Friends, On 10/05/2021 13.40, Alun Davies wrote:
The mission critical services the RIPE NCC provides to the Internet community require a solid technical foundation. In this new article on RIPE Labs, Felipe Silveira looks at plans to use cloud infrastructure as a means to that end. The full article is available here:
https://labs.ripe.net/author/felipe_victolla_silveira/rpki-repositories-and-...
I am unable to attend the NCC Services Working Group session at RIPE 82, so I thought that I would say something here. My main concern with moving RPKI repositories and the RIPE Database to the cloud is with the choice of AWS as provider, basically because Amazon is a US-based company. We know that tech companies in the US have handed over data to the US government - sometimes without a warrant, sometimes with. We know that the US law has provisions for secret subpoenas, where a service provider cannot reveal that subpoenas were issued. Using any US-based cloud provider means basically hoping that none of the data that RIPE puts there or the meta-data derived from usage of the service is interesting for any part of the US government. I know all of the big cloud providers are US-based, except for Alibaba Cloud. I would not feel a lot safer with a Chinese-based cloud provider for RIPE data and associated services. Not using one of the big cloud providers means going with smaller cloud providers. I think that's probably fine - the RIPE NCC's requirements are surely quite small, and can surely be met by at least two cloud vendors in Europe. I realize that using a European vendor might not be especially comforting for people outside of the EU sphere of influence. I don't think this can be completely resolved, although since the RIPE NCC is already a Dutch-based member association it should not add much extra legal or technical risk. A separate concern is with vendor lock-in. If the RIPE NCC really deploys their stuff to multiple cloud providers, then this won't be a problem, but the very real, seemingly firm choice of AWS and the hand-waving about what a second provider might look like doesn't fill me with confidence. My own suggestion would be to not use a second provider as a back-up but to run two cloud providers at all times (not necessarily with an equal split of load though). I wasn't sure whether I should bother sending this mail, because I worry that this effort is being run like a Dutch government project. That means that people are fully informed, their opinions are listened to, and then the project proceeds exactly as the government planned without change. 😉 Hopefully that is not the case here. Cheers, -- Shane