Hi Could someone please tell me WHY we are running free training courses for DNS? Training how to interact with the NCC and DB i understand, but dns i do not. Who made the descision to implement this training and what grounds are there for doing this? Regards, Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
On Thu, Aug 15, 2002 at 12:08:34PM +0100, Stephen Burley wrote: | Hi | Could someone please tell me WHY we are running free training courses | for DNS? Training how to interact with the NCC and DB i understand, but dns | i do not. Who made the descision to implement this training and what grounds | are there for doing this? As a former student in one of the DNSSEC courses (actually, I have also given one with Olaf Kolkman) I very much welcome the active role of the RIPE folk educating the community with new technological features which might be otherwise implemented/deployed in a wrong way. I think it is a goal of RIPE to enhance the exchange of expertise and see them in an educating role for their service region. I must add though, that this course is not a DNS course. It aims specifically at deploying DNSSec, rolling over keys, signing zones and what you can expect with the (until so far) not so well documented software available on the marketplace today. May I ask what exactly is your problem with this type of education ? Perhaps it is tie that RIPE takes part in more training/education aspects such as IPv6 deployment. groet Pim -- __________________ Met vriendelijke groet, /\ ___/ Pim van Pelt /- \ _/ Business Internet Trends BV PBVP1-RIPE /--- \/ __________________
At 01:28 PM 15-08-02 +0200, Pim van Pelt wrote:
On Thu, Aug 15, 2002 at 12:08:34PM +0100, Stephen Burley wrote: | Hi | Could someone please tell me WHY we are running free training courses | for DNS? Training how to interact with the NCC and DB i understand, but dns | i do not. Who made the descision to implement this training and what grounds | are there for doing this?
As a former student in one of the DNSSEC courses (actually, I have also given one with Olaf Kolkman) I very much welcome the active role of the RIPE folk educating the community with new technological features which might be otherwise implemented/deployed in a wrong way.
I think it is a goal of RIPE to enhance the exchange of expertise and see them in an educating role for their service region.
Then why not give free courses on multicast, MPLS, or XML?
I must add though, that this course is not a DNS course. It aims specifically at deploying DNSSec, rolling over keys, signing zones and what you can expect with the (until so far) not so well documented software available on the marketplace today.
May I ask what exactly is your problem with this type of education ?
By giving free courses, RIPE is using its member fees to subsidize functions that are not in its main charter of business. -Hank
Perhaps it is tie that RIPE takes part in more training/education aspects such as IPv6 deployment.
groet Pim
-- __________________ Met vriendelijke groet, /\ ___/ Pim van Pelt /- \ _/ Business Internet Trends BV PBVP1-RIPE /--- \/ __________________
I agree with Hank, the NCC is not there to educate the community in protocols and applications that is the express responsibility of the companies involved. If you are going to start training this kind of thing is should be at the very least on a subscription basis. I for one do not want to fund the education of the entire ripe community. I feel this is wrong, it is not part of our service agreement which is what we pay for, much the same as the test traffic white elephant we funded for years. If the RIPE community feels it needs an internationally run training organisation then maybe the NCC can organise this. The community is not an educational charity, the NCC is not there to help those to learn what the rest already know through hard work and research. Please do not get me wrong I am not against the reason behind the education initiative I am against you using our money to do this, I would prefer to see the money better spent on things we need, like better applications, smaller wait queues, automation to name but a few. The NCC does do a good job of educating the community in NCC interaction which is right and proper use of funds, DNSSEC courses are not. Regards, Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Hank Nussbacher" <hank@att.net.il> To: "Pim van Pelt" <pim@bit.nl>; "Stephen Burley" <stephenb@uk.uu.net> Cc: <local-lir@ripe.net>; "Lir-Wg@Ripe.Net" <lir-wg@ripe.net> Sent: Thursday, August 15, 2002 12:35 PM Subject: Re: [lir-wg] DNSSEC training WHY?
At 01:28 PM 15-08-02 +0200, Pim van Pelt wrote:
On Thu, Aug 15, 2002 at 12:08:34PM +0100, Stephen Burley wrote: | Hi | Could someone please tell me WHY we are running free training courses | for DNS? Training how to interact with the NCC and DB i understand, but dns | i do not. Who made the descision to implement this training and what grounds | are there for doing this?
As a former student in one of the DNSSEC courses (actually, I have also given one with Olaf Kolkman) I very much welcome the active role of the RIPE folk educating the community with new technological features which might be otherwise implemented/deployed in a wrong way.
I think it is a goal of RIPE to enhance the exchange of expertise and see them in an educating role for their service region.
Then why not give free courses on multicast, MPLS, or XML?
I must add though, that this course is not a DNS course. It aims specifically at deploying DNSSec, rolling over keys, signing zones and what you can expect with the (until so far) not so well documented software available on the marketplace today.
May I ask what exactly is your problem with this type of education ?
By giving free courses, RIPE is using its member fees to subsidize functions that are not in its main charter of business.
-Hank
Perhaps it is tie that RIPE takes part in more training/education aspects such as IPv6 deployment.
groet Pim
-- __________________ Met vriendelijke groet, /\ ___/ Pim van Pelt /- \ _/ Business Internet Trends BV PBVP1-RIPE /--- \/ __________________
Community outreach and education is part of stewardship. Making sure members are knowledgeable about technical issues, allows them to help form better policies. In the ARIN region, the members recently agreed that training was useful, valuable and they supported it as a good use of time and money. I'm glad to see the RIR's providing this service. It fosters better involvement and, ummm, NET working, which is better than NOT working :) john brown speaking for himself
-----Original Message----- From: owner-lir-wg@ripe.net [mailto:owner-lir-wg@ripe.net] On Behalf Of Stephen Burley Sent: Thursday, August 15, 2002 6:54 AM To: Pim van Pelt; Hank Nussbacher Cc: local-lir@ripe.net; Lir-Wg@Ripe.Net Subject: Re: [lir-wg] DNSSEC training WHY?
I agree with Hank, the NCC is not there to educate the community in protocols and applications that is the express responsibility of the companies involved. If you are going to start training this kind of thing is should be at the very least on a subscription basis. I for one do not want to fund the education of the entire ripe community. I feel this is wrong, it is not part of our service agreement which is what we pay for, much the same as the test traffic white elephant we funded for years. If the RIPE community feels it needs an internationally run training organisation then maybe the NCC can organise this. The community is not an educational charity, the NCC is not there to help those to learn what the rest already know through hard work and research. Please do not get me wrong I am not against the reason behind the education initiative I am against you using our money to do this, I would prefer to see the money better spent on things we need, like better applications, smaller wait queues, automation to name but a few. The NCC does do a good job of educating the community in NCC interaction which is right and proper use of funds, DNSSEC courses are not.
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Hank Nussbacher" <hank@att.net.il> To: "Pim van Pelt" <pim@bit.nl>; "Stephen Burley" <stephenb@uk.uu.net> Cc: <local-lir@ripe.net>; "Lir-Wg@Ripe.Net" <lir-wg@ripe.net> Sent: Thursday, August 15, 2002 12:35 PM Subject: Re: [lir-wg] DNSSEC training WHY?
At 01:28 PM 15-08-02 +0200, Pim van Pelt wrote:
On Thu, Aug 15, 2002 at 12:08:34PM +0100, Stephen Burley wrote: | Hi | Could someone please tell me WHY we are running free training courses | for DNS? Training how to interact with the NCC and DB i understand, | but dns | i do not. Who made the descision to implement this training and | what grounds | are there for doing this?
As a former student in one of the DNSSEC courses (actually, I have also given one with Olaf Kolkman) I very much welcome the active role of the RIPE folk educating the community with new technological features which might be otherwise implemented/deployed in a wrong way.
I think it is a goal of RIPE to enhance the exchange of expertise and see them in an educating role for their service region.
Then why not give free courses on multicast, MPLS, or XML?
I must add though, that this course is not a DNS course. It aims specifically at deploying DNSSec, rolling over keys, signing zones and what you can expect with the (until so far) not so well documented software available on the marketplace today.
May I ask what exactly is your problem with this type of education ?
By giving free courses, RIPE is using its member fees to subsidize functions that are not in its main charter of business.
-Hank
Perhaps it is tie that RIPE takes part in more training/education aspects such as IPv6 deployment.
groet Pim
-- __________________ Met vriendelijke groet, /\ ___/ Pim van Pelt /- \ _/ Business Internet Trends BV PBVP1-RIPE /--- \/ __________________
Community outreach and education is part of stewardship. Making sure members are knowledgeable about technical issues, allows them to help form better policies.
In the ARIN region, the members recently agreed that training was useful, valuable and they supported it as a good use of time and money.
I'm glad to see the RIR's providing this service. It fosters better involvement and, ummm, NET working, which is better than NOT working :)
:)
john brown
mh
speaking for himself
idem
Community outreach and education is part of stewardship. Making sure members are knowledgeable about technical issues, allows them to help form better policies.
Fine at no cost to those who do not benefit.
In the ARIN region, the members recently agreed that training was useful, valuable and they supported it as a good use of time and money.
No such agreement was made in RIPE region if it was it was not voiced to the comunity at large.
In the ARIN region, the members recently agreed that training was useful, valuable and they supported it as a good use of time and money. No such agreement was made in RIPE region if it was it was not voiced to the comunity at large.
did daniel's message specifically addressing this get caught in your mail filters?
this is part of the DISI activity as specified in the RIPE NCC Activity Plan 2002 which was discussed by RIPE and adopted by the RIPE NCC membership.
randy
On Thu, 2002-08-15 at 14:11, Stephen Burley wrote:
Community outreach and education is part of stewardship. Making sure members are knowledgeable about technical issues, allows them to help form better policies.
Fine at no cost to those who do not benefit.
In the ARIN region, the members recently agreed that training was useful, valuable and they supported it as a good use of time and money.
No such agreement was made in RIPE region if it was it was not voiced to the comunity at large.
Back to Daniel's comment about DISI, which was part of the activity plan 2002, which was accepted by the RIPE NCC membership at the AGM, last October. All RIPE NCC members are entitled to attend and vote. I don't recall UUNET making use of that vote. Nigel
Hi, On Thu, Aug 15, 2002 at 03:11:28PM +0100, Stephen Burley wrote:
Community outreach and education is part of stewardship. Making sure members are knowledgeable about technical issues, allows them to help form better policies.
Fine at no cost to those who do not benefit.
Stephen - everybody benefits if people increase their clue factor about how to run a global network service like DNSSEC. Besides, as Daniel and others pointed out: if you don't want money spent for that, go to the AGM and vote against the budget for DISI. That's what the AGM is for. I, for one, am in favour of things like this. Lack of clue is costing much more than this small fraction of our fees spent on courses. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 46871 (46631) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
On Thu, Aug 15, 2002 at 01:28:00PM +0200, Pim van Pelt wrote:
May I ask what exactly is your problem with this type of education ?
I guess it's the fact that all LIRs pay for what RIPE decides to do for "free". Personally, I think it's a good thing to have a free DNS course, as DNS servers are often horribly misconfigured and the way we use the net depend on them. The DNSSec et al however seems a tad exotic for a community funded course.
Perhaps it is tie that RIPE takes part in more training/education aspects such as IPv6 deployment.
Actually, a lot of RIPE meetings (every?) have a great IPv6 tutorial for just that purpose. I took part in the one in Prague at RIPE-40 and it gave me most of the background I needed to prepare for "my" networks participation in the 6net project. (It didn't prepare me for the anguish I would have to go through to actually _get_ IPv6 addresses, but that's another story.) Peter B. Juul, Uni·C (PBJ255-RIPE)
At 01:08 PM 8/15/2002, Stephen Burley wrote:
Hi Could someone please tell me WHY we are running free training courses for DNS? Training how to interact with the NCC and DB i understand, but dns i do not. Who made the descision to implement this training and what grounds are there for doing this?
Stephen, this is part of the DISI activity as specified in the RIPE NCC Activity Plan 2002 which was discussed by RIPE and adopted by the RIPE NCC membership. I quote the most relevant parts below foir your convenience. The idea of DISI is to promote deployment of security relevant technology **that needs to be deployed in the Infrastructure**, as opposed to technology that is under individual organisation's responsibility. In particular the courses announced deal with DNSSEC technology and are targeted at people thoroughly familiar with DNS itself. They are not general purpose DNS courses. More info about DISI can be found at http://www.ripe.net/ripencc/pub-services/np/DISI/index.html Regards Daniel --------- Deployment of Internet Security Infrastructure (DISI) Security Deployment is a new activity started in late 2000. As the Internet is used for more and more critical applications, security becomes increasingly important. A lot of security technology has recently been developed and now needs to be deployed throughout the Internet Infrastructure [RFC 2828]. Prominent examples are DNSSec [RFC 2535] and IPSec [RFC 2401]. The DISI project will support the RIPE community in deploying these technologies, specifically those technologies that need to be deployed in the Internet Infrastructure itself, rather than at the end sites only. This project initially focuses on DNSsec and will later be expanded to other relevant technologies. As from the RIPE 40 Meeting, the RIPE NCC will start to offer courses on securing a zone using DNSsec. Information and experience will also be gathered by the deployment of the technologies within the RIPE NCC. The information will be shared with the RIPE community in additional workshops and white papers. During the start-up phase of this project, it has become clear that a lot of work still needs to be done on the technology and the implementations before DNSSEC can be deployed in a large scale production environment. The RIPE NCC has therefore set up collaborations with NLnet-labs, Nominum, and other parties interested in these technologies to help improve the deploy-ability of DNSSEC. This is also pursued by active involvement in the relevant IETF working groups. DISI will continue in 2002.
Could someone please tell me WHY we are running free training courses for DNS?
i think you are not reading daniel's comment sufficiently
The idea of DISI is to promote deployment of security relevant technology **that needs to be deployed in the Infrastructure**, as opposed to technology that is under individual organisation's responsibility.
In particular the courses announced deal with DNSSEC technology and are targeted at people thoroughly familiar with DNS itself. They are not general purpose DNS courses.
dnssec will affect the GLOBAL AND RIPE/NCC infrastructure and the ripe members will have to interface with it and coordinate. i.e. ripe/ncc and we will have to change the way we do things. so if ripe/ncc were not to experiment with this stuff and get us ready for it would be irresponsible. randy
Hi
Hi,
Could someone please tell me WHY we are running free training courses for DNS? Training how to interact with the NCC and DB i understand, but dns i do not. Who made the descision to implement this training and what grounds are there for doing this?
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community organization to propose such training... for the benefit of future operation. Kind regards Michael -- Michael Hallgren, http://m.hallgren.free.fr/, MH2198-RIPE (ex-Teleglobe, BB Eng., peering, and such.)
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
At 01:53 PM 8/15/2002, Michael Hallgren wrote:
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community organization to propose such training... for the benefit of future operation.
Thank you for your support Michael. I have also had some private e-mail asking whether the RIPE NCC is 'joining the post September 11 2001 psychosis/bandwaggon'. Before I get any more of this I'd like to make clear that DISI pre-dates September 11 2001 by a fair margin. See: http://www.ripe.net/ripencc/pub-services/np/DISI/Talks/0101_DISI/sld001.html Daniel
I believe that all RIR's should have as one of its missions the providing of education to its members and to the community. By increasing the "CLUE" factor we only help improve the net in general. I'm glad to see RIPE continuing to take a leadership role in this. John Brown Speaking for himself
-----Original Message----- From: owner-lir-wg@ripe.net [mailto:owner-lir-wg@ripe.net] On Behalf Of Daniel Karrenberg Sent: Thursday, August 15, 2002 5:58 AM To: m.hallgren@free.fr Cc: Stephen Burley; local-lir@ripe.net; Lir-Wg@Ripe.Net Subject: RE: [lir-wg] DNSSEC training WHY?
At 01:53 PM 8/15/2002, Michael Hallgren wrote:
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community organization to propose such training... for the benefit of future operation.
Thank you for your support Michael.
I have also had some private e-mail asking whether the RIPE NCC is 'joining the post September 11 2001 psychosis/bandwaggon'. Before I get any more of this I'd like to make clear that DISI pre-dates September 11 2001 by a fair margin. See: http://www.ripe.net/ripencc/pub-services/np/DISI/Talks/0101_DI SI/sld001.html
Daniel
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community organization to propose such training...
I agree but we do not foot the bill, because if thats the case where does it stop as i feel i would like a free course in XML, bluetooth, c++, oracle, sybase, apache, tomcatand the list goes on. If this is whats needed then another organisation needs to be created to meet this need, the NCC is our RIR not our free internet education tool. for the benefit of future operation.
Kind regards
Michael
-- Michael Hallgren, http://m.hallgren.free.fr/, MH2198-RIPE (ex-Teleglobe, BB Eng., peering, and such.)
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
I agree but we do not foot the bill, because if thats the case where does
it
stop as i feel i would like a free course in XML, bluetooth, c++, oracle, sybase, apache, tomcatand the list goes on.
One could argue that DNS(SEC|) could be considered of more immediate common operational importance. One could argue further, that a RIPE training course is of a more informational (BCP, consensus, etc) character.. Right?
If this is whats needed then another organisation needs to be created to meet this need, the NCC is our RIR not our free internet education tool.
I do of course share your opinion that RIPE {c,sh}ouldn't substitute more regular sources of education: academical, vendor's, pay-for or other. And, as you see above, not only because of the funding issue you mention. But, I believe that, well-tuned, training provided by RIPE (or similar organization) serve as a useful complement. mh
for the benefit of future operation.
Kind regards
Michael
-- Michael Hallgren, http://m.hallgren.free.fr/, MH2198-RIPE (ex-Teleglobe, BB Eng., peering, and such.)
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
Stephen, I think you are missing the point. I would not expect the RIR's to teach about C++, Apache, etc.. Bringing courses out on new, relevant topics, new adopted protocols or BCP's is well within the RIR charter, IMHO.. I'm exiting the conversation as it seems to now be thrashing.... john brown speaking for himself
-----Original Message----- From: owner-lir-wg@ripe.net [mailto:owner-lir-wg@ripe.net] On Behalf Of Stephen Burley Sent: Thursday, August 15, 2002 7:04 AM To: m.hallgren@free.fr; local-lir@ripe.net Cc: Lir-Wg@Ripe.Net Subject: Re: [lir-wg] DNSSEC training WHY?
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community
organization to
propose such training...
I agree but we do not foot the bill, because if thats the case where does it stop as i feel i would like a free course in XML, bluetooth, c++, oracle, sybase, apache, tomcatand the list goes on. If this is whats needed then another organisation needs to be created to meet this need, the NCC is our RIR not our free internet education tool.
for the benefit of future operation.
Kind regards
Michael
-- Michael Hallgren, http://m.hallgren.free.fr/, MH2198-RIPE (ex-Teleglobe, BB Eng., peering, and such.)
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
Stephen,
I think (personally, and also hope that RIPE community think) that it's pretty much in line with the idea of a community organization to propose such training...
I agree but we do not foot the bill, because if thats the case where does it stop as i feel i would like a free course in XML, bluetooth, c++, oracle, sybase, apache, tomcatand the list goes on. If this is whats needed then another organisation needs to be created to meet this need, the NCC is our RIR not our free internet education tool.
XML, bluetooth and others can all be independently deployed by organizations. No coordination is needed and if one of them makes a mistake during deployment, all they do is to hurt themselves. This is NOT the case for security technology for the infrastructure structure. Here a certain amount of coordination is needed and one person mis-configuring his part can break the entire chain. The goal of the DISI project is to do this coordination as well as to make sure that the participating organizations have the technical knowledge in house. The DNSSEC courses are organized to accomplish the latter.
No such agreement was made in RIPE region if it was it was not voiced to the comunity at large.
I like to point out that the DISI project was first presented to the community at RIPE37 (Sept'2000) and has always been mentioned at the plenary since then. Courses were mentioned as part of the project from the beginning. I have attended all those meetings but, until today, only had positive feedback on this idea. The project is also mentioned in the activity plans for 2001 and 2002 and those have been explictly approved by the membership. So, while you are certainly entitled to your opinion that the RIPE NCC should not do this project, I don't think that it is fair to say that the RIPE NCC is using membership money to organize courses for its members without asking them first. Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal@ripe.net RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk Singel 258 Phone: +31.20.5354414 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ That problem that we weren't having yesterday, is it better? (Big ISP NOC) NOTE: My email address (and a hole in our mailing list software) is being abused by a spammer. We are working on fixing this hole and tracking the spammer down. If you receive mail from "henk@ripe.net" that is obviously spam, please send me a copy of the mail including ALL headers. I'm sorry for any inconvenience caused by this.
Stephen Burley wrote:
Hi Could someone please tell me WHY we are running free training courses for DNS? Training how to interact with the NCC and DB i understand, but dns i do not. Who made the descision to implement this training and what grounds are there for doing this?
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
Surely this is relevant to NCC operations though. Could DNSSEC not be used in the delegation of in-addr.arpa zone info? And at any rate, I'm all for this as any extra value I get for my LIR subscription fee is fine by me and if it raises the general clue rating of all concerned then I say go for it. <HINT> Of course if no course materialises in the UK(Edinburgh would be nice) then I may not be so enthusiastic. </HINT> Just my 2p's worth! Regards Mark Guz MG241-RIPE Senior System/Network Engineer Scotland On Line.
________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________
.
participants (12)
-
Daniel Karrenberg -
Gert Doering -
Hank Nussbacher -
Henk Uijterwaal (RIPE-NCC) -
John M. Brown -
Mark S. Guz -
Michael Hallgren -
Nigel Titley -
Peter B. Juul -
Pim van Pelt -
Randy Bush -
Stephen Burley