Re: [members-discuss] [ncc-announce] [news] The Future of the RIPE Database Proxy Service
I can't see a compelling reason to make it into a member-only service, and the existing organisations who use the service seem to gain some value from it, so discontinuing it probably isn't in the best interest of the RIPE NCC's core purpose of being a RIR. As there are only 4 users of the service, there seems little point in charging. I'd be happy to see this turned into a free but contract-based service. Nick On 05/03/2013 10:20, Axel Pawlik wrote:
Dear colleagues,
Following the discussion about the RIPE Database Proxy Service, we have investigated several options for the future of the service. I'd like to first give you an overview of the issue at hand. A detailed analysis is provided below that for those of you who would like to see the finer details.
We are now asking for feedback on this issue from the membership. No actions will be taken regarding the service until an appropriate way forward has been indicated by the membership.
The aim of the RIPE NCC is to keep the registry open and accessible to everyone at all times, just as it always has been. The options are intended to deal with the potential for republishing and possible abuse arising out of that republishing, which the RIPE NCC believes is the core issue at hand.
None of the options we investigated would result in any reduced access to RIPE Database data.
Although they can be carried out in a number of ways, there are three basic options as we see it: - Make it a members-only service - A contractual service (free or paid) - Discontinue the service
Over the next six-week period, ending 15 April 2013, we would like to invite the membership to discuss and provide input on their preferred way forward. The RIPE NCC Executive Board will summarise the discussion and propose a way forward at the RIPE NCC Services Working Group. If a resolution from members is required, it will take place at the General Meeting. In the meantime, the RIPE NCC will continue to offer the RIPE Database Proxy Service free of charge. However, no new contracts for this service will be issued until its status has been resolved.
We therefore urge you to put forward your opinions and preference on how we can best move forward with the RIPE Database Proxy Service by emailing <members-discuss@ripe.net>.
Best regards,
Axel Pawlik Managing Director RIPE NCC
============================ DETAILED ANALYSIS ============================
The Options ----------- Option 1 - The RIPE Database Proxy Service becomes a member-only service
Option 2a - The RIPE Database Proxy Service remains a free contractual service (this is the current situation) Option 2b - The RIPE Database Proxy Service becomes a paid contractual service
Option 3a - Discontinue the RIPE Database Proxy Service (the RIPE NCC is the sole official provider of the RIPE Database web-interface) and retain the query limits Option 3b - Discontinue the RIPE Database Proxy Service and remove the query limits Option 3c - Discontinue the RIPE Database Proxy Service and change the default RIPE Database query not to show any personal data, and allow personal data to be returned only when a special query flag with limits is used.
The RIPE NCC is able to facilitate any of the options presented here. However, the RIPE NCC Executive Board believes that transitioning the RIPE Database Proxy Service to a member service is most closely in line with the way other contractual services have been handled. In addition, incorporating the service into the membership would minimise costs while continuing the service.
General Legal Analysis ---------------------- As noted in the RIPE NCC Data Protection Report, the provision of unlimited access to the RIPE Database could lead to abuse of the personal data in the RIPE Database. In the Acceptable Use Policy, the RIPE NCC clearly defines access limits to the personal data in the RIPE Database. Users exceeding these limits have their access to further personal data blocked for a period of time.
The AUP also takes into account queries made to the RIPE Database through web interfaces hosted by third parties (proxies). The RIPE NCC, through the proxy service, gives the authority to third parties to provide access to the RIPE Database through a web interface they operate. Currently, queries through the proxy service are subject to higher query limits because such interfaces are intended to be used by more than one user. Queries from a proxy will be seen as queries from individual IP addresses and individual query limits for personal data apply.
The RIPE Data Protection Report: http://www.ripe.net/lir-services/ncc/legal/ripe-ncc-data-protection-report
Acceptable Use Policy: http://www.ripe.net/data-tools/support/documentation/aup
Options 1 and 2 - Legal Analysis -------------------------------- There is little difference from a legal point of view whether the proxy service is made available only to members or is a contractual service available to anyone.
A membership agreement has different rights and obligations and strengthens the legal relationship between the RIPE NCC and the other party.
The RIPE Database Terms and Conditions would also need to be updated to include obligations for RIPE Database Proxy service contract holders.
Option 3 - Legal Analysis ------------------------- There are no legal implications for option 3a.
For option 3b, the query limits were put in place to prevent/impede the harvesting and abuse of personal information in the RIPE Database. The Data Protection Task Force (DPTF) considered this an effective and appropriate part of the RIPE NCC's due diligence. Almost five years after the implementation of this measure, the RIPE community could reassess the effectiveness and proportionality of having query limits. If the measure is deemed to be ineffective and disproportionate, the RIPE NCC could remove query limits.
Option 3c offers the best data protection from a legal perspective. This option would limit direct personal data exposure while retaining the query limit. However, from a functionality perspective, this might not be wanted.
Option 1 - Administrative and Technical Analysis ------------------------------------------------ This option would have little administrative impact. Administrative processes are already in place, including a proxy agreement for members. Signing up for the service could in the future be integrated in the LIR Portal, removing any need for manual processing of requests. The RIPE NCC website and publications would need to be updated. All customers would need to be informed.
Option 2 - Administrative and Technical Analysis ------------------------------------------------ This option would involve more administrative overhead for the RIPE NCC. The proxy service contract holder list would need to be managed manually, or software would need to be developed for this purpose. All contract holders would need to be informed and new agreements would need to be drawn up and sent to the users. The RIPE NCC website and publications would need to be updated. If the service remains free, no further administrative work would be needed.
Option 3 - Administrative and Technical Analysis ------------------------------------------------ This option would involve the least amount of work for the RIPE NCC. There would be a small amount of temporary administrative work, including contacting customers to inform them of the action and removing references to the service from the website and publications.
General Financial Analysis -------------------------- Generally speaking, the financial impact is minimal. The total costs and the additional revenue is low in all scenarios. The cost to maintain the service from a technical perspective are low, although it adds complexity to the overall RIPE Database software and requires some level of additional maintenance. It is difficult to quantify this indirect cost, but it is contrary to RIPE NCC efforts to clean up legacy software and complexity.
The additional revenue resulting from option 1 would, given the current number of active users of the service, be in the range of 5-10 kEUR per annum (there are currently four users).
For option 2b, if the fee was to cover the costs of the service including administration and other related overheads, with there being so few users the fee would probably be higher than the current membership fee.
In the other scenarios, the additional revenue is irrelevant.
Your Feedback ------------- Again, we need your input and ask that you discuss this service and make your opinion known. You can give your feedback by mailing <members-discuss@ripe.net>.
Hi Nick,
I can't see a compelling reason to make it into a member-only service, and the existing organisations who use the service seem to gain some value from it, so discontinuing it probably isn't in the best interest of the RIPE NCC's core purpose of being a RIR. As there are only 4 users of the service, there seems little point in charging. I'd be happy to see this turned into a free but contract-based service.
I fully agree. Sander
On 9 mar 2013, at 12:12, Sander Steffann <sander@steffann.nl> wrote:
Hi Nick,
I can't see a compelling reason to make it into a member-only service, and the existing organisations who use the service seem to gain some value from it, so discontinuing it probably isn't in the best interest of the RIPE NCC's core purpose of being a RIR. As there are only 4 users of the service, there seems little point in charging. I'd be happy to see this turned into a free but contract-based service.
I fully agree.
I fully agree with this as well! Best regards, - kurtis - --- Kurt Erik Lindqvist, CEO kurtis@netnod.se, Direct: +46-8-562 860 11, Switch: +46-8-562 860 00 Franzéngatan 5 | SE-112 51 Stockholm | Sweden
Hi, On Sat, Mar 09, 2013 at 12:02:37AM +0000, Nick Hilliard wrote:
I can't see a compelling reason to make it into a member-only service, and the existing organisations who use the service seem to gain some value from it, so discontinuing it probably isn't in the best interest of the RIPE NCC's core purpose of being a RIR. As there are only 4 users of the service, there seems little point in charging. I'd be happy to see this turned into a free but contract-based service.
Seconded: free but contract-based. (I said so already when the sh*t hit the fan, but for the sake of the archives...) Gert Doering -- RIPE member, happy to subsidize this for 4 users of the service -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Mar 9, 2013, at 01:02, Nick Hilliard <nick@netability.ie> wrote:
I can't see a compelling reason to make it into a member-only service, and the existing organisations who use the service seem to gain some value from it, so discontinuing it probably isn't in the best interest of the RIPE NCC's core purpose of being a RIR. As there are only 4 users of the service, there seems little point in charging. I'd be happy to see this turned into a free but contract-based service.
A reality check? Are we seriously having a multi-month discussion involving numerous emails from the CEO of the RIPE NCC about a service that has *four* active users? This while services that have untold millions of users still have outages because of silly things like partial zone files being deployed? Is there some compelling advantage to the RIPE NCC membership or greater internet community in keeping the Proxy Service alive? If not, shall we just pull the plug on it? Alex Le Heux Kobo Inc. -- Alex Le Heux | aleheux@kobo.com | Kobo Inc
On 11/03/2013 14:27, Alex Le Heux wrote:
Are we seriously having a multi-month discussion involving numerous emails from the CEO of the RIPE NCC about a service that has *four* active users?
If this were a commercial organisation and if it were my choice, I would pull the plug tomorrow. Actually, I would have pulled it years ago because I have a strong dislike for underused fossils, particularly those which actively cost time and resources to maintain. But it's not a commercial organisation - it's a monopoly whose purpose is to serve a bunch of people what they want to be served on the basis of general bottom-up consensus, and the rules are different. Unfortunately, it seems there was a top-down cockup which spilled into nanog-l and caused a small amount of froth to fly. When this happens, it's sensible to put your hand up and confess that yes, there was a cockup and there were no bad intentions and that as a matter of good will to the community, whatever was done would be undone. Otherwise, it will be remembered years later that the RIPE NCC did all of this mean, bad and horrible stuff to the community once upon a time and they're a monopolistic power hungry bunch, not answerable to the community and yadda-yadda-yadda. Fortunately, this reaction is as avoidable as it is predictable. The RIPE NCC have done the right thing by going back to their membership and asking them for consensus on a policy. I put forward a particular opinion on the basis that it's probably best right now to go back to the original configuration (i.e. contract/free in this case) and leave things settle down for a while so that people realise that the RIPE NCC is not the enemy. Some time down the road, I'd probably be quite supportive of the idea of asking the RIPE NCC to approach the 4 existing users of the service and ask them if there was any other way that their requirements could be facilitated which involved lower overhead/cost. I.e. engagement with user community, followed by general consensus, followed by action which has broad support from constituency. Otherwise I agree that this is a storm in a teacup which merits only a tiny fraction of the amount of attention it's getting. How are you enjoying consensus from the other side, then? :-D Nick
not entirely sure what a 'ripe database proxy service' would be... but it sounds like one of those 'too much fucking info' things that once were in fashion when the internet was a bunch of dusty nerds... and the only threat was a bunch of scriptkiddies in poland. and now, its a hostile environment and any 'database' should be closed access only. as seriously, if people wanna harras your clients, or even worse (and wrongly: you) at least they should take the time and effort to get proper court orders... not just do a 'whois' on some database which should not even exist anymore due to the fact that its not compliant with ANY applicable privacy laws. -- MINISTRY OF TELECOMMUNICATIONS AND FOREIGN AFFAIRS ================================================== Government House, One CyberBunker Avenue, RCB-31337, Republic CyberBunker. On Mon, 11 Mar 2013, Nick Hilliard wrote:
On 11/03/2013 14:27, Alex Le Heux wrote:
Are we seriously having a multi-month discussion involving numerous emails from the CEO of the RIPE NCC about a service that has *four* active users?
If this were a commercial organisation and if it were my choice, I would pull the plug tomorrow. Actually, I would have pulled it years ago because I have a strong dislike for underused fossils, particularly those which actively cost time and resources to maintain. But it's not a commercial organisation - it's a monopoly whose purpose is to serve a bunch of people what they want to be served on the basis of general bottom-up consensus, and the rules are different.
Unfortunately, it seems there was a top-down cockup which spilled into nanog-l and caused a small amount of froth to fly. When this happens, it's sensible to put your hand up and confess that yes, there was a cockup and there were no bad intentions and that as a matter of good will to the community, whatever was done would be undone. Otherwise, it will be remembered years later that the RIPE NCC did all of this mean, bad and horrible stuff to the community once upon a time and they're a monopolistic power hungry bunch, not answerable to the community and yadda-yadda-yadda. Fortunately, this reaction is as avoidable as it is predictable.
The RIPE NCC have done the right thing by going back to their membership and asking them for consensus on a policy. I put forward a particular opinion on the basis that it's probably best right now to go back to the original configuration (i.e. contract/free in this case) and leave things settle down for a while so that people realise that the RIPE NCC is not the enemy.
Some time down the road, I'd probably be quite supportive of the idea of asking the RIPE NCC to approach the 4 existing users of the service and ask them if there was any other way that their requirements could be facilitated which involved lower overhead/cost. I.e. engagement with user community, followed by general consensus, followed by action which has broad support from constituency.
Otherwise I agree that this is a storm in a teacup which merits only a tiny fraction of the amount of attention it's getting.
How are you enjoying consensus from the other side, then? :-D
Nick
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
not entirely sure what a 'ripe database proxy service' would be... but it sounds like one of those 'too much fucking info' things that once were in fashion when the internet was a bunch of dusty nerds... and the only threat was a bunch of scriptkiddies in poland. and now, its a hostile environment and any 'database' should be closed access only.
as seriously, if people wanna harras your clients, or even worse (and wrongly: you) at least they should take the time and effort to get proper court orders... not just do a 'whois' on some database which should not even exist anymore due to the fact that its not compliant with ANY applicable privacy laws.
I might have phrased it a little less politely, but wholeheartedly agree with the sentiment. It's already bad enough with a-n-other-supplier going down your ripe AS membership list trying to flog cr@p to your clients, when said supplier is an LIR, having every nut on the planet doing so is going to get very very very tiresome and simply lead to people not putting anything in the RIPE-DB in the first place (as most have already decided) Time to drop something which is only used by 4 people - some of whom aren't even members Rob
On 11/03/2013 14:27, Alex Le Heux wrote:
Are we seriously having a multi-month discussion involving numerous emails from the CEO of the RIPE NCC about a service that has *four* active users?
mmm, looks like your original email never arrived on the members-discuss mailing list, even though it was cc:'d there. Nick
On Mar 13, 2013 10:44 PM, "Alex Le Heux" <aleheux@kobo.com> wrote:
This while services that have untold millions of users still have outages because of silly things like partial zone files being deployed?
Is there some compelling advantage to the RIPE NCC membership or greater internet community in keeping the Proxy Service alive? If not, shall we just pull the plug on it?
With your RIPE hat on, do you think there would be an operational advantage in getting rid of this service? This would be an extremely important data point (which I would have missed) and would switch my vote to switching it off immediately. I suspect that's the case for most people. Let the bikeshedding continue, Richard Sent by mobile; excuse my brevity.
On Mar 14, 2013, at 07:26, Richard Hartmann <richih.mailinglist@gmail.com> wrote:
On Mar 13, 2013 10:44 PM, "Alex Le Heux" <aleheux@kobo.com> wrote:
This while services that have untold millions of users still have outages because of silly things like partial zone files being deployed?
Is there some compelling advantage to the RIPE NCC membership or greater internet community in keeping the Proxy Service alive? If not, shall we just pull the plug on it?
With your RIPE hat on, do you think there would be an operational advantage in getting rid of this service?
I don't have a RIPE NCC hat anymore, so I can't help you there :) The way I see it is this: - This service has four active users, as near to zero as makes no odds. - The benefit to the RIPE NCC membership, who pay for this, is unclear. - The benefit to the greater internet community, the other big reason for the RIPE NCC to do things, is also unclear. - At least some of the uses for the Proxy Service look like they can be done with the REST API and some fancy javascript. What I don't know is: - How much work is it for the RIPE NCC to keep the Proxy Service running and maintain it and what this costs - What the cost is of dealing with all the legal and contract issues that surround it - What the cost is of this discussion Unless the sum of these is very close to zero, as a member of both the RIPE NCC and the internet community, I would like to see the Proxy Service discontinued. Perhaps I'm wrong though, perhaps there is some Great Need out there that is being fulfilled by this. If there is, please point it out to me and I'll crawl back under my rock. Alex
Le 14/03/2013 12:38, Alex Le Heux a écrit :
Unless the sum of these is very close to zero, as a member of both the RIPE NCC and the internet community, I would like to see the Proxy Service discontinued.
Perhaps I'm wrong though, perhaps there is some Great Need out there that is being fulfilled by this. If there is, please point it out to me and I'll crawl back under my rock. At a first glance, my feeling was : close it. But Alex is right. The real point is: how much does this service costs to RIPE versus what is its usefulness for the community ?
If the answer is "It has a real cost and it's interesting for a very few organisations only", the answer should be "Close it". If the answer is "It really cost very few _OR_ it may have a great interest for a lot of organisations", the answer should be "keep it", may be under the umbrella of a specific contract (which again has a cost !). Regarding the cost, only RIPE peoples can answer... -- Francis
participants (7)
-
Alex Le Heux
-
Francis GASCHET
-
Gert Doering
-
Kurt Erik Lindqvist
-
Nick Hilliard
-
Richard Hartmann
-
Rob Golding
-
Sander Steffann
-
Sven Olaf Kamphuis