Clarification of policy requirements for contact information
Colleagues, Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions. Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies? Below are the quotes and links to the 3 policy documents we looked at. cheersdenisco-chair DB-WG In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0: "4.0 Registration Requirements All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations. Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)." and then in 6.2: "6.2 Network Infrastructure and End User Networks IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. [...]" In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3: "3.3. Registration Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users. The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws." The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements. [1] https://www.ripe.net/publications/docs/ripe-708[2] https://www.ripe.net/publications/docs/ripe-707[3] https://www.ripe.net/publications/docs/ripe-679
Hi everyone, For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database. This is actually required by RIPE policy and is one of the database’s fundamental missions but as flagged during the RIPE77 meeting, on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance. • Community members have questioned the reliability of the RIPE database today – Whois has been described as “broken”, “a horrible mess”, even “should be gotten rid of” • +2M PERSON objects were found in the database though the number of LIRs is less than 22K • The increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration • The RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter’s comment during the RIPE NCC Services WG at RIPE77 – we made the mess, we must clean it up! Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis’ mail below for contact detail references in current policies. So we ask the community – please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type of IP network user – LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.? Regards, James From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of ripedenis--- via address-policy-wg Sent: 22 March 2019 11:00 To: address-policy-wg@ripe.net Subject: [address-policy-wg] Clarification of policy requirements for contact information Colleagues, Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions. Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies? Below are the quotes and links to the 3 policy documents we looked at. cheers denis co-chair DB-WG In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0: "4.0 Registration Requirements All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations. Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)." and then in 6.2: "6.2 Network Infrastructure and End User Networks IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. [...]" In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3: "3.3. Registration Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users. The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws." The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements. [1] https://www.ripe.net/publications/docs/ripe-708 [2] https://www.ripe.net/publications/docs/ripe-707 [3] https://www.ripe.net/publications/docs/ripe-679
At my current job we have a single Org object and a shared mntner object, and each employee within the network group has their own person and mntner objects to avoid sharing passwords and for auditability. As is obvious, this can grow quite quickly even for a small LIR. LIR person accounts all use the same HQ address and phone information. I am *also* an end-user, as I have a few PI allocations issued to my natural person and not to my employer. So I have a separate person and mntner objects for that. I am generally comfortable with the groups I have a contract with having my home address and my home phone number. (to spell it out, my Sponsoring-LIR, and RIPE NCC). I am *not* happy for that data to be published widely on the internet, so I have censored them on purpose (with a reference that the sponsoring-lir has my actual contact details). The email address does get delivered to me. (as a side note: I would like to join RIPE as a LIR, but are not willing to have my home address publicized so I have not done so.) Concrete suggestion: I think that person objects should have the address and phone attributes be changed from mandatory to optional. It may also be worthwhile for there to be a *private* way to register addresses with RIPE NCC so they can use it for verification without violating the privacy of natural persons. -peter On 2019 Apr 09 (Tue) at 08:46:55 +0000 (+0000), Kennedy, James via address-policy-wg wrote: :Hi everyone, :For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database. : :This is actually required by RIPE policy and is one of the database’s fundamental missions but as flagged during the RIPE77 meeting, on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance. :• Community members have questioned the reliability of the RIPE database today – Whois has been described as “broken”, “a horrible mess”, even “should be gotten rid of” :• +2M PERSON objects were found in the database though the number of LIRs is less than 22K :• The increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration :• The RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources : :It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter’s comment during the RIPE NCC Services WG at RIPE77 – we made the mess, we must clean it up! : :Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis’ mail below for contact detail references in current policies. : :So we ask the community – please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type of IP network user – LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.? : :Regards, :James : : :From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of ripedenis--- via address-policy-wg :Sent: 22 March 2019 11:00 :To: address-policy-wg@ripe.net :Subject: [address-policy-wg] Clarification of policy requirements for contact information : :Colleagues, : :Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions. : :Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies? : :Below are the quotes and links to the 3 policy documents we looked at. : :cheers :denis :co-chair DB-WG : : :In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0: : :"4.0 Registration Requirements : :All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations. : :Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)." : :and then in 6.2: : :"6.2 Network Infrastructure and End User Networks : :IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users. : :[...]" : :In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3: : :"3.3. Registration : :Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users. : :The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws." : :The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements. : :[1] https://www.ripe.net/publications/docs/ripe-708 :[2] https://www.ripe.net/publications/docs/ripe-707 :[3] https://www.ripe.net/publications/docs/ripe-679 : : -- Flugg's Law: When you need to knock on wood is when you realize that the world is composed of vinyl, naugahyde and aluminum.
On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler <phessler@theapt.org> wrote:
Concrete suggestion: I think that person objects should have the address and phone attributes be changed from mandatory to optional.
And that means optional as in opt-in, not opt-out.
It may also be worthwhile for there to be a *private* way to register addresses with RIPE NCC so they can use it for verification without violating the privacy of natural persons.
Yup. Additionally, in the cases where all contact objects are personal with contact information hidden, there needs to be an abuse object that can be used. The quality of actually usable abuse contact information is regrettably low across RIR databases, contact information quality is not a RIPE specific problem. This either means that the LIR needs to be the abuse contact, or there needs to be a delegated abuse contact. I'm nagging about this, because the Internet is full of abuse, and in the absence of functional abuse contact points, IP address ranges get blacklisted or blackholed without any notification reaching the network owner. -- Jan
On 2019 Apr 09 (Tue) at 11:28:19 +0200 (+0200), Jan Ingvoldstad wrote: :On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler <phessler@theapt.org> wrote: : :> :> Concrete suggestion: :> I think that person objects should have the address and phone attributes :> be changed from mandatory to optional. :> : :And that means optional as in opt-in, not opt-out. : Correct. :> It may also be worthwhile for there to be a *private* way to register :> addresses with RIPE NCC so they can use it for verification without :> violating the privacy of natural persons. :> : :Yup. : :Additionally, in the cases where all contact objects are personal with :contact information hidden, there needs to be an abuse object that can be :used. The quality of actually usable abuse contact information is :regrettably low across RIR databases, contact information quality is not a :RIPE specific problem. : I strongly disagree, but that is another topic. -- Bennett's Laws of Horticulture: (1) Houses are for people to live in. (2) Gardens are for plants to live in. (3) There is no such thing as a houseplant.
Thanks for the feedback so far Peter, Jan and Michiel. All noted.
From my experience of operating multiple medium to very-large orgs\LIRs with many admins and teams of varying roles and responsibilities for RIPE DB maintenance, keeping contact data up-to-date for the different types users/holders of so many IP networks held by us and customers is extremely challenging. Something that I believe is felt by many orgs\LIRs, hence the despairing comments about Whois' condition today at RIPE77 during the Services WG and the ever growing amount of outdated or useless data.
IMHO there are just too many open objects and attributes where contact data can be registered that can easily become isolated and extremely difficult to maintain. Not only an admin pain, IP resources become vulnerable to unintentional or nefarious misuse and even deregistration by the NCC! If we can somehow reduce the maintenance burden, it would be a significant step towards a more accurate, reliable, useful IP database. Regards, James -----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Peter Hessler Sent: 09 April 2019 11:36 To: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] Clarification of policy requirements for contact information On 2019 Apr 09 (Tue) at 11:28:19 +0200 (+0200), Jan Ingvoldstad wrote: :On Tue, Apr 9, 2019 at 11:16 AM Peter Hessler <phessler@theapt.org> wrote: : :> :> Concrete suggestion: :> I think that person objects should have the address and phone attributes :> be changed from mandatory to optional. :> : :And that means optional as in opt-in, not opt-out. : Correct. :> It may also be worthwhile for there to be a *private* way to register :> addresses with RIPE NCC so they can use it for verification without :> violating the privacy of natural persons. :> : :Yup. : :Additionally, in the cases where all contact objects are personal with :contact information hidden, there needs to be an abuse object that can be :used. The quality of actually usable abuse contact information is :regrettably low across RIR databases, contact information quality is not a :RIPE specific problem. : I strongly disagree, but that is another topic. -- Bennett's Laws of Horticulture: (1) Houses are for people to live in. (2) Gardens are for plants to live in. (3) There is no such thing as a houseplant.
Maybe make more use of the 'role'-objects? Within organisations people come and go, while their departments responsible for network operations and abuse keep rolling. Listing a department as role and using a shared e-mail address would reduce the ever increase of new person-objects in the database. Kennedy, James via address-policy-wg wrote at 2019-04-09 10:46:
Hi everyone,
For those not already aware of recent discussions on the topic, there is an ever increasing need primarily for network operators and others running the internet, but also CSIRTs, certain governmental bodies, LEAs and more to have contact details for IP networks correct at all times in the RIPE database.
This is actually required by RIPE policy and is one of the database's fundamental missions but as flagged during the RIPE77 meeting, on the RIPE mailing lists and felt daily by those managing IP networks it is clear that improvements are very much needed to help contact registration accuracy and ease of maintenance.
· Community members have questioned the reliability of the RIPE database today - Whois has been described as "broken", "a horrible mess", even "should be gotten rid of"
· +2M PERSON objects were found in the database though the number of LIRs is less than 22K
· The increasing amount of contact data has become more difficult for operators to manage, which also puts IP number resources at risk of hijacks and even deregistration
· The RIPE NCC is challenged with contacting and validating IP network holders, with additional pressure stemming from the growing monetary value of IP resources
It is our responsibility as the RIPE community to build and implement improvements as and when needed. To echo Hans Petter's comment during the RIPE NCC Services WG at RIPE77 - we made the mess, we must clean it up!
Rather than just mandating the RIPE NCC to perform validation exercises on 2M PERSON objects, we would like to start by re-evaluating exactly what contact info the community actually wants in the database and then consider if the current RIPE policies sufficiently reflects this. Please see Denis' mail below for contact detail references in current policies.
So we ask the community - please can you please tell us what contact info do you want to see in the RIPE database? Do it differ per type of IP network user - LIRs and PA/PI End Users, orgs and individuals (sole trader or residential), 3rd parties managing IP resources on behalf of an LIR/org/individual, etc.?
Regards,
James
FROM: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] ON BEHALF OF ripedenis--- via address-policy-wg SENT: 22 March 2019 11:00 TO: address-policy-wg@ripe.net SUBJECT: [address-policy-wg] Clarification of policy requirements for contact information
Colleagues,
Elvis, James and myself have started talking about personal data in the RIPE Database. I said we would bring sub issues to the community when we need direction or clarification. We looked at three policy documents maintained by AP-WG and have a few questions.
Before we look at WHERE and HOW the data is stored, we would like to get community feedback on exactly WHAT contact details should be published as per current policies?
Below are the quotes and links to the 3 policy documents we looked at.
cheers
denis
co-chair DB-WG
In the "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" (ripe-708) [1] first mention about contact data is 4.0:
"4.0 Registration Requirements
All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations.
Only allocations and assignments registered in the RIPE Database are considered valid. Registration of objects in the database is the final step in making an allocation or assignment. Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)."
and then in 6.2:
"6.2 Network Infrastructure and End User Networks
IP addresses used solely for the connection of an End User to a service provider (e.g. point-to-point links) are considered part of the service provider's infrastructure. These addresses do not have to be registered with the End User's contact details but can be registered as part of the service provider's internal infrastructure. When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users.
[...]"
In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2] the requirement is even more vague in 3.3:
"3.3. Registration
Internet address space must be registered in a registry database accessible to appropriate members of the Internet community. This is necessary to ensure the uniqueness of each Internet address and to provide reference information for Internet troubleshooting at all levels, ranging from all RIRs and IRs to End Users.
The goal of registration should be applied within the context of reasonable privacy considerations and applicable laws."
The "Autonomous System (AS) Number Assignment Policies" [3] does not mention anything about contact data requirements.
[1] https://www.ripe.net/publications/docs/ripe-708
participants (5)
-
Jan Ingvoldstad
-
Kennedy, James
-
Michiel Klaver
-
Peter Hessler
-
ripedenis@yahoo.co.uk