Just to add some background that might betray some of the intent of this initiative. in the first mention of the DNS4EU in the Cybersecurity Strategy published in Dec 2020 a motivation for an EU based resolver to reduce dependencies on - note- a handful of non-EU companies, is marked by a footnote informed by this paper <https://www.tandfonline.com/doi/full/10.1080/23738871.2020.1722191>. This seems like a great idea for somebody thinking about the following terms: how to reduce dependencies on non-EU operated infrastructure, how to provide an EU alternative and, add-ons, it has to comply with all the EU values and norms. Fast forward, the add ons develop by being added by extra technicalities and the CEF2 funding programme has a funding line for this. Ideally there are stakeholders already in discussions with the EU Commissions about what an upcoming funding programme should contain in order to fit with the industry and the market needs. I would not be surprised if this call for proposals is already targeted at known stakeholders, but this could also not be the case. It is also telling that this action looks a bit divorced from the rest of the funding line, which is dedicated to the cloud federation. In the high level political discourse - it's not divorced because it's part of the same narrative of reinforcing EU resources vs non-EU, digital autonomy, sovereignty, etc. This aspect is also reflected in the call document, which foresees an assessment of suppliers to strictly exclude non-EU entities, i.e. non-EU entities are not eligible for this call. -- Sincerely, Anastasia Șendrea (Анастасия Шендря)
Paper mentioned above: Consolidation in the DNS resolver market – how much, how fast, how dangerous? by Roxana Radu <https://www.tandfonline.com/author/Radu%2C+Roxana>and Michael Hausding <https://www.tandfonline.com/author/Hausding%2C+Michael> On Wed, Jan 12, 2022 at 6:01 PM Ana Sen <sendrea.anastasia@gmail.com> wrote:
Just to add some background that might betray some of the intent of this initiative. in the first mention of the DNS4EU in the Cybersecurity Strategy published in Dec 2020 a motivation for an EU based resolver to reduce dependencies on - note- a handful of non-EU companies, is marked by a footnote informed by this paper <https://www.tandfonline.com/doi/full/10.1080/23738871.2020.1722191>. This seems like a great idea for somebody thinking about the following terms: how to reduce dependencies on non-EU operated infrastructure, how to provide an EU alternative and, add-ons, it has to comply with all the EU values and norms. Fast forward, the add ons develop by being added by extra technicalities and the CEF2 funding programme has a funding line for this.
Ideally there are stakeholders already in discussions with the EU Commissions about what an upcoming funding programme should contain in order to fit with the industry and the market needs. I would not be surprised if this call for proposals is already targeted at known stakeholders, but this could also not be the case. It is also telling that this action looks a bit divorced from the rest of the funding line, which is dedicated to the cloud federation. In the high level political discourse - it's not divorced because it's part of the same narrative of reinforcing EU resources vs non-EU, digital autonomy, sovereignty, etc. This aspect is also reflected in the call document, which foresees an assessment of suppliers to strictly exclude non-EU entities, i.e. non-EU entities are not eligible for this call.
-- Sincerely,
Anastasia Șendrea (Анастасия Шендря)
-- Sincerely, Anastasia Șendrea (Анастасия Шендря)
On Wed, Jan 12, 2022 at 06:01:38PM +0100, Ana Sen <sendrea.anastasia@gmail.com> wrote a message of 84 lines which said:
This aspect is also reflected in the call document, which foresees an assessment of suppliers to strictly exclude non-EU entities, i.e. non-EU entities are not eligible for this call.
Yes, I noticed that. Does it mean that the machines will not be on AWS or other US hoster?
and that the data used will not be stored in Gcloud, AWS etc. Interesting question, if you mean even studies or equipment used for the development of the infrastructure shall not rely on non-EU CSPs, the text specifies that projects must demonstrate 'that the network technologies and equipment (including software and services) funded comply with the conditions [...] indicate that no security sensitive equipment or services deployed or used *within the proposal *will be procured from third country suppliers - footnote According to the EU coordinated risk assessment, the risk profiles of individual suppliers can be assessed based on several factors. These factors include the likelihood of interference from a third country.' A footnote further even concedes that this kind of assessment would even apply to MNOs who rely on third parties to perform maintenance and upgrade of networks. We are thinking of the US providers, but the EP Rapporteur on the NIS 2 did laud this initiative by highlighting that the DNS4EU is the only way to create a protective shield from attacks from other world regions, giving Russia and N Korea as examples. Would anybody know which stakeholders have the capacity to apply for this call? Anastasia On Wed, Jan 12, 2022 at 6:09 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Wed, Jan 12, 2022 at 06:01:38PM +0100, Ana Sen <sendrea.anastasia@gmail.com> wrote a message of 84 lines which said:
This aspect is also reflected in the call document, which foresees an assessment of suppliers to strictly exclude non-EU entities, i.e. non-EU entities are not eligible for this call.
Yes, I noticed that. Does it mean that the machines will not be on AWS or other US hoster?
-- Sincerely, Anastasia Șendrea (Анастасия Шендря)
On 12 Jan 2022, at 17:35, Ana Sen <sendrea.anastasia@gmail.com> wrote:
Would anybody know which stakeholders have the capacity to apply for this call?
I can think of several. But I won’t identify them by name. The obvious candidates are any of the larger (anycast) DNS providers, TLD registries, major registrars, etc. In other words, pretty much anyone that’s already running chunky global DNS infrastructure. They’ll have the economies of scale and deep pockets to take on this project. It’s possible but unlikely someone might take a punt on a start-up venture purely to go after this opportunity.
since no one else has said it this time around the tree tracking the woozle, ... how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...? randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
Randy, On Jan 12, 2022, at 1:27 PM, Randy Bush <randy@psg.com> wrote:
how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, …?
I believe that’s covered in section 12 of the solicitation (https://hadea.ec.europa.eu/calls-proposals/equipping-backbone-networks-high-... <https://hadea.ec.europa.eu/calls-proposals/equipping-backbone-networks-high-performance-and-secure-dns-resolution-infrastructures-works_en>): "12. Lawful filtering: Filtering of URLs leading to illegal content based on legal requirements applicable in the EU or in national jurisdictions (e.g. based on court orders), in full compliance with EU rules.” That is, perhaps unsurprisingly, it would seem attempting too avoid being such a target is an explicit non-goal. (Of course, getting a resolver to filter URLs as opposed to domain names for such things will be an interesting trick) Regards, -drc
just an update that tomorrow the EU Commission will organise an Info Day (like a stakeholder workshop) to cover all the open CEF2 calls for proposals to respond to any questions interested parties might have. Cloud federation and DNS will be third on the agenda. The info day will run from 9 AM to 4 PM CEST. Link: https://hadea.ec.europa.eu/events/1st-connecting-europe-facility-digital-cal... On Wed, Jan 12, 2022 at 10:27 PM Randy Bush <randy@psg.com> wrote:
since no one else has said it this time around the tree tracking the woozle, ...
how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...?
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
-- Sincerely, Anastasia Șendrea (Анастасия Шендря)
On 18/01/2022 12:51, Ana Sen wrote: I left the webinar more confused than before it started. In the actual call it states "Costs for operating the infrastructure during its lifetime will be excluded under the call." and later "Proposals should also define the post-project ownership of the infrastructure". This call is for 36 months with only 50% co-funding. So based on my reading of the 1st sentence, any servers placed at various colo sites (hosting costs), routing costs, etc are excluded?! Does this mean that whoever wins this call will be spending a couple million Euro of their own money on manpower and equipment to implement DNS4EU? What am I missing? Thanks, Hank
just an update that tomorrow the EU Commission will organise an Info Day (like a stakeholder workshop) to cover all the open CEF2 calls for proposals to respond to any questions interested parties might have. Cloud federation and DNS will be third on the agenda. The info day will run from 9 AM to 4 PM CEST. Link: https://hadea.ec.europa.eu/events/1st-connecting-europe-facility-digital-cal...
On Wed, Jan 12, 2022 at 10:27 PM Randy Bush <randy@psg.com> wrote:
since no one else has said it this time around the tree tracking the woozle, ...
how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...?
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
-- Sincerely,
Anastasia Șendrea (Анастасия Шендря)
On 19/01/2022 13:33, Hank Nussbacher wrote: How the media sees DNS4EU: https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-bu... -Hank
On 18/01/2022 12:51, Ana Sen wrote:
I left the webinar more confused than before it started.
In the actual call it states "Costs for operating the infrastructure during its lifetime will be excluded under the call." and later "Proposals should also define the post-project ownership of the infrastructure". This call is for 36 months with only 50% co-funding.
So based on my reading of the 1st sentence, any servers placed at various colo sites (hosting costs), routing costs, etc are excluded?!
Does this mean that whoever wins this call will be spending a couple million Euro of their own money on manpower and equipment to implement DNS4EU?
What am I missing?
Thanks, Hank
just an update that tomorrow the EU Commission will organise an Info Day (like a stakeholder workshop) to cover all the open CEF2 calls for proposals to respond to any questions interested parties might have. Cloud federation and DNS will be third on the agenda. The info day will run from 9 AM to 4 PM CEST. Link: https://hadea.ec.europa.eu/events/1st-connecting-europe-facility-digital-cal...
On Wed, Jan 12, 2022 at 10:27 PM Randy Bush <randy@psg.com> wrote:
since no one else has said it this time around the tree tracking the woozle, ...
how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...?
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
-- Sincerely,
Anastasia Șendrea (Анастасия Шендря)
On 12 Jan 2022, at 17:09, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
Does it mean that the machines will not be on AWS or other US hoster?
Stephane, that’s really a question for the EU officials who are in charge of the CFP. FWIW I think using AWS or whatever outside the EU for part of the resolver service will probably be OK, subject to some of the other requirements in the CFP. ie The successful EU-based bidder ensures any non-EU elements comply with stuff such as the Data Retention, GDPR and NIS directives, access to EU LEA, contracts are under jurisdiction in an EU member state, etc, etc. Though this is just guesswork on my part. Disclaimer: I am not an EU official and don’t play one on TV. Questions about CFP detail should probably go to the email address given in the CFP doc: "Non-IT related questions should be sent to: HaDEA-CEF-DIGITAL-CALLS@ec.europa.eu”.
participants (6)
-
Ana Sen -
David Conrad -
Hank Nussbacher -
Jim Reid -
Randy Bush -
Stephane Bortzmeyer