are going to do this is to allow you to run your own measurements as well, read up on it, there is lots of publications about it already.
These are the graphs. The blue line shows you the amount of probes that have been requested, and this is Monday's slide, so this is what we saw on Monday and what we expected happening on Monday, that the blue line would go up because we announced it again at this meeting and then we expect that once you get home and people actually picked up probes and get home, that they connect them and the green line is the ones of the probes that actually are in operation. So this is today. And actually it's not today; it's lunchtime, where the blue line actually you see the first two days of the meeting, they are quite clearly people kept registering and requesting new probes and only during the socials and the sleeping time it sort of flat and little bit and if you look at the atlas.ripe.net site you will see it's now beyond 600, actually the scales on those two are different as well, the top scale is 600 and it's now well beyond 600, and we are quite confident once you all get home the green line will go up as well.
Just an example of the ?? to show you the geographical distribution, the blue dots are the ones that are requested; the green ones are the ones that are operational, so you can see here in in Italy, there is two places Roma and Napoli who now have active probes, one here at the hotel and one at our connectivity sponsor and they are both working. The red one is not anything political or whatever; it's just that those folks from Turin, are you sure? They couldn't wait. They connected the probe up to the meeting network to see whether it worked. And, yes, it worked and took some measurements and then they disconnected it so now it shows up as down in ?? so no, nothing strange here. And I actually like people who want to see what it works and play with it.
Here is the global view, so there is one on the east coast and one on the west coast of the US. We got requests also from outside our service region and I apologise to the Kiwis, Google Maps just wouldn't ?? they didn't let me show them and two in New Zealand and one in island north of New Zealand.
So it's very encouraging, there is interest from hosts and we are very encouraged by the growing interest. There is slightly ?? oh, that is the wrong slide. This was updated. And I changed it to show interest from sponsors, because we now have firm commitments for 104 of them so it went up from 72 to 104. It's still easy days. I think we need to explain the benefits better and of course we realise that when we launched this here and tell you about it, that writing a cheque immediately is sometimes a little bit difficult, but at least we got commitments for 104 probes, and we have leads and we have had interest for ?? the interest is very encouraging so I think we can at least double that number relatively shortly.
You know, after the pioneering stage is over and this goes into a service, sometime next year, I am quite confident that we will have also financial support for this.
One thing ?? one point I really want to make is that I personally believe having the RIPE NCC around to start these things is good. So that we can develop something like this, show it and then build a user base and a financial basis for it, and maybe even continuously support it. If you share this view, please make the board know it. There is a membership meeting right after this, so if you think like me then you might want to make a comment in that area.
Last two slides: Now, we have a new measurement infrastructure, we have old measurement infrastructure like TTM and RIS and DNSMON. I have a vision about that, I think we should make this into a community environment, I call it at the moment NetSense Community, which is not just a toolbox; it's much more. It's also should allow you to export results and visualisations, to comment on them, annotate them and maybe rebroadcast them on RIPE Labs or anywhere. My vision is to incrementally roll the existing services into this. So first Atlas and TTM, DNSMON, RIS, these things and to do it in a incremental deployment so piece after piece to show you what we are doing, get feedback, show you again, get feedback, and listen to the requirements of this community but also to the existing customers of it.
We want to firmly establish right Atlas and show results and it's going to happen early next year, and definitely Mike has involved the community much more frequently than we have done before.
Sorry, Paul, we have used all your time.
PAUL RENDEK: You certainly have. I am responsible for communications, external relations and public relations at the RIPE NCC.
I think I am the caboose today in this train, I am going to try to keep it as quick as I can.
I am actually pretty much responsible for the groups that need to document, disseminate and gossip about all the stuff these gentlemen cook up inside the company.
I am going to start by taking a look at some of the outreach activities we have done, as Axel had said we have started into the various pockets of our region, we do have quite a very big region actually, and what we have seen is we started some regional meetings in Russia, RIPE NCC, we had our 7th meeting there this September, there were 370 attendees from nine countries, probably something the size of this room if not bigger, a fabulous turnout. I think we are seen out in that region as a neutral organisation that can pull together the whole community, we seem to feel that from them. I know we are busy trying to see now whether or not a NOG will be formed in that region, called ENOG, but we have been told they would like the RIPE NCC to stay firmly planted in helping this shape forward.
Moving on to the Middle East area, we are involved in regional meetings out in that part of the world, we throw these together with MENOG, which has taken shape quite nicely, the last meetings we have had there were in April and in October we were in Istanbul, and that set the trend, 240 people showed up, it was a very vibrant meeting, actually. So that was quite nice, our biggest meeting so far.
And it's nice to see some of these meetings taking shape, we already have hosts and cities chosen for the next three, so we will be going to Syria in April of next year, followed by Oman in the fall and Iran in April of 2012.
Based on the popularity that we have seen there, we have seen another part of our region that has picked up and said, hey, RIPE NCC, we would like you to come along and throw a regional meeting in our part of the world, southeast Europe, which will be held in Dubrovnik in June 2011. There are people people that have been tasked with putting this together.....and Desiree from ISOC. And these three individuals you hear, the ending of the names there, you are probably not surprised why they would be involved in putting this together. We are looking forward to that and getting that part of the RIPE NCC region together as well.
I think what you are going to see a little bit in 2011 is a bit more of a presence of the RIPE NCC in various regional NOGs or country NOGs. So those of you that are involved in organising these and you want something from RIPE or the RIPE NCC, then please do contact me because we are planning on having a little bit of a bigger presence there.
Rolling along. Following some of the input that we have received from governments or the fallout of things such as IGF or WISs, we see governments have asked for training to happen and in specific, we have had a lot of Middle Eastern governments talking about the immediate for IPv6 training for government network operators or even the enterprise organisations out there. So MENOG stepped up to bat and is actually hosting IPv6 roadshows in that part of the world, the RIPE NCC is also supporting this, administratively, together with them. They will have hands?on training for operators three or five days. This is an opportunity for these governments, I guess, to train up their staff and show leadership in deploying IPv6. It's proven to be quite successful, we have been contacted by quite a load of Middle Eastern governments. I can tell you in 2011 we are planning on going to Syria, Dubai, Jordan and Iran with this roadshow and it will not stop there because I have been contacted by a few other governments there. So if you would like to see a bit more about this I have added a URL.
RIPE NCC round table government meetings. We are quite busy there ?? just governments in general. We have these round table meetings usually two a year, this year ?? this time we only had one and the reason being there was so much activity that took place in the fall with the governments we just felt it would have been a little overloaded. These have been actually quite successful for us and I think we see this as an opportunity, all of these meetings that we do, for us to be able to carve a place out for the technical community in this whole multi?stakeholder arena that takes place. So we are very active in pulling them together. I can say I have been asked to organise Round Table meetings in the Middle East and I am happy to announce that we will have our first round ?? Round Table meeting taking place in Beirut in March of next year and we are organising that together with the office of the Prime Minister of Lebanon which is fantastic.
Moving on into the Internet Governance Forum. We have been participating this, all five of them, again it's very important for us to be seen as working and carving out this place for the technical community and moving forward with what is happening in Internet governance. I think we have put a significant amount of resource into the IGF, together with our RIRs colleagues and partners like ICANN, IANA, IETF and such. We organised a few workshops at this one. We did an IPv6 workshop, as you probably could guess from the RIRs, we did that jointly and organised an enhanced and transparency Internet governance workshop which pulled together all the different sectors that deal with Internet or have a stake in Internet and I have to say thank you very much to Maria Hall from the Swedish government who drew that together with us and when you are successful in throwing something things tend to roll on, what has ended up happening is this workshop has been asked to be held in places such as ?? I have got two minutes ?? IGF in Kenya and Eurodig and ?? I think we are remaining active there and it's nice to see that we definitely have a place there and that the governments are taking us seriously.
ITU, I am not going to talk about this very much. It was talked about earlier. We definitely continue to have a relationship with them. They have just come out of a big meeting in October, there are a lot of resolutions there. I think we need to keep an eye on what is going on and we certainly will do that and we will report what is coming out to you.
Other areas of outreach: We obviously are very busy chatting with governments and intergovernmental organisations. I have listed a few of the things that we are busy with here, OECD, Council of Europe, European Commission. This is great. Finally, what we can see is that we are being consulted by groups like the OECD and Council of Europe for our expertise and if it's expertise we don't have in?house they know we can find it inside the RIPE community or even beyond in the other RIR communities or any of the NOGs so it's nice to see we are approached, we are doing some great work together with the OECD. I know our science group has been very busy, collecting stats we have delivered to them and will continue. They seem to be happy and keep coming back.
Just some websites that we have managed in our area, the RIPE Labs website, I think everybody has taken a look there. Also the IPv6 act now website. These are being updated. There is some activity going on there. Please go and take a look. Our www. ripe.net website will be launched very soon, so watch this space.
Working with the NRO, I just want to touch on this very quickly. We obviously work together with our other RIRs doing a lot of efforts there. They are listed here. You can go through these and take a look at what we do do together. Again, here, we have been very busy doing PR activities, there is a lot of figures here for you to go through, we have stepped up quite nicely, we are quite good at talking to press and getting contacted by them, we have got a bit of social media presence. Please do not ask us for IPv4 or IPv6 address space on our Facebook page. Some URLs for you to take a look at if you would like to see a bit more about what is going on in these areas, and that is it, thank you.
KURTIS LINDQVIST: Thanks. Any questions to the management team while they are sitting here?
AUDIENCE SPEAKER: Brian Nisbet speaking as Anti?Abuse Working Group chair right now. Myself and Wilifred of database chair have been discussing a number of things which have been coming up relating to the registry, the data in it and some of the things which Axel mentioned earlier and a number of the proposals which have been made over the last couple of weeks to anti?abuse relating specifically to the membership, the proactive membership checks on that information and, indeed, the relationship towards sponsoring LIRs and what we were hoping we could ask now to try and concentrate all of those, was for the NCC to take a look at what has been requested and what work you are doing at the moment, to go away and take some time and possibly come back with a single plan rather than us throwing proposal after proposal at you, which would implement for the best way for yourselves.
I suppose the big question that I have at the end of that is, if we say that, when do you reckon you might be able to come back to us with a plan?
DANIEL KARRENBERG: OK, well that was a kind of an anticipated question. So first of all, let me say that we are actually in the data quality area we are doing quite a lot already. We are also have developed some ideas about data accuracy and maintaining that your accuracy and encouraging this in the database. And going on from that, reputation?based stuff. We haven't talked about this very much, but we have our training team has asked some attenders of our LAR trainings what they think of these things and those results have just come in and we are studying them so my point here is we are on this. So it's not like that you are banging on the door and the door is closed, number one.
Number two, I think we would expeditiously work on this if the direction we get from the community is clear. And, first of all, I think we will communicate also what we have developed and what we heard from the training course survey, and then we will look at sort of clear collections. What we see at the moment is that there might be a slight conflict of interest between what the Anti?Abuse Working Group wants and what, maybe, some other members of the community actually have to put that data in and maintain it, want, and what we have ?? RIPE needs to do is find a way how those interests can be, those things can be discussed and the interests can be weighed and good proposals come out that have community consensus. So I think it's a process but both must happen because the biggest disaster would be if we end up with different parts of the RIPE community asking for different things. But we are ?? obviously, we are noticing this and we are very much committed to actually work with you to come up with a plan, but I think some work the community needs doing, some work we have already done and we just have to bring this together. Is that an answer?
AUDIENCE SPEAKER: It's close to an answer certainly. Thank you for all of that. I suppose the immediacy of this, to a certain extent, we have specifically 2010?09 and 10 in discussion phase in the Anti?Abuse Working Group and what I I don't want to do and I think what database is looking in the same kind of thing, we don't want to go through a lot of work in that and with ?? I suppose we want to achieve is getting what the people want in the best way that the database and registry can provide, so part of me says, I need to give the proposers an answer and I would prefer not to say, listen, just keep it there for a moment, and I have spoken to them and they are willing to withdraw or hold it back until we get an answer from the NCC, but we will, at some point into the not?too?distant future, put some dates or arrangement around that consultation.
DANIEL KARRENBERG: That is an absolutely good point and I think the best way to resolve this is actually to talk to each other so we will just have to organise that. And also, for database and anti?abuse and maybe others who have interest, just raise the profile enough so we don't get into a situation where we run one direction and half the RIPE community goes no.
SHANE KERR: This is Shane Kerr from ISC. I think my question is probably to Jacim because I think it's a really good thing all the work you talked about doing in terms of governance and writing down the ?? documenting the processes that are followed and things like that. But I am wondering if you expect there to be any implications to the policy development process based on this because once these are written down it seems like there is some link between these two areas.
SPEAKER: I think that is a really good point and I think that is why we carefully going to bring these documents forward to the community and I think when there is a conflict, we have to discuss that and maybe then some pieces have to become a policy and not a procedural document.
SHANE KERR: Are these going through the Services Working Group, is that how you intend to publish them?
SPEAKER: I think that is the idea. But I think we also publish them in other Working Groups when there is relevance. The discussion should take place in the services, yes.
SHANE KERR: Cool. Thank you.
KURTIS LINDQVIST: Thank you. We are a bit behind schedule so thank you to the RIPE management.
(Applause .)
If you feel stressed you can blame Axel because he was first. Next is Andrea with the run?out policy.
ANDREA CIMA: Hello, good evening. My name is Andrea Cima, Registration Services Manager at the RIPE NCC. And in the last few days we have heard a lot of talking about the end game, about the exhaustion of IPv4 address space and what I want to do here is show you a little bit what we as Registration Services Department have in mind on getting there, the way to get there and how to deal with the last resources requests for IPv4 address space.
You have seen many statistics, graphs, numbers, in the last couple of days about when we will run?out of IPv4 address space. The main experts in the industry have been talking already about this, so I am not going to do that. We will run?out soon, we all know that.
There is a policy proposal on how to deal with the last /8, and this is 2010?O2 and if this will be accepted by the community, it will make the work of the RIPE NCC quite easy with regard to the /8 because every LIR requested can receive a /22 and that is it. But what about the moment before that, how will we get to the moment where we will enter the last /8? We actually thought about the processes, because there will be even more eyes pointing at us and at a certain point we will have to say to someone, to an organisation, a person, sorry, we won't have the /18 that you are requesting to us.
So we thought, shall we go and change our processes? What shall we do with them, leave them as they are? And the answer is, we won't change our processes on that way because there is no real need for it, there is no need for major changes to our processes. This was a bit the outcome of the audit that was done on our business processes, our procedures, by KPMG last year, the result was that all the RIPE NCC registration services processes are in line with RIPE policies. Of course, as we have seen this morning, sometimes there may be some interpretation issues but we work these out together with you during the meetings. But our processes are in line with the policies.
However, we talk a lot to our members, to people in the community, via e?mail, phone, training courses, when we attend conferences, and some of the feedback that we got is that, of course, things like transparency and consistency can always be improved and that is why we are working on fine?tuning our business processes in this way.
Now, with regards to transparency, what our intention is, is to publish all the RIPE NCC Registration Services procedures on?line, and in this way, it will be very clear to everyone that is requesting some resources, what is expected from them, what kind of information, we will ask or we may ask and what kind of documentation we will need. We will do this per type of ? request, per type of service and, of course, we will start with IPv4 address space resources because of the run?out situation. So this will be up on?line pretty soon from now.
With regards to consistency, there are two main points that we wanted to address, and the first one is the timing of which a request is being sent in; and the second one is the fact that the IP resource analysts are human beings. Now, that doesn't mean we want to replace them with robots, but we want to do something to improve the situation here. So, what we will do is, one ?? when we receive a request the robot will check for syntax, if this is correct. If correct it enters a ticket queue and based on the time the request has been sent in, it will be based the priority of. And then at this point this is one of the changes that we will apply before the run?out, is two IP source analysts will validate the request instead of one. Why? IP source analysts are human beings, they are all trained in the same identical way and follow the same procedures but they are still human beings with their own personalalities so we wanted to have a double judgement here and the judgement of two, the evaluation of two people instead of one.
Once, if there are some questions, of course the request goes back to the requester with additional information to be provided. It will end up, again, in the same queue, this is the other change that we will implement. That instead of ending up in the inbox of the specific IPRAs that has been dealing with the ticket, it will end up in the common queue again. In this way, your request will be evaluated based on the time step that it has entered the RIPE NCC ticket queue again. It will be assisted by the two IPRAs again and if the request is really large, it will need policy development officer and management approval. This is an escalation process that we have in place for about a year now and if everything is fine, it will be approved.
Now, what are the other points from a resource management point of view? Once we will get really close to the exhaustion of IPv4 address space, the designated pools will disappear and use all the space we have available, so the designate pools of PI and Anycast resources will be put altogether. It happens that LIRs close, that they stop their activities, we get some address space back which we quarantine for at least three months and this will also be stopped in the sense that if we need address space, if we have to allocate space, we will use every single IP we have left, it may be that address space will not be quarantined for three months. We may have to allocate multiple prefixes for one approval and one will we start with this, we were thinking about one month when the RIPE NCC has one month of address space left. Evaluating same request will use up quite a lot of resources, so doing this for a very long period would be kind of difficult.
This is our way, the way that we see this ?? I don't know if there are any questions or suggestions?
AUDIENCE SPEAKER: The reason for changing to two agents checking every single request, is to speed it up?
ANDREA CIMA: From one point. Also from a point of even improved inconsistency, when we will be there with the last few resources left, there will be more appointed. People will say I got the last request, why did the other person not get it. What we want to add additional level of consistency on top of the requests.
AUDIENCE SPEAKER: For a short period of time there will be a delay in dealing with requests, while people get used to have two people doing every single one?
ANDREA CIMA: Yeah, we do not see that there will be a big delay in the requests, also, because four eyes instead of two may also speed up the evaluation of the request itself.
AUDIENCE SPEAKER: Will we have some firmer visibility on the completion of the RIPE NCC pool?
ANDREA CIMA: One of the things that we are currently discussing generally is we want to maximise transparency, of course it's possible. There will be information about the depletion of the resources on our website. Exactly if there will be a kind of a counter on there, this is something that I think has to be seen. I cannot say, I do not know. I cannot say here if we have a counter if that is what you mean.
MR. O'REILLY: Niall O'Reilly, University College Dublin. I would be interested to hear, because I believe it's somewhere in the pipeline and I wonder how far up, how soon you will be in a position to say something about the introduction of non?allocation related Registration Services. I am thinking in particular for the ERX community and for transfers rather than registrations, rather than allocations. Essentially, the new ?? what I am nicknaming Land Registry Operation of the RIPE NCC. Is that too early to ask that question?
ANDREA CIMA: So, what you are talking about is the scenario once we have run?out of IPv4 address space?
MR. O'REILLY: I think there are two aspects to it. One is the scenario when we have run out of IP address space and we expect to have to track transfers; and the other is the formalisation of the relationship with legacy resource holders who I understand are going to be accommodated in some way and I'd like to hear, sooner rather than later, how that is shaping up.
ANDREA CIMA: I think it's like, as Axel has shown before, somehow we are in contact with ERX space holders in case, for example, they want to ?? there have been in the past ERX space holders that are already members of the RIPE NCC and they have moved their resources under the umbrella of the LIR. So this has happened in the past. And for the ap ?? I see Arup standing over there and I think he will be a better person to answer this question.
ROB BLOKZIJL: I refer to what I said this morning, work is going on to define the registry of Internet Resources, which are currently in our RIPE NCC service region. It's the registry of the resources, not a list of resource holders. And it is all resources. And I think that we should get used to the fact that in one year from now, it will become more and more difficult to explain to the new kids on the block the difference between a resource and a resource because it's only historical, meaning that ERX address space, which has been transferred to the RIPE NCC administrative responsibility, should be dealt with exactly in the same manner as address space allocated by the RIPE NCC. I know there are a few practical problems because we don't have, in most cases, any form of business relationship with the holders of that, but that is a problem that we need to solve. But I think, in principle, we are working on a better definition ?? no, on a definition of the registry and my proposal, then, is to start working on a unified registration policy, which makes no practical difference between various flavours of resources, and I think this answers your question, Niall. I think the short answer is, it has been recognised by the Chairman of RIPE and the management of the RIPE NCC that this is an area ?? where some attention must be paid to and we are working on it and as soon as we have things on paper, we will ?? it will go in the usual way for policy development, if it is a policy document, or just for comment if it is a technical description.
MR. O'REILLY: Thanks very much, Rob. I think what you are telling me is the work is in progress, my question is a little premature but not much.
ROB BLOKZIJL: It's not premature, it just shows it's work that is needed. Thank you.
DANIEL KARRENBERG: The framework for this work is written up. There is a memo by Rob and another author that actually describes the framework and the reasoning behind this work. So if you are interested in the direction it's going, read that.
ROB BLOKZIJL: That was presented at the previous RIPE meeting.
KURTIS LINDQVIST: Yes. Thank you.
(Applause)
Next is Arne with the update on 2007?01 implementation status.
ARNE KIESSLING: Good afternoon, RIPE NCC, I am one of the IP resource analysts.
I am here for a quick update 2007?01 policy implementation contractual requirements for end users of independent Internet Resources.
A little bit policy background, that is all known, approved, accepted by the community. The first phase, basically, implemented March 2009. Since then, we have assigned about 7,600 resources under this policy, requiring end users to have a contract with a sponsoring LIR, proving they exist by sending company registration documents. This is what it looks like. So 50/50 almost between AS numbers and IPv4 address space. Fewer v6 PI assignments and v6 Anycast assignments. Currently, we are about to end Phase Two of the policy implementation, basically since May 2009 LIRs had the option to sign the contract with the end users, upload them via the LIR Portal and provide them for evaluation. The deadline for this we have extended several times in order to increase the amount of contracts we have received, so far this is looking pretty good; out of the almost 27,000 resources, feedback for about 2,700 is missing. All the others have been declared as being in use for the LIRs network infrastructure, their customers or an organisation that is not their customer any more. If we look at the resources for which we have received feedback, we have about 5,000 resources used as network infrastructure or for network infrastructure of the LIR, more than 6,000 where the LIR said they have no contact or no contract, will not enter a contract with the end user and about 11,000 resources more than that from LIRs said we will sign a contract with this customer and out of these, more than 11,000 resources, we have approved the ?? received and approved documentation for almost half of it, while a couple of contracts, about 2,500 are still waiting to be evaluated and approved, and about 2,000 resources we are still waiting for the LIRs to provide the documentation.
And we are basically ?? yeah, as I said, about to finish Phase Two deadline, basically will be end of the year and then from that point on LIRs won't be able to upload the documents any more. We will also take a snapshot of these resources and then take this into account for Phase 3, so?called orphaned assignments where LIRs were not able to provide or to sign a contract with the end user, the RIPE NCC will follow up with this directly, contacting end users based on database registration data. We send a draft procedure document to the Services Working Group in August, after that was requested at RIPE 60 in May. We are ?? we asked for feedback, comments from the community and we haven't received anything so far. So we are basically ready or all ready and prepared to go ahead. What we will need to look at is this amount of resources, 6,000?plus, then also the resources where the documentation is still missing, and the resources, why we didn't get any feedback.
So, what we will do is looking at the policies of the community, that is registration data, must be correct at all times, meaning it has to be maintained, so at any given moment contacting somebody based on the registration data should be ?? actually allow us to send an e?mail to active mailbox where somebody has to access to and will read the e?mail and reply to it. And this will all be done by e?mail. We will contact the end users in batches because the amount of resources is more than 10,000 during a bulk e?mailing like this and getting more than 10,000 responses at one time would be impossible to ?? yes ?? process with humans.
We also look at the resource reachability in the global routing table to prioritise this. We will basically check if the resources is current visible, if it was recently or if the visibility rather old so more than 12 months ago.
The end users will then be pointed to an on?line form to give feedback if they are still using the resource, if the contact data is still correct, they will also be pointed to the policy document to a website where they can find a list of list in their country, to start looking for sponsoring LIR. We will monitor the activity on these on?line forms for the reason because we don't know if the E maim doesn't bounce back, if somebody actually reads the e?mail, clicks on the link and goes to the website and gives feedback or chooses not to, as this might also have implementations in the future. And afterwards, after receiving feedback from end users, this will be manually followed up by Registration Services. And in case there is no response from the end user, we will basically leave the feedback form open for three months so they have three months to decide or to give us the required feedback and indicate that they will sign a contract with the sponsoring LIR. And then another three months after that if there is still no contact ?? contract signed and provided to the RIPE NCC, for the resource, we will start deregistration procedure, meaning we will start locking the resource, we will also look into deleting route objects, for example, from the RIPE database and in the end, actively start reclaiming these resources.
In total, that means end users have about six months' time to make up their mind and sign a contract and provide this to the RIPE NCC. The idea behind it is also, we had Phase Two open for more than one?and?a?half years and there is still resources out there that ?? we haven't received any feedback by the end users, they haven't signed a contract yet or it has not been provided to the RIPE NCC so also to put a little bit of pressure.
And that is it. Any questions? No. OK.
KURTIS LINDQVIST: Thank you.
(Applause)
So, we are running late, the GM will start as soon as we are done here. I don't think Nigel is...
Alex is next on resource certification.
ALEX BAND: Thank you, I will try to keep it brief. Certification, what we have been doing, I am going to try to explain certification as a system in 15 minutes ?? which is a hell of a task, you won't believe it. This is what routing is, essentially. ?? this is the routing reality that we deal with today. So everything is completely open and free, essentially, it means that any network operator on their router can announce any route that they like, so it can be either own route but also accidentally or intentionally be somebody else's route. So, it's good practice to filter all of the ?? all of your prefixes, if peers filter prefixes and only allow what they are supposed to be receiving from the peers and disallow everything else, then the world would be a perfect place; but this is something, that in reality, doesn't happen. I mean, what you can do, we have 34 Internet Routing Registry databases that we know of, and this is a completely distributed model, only partly mirrored and you have this choice to enter your routing information into it; I mean, it's a good idea and practice, and a lot of people do it, but in reality, less than half of all the 350,000 prefixes that are out there that are actually registered in one of the Internet Routing Registry databases and that in itself is already a pretty good achievement. But the information in there, it doesn't actually allow validation; there is no validated proof that the information in IRRs is actually correct and this is where we are going to bring in digital resource certificate. Since we are the authority on who holds which address space, since as Rob just explained, we will set up the registry, there will be a registry, the resource certificates that we will issue will be a reflection of that registry and will contain a digital certificate for every resource or it can, but everything will be issued by the different RIRs, and the certificate states that an Internet number resource has been registered by the RIPE NCC and the same applies to all of the other RIRs.
Since this is based on IETF standard coming out of the secure inter?domain Routing Working Group, a digital certificate for RPKI doesn't contain any personal information, because the only thing that you really want to know is: Is this route that I am seeing, is this prefix that this particular network is announcing, is it coming from the legitimate holder of the address space? That is all that you want to know. You don't actually need to know who that ?? who that particular individual is. So all of these issues of certificates don't contain any personal information. Any further information you would like to know, that is something that, again, can be found in the registry.
So, if you do that, what does it actually offer? Well, it offers a couple of things. Proof of holdership. Now you have validated proof that you are the legitimate holder of this address space. And you can do some fun things like that like secure inter?domain routing. So the most important thing that I want to show you is we set up this, we set up a certificate authority, and the implementation that we are doing is actually when we launch in 2011 a partial implementation, so we issue certificates and it's only goes one tier down. So we issue certificates and you can use these certificates, but there is no possibility to create a chain of trust. You cannot run your own certificate authority when we launch. This is something that we do at a later stage. But it is something that is on a road map.
These certificates contain a couple of things: A public key, since this entire system is based on public key infrastructure; it lists all of your resources; and a signature saying the RIPE NCC gives this a stamp of approval and certifies that you are the legitimate holder of the resources listed in this certificate. And what you can do with it? You can create a Route Origin Authorisation object, where you say from this AS number, I shall be announcing these prefixes, I shall be announcing these routes, because I am the legitimate holder of the address space. So only, only the legitimate holder of the address space will be able to create a ROA that is actually validatable. And that is where you are absolutely sure that the prefix you are accepting is actually coming from the rightful holder. So does this mean in practice right now with regards to tooling?
Well, there is this man on the right and he goes like, OK, he asks this lady can you please route this part of my network, this /24 and she is a bit suspicious, well OK, I am only going to accept this if you actually create a ROA for it. And he is like, OK, well I signed and published a ROA and now it's in a public repository which you can check against and because he was able to create a valid ROA with her AS number and his address space, only the legitimate holder of the address space can do that. She is like OK I can trust this request because there is a valid ROA attached to this, and that is great. And this is something that I do manually with a software tool that you download, so we have a validator on our website and it's Java?based but since this is an open standard, there are other validators, as well, BBN has one, there is also Rcynic which is an initiative from Randy Bush. So you have choices but it's a standard. Eventually you don't want to really rely on a separate tool to do this. There is work on getting this into router hardware. So while Cisco already has running code doing this, Juniper is working on something similar, where you take the validated cache and implement the RPR protocol and you can do things like this, route map validity, zero, if this certificate is invalid, it's revoked, for example, or it's expired, I am just going to drop and not going to accept this prefix. But that is a little bit scary, maybe. Because that would mean ?? that would mean that if ?? where was I thanks for that ?? that would mean that if the RIPE NCC would, for example, revoke the certificate, that would take the entire network off the Internet. But that makes the RIPE NCC and the RIRs the routing police. In fact, it doesn't. Because certificates really don't create additional powers for the regional Internet registries because they merely reflect the registration status. It simply means if you don't have any registration, you don't get a certificate. But the reverse is not true, and you base your decisions, you base your routing decisions on, well, the status of the certificate, and if it's invalid, it's still somebody, you know, it's somebody you trust, then you are still free to accept the incoming prefix. It's supposed to help you. Network operators will be in the driver's seat. We don't control that, we don't do that for you.
So what are we working on for the future, some user interface enhancement because in this interface you have to do everything manually, the name, AS number, the prefix, you all have to type it in by hand. However, this is publically accessible right now and 82 people, there are 82 ROAs in the repository already so these are all people that went into the portal and actually really associated a route with an AS number and that is public in the repository, that is really out there, 82, already, and that is really good and we are getting lots of feedback. This is not very practical to use so this is the prototype that we have in mind with a drag and drop interface and you can click it and set the max length and it allows are for grouping and searching, because especially if it scales up you have a lot of resources, then the interface needs to stay useable so this is something like this, not using ?? well, actually go live when we launch this system in production. So it's going to be a lot better and a lot more user?friendly than it is now.
Other things we are working on: A web?based validator. Right now the one we have you need to have a certain build of Java, it's all command line, we want to have something pretty and useable so we want to make a web?based validator where you can upload ROA and it will say this is valid, expired, revoked, something like that. The other thing really important, the up /down protocol because that will allow you run your own certificate authority if you wish, because right now in the hosted solution we do everything for you, everything, so all of the key roll?overs, all the resigning, all of the key management, it's all done by the RIPE NCC but I understand it involves an enormous amount of trust in that we run this system properly, so we will also do a proper security audit and publish all of that information for you because trust is key here. We run this system but it's up to you to decide whether you trust the RIPE NCC to implement the proper system. If you would rather run something yourself, when we have implemented the down protocol that will be possible and that will happen over the course of next year.
Also for PI holders right now since they are tight in upstream LAR who is the sponsoring LIR they would have to manage all of the ROAs for the PI end user because they don't have access to the LIR portal, all of that needs to be solved as well. For the up/down protocol transfers will become possible, all of that is on road map.
Another thing and that is something I want your feedback on, I said that half of all of the 350,000 prefixes are registered in one of the Internet Routing Registry databases; that is actually wealth of information, so you could use that to actually import something into the certification system, so you could have a look at, OK, for this particular AS numbers, which route objects are there, then compare that to, well, what is actually seen, for example RIS, so you compare it to BGP and then you can just make an interface where you say, OK, I see this route object and this is what BGP says, are you sure that that is a valid route object that you would want into the certification system so you help people creating ROAs a little bit so should make the whole deployment a little bit easier. All of the announcements...
This is becoming a very comprehensive web page, a Q and A and over time, over the coming months, we will expand that web page a lot more with other things. So if there is anything concerning certification, if you have questions, if you have ideas, if you have ideas on thousand implement it within your work flow, if you think of certain features that you would like to have, please, please, please, come and talk to me, because we are here to facilitate something for you and we can make it in exactly the way that you want it. OK.
Any questions?
AUDIENCE SPEAKER: James. As well as doing the very pretty goey version can you keep a simple version for 2:00 in the morning emergencies, please?
ALEX BAND: Of course.
KURTIS LINDQVIST: So, last then we have Athina on the LIR closure document.
ATHINA FRAGKOULI: Good afternoon. My name is Athina RIPE NCC. And I am here to present you the new draft procedural document about the closure of an LIR the registration of Internet number resources. This is the document we want to replace, the famous 301. This document is not only about closure; it's also about mergers, acquisitions, take?overs, but we have decided to spit up the two procedures into two different documents. Now, let's focus on the closing require bit. What is the problem with this document?
Well, it was published in 2004, well, it's pretty old, so it does not cover everything. The procedures are not clear or updated. And it does not include all reasons for closure, and that was a problem, because sure, reasons for closure can be found all over the RIPE documents, but unless we have one single document, with all reasons for closure, we are not transparent, so actually what we did, we made a research through the RIPE documents, so we went through the RIPE policies, their NCC standard terms and conditions, the database terms and conditions, the billing proceduresm arbitration procedure, the audit activity and finally we came up with a new procedural document which we shared with the community through the mailing list and we wanted to have your feedback on that and please, if you have any feedback, send it by the end of the month because we would like to work on it a bit.
So, the new procedural document is an all?in?one document as much as possible. It has all possible reasons and procedures together concentrated. It also includes implied reasons, in order for us to be even more transparent. It is a manual for reasons and procedures. It has an index that leads directly to specific scenario, so please do not read it from the beginning to the end, because it's not meant to be read like that. Of course, yeah, feel free to read it, but yeah, it won't be a pleasant experience, actually. It has, like, separate sections and each section has all relevant information. We prefer to be repetitive in order to avoid cross?references that would make the document more complicated and it has specific sections for specific users, so different sections for contributors, different sections for end users.
Now, the new procedural document has two different sections: One is about the closure of LIRs and one is about the deregistration of resources, and before I move on I would like to make three things clear regarding the terminology we use here:
We say "closure" of LIR but actually what we mean is the termination of our service agreement, that we sign with LIRs.
But in order for all of us to understand what we are talking about we decided to keep the closure in the title, and in the document itself, we will talk about the termination of the standard service agreement.
Second thing: We say "LIRs." But in the standard service agreement, LIRs are referred to as contributors, and this is how we are going to call them in the document.
Third thing: We say "deregistration" and not revocation or reclamation, for two reasons.
One, because we are a registry and this is what we do. Re?register and deregister and so on.
Second reason is because revocation or reclamation might give the impression that resources are objects, are things, that we give away and we get back, and this is not exactly how it works.
So, let's focus on the first section about closure of LIRs.
In this section, we present the reasons for the termination of the standard service agreement and the procedures and the consequences.
Now, the standard service agreement can be terminated by the contributor or by the RIPE NCC, with three months' notice period.
The contributor can terminate the agreement for any reason whatsoever, we don't care, they change their business model, it doesn't matter, but the RIPE NCC in order for us to be transparent again, we have to be more specific so we have three big categories of reasons why to terminate the agreement:
First is violation of RIPE policies and RIPE NCC procedures. And more specifically, unresponsiveness of the contributors, if the contributors make assignments against the RIPE policies, if the ?? if they make incorrect registration in the RIPE database and here, again, we are very specific; we have, like, three or four things that we require to be correct registered in the RIPE database. If the contributors do not comply with the RIPE audit or with an arbiter ruling, this we believe are reasons for us to terminate the agreement. But, we are not going to terminate the agreement just like that; we have a procedure. We are going to send an e?mail where we will indicate what is the violation, we give the opportunity to stop the violation and we inform that if the violation still exists, we will terminate the agreement. We send two reminders and after 90 days, if a violation still exists we will terminate the agreement.
A second category, well, this is our actually the implied reasons I was talking about, is the provision of untruthful information. We trust our members. The relationship with our members is based on trust, but we don't want the members to abuse this trust, so if they send us falsified or incorrect information or fraudulent requests, these are reasons for us to terminate the agreement. Again, because mistakes happen, and incorrect information can be sent by accident, we follow the same procedure: We will send an e?mail indicating the mistake and we give them the opportunity to fix the mistake and if, after two reminders, and 90 days, the mistake is not fixed yet, then we will terminate the agreement.
The third category, we say "other reasons," and here, we want to include reasons that had to do with the Internet Governance, so, for example, it has happened in the past when AfriNIC was created, the RIPE NCC terminated all the agreements we had with the African LIRs. This group of reasons is a bit vague, indeed, but we cannot foresee the changes that might happen in the future in the Internet Governance.
Now, the RIPE NCC, according to the standard terms and conditions, can terminate the agreement with immediate effect for a bunch of legalistic reasons.
For example, the contributor files for bankruptcy or damage the name of the RIPE NCC or don't pay, etc., but I would like to focus in this particular reason, the contributor fails to observe any rule of applicable law.
Well, this is a bit vague, actually, and we realise that, actually, we cannot judge our members, we cannot know if they fail to observe any rule of applicable law and we do not have the knowledge or the capacity to evaluate any evidence that might be submitted to support that. So we are going to close for that reason only if we receive a court order ordering the termination of the standard service agreement.
Now, for this group of reasons, the procedures will be different, depending on whether the reasons can be reversed or not. So, either we will terminate immediately, for example if the contributor files for bankruptcy, there is nothing we can do, we will terminate the agreement, but, for example, if the contributor does not pay, then we follow the procedure with reminders as we do, anyway.
Now, the consequences. Are pretty much known. We will stop providing the RIPE NCC services, we will deregister the distributed resources, and we will ?? of course, the RIPE NCC membership. And that is about the first section of this document.
The second section is about the deregistration and here, I would like to make clear that in the closure leads always to the deregistration of resources but deregistration of resources can happen as well and just because we deregister resources does not mean that we close the LIR, so in this section, we present the reasons for the deregistration and the procedures.
Now, we defined four big groups of resources:
One is the PI and by that I mean allocations; a second is ?? sorry, PA, excuse me, allocations; PI for LIRs on network and by PI I mean independent resources; PI for end users through sponsoring require; and PI independent resources that have a contract with the NCC.
Now, the three first categories are the contributor's responsibility, and some reasons for deregistration are related to the contributor's activities. So if the standard service agreement with the ?? is terminated can lead to the deregistration of resources or if the regional assignment or allocation crietera are invalid, if the registration is incorrect in the database, again we have three or four specific things that we want to be correct registered. If they send us incorrect, falsified information or fraudulent requests, if the contributor refuses to comply with an audit or if we receive a Dutch court order because we have to keep in mind the RIPE NCC is an association under Dutch law, and we must comply with Dutch court orders, so all these reasons ?? all these are reasons to deregister these types of resources.
Now, if we change the terminology a bit, so instead of standard service agreement, if we say direct assignment agreement, and if we add one more reason, which is then responsive deregistration user, this are reasons to deregister independent resources for direct assignment users.
The procedure for the deregistration is pretty much the same for all these resources:
The RIPE NCC will end a notification and contributors or the direct assignment users have four weeks to reply. If they do reply, the RIPE NCC will provide them with a three months' framework to take care of all their necessary activities, to inform their customers, to renumber or to deregister with their own tempo. But if they do not reply the RIPE NCC will start deregistration are our own temp. If there are objections, because this also can happen, it might be a big misunderstanding, we give them the chance to prove that indeed there is no reason for the deregistration, and if, still, there are doubts then we always have the arbitration procedure having said that, I concluded the presentation of the new document, and I am ready for questions.
SANDER STEFFANN: Can you go back a few slides?
ATHINA FRAGKOULI: Where do you want to go exactly?
SANDER STEFFANN: This is enough, thank you. You say it's contributor's responsibility for the deregistration. But one of the reasons that you have to deregister it is because they went bankrupt so how can it still be their responsibility? What do you mean with "responsibility" there?
ATHINA FRAGKOULI: That is correct indeed. What I mean are these resources are managed somehow by the contributor, so if something happens to the contributor ?? this is a hierarchial scheme ?? if something happens, yes, relevant to the to the contributor, we will have to...
SANDER STEFFANN: If the contributor cannot do it the NCC will take over?
ATHINA FRAGKOULI: Yes. That was part of the procedure.
RUDIGER VOLK: Deutsche Telecom. First of all, let me thank for getting this difficult work actually done. Some have been waiting for some time to get a clear picture. Actually doing justice to all the details of the big picture, probably also takes a little while on our side to pick out details, so well, OK, at the moment, I am not seeing ?? I am not seeing the really drastic things that I would point out, but let me jump into one very tiny thing. I am not quite sure, I am not quite sure what filing bankruptcy means in the various relevant legislatures ?? sorry, jurisdictions. I am quite sure, I am quite sure at least for the German legal system (in German) seems to be exactly the correct translation and that, quite clearly, would not be the time when you want to actually withdraw the resources, because that is an action like filing for Chapter 11 in the US, where the guy who is bankrupt gets legal protection and can actually continue operation. So at least that looks like a point that needs clarification.
ATHINA FRAGKOULI: Yes.
RUDIGER VOLK: I am sure other people will be finding other interesting spots and probably myself as well. But again, thanks for getting the whole thing written down nicely so we can now look at the details.
ATHINA FRAGKOULI: Thank you very much.
AUDIENCE SPEAKER: I just have one question regarding the ?? legitimate closure and does that mean any country have that ?? you understand the order you have to comply or is it only the country within the RIPE regions order you will comply and also as a reader you will not comply to the orders.
ATHINA FRAGKOULI: As I said the RIPE NCC is an association under Dutch law and we must comply with Dutch court orders and we would like to keep it safe and not to comply to court orders coming from other countries.
AUDIENCE SPEAKER: If you can go back one slide, validation of the legal laws, court order, if you go back one slide.
ATHINA FRAGKOULI: Yes.
AUDIENCE SPEAKER: There is a court order and does this mean only Dutch court orders.
ATHINA FRAGKOULI: You mean here, this one?
AUDIENCE SPEAKER: Yes, or court for any country in the world.
ATHINA FRAGKOULI: Dutch court order.
AUDIENCE SPEAKER: Only Dutch?
ATHINA FRAGKOULI: Yes.
WILFRIED: Just for clarification, I think it is not a court order unless it is delivered by local infrastructure to the entity in that country. I think it's a matter of definition. That was just a reaction to that gentleman's thing because anyone can write any piece of paper it doesn't have any legal meaning outside certain jurisdiction but I am trying ?? it might be a matter of going into detail while describing the procedures but I do see a potential hardship but not a loophole, a hardship, if there is direct end user assignments, PI assignments and something happens to the sponsoring LIR and you shoot the LIRs and you automatically deregister the end user.
ATHINA FRAGKOULI: You are right, that needs clarification. We have another document that we partly ?? parts of this document we replace by this one but the rest stays as it is for now. Where we describe the contractual changes, you know, the contractual relationship changes between sponsoring LIR and end users and indeed, the end user if something happens to the sponsoring LIR, the end user has to find another and there is a time frame for that. And yes, thank you very much for bringing this up.
AUDIENCE SPEAKER: Google. Can you please qualify on the responsiveness, in slides it was unresponsiveness to e?mail. What if recipient e?mail system is broken?
ATHINA FRAGKOULI: I don't believe I said that. No, unresponsiveness, we mean ?? not to respond when the RIPE NCC calls you or ?? actually, we have certain contact ?? certain ways to contact the list. If we use all of them and still we tonight have a response, actually if you read the procedural document we clarified it there.
AUDIENCE SPEAKER: Can you please also clarify what is jurisdiction of Dutch court, is it universal jurisdiction?
ATHINA FRAGKOULI: I don't believe I understand your question.
AUDIENCE SPEAKER: I am not a law expert. As example in UK, I believe they have something called universal jurisdiction so a court order can be applied to pretty much anybody in the world. What about Dutch court? Is it only applicable to Netherlands or to entities outside of Netherlands?
ATHINA FRAGKOULI: As far as I know, the authorities, the national authorities between some countries have some, let's say, some agreements with each other. And I guess this is ?? this is your question, if there are like agreements with other national authorities? I don't know that. I am sorry.
KURTIS LINDQVIST: I am really sorry, you are going to have to take that to the mailing list. As you know the remote participation for GM and they will start in five minutes so we will ?? we have a hard line, so only for the questions, I am really sorry you have to take it to the list. Thank you.
(Applause.)
That was it and we are done and see you down with your badge.
LIVE CAPTIONING BY AOIFE DOWNES RPR
DOYLE COURT REPORTERS LTD, DUBLIN IRELAND.
WWW.DCR.IE