Hi Nick,

On 29 Sep 2020, at 17:06, Nick Hilliard (Network Ability Ltd) <nick@netability.ie> wrote:


Hi Hans Petter,

couple of queries here.

1. RIPE atlas measurements are growing much faster than ripe probe / anchor deployment. In addition, some of the older deployed probe stock is decaying.  Is the capex allocation of €130k enough expenditure as part of the long term funding plan for Atlas to ensure that the current rate of increase of measurements can be sustained in the long term?

Yes. 
In terms of measurements data storage and processing, we are aiming to migrate live storage and processing of the ever-growing dataset to the cloud (with proper in-house, offline backup plans). That significantly reduces the investments required for that part.

Next to introduction of Software Probes and on replenishing the hardware probe network and keeping up and growing with new or uncovered ASes, so far we have generally relied on contributions from our sponsors. We are currently developing mid- and long-term plans for the supply of hardware probes, and we will inform the community and our membership as soon as we complete our proposal.


2. IT security: presumably this encompasses RPKI TA and hosted CA security management too?

No.
The security budget is not fully centralised. The costs for RPKI TA and hosted CA security management is budgeted as part of the RPKI budget.

3. RIPE Chair Team: the allocation of €205k for Chair, Vice Chair and travel + subsistence looks surprisingly low given that the average personnel cost per FTE is listed as €102k.  Separately, the board committed to ensuring independence of the RIPE Chair Team from the NCC. Can you provide information on how this independence will be maintained, and also reassurance that the RIPE Chair Team remuneration package has been designed or at least reviewed by an independent third party to ensure that it's appropriate for the positions?

The remuneration component of the package covers the RIPE Chair but not the Vice Chair. Travel and expenses for both are covered, however. The travel expense budget is based on the travel expense budget for the previous RIPE Chair. For 2021 we have only budgeted for travel 75% of the previous years.

The contract between the RIPE Chair and the RIPE NCC has been negotiated between the RIPE Chair and the RIPE NCC Executive board represented by the Chair and Treasurer. The contract includes multiple clauses that enforce the separation of the Chair position from influence by the RIPE NCC and its board. This contract has been reviewed by external legal experts for compliance with Dutch labour laws.

The remuneration package is aligned with the RIPE NCC salaries which have been benchmarked by an external party.

4. Software development: there's been some discussion about the RPKI validator.  One issue that hasn't been touched on is the RIPE NCC's general involvement with software development where there are other third party packages available on a commercial or commercially-supported basis.  This is an issue that was raised before (many years ago), specifically in the context of development of DNS software.  Can you provide some info on what the RIPE NCC's governing policies are in this area?

In this case, we follow the RIPE NCC’s roles and responsibilities as laid out here:
https://www.ripe.net/about-us/what-we-do/ripe-ncc-association-roles-and-responsibilities

We do not have specific policies for software development. Such decisions are made in consultation with the board and community. From what I recall there was no other viable RPKI validator when we started this development work, so an investment to bootstrap the whole system was needed. 

5. E-voting: as there are no alternatives in the short-term future, has the RIPE NCC confirmed that the E-voting platform will be fully GDPR compliant for the upcoming GM and also on Jan 1, 2021?  I.e both in terms of potential brexit outcomes and also in terms of transatlantic data transfer following the Schrems 2 ruling.

The e-voting platform for the upcoming GM is GDPR compliant. Our third-party platform provider has confirmed that no personal data is transferred to the USA, therefore the recent Schrems II ruling does not have an impact in our relationship. Regarding the legal implications due to Brexit, we are following the relevant developments. When the data protection legal framework is clarified, we will make sure that all amendments necessary are performed in order to comply with the law.


I hope this answers your questions, but are happy to further clarify if needed.

Hans Petter Holen

Managing Director,
RIPE NCC