From: Cynthia Revström <me@cynthia.re>
Date: Monday 28 September 2020 at 09:47
To: Erik Bais <ebais@a2b-internet.com>
Cc: Hans Petter Holen <hph@ripe.net>, Members Discuss <members-discuss@ripe.net>, "exec-board@ripe.net" <exec-board@ripe.net>
Subject: Re: [members-discuss] Draft Activity Plan 2021 - RPKI development

Hi,

Dear Hans Petter and fellow members,

In the draft activity plan, there is a page about the current RPKI cost and plans of the further development. 

The plans state on Page 14 - 1.6 RPKI:

6 FTE and a 963.000 euro budget ...

<begin quote>

Activities in 2021
Our priority over the coming period will be ensuring a stable and resilient RPKI Trust Anchor and Certificate Authority.
In 2020, we carried out a third-party security and risk assessment of our RPKI platform. We are now working to define a
complete audit framework for RPKI, with the aim of having the audit performed early next year by a third party. Next year
we will implement changes to our internal processes and documented procedures on the basis of this audit, as well as
things like more granular monitoring and small technical changes that ensure compliance with the relevant RFCs. Aside
from that, we are planning significant improvements in our infrastructure to allow high availability and resiliency for the
RPKI repositories.
In last year’s Activity Plan, we said we would consider whether we should continue to support our RPKI Validator, as it
needed further development to match the quality of alternative tools that were now available. Because our RPKI Validator
remains the second most widely used tool (with 32% “market share”), we decided that we will continue to support it in 2021
and we aim to make a longer-term decision soon.
Finally, we will continue to build awareness of RPKI through training, outreach and promotion efforts.

</end quote> 

I would like to argue that further development of Proof of Concept software (the RPKI validator) isn't required anymore now that there are multiple open source tools available on the market.

The RIPE NCC isn't a software development house .. and I don't recall the RIPE NCC has the planning to become one ...
I would like to see further development of the RIPE NCC RPKI Validator discontinued as of Jan. 1st 2021.

The backend software / infra for the signing of the RPKI environment still needs a lot of work and so does the training (awareness) about RPKI .. so I don't think that the resources or budgeted cost should be reduced, but is needs to be revised...
I think that the efforts should be put somewhere else on RPKI.

That the RIPE NCC RPKI Validator is widely used, is because of the training efforts from the RIPE NCC.. and I think the community is better served with a more open approach about the usage of other validators, instead of trying to keep members to use a Java based software package.

When the RIPE NCC started with the development of the RPKI Validator, there was a lack of other software ... but as things stand today, there are multiple open source implementations and this is a nice moment to go back to the core activity of the RIPE NCC.

I know that with the above, I would probably not give the internal development team enough credits for their work and effort in the past years.
I do value their work to where they brought this, but it is time to put the focus on the core activities like the signing side of the RPKI and a more robust RPKI infra instead of the validation software.   

Regards,
Erik Bais




_______________________________________________
members-discuss mailing list
members-discuss@ripe.net
https://lists.ripe.net/mailman/listinfo/members-discuss
Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/me%40cynthia.re