2008-08 Policy Proposal Withdrawn (Initial Certification Policy in the RIPE NCC Service Region)
Dear Colleagues, The proposal 2008-08, "Initial Certification Policy in the RIPE NCC Service Region", has been withdrawn. It is now archived and can be found at: http://www.ripe.net/ripe/policies/archived-policy-proposals Reason for withdrawal: after carefully following the discussion in the Concluding Phase of the Policy Development Process, the proposer is of the opinion that consensus on this proposal is not possible within the RIPE community. As a consequence, the proposer has decided to withdraw the proposal. Regards Emilio Madaio Policy Development Officer RIPE NCC
On 26/07/2011 10:59, Emilio Madaio wrote:
Dear Colleagues,
The proposal 2008-08, "Initial Certification Policy in the RIPE NCC Service Region", has been withdrawn.
It is now archived and can be found at:
http://www.ripe.net/ripe/policies/archived-policy-proposals
Reason for withdrawal: after carefully following the discussion in the Concluding Phase of the Policy Development Process, the proposer is of the opinion that consensus on this proposal is not possible within the RIPE community. As a consequence, the proposer has decided to withdraw the proposal. The reason I withdrew this policy is mainly that it didn't seem to be getting anywhere. We've been debating it for close on three years. It is my considered opinion that this is one of those things that is never going to be resolved by consensus, largely because most of the arguments are based around opinion and not fact. It is very difficult at this stage in the game to have facts; these will emerge from the operational experience that this proposal was supposed to give us.
The RIPE NCC will continue to issue certificates for the time being in accordance with the Activity Plan that the members have approved for the past three years. For the complete avoidance of doubt, at the next RIPE NCC AGM the members will be given the opportunity to vote on a motion to continue this activity or to shut it down. Ultimately it is their money and in the situation where the community is unable to come to consensus it seems only fair that they should have the opportunity to decide. In the meantime the RIPE NCC will be looking at ways of mitigating the risks that have been identified over the past three years. The community and the membership will be kept fully informed of progress. Best regards Nigel Titley
Hi Nigel, Thanks for the explanation. I understand the reasoning and whilst I'm disappointed it has come to this, I think it is the right, and probably only, course for the time being.
the complete avoidance of doubt, at the next RIPE NCC AGM the members will be given the opportunity to vote on a motion to continue this activity or to shut it down.
Just to completely avoid doubt: will this be as part of the activity plan, or will this be a separate motion? As it could be contentious I don't want to end up in a situation where we, to use an English colloquialism, risk throwing the baby out with the bath-water.
In the meantime the RIPE NCC will be looking at ways of mitigating the risks that have been identified over the past three years. The community and the membership will be kept fully informed of progress.
I think it would be really helpful, to me at least, to have a draft outline of some of the steps and the timescales that the NCC will be using to try to achieve this. Whilst the membership does of course decide what the NCC should be spending its money on, and that includes building the infrastructure to support certification, policies are decided through the community using the Policy Development Process, and I (and I don't doubt, you too) really would like to see certification happen through an agreed policy. However (un)likely that might be. Best regards, Rob
On 26/07/2011 17:08, Rob Evans wrote:
Hi Nigel,
Thanks for the explanation. I understand the reasoning and whilst I'm disappointed it has come to this, I think it is the right, and probably only, course for the time being.
I also am very disappointed, but after a great deal of thought and heart searching, I think it is the only way forward.
the complete avoidance of doubt, at the next RIPE NCC AGM the members will be given the opportunity to vote on a motion to continue this activity or to shut it down. Just to completely avoid doubt: will this be as part of the activity plan, or will this be a separate motion? As it could be contentious I don't want to end up in a situation where we, to use an English colloquialism, risk throwing the baby out with the bath-water.
In the meantime the RIPE NCC will be looking at ways of mitigating the risks that have been identified over the past three years. The community and the membership will be kept fully informed of progress. I think it would be really helpful, to me at least, to have a draft outline of some of the steps and the timescales that the NCC will be using to try to achieve this. I'll see what we can come up with. I would hope that they will have some
This will be a separate motion. I want to make it as clear as possible. thoughts shortly.
Whilst the membership does of course decide what the NCC should be spending its money on, and that includes building the infrastructure to support certification, policies are decided through the community using the Policy Development Process, and I (and I don't doubt, you too) really would like to see certification happen through an agreed policy. However (un)likely that might be. Agreed, which is why I have stuck with the process for nigh on three years. However the consensus process only works where there is a genuine desire to reach a common goal and a general willingness to work together to achieve this goal. This debate became so polarised that I doubt that any consensus could have been achieved. With great regret, we have had to admit that the PDP has failed in this case.
Nigel
On Tue, Jul 26, 2011 at 05:46:22PM +0100, Nigel Titley wrote:
With great regret, we have had to admit that the PDP has failed in this case.
The PDP worked fine, it just didn't have the outcome you desired. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Hi, On Tue, Jul 26, 2011 at 11:33:36PM +0200, Daniel Roesen wrote:
On Tue, Jul 26, 2011 at 05:46:22PM +0100, Nigel Titley wrote:
With great regret, we have had to admit that the PDP has failed in this case.
The PDP worked fine, it just didn't have the outcome you desired.
It is not that unusual for a proposal to not reach consensus. The big FAIL here was "the proposal was in the process for nearly three years, with hardly any participation(!), and in the very last stage, all the discussion broke loose". It would have been much more productive to have these discussions in the early stages of the proposal - and then either it could have been adjusted in a timely fashion, or abandoned early (which we've done before). Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Tue, Jul 26, 2011 at 05:46:22PM +0100, Nigel Titley wrote:
With great regret, we have had to admit that the PDP has failed in this case. The PDP worked fine, it just didn't have the outcome you desired. The PDP did not "work fine". There is a strong demand for certification,
On 26/07/2011 22:33, Daniel Roesen wrote: there is an equally strong objection. If the PDP "worked fine" we would have hammered out a middle ground like we usually do on technical matters. And just to get things straight, wearing my personal hat, I have no emotional investment in this proposal. I was left holding it when the CERT-TF disbanded. I've been feeding it and changing its nappies ever since and personally I'd like to have the spare bedroom back. However I happen to believe that it is important for the RIPE community and the rest of the world that we get a strong decision on this and not just "well we couldn't be arsed to actually debate it properly". Otherwise, somewhere down the line, we are going to get serious folk knocking on the door and saying "You did what? You abandoned the technique that could have prevent the melt down of the internet that happened last week because you couldn't be bothered to have a proper debate about it". I'd much rather have a proper decision on record. If that decision was "we voted on it and decided not to do it" then I'm happy. Nigel
* nigel@titley.com (Nigel Titley) [Wed 27 Jul 2011, 13:25 CEST]:
And just to get things straight, wearing my personal hat, I have no emotional investment in this proposal. I was left holding it when the CERT-TF disbanded. I've been feeding it and changing its nappies ever since and personally I'd like to have the spare bedroom back. However I happen to believe that it is important for the RIPE community and the rest of the world that we get a strong decision on this and not just "well we couldn't be arsed to actually debate it properly". Otherwise, somewhere down the line, we are going to get serious folk knocking on the door and saying "You did what? You abandoned the technique that could have prevent the melt down of the internet that happened last week because you couldn't be bothered to have a proper debate about it". I'd much rather have a proper decision on record. If that decision was "we voted on it and decided not to do it" then I'm happy.
There has been a proper debate. It's lasted three years. Trying to sneak it in via the back door of the AGM doesn't sound like a great strategy to me. And I don't say this merely as persona non vota, so to speak. Your fear-mongering about "serious folk" is noted, and contrary to what you seem to believe, I do consider the internet community as represented in RIPE as quite serious. -- Niels.
On 27 Jul 2011, at 22:17, niels=apwg@bakker.net wrote:
There has been a proper debate. It's lasted three years.
Well IMO, any debate lasting *that* long cannot be called "proper". A more honest description might be "ivory-towered" or "defective". There is something fundamentally wrong if we can't get a policy done in 3 years(!) and then have what appeared to be a consensus come off the rails at the very last moment. We, the RIPE community, should hang our heads in shame. Imagine the derision we'd rightly heap on other policy- making bodies if they had produced this outcome. And we all know a few of them. Please note I am not criticising the people who raised those last- minute objections at all. [Though it's a pity they didn't engage much earlier.] I'm actually relieved they intervened while the opportunity was still there. This had to be more preferable than declare a consensus, implement the policy and then have serious objections emerge. Though I admit both options are unpleasant. One's just worse than the other.
Trying to sneak it in via the back door of the AGM doesn't sound like a great strategy to me.
That's grossly unfair Neils. Nigel clearly asked for a documented decision. In the absence of viable alternatives, the NCC AGM seems the obvious forum for that decision. Nigel just asked that the membership should have a vote on whether the NCC continues doing what's in the activity plan or stops. He was very careful not to say what that decision should be. Or even what the NCC membership should vote on because, strictly speaking, he hasn't proposed a resolution for May's AGM. It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever. So the NCC membership seems the best (or least worst) choice as a suitable forum in our service region that could actually take a decision on this issue, whatever that may be. It's simply unacceptable to collectively shrug our shoulders at what has happened and wish the wreckage to vanish all by itself. For one thing, we have a duty to those in the community who have not followed the detail of 2008-08. They deserve an answer. So do our friends at the other RIRs. Uncertainty about address certification in our service region has an impact on them and their communities. There are also further global impacts. It would not surprise me if governments who are supportive of the RIR system and its bottom-up policy making processes take a rather dim view of what's happened too. There's a nasty question that needs resolving and soon: "how can you spend 3 years debating an important policy, letting if implode at the last minute and then just walk away?". It's these sorts of risks that have to be mitigated. The NCC will have a key role in that risk mitigation effort. So with that context in mind, what do we do now? For some definition of "we". I think Nigel's suggestion is not just sensible, it has to be the next best (or least worst) option. Feel free to make better suggestions... We'll look really dysfunctional if we let address certification continue as our very own long-running and real-world version of Schrodinger's famous thought experiment.
On Thu, Jul 28, 2011 at 01:15:01AM +0100, Jim Reid wrote:
It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever. So the NCC membership seems the best (or least worst) choice as a suitable forum in our service region that could actually take a decision on this issue, whatever that may be.
Why not, then, abandon the inconvenient PDP at all and make any and all decisions via a vote at AGM? Clearly, if any discussions that don't produce the desirable outcome are simply taken to a different forum, the PDP is little more than a farce and a waste of time? rgds, Sascha Luck` `
On 28 Jul 2011, at 01:43, Sascha Luck wrote:
Why not, then, abandon the inconvenient PDP at all and make any and all decisions via a vote at AGM? Clearly, if any discussions that don't produce the desirable outcome are simply taken to a different forum, the PDP is little more than a farce and a waste of time?
You're jumping to very wrong conclusions and seem to have ignored what's been said. The NCC has been spending money and resources on address certification for a few years now. This has been done at the request of RIPE who asked for a prototype. So development has been under way in parallel with getting 2008-08 through the PDP. The membership have approved the production of this prototype because for a few years it's been in the activity plan that gets approved at each AGM. We're now in a situation where the PDP's been followed and 2008-08 is dead. There is no policy on address certification. However the NCC has a mandate from the membership through the activity plan to continue with the prototype and its infrastructure. We're in a paradox where the community has killed a policy on address certification while simultaneously authorising the NCC to develop such a system. [Has anybody seen Schrodinger's cat wandering around? It must in be here somewhere. :-)] There now needs to be a vote by the NCC membership to take a decision which will normalise that situation. And unlike RIPE's PDP, the AGM shouldn't take 3 years to decide.
On Thu, Jul 28, 2011 at 09:57:27AM +0100, Jim Reid wrote:
dead. There is no policy on address certification. However the NCC has a mandate from the membership through the activity plan to continue with the prototype and its infrastructure. We're in a paradox where the community has killed a policy on address certification while simultaneously authorising the NCC to develop such a system. [Has
I believe you are drawing the wrong conclusion here. One of the problems is that 2008-08 was about the "how", not the "if". And since the latter question was probably never asked explicitly through the PDP, the discussion came up, admittedly late, during the "how" debate on 2008-08. One of the weaknesses (not failure) of the PDP is that after the proponent withdraws the proposal, we're stuck for the time being.
anybody seen Schrodinger's cat wandering around? It must in be here
Dead cat walking? The difference is that the AGM can approve the budget for development and deployment, but once there is agreement the issue is subject to the PDP there is a risk that there will be no "go" for the deployment and thus the budget was wasted - which would be very undesirable. However, it's not the same community because the two bodies have distinct roles. -Peter
(FYI only), On Thu, Jul 28, 2011 at 4:31 PM, Peter Koch <pk@denic.de> wrote:
One of the problems is that 2008-08 was about the "how", not the "if".
A related follow-up on the 'if', w.r.t centralization of routing infrastructure/authority (or, by extension, name-lookup systems and ... default-installed, trusted root CAs): http://isoc.org/wp/newsletter/?p=4639 "The open, decentralized, and global nature of the Internet has set the foundation for an unprecedented growth for the potential of freedom of expression and peaceful assembly throughout the world. " Kind regards, Martin
On Thu, Jul 28, 2011 at 01:15:01AM +0100, Jim Reid wrote:
Well IMO, any debate lasting *that* long cannot be called "proper". A more honest description might be "ivory-towered" or "defective". There is something fundamentally wrong if we can't get a policy done in 3 years(!) and then have what appeared to be a consensus come off the rails at the very last moment. We, the RIPE community, should hang our heads in shame. Imagine the derision we'd rightly heap on other policy- making bodies if they had produced this outcome. And we all know a few of them.
I have to agree with that but IMO it is because, with some proposals, a long time passes between any updates/any movement and people simply forget about them - after all, very few do policy development as a full-time job... Maybe it would be worthwile discussing ways to keep the PDP flowing more smoothly -unless, of course, it becomes irrelevant, cf my post above. rgds, Sascha Luck
Hi, On Thu, Jul 28, 2011 at 12:54:49AM +0000, Sascha Luck wrote:
I have to agree with that but IMO it is because, with some proposals, a long time passes between any updates/any movement and people simply forget about them - after all, very few do policy development as a full-time job...
I have sent a number of extra reminders regarding 2008-08 to the APWG mailing list (in addition to the regular updates from Emilio), and it has been brought to the stage at five(!) RIPE meetings. Nobody who is remotely interested in following policy development can claim in earnest to have never heard about 2008-08. Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On 28 Jul 2011, at 09:42, Gert Doering wrote:
Nobody who is remotely interested in following policy development can claim in earnest to have never heard about 2008-08.
I don't think that was what Sascha was suggesting just that it slips from the top of the todo stack over time. Hopefully some of the changes in Emilio's updates, ie links to the discussion archives, will make it easier to jog the community memory and get people back up to speed quickly. f
On Thu, Jul 28, 2011 at 01:15:01AM +0100, Jim Reid wrote:
It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever.
The outcome of the PDP is that there is no consensus to implement address certification. To me, that's a decision of the RIPE community, against address certification. I'm not saying that I'm totally happy with the consequences, and I'm certainly not happy about the PDP process taking that long.
So with that context in mind, what do we do now?
Accept the decision of the RIPE community, with the consequences it has, and work on ideas how to mitigate the negative ones.
For some definition of "we". I think Nigel's suggestion is not just sensible, it has to be the next best (or least worst) option. Feel free to make better suggestions...
So the party line is "we need to push that through, via whatever channels it takes. PDP concluded in the wrong way so we ask others who are hopefully more favorable to our proposal."? Don't set precedence ignoring the PDP outcome by trying to work around it. THAT opens a whole can of worms I really don't want to see unleashed. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
+1 on everythign said below. My understanding is indeed that in order for a policy to be accepted there needs to be concensus - in the case where there is non the policy gets rejected and not pushed to some other body for a ruling. Not having consensus is *the* ruling for not implementing a proposal it is not a lack of a ruling on a proposal. Met vriendelijke groet, Jasper Jans Team Leader Network Operations Sr. Network Engineer T: 088 - 00 68 152 F: 088 - 00 68 001 M: 06 - 218 26 380 E: jasper.jans@espritxb.nl EspritXB Monitorweg 1, 1322 BJ Almere Postbus 60043, 1320 AA Almere T: 088 00 68 000 KvK: 1717 7850 F: 088 00 68 001 W: http://www.espritxb.nl http://www.linkedin.com/companies/espritxb http://twitter.com/EspritXB EspritXB levert traditionele spraakdiensten en IP-gebaseerde diensten zoals VoIP, internettoegang, VPN, pinnen, alarm en managed hosting aan MKB Nederland. -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Daniel Roesen Sent: Thursday, July 28, 2011 9:46 AM To: address-policy-wg@ripe.net Subject: [address-policy-wg] Re: the post-mortem on 2008-09 On Thu, Jul 28, 2011 at 01:15:01AM +0100, Jim Reid wrote:
It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever.
The outcome of the PDP is that there is no consensus to implement address certification. To me, that's a decision of the RIPE community, against address certification. I'm not saying that I'm totally happy with the consequences, and I'm certainly not happy about the PDP process taking that long.
So with that context in mind, what do we do now?
Accept the decision of the RIPE community, with the consequences it has, and work on ideas how to mitigate the negative ones.
For some definition of "we". I think Nigel's suggestion is not just sensible, it has to be the next best (or least worst) option. Feel free to make better suggestions...
So the party line is "we need to push that through, via whatever channels it takes. PDP concluded in the wrong way so we ask others who are hopefully more favorable to our proposal."? Don't set precedence ignoring the PDP outcome by trying to work around it. THAT opens a whole can of worms I really don't want to see unleashed. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0 Op dit e-mailbericht is een disclaimer van toepassing, welke te vinden is op http://www.espritxb.nl/disclaimer
Hi, On Thu, Jul 28, 2011 at 09:46:08AM +0200, Daniel Roesen wrote:
So the party line is "we need to push that through, via whatever channels it takes. PDP concluded in the wrong way so we ask others who are hopefully more favorable to our proposal."?
This specific case is a bit more complex, given that the work on the certificate infrastructure *was* mandated by the RIPE community (some 4 or 5 years ago when the topic came up and the plenary said "well, please go ahead and build a prototype") and has been on the budget and activity plan since then. So the NCC is spending money for something that seems to be "ok" according to who is paying for it (the members, which are part of the community as well). Now some parts of the community seem to say "don't go there" (simplified). Now what? Ignore the members, who said "go, spend the money for this!", or ignore the community? We've dug us into a nice rathole, and among the possible alternatives, I can't see anything better than "asking the members for a vote on NCC activity". (Note that, strictly speaking, certificates are not purely "address policy" [aka 'who can get numbers under which conditions?'] but more "business processes", and as such, to have 2008-08 on APWG's plate was always a bit problematic) Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On 28 July 2011 08:56, Gert Doering <gert@space.net> wrote:
Now some parts of the community seem to say "don't go there" (simplified).
Er, I agree that its a simplification, but I think the major concern was not that the signing of resources was made technically possible, but that there wasn't a distributed model of authority implemented so that 'attacks' (physical or political) on the infrastructure could not remove control of routing from the network operators. The work on signing has been wasted, what is needed now is some method to take that work and build something that can be trusted by all side of the community. J -- James Blessing 07989 039 476
On 28 Jul 2011, at 08:46, Daniel Roesen wrote:
On Thu, Jul 28, 2011 at 01:15:01AM +0100, Jim Reid wrote:
It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever.
The outcome of the PDP is that there is no consensus to implement address certification. To me, that's a decision of the RIPE community, against address certification.
Indeed. Meanwhile, the NCC's Activity Plan which was approved at the May AGM authorises the NCC to continue its work on address certification. Something needs to be done about that. Which is why Nigel suggested a vote at the AGM next year. We need a clear decision which can be understood by everyone. As I explained earlier, the implications for the current situation go beyond our service region and community.
Jim, this message of yours explains for me that you have not really understood why or what people are having issues with, with these issues. On Thu, Jul 28, 2011 at 2:15 AM, Jim Reid <jim@rfc1035.com> wrote:
On 27 Jul 2011, at 22:17, niels=apwg@bakker.net wrote:
There has been a proper debate. It's lasted three years.
Well IMO, any debate lasting *that* long cannot be called "proper". A more honest description might be "ivory-towered" or "defective". There is something fundamentally wrong if we can't get a policy done in 3 years(!) and then have what appeared to be a consensus come off the rails at the very last moment. We, the RIPE community, should hang our heads in shame. Imagine the derision we'd rightly heap on other policy-making bodies if they had produced this outcome. And we all know a few of them.
Please note I am not criticising the people who raised those last-minute objections at all. [Though it's a pity they didn't engage much earlier.] I'm actually relieved they intervened while the opportunity was still there. This had to be more preferable than declare a consensus, implement the policy and then have serious objections emerge. Though I admit both options are unpleasant. One's just worse than the other.
Trying to sneak it in via the back door of the AGM doesn't sound like a great strategy to me.
That's grossly unfair Neils. Nigel clearly asked for a documented decision.
The documented decision is there is no consensus on the current proposals (and beyond). If you want the RIPE NCC to cheat its policy process and "remove consensus from the table", by going for a simple majority vote instead, the RIPE NCC's policy process becomes void; a farce, and clearly a waste of time. The bottom-up decision making process of the RIR system will have failed, but not for the reasons you mention, but for a complete top-down policy overrun. Make no mistake, pushing such a (de)vast(ating) change to the Internet architecture as we know today such as resource certification/RPKI/SIDR through while completely ignoring any outcome from *any* PDP arm of the NCC, is a great failure of the PDP in that it is indeed useless.
In the absence of viable alternatives, the NCC AGM seems the obvious forum for that decision. Nigel just asked that the membership should have a vote on whether the NCC continues doing what's in the activity plan or stops. He was very careful not to say what that decision should be. Or even what the NCC membership should vote on because, strictly speaking, he hasn't proposed a resolution for May's AGM.
It should be patently clear RIPE cannot take a decision about address certification any time soon, if ever. So the NCC membership seems the best (or least worst) choice as a suitable forum in our service region that could actually take a decision on this issue, whatever that may be.
It is becoming increasingly apparent to me that these changes are so large that their implementations are perhaps better left to the normal democratically based law-making processes, had it not been for the complications, let's say, of the union. These architectural changes are so severe I'm starting to doubt we really have the mandate to make them, especially given how the Internet nowadays is so much "serious freedo^wbusiness".
It's simply unacceptable to collectively shrug our shoulders at what has happened and wish the wreckage to vanish all by itself. For one thing, we have a duty to those in the community who have not followed the detail of 2008-08. They deserve an answer.
Isn't the answer pretty simple? "The proposed address certification prototype (technology) has not passed the NCC PDP quality assurance. There are serious issues with it that have not been addressed."
So do our friends at the other RIRs. Uncertainty about address certification in our service region has an impact on them and their communities. There are also further global impacts. It would not surprise me if governments who are supportive of the RIR system and its bottom-up policy making processes take a rather dim view of what's happened too. There's a nasty question that needs resolving and soon: "how can you spend 3 years debating an important policy, letting if implode at the last minute and then just walk away?". It's these sorts of risks that have to be mitigated. The NCC will have a key role in that risk mitigation effort.
I do not see and have not seen your windmills.
So with that context in mind, what do we do now?
Address the issues raised, or we happily do nothing at all? Isn't that how we normally achieve consensus? Isn't that how we have been governing ourselves, bottom-up, previously?
For some definition of "we". I think Nigel's suggestion is not just sensible, it has to be the next best (or least worst) option. Feel free to make better suggestions...
Clearly you rank from bad to good, the "no" to "yes" of 2008-08 and beyond. So, since you repeat the same question, I will repeat the same answer: the PDP did make a decision, it said "no, no consensus can be reached on the current prototypes, come again with the issues better addressed".
We'll look really dysfunctional if we let address certification continue as our very own long-running and real-world version of Schrodinger's famous thought experiment.
From your biased point of view, perhaps. From my biased point of view, not so much. Instead, we're looking pretty responsible, IMVHO in the same general manner like the Norwegian government has been saying they will fight terror with more democracy and openness rather than do what the US did.
Best Regards, Martin
On 28 Jul 2011, at 09:35, Martin Millnert wrote:
this message of yours explains for me that you have not really understood why or what people are having issues with, with these issues.
With respect Martin, you couldn't be more wrong. And anyway the next steps are not about what I might or might not understand or the issues raised in the last-minute objections to 2008-08. It's also not about "cheating the policy process" either. Nobody has suggested it was. It's about reconciling two (three?) mutually exclusive community decisions. We have a situation where the membership has authorised the NCC to develop an address certification system. This has been going on for years. It was the settled will of RIPE too. [Though that goes back to the days before the PDP existed.] We've all taken a punt that by the time this system was ready, there would be a consensus policy for it in place. 2008-08 is now dead. But the current mandate to the NCC is still in effect. A vote of the membership is needed to change that mandate. In my opinion, this is also the least bad way to proceed. Please note I did not say what that decision should be. Again. While you're right in theory to say we could start all over again and come up with a new address certification policy, I doubt it will work in practice. Positions seem too entrenched on all sides to find a compromise. I wonder too if consensus is now possible or if that can be reached in a reasonable amount of time. 2008-08 chugged along for 3 years and was apparently non-controversial.
Jim, thank you for your reply. On Jul 28, 2011, at 11:46, Jim Reid <jim@rfc1035.com> wrote:
On 28 Jul 2011, at 09:35, Martin Millnert wrote:
this message of yours explains for me that you have not really understood why or what people are having issues with, with these issues.
With respect Martin, you couldn't be more wrong. And anyway the next steps are not about what I might or might not understand or the issues raised in the last-minute objections to 2008-08. It's also not about "cheating the policy process" either. Nobody has suggested it was. It's about reconciling two (three?) mutually exclusive community decisions.
Fair enough. Your message had a bias towards "this needs to pass, obstacles go away!", that I may have misinterpreted then.
We have a situation where the membership has authorised the NCC to develop an address certification system. This has been going on for years. It was the settled will of RIPE too. [Though that goes back to the days before the PDP existed.] We've all taken a punt that by the time this system was ready, there would be a consensus policy for it in place. 2008-08 is now dead. But the current mandate to the NCC is still in effect. A vote of the membership is needed to change that mandate. In my opinion, this is also the least bad way to proceed.
If the prototype development does not auto-expire when there is no supporting policy, that seems a bit like a flaw in the original design here, to me. Likewise, can the membership with a simple majority vote overrule the PDP on the matter? (or without the corresponding PDP, if the policy proposed then is different than 2008-08.) I'm not verse enough in RIPE NCC procedures to know this. It does seem strange that a simple majority vote could override a PDP decision, since the requirements on consensus in the PDP is pretty far from simple majority. That is what I mean would be cheating and would seriously undermine the authority of the policy. It does then appear sensible to me that a new policy (which it is, Gert) still has to go through the PDP, and the AGM-mandated bullet point prototype development would at some time finish (working well enough qualifies), ending that mandate. And once that mandate has ended, a new mandate can still not put it into effect before consensus can be reached in a corresponding PDP.
Please note I did not say what that decision should be. Again.
While you're right in theory to say we could start all over again and come up with a new address certification policy, I doubt it will work in practice. Positions seem too entrenched on all sides to find a compromise. I wonder too if consensus is now possible or if that can be reached in a reasonable amount of time. 2008-08 chugged along for 3 years and was apparently non-controversial.
I think Mr Blessing pointed out the core issue, yet unsolved. Until it is solved (my reading on the major difference of abusive risk tolerance), until there is a consensus, the default action is of course to not enact a new policy. Memories of the recent 2008-08 debate here ought to be fresh enough that if a new proposal comes through (say roughly in time for the next AGM), where these issues have been addressed, the debate need not restart from scratch. Best regards, Martin
On Wed, Jul 27, 2011 at 12:24:10PM +0100, Nigel Titley wrote:
The PDP worked fine, it just didn't have the outcome you desired. The PDP did not "work fine". There is a strong demand for certification, there is an equally strong objection. If the PDP "worked fine" we would have hammered out a middle ground like we usually do on technical matters.
How could that look like? Something like "somewhat pregnant"? My imagination fails how to find middle ground on something that seems to be fundamentally incompatible goals. But I'm biased and probably too narror-minded. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On 27 Jul 2011, at 22:53, Daniel Roesen wrote:
My imagination fails how to find middle ground on something that seems to be fundamentally incompatible goals.
Two points: *Much* bigger and far more serious problems have been solved in the world when two fundamentally incompatible (or even mutually exclusive) positions choose to find a compromise. Second, there might have been a better chance of finding a consensus on 2008-08 if the voices of opposition engaged much earlier than they did. This is not a criticism of anyone.
On Wed, Jul 27, 2011 at 11:53:10PM +0100, Jim Reid wrote:
On 27 Jul 2011, at 22:53, Daniel Roesen wrote:
My imagination fails how to find middle ground on something that seems to be fundamentally incompatible goals.
Two points:
*Much* bigger and far more serious problems have been solved in the world when two fundamentally incompatible (or even mutually exclusive) positions choose to find a compromise.
As I said: it's just _me_ not seeing an approach to that. I don't say that there is no way.
Second, there might have been a better chance of finding a consensus on 2008-08 if the voices of opposition engaged much earlier than they did.
Agreed. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On 26/07/2011 10:59, Emilio Madaio wrote:
The proposal 2008-08, "Initial Certification Policy in the RIPE NCC Service Region", has been withdrawn.
Obviously, speaking as someone who has been raising concerns about this proposal, I think this is the right decision, but I know a number of people will be disappointed by this. Whichever side of the debate you are on, I think we can all acknowledge that this can't have been an easy decision. We like to say that the PDP is driven by the community consensus, but to accept that lack of community consensus means you have to abandon even a policy with so much momentum behind it takes guts. Many (perhaps most) organisations would have pressed on regardless, out of pride and inertia, and to sooth the egos of the senior leadership, and then dared any dissenters to do anything about it. The RIPE PDP may not have turned up a consensus this time, but it did something else that is useful: it proved that the community consensus process is genuine. That's something to be proud of, and to defend with renewed vigour next time the Internet community's detractors come knocking (Cooperation-WG take note!). I would like to thank the proposers and the WG Chairs, for hearing out the concerns so courteously and patiently. Malcolm. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Maya House, 134-138 Borough High Street, London SE1 1LB Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
participants (14)
-
boggits -
Daniel Roesen -
Emilio Madaio -
Fearghas McKay -
Gert Doering -
Jasper Jans -
Jim Reid -
Malcolm Hutty -
Martin Millnert -
niels=apwg@bakker.net -
Nigel Titley -
Peter Koch -
Rob Evans -
Sascha Luck