Hi Gert, The problem in this case is that I don't think the IA is sharing our understanding ... at least from some of us, and thus contradicting the policy text, which you say is not possible. 1) Policy text say: "... separate addresses (not prefixes) ...". 2) Max proposal say: "... or anything alike where devices of non-members of the organisation would get assigned an IP out of the organisation’s prefix ..." 3) Max proposal say: "... Explicitly allowing another entity to be provided with addresses from a subnet ..." 4) Max proposal say: "... A subnet in the spirit of this policy is a prefix from the PI/PA assignment with a prefix length of /64 or longer ..." 5) Max proposal say: "... or for housing/hosting for servers in data centres ..." 6) IA say: "... There are cases where a /64 is needed per customer to provide a separate address ..." 7) IA say: "... It is the RIPE NCCs understanding that assignments as described above are dynamic in nature, either by varying the prefix or interface identifier (IID) over time. Any permanent and static assignments of a prefix would still be considered a sub-assignment ..." 8) IA say: "... by using single IPv6 addresses for End User devices and services ..." My point is that up to a /64 is a single prefix, so this contradicts 1 (not prefixes) above, vs 4 and 6. So, may be the right wording is "not multiple prefixes". Also, 1 say "addresses", but 2 say "an IP" and 3 say "addresses". 5 seem to indicate that this is acceptable in data centres, but 7 says permanent and static ... I don't see how a data centre can do temporary addresses? Further to that, email exchange with Marco/co-chairs, get me very confused ... as it is not clear to me if it is possible, if we pass this policy proposal, if from a single /64 prefix, a guest device can use a single /128 or, because the device needs multiple addresses (do we remember that devices in addition to the SLAAC or DHCP address make up automatically privacy addresses?), or if the device is running VMs, can use the same prefix with different addresses for those VMs ? Not to talk about a more complex case, such a device connecting to a hot stop and doing tethering to other devices from the same user ... If ONLY a single address can be used, technically is impossible to make this policy work, unless we have a mechanisms that MANDATE that the devices must use only SLAAC or only DHCPv6 and they MUST disable privacy addresses, and they MUST NOT run VMs. Is that realistic? Can we state in clear words (not referring to the complete policy proposal document), not a long page, just a few paragraphs, what do we have consensus on? My view, and Max could confirm if his view was this one, or if he will agree on that, up to a single /64 is ok, and you use one or multiple addresses of it, for one or multiple devices, but only in temporary "periods" of time (which match the usage in hot-spots, guest and employees BYOD in corporate networks, VPNs, temporary usage in data centers). I think the only case that is not temporary, and I agree, is the point-to-point link, which clearly should be allowed. I'm not sure if I'm missing any other possible cases, just trying to scope as much as possible all the possibilities thru a few examples. I don't know if this requires a new round with the policy returning it to the list or whatever is needed, or if it requires passing the policy even if it is clear (in my opinion) that is an "impossible to apply policy" (and thus consensus is irreal) and then I'm happy to make a new policy proposal, but my view is that it doesn't make any sense if we can clarify it now with a very simple modification of the policy text that Max proposed (even if it need 4 additional weeks for review period or whatever), that we could approve now something "imposible" and restart with a new policy. Regards, Jordi -----Mensaje original----- De: address-policy-wg <address-policy-wg-bounces@ripe.net> en nombre de Gert Doering <gert@space.net> Fecha: miércoles, 17 de enero de 2018, 18:09 Para: JORDI PALET MARTINEZ <jordi.palet@consulintel.es> CC: <address-policy-wg@ripe.net> Asunto: Re: [address-policy-wg] what does consensus mean Hi, On Tue, Jan 16, 2018 at 11:40:28AM +0100, JORDI PALET MARTINEZ via address-policy-wg wrote: > 1) When you believe you agree with a policy proposal and declare it to the list (so chairs can measure consensus), do you ???agree??? only with the ???policy text??? or with the arguments written down in the policy proposal, or with the NCC interpretation (impact analysis), or all of them? People sometimes explicitely mention this ("I agree with the aims of the proposal and the way it is written"). Sometimes they don't agree with all of it ("I agree with the aims of the proposal but the text needs more work"). And sometimes they state "support", which I take as an indication that they agree both with the aim and the wording of the proposal. > 2) What if the text in those 3 pieces are presenting contradictions or can be easily be interpreted in different ways? We've had proposals where the IA brought up very much inintended consequences (contradicting the rationale, the IA cannot "contradict the policy text"), and this was addressed by a new round of policy text and new IA. Which is, basically, why we have the IA in the first place: ensure that the NCC shares our understanding of what we're asking the colleagues to do. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.