CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
Hi colleagues,
please find below the draft minutes from the Anti-Abuse Working Group
session at RIPE 88.
If you have any comments, please email them to aa-wg-chair@ripe.net by
the end of next week.
Have a nice weekend,
Markus de Brün
Tuesday, 21 May 2024, 16:00 – 17:30 (UTC+2)
Chairs: Brian Nisbet, Markus de Brün, Tobias Knecht
Scribe: Bryce Verdier
Status: Draft
The recordings and presentations are available at:
https://ripe88.ripe.net/programme/meeting-plan/aa-wg/
The stenography transcript is available at:
https://ripe88.ripe.net/archives/steno/22/
# A. Administrative Matters
Brian opened the session, welcomed the attendees and set the agenda. The
minutes from RIPE 87 were approved.
Markus stated that Brian’s term as Co-Chair was ending at the end of the
meeting and that he was nominated to continue as Co-Chair. Markus asked
if there were any objections and there were none. Brian was accepted as
Co-Chair for another three year term and Markus thanked Brian.
Jim Reed said that he was glad that Brian was reappointed as Co-Chair
and asked if there were term limits and if the group should think about
creating them.
Markus answered that there weren’t any at the moment.
Brian mentioned that Mirjam was talking to other group chairs about
implementing them but there weren’t a lot of people willing to be WG
Chairs.
Jim Reed mentioned that during his time in the DNS WG, Co-Chairs gave a
three year notice for the WG to come up with a succession plan.
Fergus Maccay, Flex Optics, suggested they use a secret voting process
for Co-Chair approval. Brian noted Fergus’s suggestion and added that
the names of people stepping forward were not announced until after the
nomination phase to encourage more people to come forward.
Fergus responded that public voting was the problem and suggested a
private vote. Jim Reed commented that decisions were made by consensus,
not voting. Rüdiger Volk said that it was hard to have consensus with
absolute privacy.
Brian said that the WG rules state that if consensus couldn’t be
reached, then it forced a vote.
Malcom Hutty, LINX, mentioned that the consensus process was applicable
to policy but didn’t have to apply to administrative matters.
Brian reminded the room that the WG Chair selection process for the
Anti-Abuse WG was a vote if consensus could not be reached.
# D. Interactions
## D.1. Illegal Content Online: What's Our Role as a Regional Internet
Registry
Maria Stafyla, RIPE NCC
The presentation is available at:
https://ripe88.ripe.net/wp-content/uploads/presentations/58-RIPE-88-AntiAbuse-WG-Illegal-Content-Online-Our-role-as-an-RIR.pdf
Maria gave a high level summary of what the RIPE NCC’s role is as a
Regional Internet Registry and its involvement in addressing illegal
online content. She highlighted that they help identify holders of
Internet resources but they do not host or control third-party content.
Discussions with stakeholders, including the European Commission, focus
on combating piracy and other illegal activities, with debates about
increasing RIPE NCC's responsibilities.
Malcom Hutty asked if it was still the RIPE NCC's policy to challenge
and resist a court order being made in the first place.
Maria answered that the situation would be evaluated on a case by case
basis, depending on the situation and that if they thought there were
reasons to do it, she believed that they would.
Robert Carolina, General Counsel ISC, asked how, if at all, policy
differed if the request came from a legal authority completely outside
the European or Middle Eastern region. He questioned whether there would
be no realistic chance of the requesting authority having legal
jurisdiction over RIPE if they were farther afield.
Maria said that the RIPE NCC took action against members and resources
in cases where they may be breaking their membership obligations and the
RIPE NCC did take action on legally binding orders.
Hans Petter Hollen, Managing Director, RIPE NCC, commented on the
questions being raised, noting that all cases would be treated on a
case-by-case basis.
He said that the primary objective was to keep an accurate registry and
using the registry to take action against nation states, organisations
for political means or other means was something that the Board had
stated clearly they did not want to do. He stressed that when it came to
individual organisations breaking the law, the RIPE NCC had to follow
Dutch law and follow valid court orders.
Alex Dioda, legal counsel OPL Six, asked whether the RIPE NCC would only
abide by valid Dutch court orders or for court orders that have been
transposed by Dutch courts.
Maria said that the RIPE NCC has an obligation to comply if it was a
legally binding order and recognised in the Netherlands.
# E. Presentations
## E.1. Peering into the Darkness - The Use of UTRS in Combating DDoS
Attacks Yury Zhauniarovich, TU Delft
The presentation is available at:
https://ripe88.ripe.net/wp-content/uploads/presentations/39-20240521_ripe88_utrs_ddos.pdf
Yury presented on using UTRS (Universal Traffic Removal Service) to
combat DDoS attacks, combining network measurements and cybersecurity.
He explained how RTBH (Remotely Triggered Black Hole) and UTRS block
traffic to IPs under attack via trusted third parties like Team Cymru .
His study with Yokohama National University found UTRS underutilised,
with only 124 of 75,000 autonomous systems using it. Few DDoS attacks
trigger UTRS announcements, often due to attack duration and intensity,
indicating the service's effectiveness but limited adoption.
Brian asked why he thought nobody used the tool.
Yury said that he thought there were two main reasons, one is that it
was not a stable service and that BGP flowspec was only introduced two
years ago. He also thought that a lot of ASes had their own solutions
from their upstreams and because they charge fees for this service, they
didn’t have incentive to use the global and free service. Lastly, he
said that it might drive more participation if the service was run by
the community and not a company.
Rüdiger Volk, Retiree of Deutche Telekom, commented on the suspicions
around network blackholing. He said that the number of those who
actually implemented the blackholing seems to be unknown.
Yury said that they had a follow up paper on this which will be
presented on SIGMETRICS and he had also submitted a Lightning Talk on
Friday to explain how they identified the members who actually abide by
the blockings so they also know this number.
Rüdiger followed up with a question on whether the numbers from the
report had a high or low percentage of users.
Yury said that around 600 ASes were actively blocking.
Rüdiger noted that modern methods can filter attack traffic from
legitimate traffic. He added that those using such protections won't
issue UTRS signals unless an attack overwhelms their usual defences.
Malcom Hutty asked about their data retention policy and whether they
captured IP addresses for attack traffic and if so how long they kept
them for and for what purposes.
Yury said that the source IP addresses were not gathered as it was spoof
traffic.
# B. Update
## B.1 Recent List Discussion
The presentation is available at:
https://ripe88.ripe.net/wp-content/uploads/presentations/64-AA-WG-Slides-RIPE-88.pdf
Brian and Markus presented a proposal to recharter the WG from
Anti-Abuse to a broader security focus, addressing evolving
cybersecurity concerns. The changes would cover emerging threats, best
practices, and stakeholder collaboration. Mailing list feedback
supported the transition but suggested explicitly mentioning RIPE NCC
and clarifying the WG's policy role. They concluded by inviting further
feedback to refine the draft charter.
Rüdiger Volk, retiree of Deutsche Telekom, said that there was less of a
need to regulate the process since the RIPE community provides
guidelines to the NCC in one form or the other. He added that there were
already established activities in RIPE that are traditionally tackling
serious security issues such as RPKI in the Routing WG.
Markus said that the idea was not to capture all topics related to
security, but if there were security topics not falling under other WGs,
then they could come under Anti-Abuse.
Brian clarified that there were many overlapping topics in many of the
WGs, for example IPv6 turned up in Address Policy and in Routing and
many topics cropped up in NCC Services. He said that this wasn’t an
attempt to take over 50% of the WG slots.
Malcom Hutty raised concerns about the use of the word "policy" in the
last bullet point, questioning whether it implies a formal RIPE
community policy that would require a Policy Development Process (PDP).
He highlighted the need to distinguish between best practices and
policies and suggested that the term "policy" warranted careful
consideration and scrutiny.
Tobias acknowledged the comment and asked how writing policies in this
WG would be different from other Working Groups.
Malcom said that because security is more broad, the policy from
Anti-Abuse might affect other WGs.
Tobias acknowledged and agreed with the comment. He countered that the
NCC Services WG functions in the same way as the proposed charter change
and said that the community is made up of those who want to be part of
it and that the policy process would be the same in this WG as in other WGs.
Malcom said that expanding the community to be part of the rechartering
might not be the best method.
Brian acknowledged the comment and responded that removing the ability
to write policy would limit the WG’s ability to function.
Peter Koch, DeNIC, said that they needed to narrow the scope and broaden
participation. He proposed explicitly stating in the charter that the
group would be exempt from proposing policy due to the history of
failure to reach consensus in the group. He said policies in RIPE WGs
only make sense when they are enforceable and they are only enforceable
if they are addressed by the RIPE NCC as its function as the
secretariat. He added that this should be made clear so it attracts the
right people and manages the expectations for this very necessary
broadening of participation.
Dmytro Kohmanyuk supported the idea of a security-focused working group
but suggested rechartering the Anti-Abuse WG if it had reached a
plateau. He proposed that if rechartering involved significant changes
in focus and working items, the RIPE Chair Team should be involved in
the group's lifecycle discussion. He emphasised the importance of
reconfirming the Chair Collective to include those with a security
focus, ensuring that new members feel they belong and can contribute,
while staggering this process to maintain continuity of work. He
suggested considering the immediate or potential impact on NCC staff,
time, and budget in discussions.
Alistair Woodman asked if any of the changes were predicated on what the
EU was doing related to the Cyber Resiliency Act and other things in
that area.
Brian said no but they were aware of the increasing EU regulatory
regime, such as the Digital Services Act, which has been discussed
across various working groups.
Alistair followed up by saying that they were leaning into the
assumption that there's going to be more regulatory oversight from the EU.
Brian confirmed this.
Alistair said that they essentially wanted to throw their hat in the
ring as an industry group that would actually be setting policies that
would potentially deal with things at that European level.
Tobias affirmed that the European Commission was developing directives
without adequate industry input due to poor self-regulation. He
highlighted past policy failures leading to current DSA regulations and
emphasised the opportunity for industry involvement in shaping
legislative outcomes that align better with industry needs. Tobias
cautioned that Commission decisions might not align well with community
expectations if not properly engaged.
Alistair agreed, and said some folks in the room were potentially not
comfortable with the idea of playing in the big leagues while some were
which presented a challenge. He did agree with their thesis that if
somebody didn’t step in, there would be a vacuum left there.
Brian said there were multiple ways of a WG creating influence and
clarified that they weren’t intending to rule the world with the charter.
Niall O'Reilly, RIPE Vice Chair, said that at the beginning of the
Policy Development Process, the most appropriate WG was identified to
act as the vehicle for steering the process from proposal to consensus.
He felt it was important that the exclusion of this WG as a potential
vehicle for the PDP at this stage was inappropriate.
Niall continued, this time as a community member, to refer attendees to
the silent Lighting Talk at RIPE 66. A key facet of consensus
development is not to exclude, by systematic blindness or by failure to
communicate, any significant stakeholder group. One responsibility of
the WG Chairs was to make sure that nobody was left unheard who had a
stake in the eventual decision. Lastly, Niall noted that the last bullet
point could be reworded as "develop guidance to improve security" since
guidance might be better neutral terminology.
Alex Dioda, AMS-IX, explained that he was a Board Member of EuroISPA
which is a European association that lobbies in Brussels for the ISP
industry and highlighted the lack of RIPE's presence in policy
discussions at the EU level. He suggested more proactive engagement was
needed.
Rüdiger Volk, expressed concern over the emphasis on policy in the WG's
charter and suggested that providing guidance and best practices might
be more appropriate and effective.
Peter Koch emphasised the need for improved engagement with broader
security communities while highlighting the effective self-regulation
within the community. He underscored the importance of clarifying the
roles of this community and Regional Internet Registries (RIRs), citing
the relevance of EU regulations like the Digital Services Act (DSA) to
ISPs. Peter suggested exploring increased RIPE NCC presence in Brussels,
subject to member support, and cautioned against mixing platform
regulation with the group's primary objectives.
Tobias agreed to disagree that the community is good at self regulation
and stated that the DSA was not only about platforms.
Jim Reid, community member, suggested renaming the WG to better reflect
its focus, noting that "security" was too broad a term. He recommended
simplifying the language in the charter and emphasising advisory roles
rather than prescriptive policies.
Malcom Hutty, LINX, stated that achieving inclusivity was a high bar.
Failing to meet this standard would make acceptance unlikely and
undeserved. Therefore, he proposed policies should focus on the
expertise and practical knowledge of active community members, not on
ideas from occasional outsiders.
Brian Nisbet said feedback had been very useful and they needed to go
and think about and come back in a nicely structured way on the mailing
list. He said that attendees could find them on the list and to anyone
who was worried, he added that they had been speaking extensively with
Mirjam and Niall about this and they would continue to do so.
Brian said that around 100 people had completed the Anti-Abuse training,
with more sessions planned for this year, with initial feedback being
positive. He also thanked the stenographer, AV, Meetecho and NCC staff.
# X. AOB
No AOB.
# Z. Agenda for RIPE 89
No agenda items set for RIPE 89.
-----
To unsubscribe from this mailing list or change your subscription options, please visit:
https://mailman.ripe.net/mailman3/lists/anti-abuse-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at:
https://www.ripe.net/membership/mail/mailman-3-migration/