Verisign to provide secondary DNS services for the RIPE NCC’s zones
Dear colleagues, In July we published a Request for Proposals (RfP) for a trusted third party to provide secondary DNS services for the RIPE NCC's zones: https://www.ripe.net/ripe/mail/archives/dns-wg/2016-July/003303.html Following our announcement, we received three final proposals by the conclusion of the process. We selected the best fitting proposal based on the technical and non-technical requirements in the RfP document. The proposal submitted by VeriSign Sàrl (“Verisign”) was the best fit. We subsequently signed a contract with Verisign, which comes into effect before the end of this year. The contract is for the period of one year, with the intention to renew yearly. Prior to renewal, we will look at the benefits of the service and actual market situation at that time to decide on renewing the service. We'd like to express our gratitude to all parties who submitted proposals. We look forward to working with Verisign in the future. Regards, Romeo Zwart RIPE NCC
Hi Romeo & NCC DNS team - first of all, congrats to the addition of resilience to the NCC's DNS services! Good to have this aboard these days, I (unfortunately have to) think... On 18.10.2016 10:54, Romeo Zwart wrote:
[...]
The proposal submitted by VeriSign Sàrl (“Verisign”) was the best fit. We subsequently signed a contract with Verisign, which comes into effect before the end of this year. The contract is for the period of one year, with the intention to renew yearly. Prior to renewal, we will look at the benefits of the service and actual market situation at that time to decide on renewing the service.
in the light of transparency, will resp. can the contract be disclosed? If not, is it a contract (draft) that has been put on the table by the NCC? Or, vice versa, VeriSign's standard contract for such services? Or rather - as a result of heavy negotiations in smoke filled rooms behind closed doors ;-) - an amalgam of both? Also, how (far) the three final bidders met the RfP requirements would be interesting. I don't mind if the names of the non-winning two would be anonymized. Thanks & best, -C.
On 18 Oct 2016, at 10:09, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
in the light of transparency, will resp. can the contract be disclosed?
If not, is it a contract (draft) that has been put on the table by the NCC? Or, vice versa, VeriSign's standard contract for such services? Or rather - as a result of heavy negotiations in smoke filled rooms behind closed doors ;-) - an amalgam of both?
Also, how (far) the three final bidders met the RfP requirements would be interesting. I don't mind if the names of the non-winning two would be anonymized.
Hi Carsten. The contractual terms are implementation detail and therefore out of scope for the WG. This also applies to the RFP and NCC’s selection procedure. The WG should only intervene here -- ie by asking the NCC board to investigate -- if we have reason to believe the RFP and/or contract was unfair or defective in some way. The WG must not and can’t (try to) micromanage the NCC’s DNS team.
On 10/18/16 11:36 AM, Jim Reid wrote:
The contractual terms are implementation detail and therefore out of scope for the WG
if we have reason to believe the RFP and/or contract was unfair or defective in some way.
The WG must not and can’t (try to) micromanage the NCC’s DNS team.
jim, I agree on your last sentence. besides, I cannot fully understand how this WG could ask the NCC board to investigate "if we have reason to believe the rfp was unfair or defective in some way" when, actually, you just said "the contractual terms are out of scope for the WG". thank you -- antonio
On 18 Oct 2016, at 10:53, Antonio Prado <thinkofit@gmail.com> wrote:
besides, I cannot fully understand how this WG could ask the NCC board to investigate "if we have reason to believe the rfp was unfair or defective in some way" when, actually, you just said "the contractual terms are out of scope for the WG".
Antonio, these are two different things. The WG does not concern itself with what’s in this contract or how the RFP was conducted. That’s operational/implementation detail. If the service provided by the contract or RFP went wrong in some way or if someone complains, that falls within the WG’s remit. We don’t need to have knowledge of the content of that contract (or the RFP) to raise questions whenever a problem arises. ie The WG could formulate a list of questions for the NCC management/board and ask them to look into the matter and report back. I hope this clarifies matters.
Hi Jim, On 18.10.2016 11:36, Jim Reid wrote:
The contractual terms are implementation detail and therefore out of scope for the WG. This also applies to the RFP and NCC’s selection procedure.
what other forum you would see fit then for such kind of Q&A?
The WG should only intervene here -- ie by asking the NCC board to investigate -- if we have reason to believe the RFP and/or contract was unfair or defective in some way.
For the record: I am not even only remotely insinuating this by any means at all - I am just a curious Internet Citizen in this regard. But as a side note: how would you come to believe that the RfP and/or contract is unfair or defective in some way, if neither one is disclosed?
The WG must not and can’t (try to) micromanage the NCC’s DNS team.
Not that I have attempted this by any means, I think. Best, -C.
Hi Carsten, On 10/18/16 1:04 PM, Carsten Schiefner wrote:
what other forum you would see fit then for such kind of Q&A? ncc services ? or the GM?
cheers, elvis
Hi Elvis, On 18.10.2016 12:11, Elvis Daniel Velea wrote:
On 10/18/16 1:04 PM, Carsten Schiefner wrote:
what other forum you would see fit then for such kind of Q&A? ncc services ? or the GM?
"NCC Services" I don't know... Wouldn't this WG be rather for services being rendered *BY* the NCC than *TO* the NCC? Then again, this could be a one-off part of the NCC's public presentation that usually sets the floor for the GM afterwards - let's see. Cheers, -C.
On 18 Oct 2016, at 11:04, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
Hi Jim,
On 18.10.2016 11:36, Jim Reid wrote:
The contractual terms are implementation detail and therefore out of scope for the WG. This also applies to the RFP and NCC’s selection procedure.
what other forum you would see fit then for such kind of Q&A?
Depends on the Q&A. If they’re about the NCC’s standard RFP process -- or it it has such a thing -- that’s for the NCC Services WG or maybe the GM. If the question is “was the NCC’s standard RFP mechanism followed for some DNS thing?”, that’s for this WG. If someone thinks any contract involving the NCC is unfair or unreasonable, they ask the NCC Board to look into it and report back to the GM and/or any WG the board decides is appropriate
But as a side note: how would you come to believe that the RfP and/or contract is unfair or defective in some way, if neither one is disclosed?
For starters, by how the service is performed by the chosen supplier. Or if that supplier was an unknown or had a poor reputation. Or if the losing bidders were complaining. Or (say) if Romeo tells us root server activities are being scaled back so he can pay the bills from the outsource partner.
The WG must not and can’t (try to) micromanage the NCC’s DNS team.
Not that I have attempted this by any means, I think.
I’m glad to hear that Carsten. But I must say you gave me that impression by asking for details of the RFP and how well/poorly the bidders performed.
On 18.10.2016 12:27, Jim Reid wrote:
On 18 Oct 2016, at 11:04, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
[WG micromanaging the NCC’s DNS team]
Not that I have attempted this by any means, I think.
I’m glad to hear that Carsten. But I must say you gave me that impression by asking for details of the RFP and how well/poorly the bidders performed.
As always, curiosity kills the cat, huh? ;-) Cheers, -C.
On 18 Oct 2016, at 09:54, Romeo Zwart <romeo.zwart@ripe.net> wrote:
The proposal submitted by VeriSign Sàrl (“Verisign”) was the best fit. We subsequently signed a contract with Verisign, which comes into effect before the end of this year. The contract is for the period of one year, with the intention to renew yearly. Prior to renewal, we will look at the benefits of the service and actual market situation at that time to decide on renewing the service.
Thanks Romeo. This is great news. Bringing in a competent DNS hosting provider will add diversity and resiliance to the DNS infrastructure for ripe.net. It’s also good that these new arrangements are documented in a contract. I’m sure the WG agrees. Well, I hope it does... :-) I’m sure you’ll keep the WG informed of how this works out and what happens when the contract comes up for renewal. My thanks and appreciation to your team for the hard work of preparing and running the RFP and arranging the contract with the supplier.
Dear colleagues, There were some questions on the list in response to my earlier message (see below). Therefore, I'd like to add some clarification. With regard to the RfP process: we have of course followed due process, as documented in the RfP document, available to all contenders. We kept the RIPE NCC Executive Board informed throughout the entire process and would be happy to share further information with board members should the need arise. The final contract text was reached after negotiation on contract details to make sure the agreement was fully in line with our principals and detailed requirements. One request on the list was, in the interest of full transparency, to share the contractual details with the working group. However, legal restrictions prevent us from doing so. I hope this addresses the questions raised and clarifies the situation. We're happy to hear more questions and feedback from the working group. Kind regards, Romeo On 16/10/18 10:54 , Romeo Zwart wrote:
Dear colleagues,
In July we published a Request for Proposals (RfP) for a trusted third party to provide secondary DNS services for the RIPE NCC's zones: https://www.ripe.net/ripe/mail/archives/dns-wg/2016-July/003303.html
Following our announcement, we received three final proposals by the conclusion of the process. We selected the best fitting proposal based on the technical and non-technical requirements in the RfP document.
The proposal submitted by VeriSign Sàrl (“Verisign”) was the best fit. We subsequently signed a contract with Verisign, which comes into effect before the end of this year. The contract is for the period of one year, with the intention to renew yearly. Prior to renewal, we will look at the benefits of the service and actual market situation at that time to decide on renewing the service.
We'd like to express our gratitude to all parties who submitted proposals. We look forward to working with Verisign in the future.
Regards, Romeo Zwart RIPE NCC
Hi Romeo - On 25.10.2016 09:11, Romeo Zwart wrote:
Dear colleagues,
There were some questions on the list in response to my earlier message (see below). Therefore, I'd like to add some clarification.
[...]
I hope this addresses the questions raised and clarifies the situation. We're happy to hear more questions and feedback from the working group.
thanks for the follow-up here on the list. Best, -C.
On 25/10/2016 19:49, Carsten Schiefner wrote:
Hi Romeo -
Dear colleagues,
There were some questions on the list in response to my earlier message (see below). Therefore, I'd like to add some clarification.
[...]
I hope this addresses the questions raised and clarifies the situation. We're happy to hear more questions and feedback from the working group.
On 25.10.2016 09:11, Romeo Zwart wrote: thanks for the follow-up here on the list.
Tangential: In case you missed it. Move over 8.8.8.8: http://www.verisign.com/en_US/security-services/public-dns/index.xhtml -Hank
Best,
-C.
Romeo and all, I am curious what kinds of legal restrictions would prevent publishing a contract, but that's not really important. They exist! Still... certainly there is precedent for publishing such details - for example the Verisign Cooperative Agreement with the NTIA (NCR 92-18742). If the community thinks that it is important, does it make sense to ask that future contracts be open? This would be clear to anyone responding to an RfP in advance and could avoid any restrictions. I guess that ultimately this would be something that would have to be decided by the RIPE NCC board, but I think a request could come from either the DNS or services working group. Cheers, -- Shane At 2016-10-25 09:11:21 +0200 Romeo Zwart <romeo.zwart@ripe.net> wrote:
Dear colleagues,
There were some questions on the list in response to my earlier message (see below). Therefore, I'd like to add some clarification.
With regard to the RfP process: we have of course followed due process, as documented in the RfP document, available to all contenders. We kept the RIPE NCC Executive Board informed throughout the entire process and would be happy to share further information with board members should the need arise.
The final contract text was reached after negotiation on contract details to make sure the agreement was fully in line with our principals and detailed requirements.
One request on the list was, in the interest of full transparency, to share the contractual details with the working group. However, legal restrictions prevent us from doing so.
I hope this addresses the questions raised and clarifies the situation. We're happy to hear more questions and feedback from the working group.
Kind regards, Romeo
On 16/10/18 10:54 , Romeo Zwart wrote:
Dear colleagues,
In July we published a Request for Proposals (RfP) for a trusted third party to provide secondary DNS services for the RIPE NCC's zones: https://www.ripe.net/ripe/mail/archives/dns-wg/2016-July/003303.html
Following our announcement, we received three final proposals by the conclusion of the process. We selected the best fitting proposal based on the technical and non-technical requirements in the RfP document.
The proposal submitted by VeriSign Sàrl (“Verisign”) was the best fit. We subsequently signed a contract with Verisign, which comes into effect before the end of this year. The contract is for the period of one year, with the intention to renew yearly. Prior to renewal, we will look at the benefits of the service and actual market situation at that time to decide on renewing the service.
We'd like to express our gratitude to all parties who submitted proposals. We look forward to working with Verisign in the future.
Regards, Romeo Zwart RIPE NCC
On 26 Oct 2016, at 11:34, Shane Kerr <shane@time-travellers.org> wrote:
I am curious what kinds of legal restrictions would prevent publishing a contract, but that's not really important. They exist!
Shane, commercial contracts are almost always confidential because they contain information which is commercially sensitive: SLAs, price, how/where the service is delivered, escalation/support arrangements, points of contact etc. I expect your contract of employment with BII and BII's contracts with its bandwidth and hosting providers will not be public for similar reasons.
Still... certainly there is precedent for publishing such details - for example the Verisign Cooperative Agreement with the NTIA (NCR 92-18742).
That's for something *very* different from DNS hosting. You're comparing apples and oranges.
If the community thinks that it is important, does it make sense to ask that future contracts be open? This would be clear to anyone responding to an RfP in advance and could avoid any restrictions.
It makes no sense at all. In fact, a move like that would pretty much guarantee no reputable supplier will submit a bid. Why do that if the details of your offer are going to be exposed to your competitors if you win the RFP? The nature of this contract is implementation detail and therefore out of scope for the WG. Our involvement should be on the outcome of that contract. ie Is the outsourced hosting service working well or not and if not, what steps should be taken to correct that.
participants (7)
-
Antonio Prado -
Carsten Schiefner -
Elvis Daniel Velea -
Hank Nussbacher -
Jim Reid -
Romeo Zwart -
Shane Kerr