Hi everyone,
For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and
others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database.
This is actually required by RIPE policy and is one of the database’s fundamental missions but as flagged during the RIPE77 meeting,
on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance.
· Community
members have questioned the reliability of the RIPE database today – Whois has been described as “broken”, “a horrible mess”, even “should be gotten rid of”
· +2M
PERSON objects were found in the database though the number of LIRs is less than 22K
· The
increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration
· The
RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources
It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter’s comment
during the RIPE NCC Services WG at RIPE77 – we made the mess, we must clean it up!
Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating
exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis’ mail below for contact detail references in current policies.
So we ask the community – please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type
of IP network user – LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.?
Regards,
James
From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net]
On Behalf Of ripedenis--- via address-policy-wg
Sent: 22 March 2019 11:00
To: address-policy-wg@ripe.net
Subject: [address-policy-wg] Clarification of policy requirements for contact information
Colleagues,
Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and
have a few questions.
Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies?
Below are the quotes and links to the 3 policy documents we looked at.
cheers
denis
co-chair DB-WG
In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0:
"4.0 Registration Requirements
All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations.
Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status
etc.) must be correct at all times (i.e. they have to be maintained)."
and then in 6.2:
"6.2 Network Infrastructure and End User Networks
IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's
contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an
individual rather than an organisation, the contact information of the service provider may be substituted for the End Users.
[...]"
In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3:
"3.3. Registration
Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet
troubleshooting at all levels, ranging from all RIRs and IRs to End Users.
The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws."
The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements.