On Fri, 2022-04-01 at 01:34 +0300, Serg Galat wrote:
On 23 Mar 2022, at 15:32, Denys Fedoryshchenko <nuclearcat@nuclearcat.com> wrote:
Dear Serg
First, are we seriously discussing topic based on tweet of some random anonymous person??? All this flood based just on that? Please provide more credible and informative source.
All as usual, someone unknown opening a Polichenell's Secret.
Is this enough credible and informative source? https://labs.ripe.net/author/alexander-isavnin/the-russian-sovereign-interne...
Second, i don't think it worth discussion, because only several options are possible: 1)They can make their copy of registry, with more extended data and LIR will maintain their records in RIPE according RIPE rules. Outcome: Thats doesnt change anything for rest of world. Russian operators will have more paperwork 2)They cut LIR from managing resources, and some russian government agency will act as proxy. Outcome: Some headache for RIPE, but for rest of the world data will be consistent, again. 3)They will make their own IP space and live in their own bubble. Outcome: Nobody will peer with Russia as before, likely it will be some sort of NAT to go in/out "Russian intranet".
The first and third are the problem only of Russian LIPs. But my concerns are about the second. How and who validate this data? Russian government? Ok. Will you sure that some IP address and ASn is from some Siberian ISP and not FSB? Do you really think that the FSB will appear only from the subnet where it says FSB, RUSSIA, KREMLIN and at the same time they should wave a Russian flag? Or law enforcement or counterintelligence of any country? Just please, take part in conferences, ask how it all works, so as not to write such nonsense. In cases of some questionable activity, one of the major purposes of
I'm not seeing really anything new here. Yes, the country is plunging into the abyss of bureaucratic procedures that will make telecom operators and content generators less competitive in the global market. But, this is their internal affair and it is up to them to decide how to deal with their internal issues, and not to you or me, foreigners. Very similar questions from government agencies were received, for example, in Lebanon and Turkey, at least, so what? The only difference was that the procedure was done with varying degrees of literacy and automation, and government agencies could be interested in other details. For example, some countries are asking for all customers on the ASN, with their names and phone numbers. For some reason, this did not arouse your sharp interest. the RIPE records is to identify the "legal routes" to real owner of the subnet. But this will not be done by a private person, but by law enforcement, which will specify who exactly was behind this IPv6 address or IPv4 connection tuple. Concluding, if the state where IP addresses are operating does not want to cooperate on some issues, incl. identifying a rogue person, the accuracy of the data in RIPE does not play a significant role.
The only colossal harm to connectivity can be caused by those whose emotional voices are heard here more and more often and who are pushing RIPE to violate the neutrality, with their "ideas" to disconnect someone or take away their addresses. This will end up with regional RIRs losing trust, ceasing to exist and each state will be managing its own address space. In my opinion, this will be the end of the Internet as we know it.
Are you hear this from me? Then why did you say me about? My question is - what will we need to do when this happens? We - I mean internet community. And RIPE NCC in particular.
On Tuesday, March 22, 2022 19:55 EET, Serg Galat <greysticky@gmail.com> wrote:
Dear colleague, Thank you for your opinion. I'm understand you opinion - everything working right until everyone is do everything right. What I fear? I'm wrote about a little before
"Have you understood what was written on the plan-scheme? I let myself to translate records on bottom - "Российские локальные регистратуры должны будут отключиться от международного реестра и переключиться на российский" Russian local registries (LIRs) will have to disconnect from the international registry and switch to the Russian. Are you understand what this means for RIPE/EU community?"
Those. Russian LIRs stop registering and updating their data in the registry? So, what is next? And I'm not at all interested in what they will do in their national registry. And in what form they will use one. But I'm concerned about the validity of the data in RIPEdb.
On Tue, Mar 22, 2022 at 5:21 PM ivaylo <ivaylo@bglans.net> wrote:
Dear Serg, Dear colleagues
I do not know exactly what are the purpose of your questions and fears, but from a technical point of view (for the functioning of the Internet in the region) they are unfounded.
The Internet is a global structure with limited resources. To function this structure, resources _MUST_ be fairly allocated and have a clear and accurate register in which to describe them. This is taken care of by the IANA organization. It delegates the relevant resources based on the requests and needs to the respective RIRs (Regional Internet Registries - RIPE NCC, APNIC, ARIN, LACNIC, AFRINIC). They, in turn, delegate to local Internet registers - LIRs (we). And LIRs delegate resources to the end users. Each LIR is obliged to create and maintain up-to-date records for the resources under its control. And the LIR's records are kept in the database of the respective RIR.
RIRs are required to provide publicly, freely, up-to-date and accurate information on all records in their database so that all Internet participants (routers) can verify that the relevant resources are used by the entity to which they are delegated.
Everyone in the Internet can create their own database of records for Internet resources, the question is whether other participants in the Internet will believe and comply with his data. Every country in the world (in theory) can pass a law or laws that regulate an industry. If the Russian state decides to make its own register, and obliges all operators operating on its territory, OK, it would affect the Internet connectivity in the territory of the Russian Federation (if their DB is out of sync with the rest of the world ). Everyone else in the world will continue to use and trust RIRs databases.
Below I answer your questions from technical point of view...
Ivaylo Josifov VarnaIX / Varteh LTD Varna, Bulgaria
On Mon, 21 Mar 2022, Serg Galat wrote:
Dear Athina,
I have read your reply with great interest. You have done a great job with an impressive result. However, I will allow myself to repeat some of the questions that I am sure the entire community is interested in, and which have not been answered. And so: a) You said "The RIPE Database, along with the equivalent databases of the other RIRs, must remain the authoritative source to determine uniqueness of Internet number resources", when and if russian register with self isolated, will RIPEdb will be authoritative source?
Of course IANA and RIRs DB was,are and always will be authoritative sources.
b) Will it be possible to consider RIPEdb records as valid? Or will part of the registry be compromised? What part? Or the entire registry?
RIPE db was,is,and will be valid except cases when there are technical problems.
c) What action RIPE NCC will do when and if the Russian national register will self isolate from RIPEdb, as they plan. Based on some of their sovereign bills, of course?
Nothing.
And finally, I didn't have this question before, but you said "They told us that their database will have the same data as the RIPE database and it's just for backup" and I want to ask - do you believe them? After the statements of the Russians "we are not going to attack anyone," can they still be trusted now?
As I explained on top, they can do whatever they want with their copy of the db, we do not need to trust anyone else except IANA and RIRs. I do not understand your fear here.
On Mon, Mar 21, 2022 at 5:48 PM Athina Fragkouli <afragkou@ripe.net> wrote:
Dear Serg, all,
I would like to give some background on this matter and describe the RIPE NCC?s view.
We have been closely following legal developments with respect to Russian Internet regulation and provided updates in the past: https://labs.ripe.net/author/maxim_burtikov/russia-regulatory-update/
The creation of a local database of all Internet resources was part of the Russian Sovereign Internet Bill. According to Russian government officials, this was an effort to establish the security and resilience of a ?Russian segment of Internet?.
In February 2021, the RIPE NCC had a discussion with the organisation responsible for implementing the database to learn about the technical details. They told us that their database would have the same data as the RIPE Database and it was only intended as a back-up. They also stated that the RIPE Database would remain the primary source of data. Please note that while we sought to understand the details, the RIPE NCC did not contribute to this work in any way.
It is also worth noting that other governments in our service region also maintain similar databases, whether as back-ups or for other purposes. The RIPE NCC has always understood that governments will want to ensure diligent administration within their territories. We have sought to offer technical knowledge so that these efforts do not have a negative impact on Internet stability.
Our position on this matter has been firm:
The RIPE Database and the other RIR databases remain the authoritative source to determine uniqueness of Internet number resources. It is critical for Internet stability that any databases maintained by governments are consistent with the RIPE Database. Inconsistencies between these various databases and the RIPE Database may have severe consequences for the uniqueness of Internet number resources, which is fundamental for the global Internet.
Having said that, it is true that regulatory developments over the past decade include deliberate efforts to protect or otherwise affect the local Internet infrastructure, and these have the potential to impact our operations even as unintended consequence or side effect.
This concern has been highlighted on multiple occasions at RIPE Meetings and in the RIPE Labs article ?Caught in the Middle: Regulatory Impact and our Mission as the RIPE NCC?:https://labs.ripe.net/author/athina/caught-in-the-middle-regulatory-impact-a... In this article we explained that national or international legislation has already started to interfere with our ability to provide the same services to all RIPE NCC members on an equal basis, and this has the potential to impact the operation of the global Internet and might ultimately lead to fragmentation of the Internet.
As we work to mitigate potential threats to our ability to provide services to our members or to the operations of the Internet, we will keep the following principles in mind:
? The wider Internet governance system is essential to the stability of the global Internet and should not be undermined ? The RIPE Database, along with the equivalent databases of the other RIRs, must remain the authoritative source to determine uniqueness of Internet number resources ? All networks must be able to access Internet resources and related services on an equal basis, regardless of geography
We will share more information about this work with the membership and the community in due course.
Kind Regards,
Athina Fragkouli Chief Legal Officer RIPE NCC
On 17 Mar 2022, at 23:10, Serg Galat <greysticky@gmail.com> wrote:
Dear Athina,
Please take a look here. In my opinion, no one fully understands how it can end for the entire community by implementing such a project.
On Wed, Mar 16, 2022 at 3:53 PM Serg Galat <greysticky@gmail.com> wrote:
Dear Andrzej,
Looks like Russia created its own NIR. Against all policies, as RIPE as global. It was not clear whether this was discussed and agreed with RIPE as RIR. On scheme I saw a broken link to RIPEdb after release. What will be for all other members of all other RIR? Will it be possible to consider RIPEdb records as valid? Or will part of the registry be compromised? What part? Or the entire registry?
DNS and "The Great Russian Fire Wall" - these next questions, but not so critically important, to my mind.
On Wed, Mar 16, 2022 at 10:45 AM Andrzej ?awa <andrzej.lawa@dawis-it.pl> wrote:
W dniu 15.03.2022 o 20:58, Serg Galat pisze:
Dear Andrzej,
I agree with you, but the question is - what's going on?
IP registry separation seems to be not true, however it looks like they will be separating their DNS systems, or at least enforce (within Russia) fake DNS entries for "undesirable" foreign domains. I don't know about IP blacklisting... but it seems their government will try to create something akin to the "Great Firewall of China".
And some big backbone operators are cutting off Russia from their infrastructure.
Usually very active Russian LIRs are unusually silent.
Well, there's this Russian (or maybe Soviet? I can't recall if it originated in pre-revolutionary Russia or later in Soviet Union) saying: "Tisze budiesz, dalsze jediesz". I suspect they don't want to say anything that might get them into trouble - especially since even admitting there's any war going on can land them in jail.
-- tel. 500 206 0268 DAWIS IT Sp. z o.o. z siedzib? w Pruszkowie Adres: ul. Staszica 1, 05-800 Pruszk?w KRS 0000319237 I NIP 5342409456 I REGON 141663620
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.co...
-- Sergey
-- Sergey
-- Sergey
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/ivaylo%40bglans.net
-- Sergey
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/nuclearcat%40nuclearc...
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.co...