Re: [members-discuss] RIPEdb registry need to be ready for separating?
W dniu 15.03.2022 o 11:52, Daniel Kalchev pisze:
So please convince me what is the better course of action.
You essentially want someone else to take responsibility for your own choices and actions.
Sorry, but what have you got against an open debate, weighing options and considering multiple aspects of an issue by multiple people from multiple points of view? I am not an omniscient super-genius - nobody is (duh!) - thus a calm debate weighing all the options considering all available data is the best way to evaluate what is the best solution. Wouldn't you agree?
This might, or might not work. It never works long term.
What might work or not? A debate? It seems calm debate considering all options and facts is the best long term solution.
The Internet community has been working for decades to keep the Internet unified, and especially the IP and DNS registries be unique and unambigous.
I know that. Yet there we are - in a situation where governments want to enforce their own DNS entries.
This is by far not the first time we face such callenge… all previous times were caused by friendly enterpreneurs from “our side”. It was stopped at great cost (manhours spent of thousands of people worldwide to talk it over).
Unfortunately some entities are not capable of talking honestly and in good faith.
There is nothing wrong in Russia setting up their own “mirror” of any registry. As long as we do not cut them from the “original” this is ok and might be for the benefit of everybody. Actually, some European countries have been doing this ever since we had Internet — you probably just didn’t know.
The problem is those are not mirrors - those are fakes. I.e. the Polish regulation (supposedly only to be used to block only gambling sites but is implemented as an administrative decision without any judiciary oversight) is frighteningly similar to what Russia is planning to do with their DNS "mirrors". Not a big problem over here as it is easy for any end user to circumvent... until the government blocks all "foreign" DNS systems (i.e. forces all ISPs to block access to any foreign DNS).
Internet registries are not about politics. If you want your registry to stay stable and not be “fixed” after the next elections, just stay away from politics. This can’t be stressed enough.
Please explain that not to me but to the Russian (and sadly not just Russian) government.
Filtering penetration attempts is an entirely different topic, nothing to do with RIPE (as registry). Everyone does it. It happens all the time and has not increased following recent events. Not only this, but most of those “Russian and Chinese” computers are just victims of someone hacking them. Not only that someone might not be Russian or Chinese, but since these are automated scripts they might not even know they attack you in particular.
Suuuuure.
The right thing to do here is for the RIPE NCC to continue to work with the Russian registries, to make sure they are not diverging. Unfortunately if their government decides they want to diverge - there's nothing we can really do, can we?
-- tel. 500 206 0268 DAWIS IT Sp. z o.o. z siedzibą w Pruszkowie Adres: ul. Staszica 1, 05-800 Pruszków KRS 0000319237 I NIP 5342409456 I REGON 141663620
On 15 Mar 2022, at 21:58, Andrzej Ława <andrzej.lawa@dawis-it.pl> wrote:
W dniu 15.03.2022 o 11:52, Daniel Kalchev pisze:
So please convince me what is the better course of action. You essentially want someone else to take responsibility for your own choices and actions.
Sorry, but what have you got against an open debate, weighing options and considering multiple aspects of an issue by multiple people from multiple points of view? I am not an omniscient super-genius - nobody is (duh!) - thus a calm debate weighing all the options considering all available data is the best way to evaluate what is the best solution. Wouldn't you agree?
Yes. This is precisely what we do here — discuss the matter. It is the only reason I decided to comment.
The Internet community has been working for decades to keep the Internet unified, and especially the IP and DNS registries be unique and unambigous.
I know that. Yet there we are - in a situation where governments want to enforce their own DNS entries.
We should discuss this with our governments. We should educate them. This is something RIPE can do in general and as a group, but also has to be done at local level because often those Government people don’t quite talk outside their own country/language barrier. We also should do this at in the EU (concerning registries that are in EU countries) because it s the EU that passes most such regulations, not individual countries. We actually have a situation like this in the EU: ISPs are asked/required to filter IP addresses and DNS names, redirect traffic etc. This is, both not working (trivial to bypass) and hurting our very society and our very Internet.
There is nothing wrong in Russia setting up their own “mirror” of any registry. As long as we do not cut them from the “original” this is ok and might be for the benefit of everybody. Actually, some European countries have been doing this ever since we had Internet — you probably just didn’t know.
The problem is those are not mirrors - those are fakes. I.e. the Polish regulation (supposedly only to be used to block only gambling sites but is implemented as an administrative decision without any judiciary oversight) is frighteningly similar to what Russia is planning to do with their DNS "mirrors". Not a big problem over here as it is easy for any end user to circumvent... until the government blocks all "foreign" DNS systems (i.e. forces all ISPs to block access to any foreign DNS).
This might, or might not be the case. We do not know what Russia will do out of this. At the very least, they can use it to secure their own part of Internet if there are disruptions. Which in my opinion every country should encourage. Now, we have the same kind of regulations in Bulgarian (unsurprisingly) and, if I may play the Devil’s Advocate for a moment… perhaps Russia is learning all this from us, the “free world of the EU”. So do we blame them for doing what we do, or we are just envious they do it better and more effective than us? </DevilsAdvocate>
The right thing to do here is for the RIPE NCC to continue to work with the Russian registries, to make sure they are not diverging. Unfortunately if their government decides they want to diverge - there's nothing we can really do, can we?
Well.. our governments appear to want that Russia gets isolated and diverge. What can we do? Change our governments? Daniel
Dear Daniel, Have you read what I wrote? Have you understood what was written on the plan-scheme? I let myself to translate records on bottom - "Российские локальные регистратуры должны будут отключиться от международного реестра и переключиться на российский" Russian local registries (LIRs) will have to disconnect from the international registry and switch to the Russian. Are you understand what is this mean for RIPE/EU community? Securing part of their own internet? Ok. But does this mean that Deutsche LIRs, for example, don't send their data to the RIPEdb for the same reason? On Fri, Mar 18, 2022 at 7:34 PM Daniel Kalchev <daniel@digsys.bg> wrote:
On 15 Mar 2022, at 21:58, Andrzej Ława <andrzej.lawa@dawis-it.pl> wrote:
W dniu 15.03.2022 o 11:52, Daniel Kalchev pisze:
So please convince me what is the better course of action. You essentially want someone else to take responsibility for your own choices and actions.
Sorry, but what have you got against an open debate, weighing options and considering multiple aspects of an issue by multiple people from multiple points of view? I am not an omniscient super-genius - nobody is (duh!) - thus a calm debate weighing all the options considering all available data is the best way to evaluate what is the best solution. Wouldn't you agree?
Yes. This is precisely what we do here — discuss the matter. It is the only reason I decided to comment.
The Internet community has been working for decades to keep the Internet unified, and especially the IP and DNS registries be unique and unambigous.
I know that. Yet there we are - in a situation where governments want to enforce their own DNS entries.
We should discuss this with our governments. We should educate them. This is something RIPE can do in general and as a group, but also has to be done at local level because often those Government people don’t quite talk outside their own country/language barrier. We also should do this at in the EU (concerning registries that are in EU countries) because it s the EU that passes most such regulations, not individual countries.
We actually have a situation like this in the EU: ISPs are asked/required to filter IP addresses and DNS names, redirect traffic etc.
This is, both not working (trivial to bypass) and hurting our very society and our very Internet.
There is nothing wrong in Russia setting up their own “mirror” of any registry. As long as we do not cut them from the “original” this is ok and might be for the benefit of everybody. Actually, some European countries have been doing this ever since we had Internet — you probably just didn’t know.
The problem is those are not mirrors - those are fakes. I.e. the Polish regulation (supposedly only to be used to block only gambling sites but is implemented as an administrative decision without any judiciary oversight) is frighteningly similar to what Russia is planning to do with their DNS "mirrors". Not a big problem over here as it is easy for any end user to circumvent... until the government blocks all "foreign" DNS systems (i.e. forces all ISPs to block access to any foreign DNS).
This might, or might not be the case. We do not know what Russia will do out of this. At the very least, they can use it to secure their own part of Internet if there are disruptions. Which in my opinion every country should encourage.
Now, we have the same kind of regulations in Bulgarian (unsurprisingly) and, if I may play the Devil’s Advocate for a moment… perhaps Russia is learning all this from us, the “free world of the EU”. So do we blame them for doing what we do, or we are just envious they do it better and more effective than us? </DevilsAdvocate>
The right thing to do here is for the RIPE NCC to continue to work with the Russian registries, to make sure they are not diverging. Unfortunately if their government decides they want to diverge - there's nothing we can really do, can we?
Well.. our governments appear to want that Russia gets isolated and diverge. What can we do? Change our governments?
Daniel _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.co...
-- Sergey
Serg, I do understand what was written there. I am old enough and when I was a child Russian was one of the foreign languages that was taught in school — everyone my age in Bulgaria knows enough Russian to understand those sentences (knowing something about registries and Internet helps). As it was already pointed out a number of times, what they do in Russia generally affect only their part of Internet. I am all for keeping in touch with those people to see that what they do won’t bring long term harm for their segment of Internet. But ultimately, it is up to Russians to decide how they will organize things there. I am sure you do not want Russia to dictate how you would organize Internet matters in your country. I do understand what "Russian local registries (LIRs) will have to disconnect from the international registry and switch to the Russian.” means. It means that in case Russian LIRs lose connectivity outside of Russia, because for example hostile action of another party or even natural disaster, their services will continue to function. Let’s also not rule out their fears that the RIPE NCC being a subject in an EU jurisdiction might be forced by EU authorities to cut ties with Russia completely — thus effectively diconnecting all their LIRs from services. As I already explained two times, this is the thinrd (and last) — this is done in other European countries and in some countries it is being done ever since we had Internet in Europe. The reason is just that: to preserve the functionality of (at least) your local segment of Internet if the rest of the network has problems (technical, or administrative). Some Internet users, and also service providers have grown to depend way too much on external services, hosted in whatever random places around the world (often unknown). This is not secure, and for years Russia is taking steps to ensure their network does not suffer from such external factors. Apparently, this requires additional resources, and might incur addional costs, which obviously Russians have allocated. Again, this is nothing new, many do it and in my opinion — everybody should be doing it. All of this has nothing to do with the RIPE database. The RIPE database remains authoritative for the portion of address space it was assigned by IANA and IANA remains authoritative for the allocation of address space to the different RIRs. If Russians manage to screw up their copy/proxy of the database it is only their LIRs who will have troubles. We are not in position to require Russian LIRs to disobeys the laws and regulations in Russia. Just as anyone in Russia is not in positon to ask people around the world to disobey local laws and regulations. I think we put too much effort to discuss this topic, but at least hopefully, some people will learn something they ignored until now. It is also good indication we discuss this non-issue, instead of some real problem. Best Regards, Daniel
On 18 Mar 2022, at 19:59, Serg Galat <greysticky@gmail.com> wrote:
Dear Daniel, Have you read what I wrote Have you understood what was written on the plan-scheme? I let myself to translate records on bottom - "Российские локальные регистратуры должны будут отключиться от международного реестра и переключиться на российский" Russian local registries (LIRs) will have to disconnect from the international registry and switch to the Russian. Are you understand what is this mean for RIPE/EU community? Securing part of their own internet? Ok. But does this mean that Deutsche LIRs, for example, don't send their data to the RIPEdb for the same reason?
On Fri, Mar 18, 2022 at 7:34 PM Daniel Kalchev <daniel@digsys.bg <mailto:daniel@digsys.bg>> wrote:
On 15 Mar 2022, at 21:58, Andrzej Ława <andrzej.lawa@dawis-it.pl> wrote:
W dniu 15.03.2022 o 11:52, Daniel Kalchev pisze:
So please convince me what is the better course of action. You essentially want someone else to take responsibility for your own choices and actions.
Sorry, but what have you got against an open debate, weighing options and considering multiple aspects of an issue by multiple people from multiple points of view? I am not an omniscient super-genius - nobody is (duh!) - thus a calm debate weighing all the options considering all available data is the best way to evaluate what is the best solution. Wouldn't you agree?
Yes. This is precisely what we do here — discuss the matter. It is the only reason I decided to comment.
The Internet community has been working for decades to keep the Internet unified, and especially the IP and DNS registries be unique and unambigous.
I know that. Yet there we are - in a situation where governments want to enforce their own DNS entries.
We should discuss this with our governments. We should educate them. This is something RIPE can do in general and as a group, but also has to be done at local level because often those Government people don’t quite talk outside their own country/language barrier. We also should do this at in the EU (concerning registries that are in EU countries) because it s the EU that passes most such regulations, not individual countries.
We actually have a situation like this in the EU: ISPs are asked/required to filter IP addresses and DNS names, redirect traffic etc.
This is, both not working (trivial to bypass) and hurting our very society and our very Internet.
There is nothing wrong in Russia setting up their own “mirror” of any registry. As long as we do not cut them from the “original” this is ok and might be for the benefit of everybody. Actually, some European countries have been doing this ever since we had Internet — you probably just didn’t know.
The problem is those are not mirrors - those are fakes. I.e. the Polish regulation (supposedly only to be used to block only gambling sites but is implemented as an administrative decision without any judiciary oversight) is frighteningly similar to what Russia is planning to do with their DNS "mirrors". Not a big problem over here as it is easy for any end user to circumvent... until the government blocks all "foreign" DNS systems (i.e. forces all ISPs to block access to any foreign DNS).
This might, or might not be the case. We do not know what Russia will do out of this. At the very least, they can use it to secure their own part of Internet if there are disruptions. Which in my opinion every country should encourage.
Now, we have the same kind of regulations in Bulgarian (unsurprisingly) and, if I may play the Devil’s Advocate for a moment… perhaps Russia is learning all this from us, the “free world of the EU”. So do we blame them for doing what we do, or we are just envious they do it better and more effective than us? </DevilsAdvocate>
The right thing to do here is for the RIPE NCC to continue to work with the Russian registries, to make sure they are not diverging. Unfortunately if their government decides they want to diverge - there's nothing we can really do, can we?
Well.. our governments appear to want that Russia gets isolated and diverge. What can we do? Change our governments?
Daniel _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.co... <https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.com>
-- Sergey
The right thing to do here is for the RIPE NCC to continue to work with the Russian registries, to make sure they are not diverging. Unfortunately if their government decides they want to diverge - there's nothing we can really do, can we?
Well.. our governments appear to want that Russia gets isolated and diverge. What can we do? Change our governments?
You don't seem to get it - it is the Russian government that is implementing steps to get isolated and diverged - among others - from RIPE database. So please stop with posing questions based on fiction and express your honest opinion and arguments what would be the best course of action here and now in real world to maintain the network operation and neutrality in the face of what Russia is doing or attempting to do. Frankly what you wrote makes me lean toward the total cut-off solution because they seem to plan an unilateral/partial cut-off anyway and cut-off on our part would at least make hack attempts and messing up data with false information much more difficult for them. But I'm still open to be swayed one way or another by solid arguments what would be better for efficient operation of our Internet infrastructure having in mind that If I had to choose between (a) our network working reliably and safely and (b) being connected with Russia I will definitely vote for the (a) option. -- tel. 500 206 0268 DAWIS IT Sp. z o.o. z siedzibą w Pruszkowie Adres: ul. Staszica 1, 05-800 Pruszków KRS 0000319237 I NIP 5342409456 I REGON 141663620
participants (3)
-
Andrzej Ława -
Daniel Kalchev -
Serg Galat