Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).

Dear all, For those that haven't seen the post by the RIPE NCC on the website ( https://www.ripe.net/internet-coordination/news/ripe-ncc-receives-communicat ion-from-united-against-nuclear-iran-uani ) If it wasn't written so seriously and someone would have told me this over a beer, I would actually have laughed and thought it was a joke. However as I read this not so funny letter from a former political diplomat, I probably missed the point when the RIPE GM meeting has become the location for political lobbyist to do their work and try to influence connectivity on the internet. I mean .. If the plan is to revoke all Iranian IP addresses, how would $Goverment get the next Stux malware updated to attack said plants. So, all jokes aside, what is the reply that is provided to the writer and if he would show up at the RIPE meeting, will he be provided any room to discuss the topic and will the request for a resolution be discussed during the GM meeting? Kind regards, Erik Bais

On 18 Sep 2012, at 22:40, Erik Bais wrote:
So, all jokes aside, what is the reply that is provided to the writer and if he would show up at the RIPE meeting, will he be provided any room to discuss the topic and will the request for a resolution be discussed during the GM meeting?
This is why Axel, Nigel and Rob earn the big bucks. :-) I am sure they will be arranging a suitable response to Ambassador Wallace and this will involve discussion with the NCC's lawyers and the Dutch government. We should leave them to get on with it. Once there's anything significant to report, I'm sure we'll hear about it at RIPE65 and/or on the mailing lists. Ambassador Wallace is of course welcome to attend the RIPE meeting and request agenda time to discuss whatever takes his fancy, just like President Ahmadinejad or anybody else. If they ask Axel nicely, they can attend the GM as observers. I very much doubt Ambassador Wallace or President Ahmadinejad represents an NCC member (or would be a proxy for one) and be automatically entitled to attend the GM. UANI's resolution almost certainly can't be discussed at next week's GM. The NCC's Articles of Association (http://www.ripe.net/ripe/docs/ripe-534 ) clearly state the requirements for a GM resolution. See Article 15.6 and 15.7. Resolutions have to be sent to the membership at least 2 weeks before the GM. They also need to have the support of 2% of the membership. It's not clear if UANI has lined up that support. Or if those members have submitted a resolution in time. If you're an LIR -- I'm not -- you would have been notified about that GM resolution by now. FWIW, there are so many things wrong with the Ambassador's letter, there's no point discussing it here. That discussion would be unhelpful and counter-productive too. Ambassador Wallace is no longer in office, so it's not clear if he's acting on behalf of the US government or what influence he has there. He would have left USG when President Obama was elected and the officials appointed by his predecessor were replaced. UANI seems to be a pressure group with powerful and influentual friends. Its boards have quite a few ex-heads of western intelligence services, Tony Blair's Downing Street Chief of Staff, etc. UANI's web site says it has been able to get multinational companies to stop doing business with Iran. So this situation is going to need very, very careful handling. IMO we should trust this to RIPE (NCC) management and their legal advisers. It's why they're there to represent us. We can also expect more of these layer 10 and up issues in the years ahead. Sign of the times I suppose. Hey it could be worse. Imagine ARIN's problems because of USG policy on Cuba.

Hi Jim, all - On 19.09.2012 03:22, Jim Reid wrote:
[...]
IMO we should trust this to RIPE (NCC) management and their legal advisers. It's why they're there to represent us.
I wholeheartly agree with this last paragraph and everything before it. Best, Carsten

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I reply on list as I'm a little upset on this. This simply isn't the job of the world-wide-web to enforce political interests and it would be fully wrong to do that! And it's against the democracy, the Internet and what "freedom of speech" stands for! Because if one re-thinks very closely, thats whats terrorists are about: tear down our lives to fear, "over-control" and close to dictatorial systems. Do we want that? I say no. Now, I have to point out that I'm rather atheist, not christian, not muslim, nor jew (ok, rather christian but more due to my understanding of values I learned when I grew up) I'd *never* say that I agree with what the Mullahs (German, sorry found no translation: "Turban-Flattermänner") actually do BUT: This is nothing to be solved by us at all on the net! The Internet is open - and thats a very, very good thing at first, second and third. The regime there already does massive intrusion as we know (we delivered the technology to enable that, CA's all over the world are willing to sell certificates for *.* etc .- thats something better to fight against! cause thats very ridiciculous! RIPE-Community should be a really trusted CA i.e.) But to block them by IP would also mean to block any other opinion there.. I'm not very political but I'm sure there *are* other opinions also there. The more interesting question would be: who sent that? I'd guess on someone that wants to drive a war forward, when we read that, we should be aware of this matter.. I wouldnt under-estimate intelligence services, they did much greater Jobs in the past (Stuxnet) than blending the public like this.. Please: Dont get me wrong! but in ncc-services-wg we're also not in the club of "USA/Israel just wants to bomb out Iran and tries to find better reasons" ;) So basically this is fully OT - and the request from "UANI" even worse OT. Finally, I wonder why this fax hasnt just been sent to the bin without any notice.. Though, it's interesting to find out who stands behind that ;) Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBZJOEACgkQaWRHV2kMuAI8ygCcCgb/vaayWaKsoQJkE5tjSvZv tZYAn3mn7yF97m4UxNjUPlMc0+W3dLtb =APGq -----END PGP SIGNATURE-----

Michael, could we *PLEASE* refrain from using taunting descriptions for (groups of) people like the following: On 19.09.2012 03:50, Michael Markstaller wrote:
I'd *never* say that I agree with what the Mullahs (German, sorry found no translation: "Turban-Flattermänner") actually do BUT:
and strictly stick to facts and matters at hand instead?! Thank you, Carsten

On 18/09/2012 22:40, Erik Bais wrote:
So, all jokes aside, what is the reply that is provided to the writer and if he would show up at the RIPE meeting, will he be provided any room to discuss the topic and will the request for a resolution be discussed during the GM meeting?
Lawyers have been consulted. The reply was "Thanks for your fax". As Jim has pointed out there can't be a GM resolution raised as we are too late to change the agenda (Articles of Association rules). And unless Ambassador Wallace is associated with a RIPE NCC member he needs to ask me (not Axel) for permission to attend, as an observer (which means he can't speak). I would, of course, give the request due consideration. I expect there will be more on this next week at the NCC Service WG. All the best Nigel

On 18/09/2012 22:40, Erik Bais wrote:
So, all jokes aside, what is the reply that is provided to the writer and if he would show up at the RIPE meeting, will he be provided any room to discuss the topic and will the request for a resolution be discussed during the GM meeting?
The only relevant issue here is whether the RIPE NCC is in compliance with Dutch / EU law regarding the sanctions. No doubt the NCC's lawyers and the Dutch Ministry of Foreign Affairs will be able to provide a conclusive answer, and that we will be informed shortly. Regarding a presence at either the RIPE meeting or the GM, I see no particular reason to treat UANI differently to anyone else. I.e. as Jim noted, they are welcome to register, pay for and attend the RIPE meeting and even request observer status at the GM on the discretion of the board. But I'm not sure on what basis they are demanding that the GM hold an emergency debate on something which is a matter of legal procedure, when it is currently unclear what the RIPE NCC's legal obligations are on the matter. Nick

Hi Nick, all - On 19.09.2012 11:42, Nick Hilliard wrote:
On 18/09/2012 22:40, Erik Bais wrote:
So, all jokes aside, what is the reply that is provided to the writer and if he would show up at the RIPE meeting, will he be provided any room to discuss the topic and will the request for a resolution be discussed during the GM meeting?
The only relevant issue here is whether the RIPE NCC is in compliance with Dutch / EU law regarding the sanctions. No doubt the NCC's lawyers and the Dutch Ministry of Foreign Affairs will be able to provide a conclusive answer, and that we will be informed shortly.
Regarding a presence at either the RIPE meeting or the GM, I see no particular reason to treat UANI differently to anyone else. I.e. as Jim noted, they are welcome to register, pay for and attend the RIPE meeting and even request observer status at the GM on the discretion of the board. But I'm not sure on what basis they are demanding that the GM hold an emergency debate on something which is a matter of legal procedure, when it is currently unclear what the RIPE NCC's legal obligations are on the matter.
once more: I fully agree with this approach. Pressing people to do something always needs two parties: those that press and those that allow to be pressed. The RIPE NCC and its mmbers being the latter should stay firm here. Besides this, I find it remarkable that despite all these efforts and background research they seem to have put in this, they obviously still are under the assumption that the RIPE NCC has anything to do with - or at least influence on - TLDs in general, ccTLDs in particular and/or specifically the .ir ccTLD. Best, Carsten

On Wed, Sep 19, 2012 at 10:42:32AM +0100, Nick Hilliard wrote:
Regarding a presence at either the RIPE meeting or the GM, I see no particular reason to treat UANI differently to anyone else. I.e. as Jim noted, they are welcome to register, pay for and attend the RIPE meeting and even request observer status at the GM on the discretion of the board. But I'm not sure on what basis they are demanding that the GM hold an emergency debate on something which is a matter of legal procedure, when it is currently unclear what the RIPE NCC's legal obligations are on the matter.
The NCC PR states that they've been in contact with the Dutch trade ministry and are in compliance with regs so far. However, depending on how things play out on the geopolitical stage, this may not always be the case. Wouldn't it be interesting to hear a talk some time on the subject from RIRs who've already had to deal with these situations? Maybe ARIN (Cuba) or APNIC (North Korea)? rgds, Sascha Luck

On 19.09.2012 12:02, Sascha Luck wrote:
The NCC PR states that they've been in contact with the Dutch trade ministry and are in compliance with regs so far. However, depending on how things play out on the geopolitical stage, this may not always be the case. Wouldn't it be interesting to hear a talk some time on the subject from RIRs who've already had to deal with these situations? Maybe ARIN (Cuba) or APNIC (North Korea)?
+1 I'd be very interested to hear some more details here from the ARIN and/or APNIC colleagues. Thanks and best, Carsten

Hi, On Wed, Sep 19, 2012 at 11:59:52AM +0200, Carsten Schiefner wrote:
I'd be very interested to hear some more details here from the ARIN and/or APNIC colleagues.
+1 Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Hi Erik, et al, Aside from the initial reactions, I believe this discussion should happen very soon. My personal view on Internet-resources is about equal to other resources such as metal or stone. You can build bridges from steel or swords to create weapons. If we let IP/The Internet in general be mistaken as a aid for creating weapons - or even consider it a weapon (which is not too far away, if we consider the current level of cyber warfare) then WE as human race are in deep trouble. The Internet should help to overcome language and distance barriers for communications, which is an essential desire. We can and should not let organizations, be it the UANI, goverments or military organization let dictate WHAT and HOW to use this infrastructure. IMHO it is the most demographic tool we have today in order to communicate quick and effective - with minor censorship. Even China is learning that their firewall maybe getting WAY too big too handle soon. Simply filtering "Ferrari" in search-terms simply doesn't cut it in order to betray their own people. I believe it's time to get up and find supporters to continue the free Internet as we have known it for almost 30 years now. Best regards, Kurt Kayser

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19.09.2012 09:31, Carsten Schiefner wrote:
Michael,
could we *PLEASE* refrain from using taunting descriptions for (groups of) people like the following:
Agreed, yes, sorry for that. But the subject drove me to such words.. The content of this letter that ridiculous, that it's very hard to find the right words. (I still think it should have just put into the bin, without even thinking or talking about in the free part of the world) I still havent understood, why the author of this braindead letter is quoted as "ambassador" (ambassador for whom or what??) If one founds "United against wasting IPv4" now and calls himself ambassador, would it be taken serious? On 19.09.2012 14:47, Kurt Kayser wrote:
.. I believe it's time to get up and find supporters to continue the free Internet as we have known it for almost 30 years now. +1
If a court decides that (any!) RIR/LIR has to block a country based on trading-laws (or smthg. like that) the Internet begins to fail. This won't happen, I'm pretty sure about that! (and its also still useless as criminal minds will find a "workaround") But where if not here, could this be clearly said and discussed.. Michael PS/BTW, back on topic of this ML: this popped up during this discussion in my brain, thinking about the real backgrounds: Anyone who thinks it's useful to talk about (long-term!) Root-CA services by (RIR)/RIPE? Instead of commercial instances that just print money and sell them in case without anything (just price) to dictators like *.google.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBZ4bQACgkQaWRHV2kMuAKBQwCg6b2nRVvOl5OgMte4Ii/SjzBc cm8AoIObWhIOtnwbiMkry3GAdI7DgfFP =qMLo -----END PGP SIGNATURE-----

Michael Markstaller wrote:
On 19.09.2012 09:31, Carsten Schiefner wrote: [...] If a court decides that (any!) RIR/LIR has to block a country based on trading-laws (or smthg. like that) the Internet begins to fail. This won't happen, I'm pretty sure about that!
You may be in for a nasty surprise :-( Courts to not understand the 'net, neither technically, nor socially or otherwise.
(and its also still useless as criminal minds will find a "workaround")
That's a non-issue amongst lawyers and courts, unfortunately. Sigh...
But where if not here, could this be clearly said and discussed..
Michael
Wilfried

Michael Markstaller wrote: [...]
Anyone who thinks it's useful to talk about (long-term!) Root-CA services by (RIR)/RIPE?
Caveat: very personal and non-PC point of view! I consider the whole concept of tree-structured CAs an architectural failure. With that in mind, I do not want to see the NCC drawn into that swamp. It just increases the NCC's attack surface. The NCC will be forced to deal with quite a big number of these fundamental issues eventually, within the context of RPKI, though...
Instead of commercial instances that just print money and sell them in case without anything (just price) to dictators like *.google.com
Any attempt to manage trust as a commodity and to sell it in a competitive market, where the majority of customers and consumers (with a broad definition of both) do not understand the technology and the risks - is doomed to fail. Unfortunately, I do not have a workable, scalable alternative solution to propose :-( Wilfried.

On 19.09.2012 17:49, Wilfried Woeber wrote:
Michael Markstaller wrote: [...]
Anyone who thinks it's useful to talk about (long-term!) Root-CA services by (RIR)/RIPE?
Caveat: very personal and non-PC point of view!
I consider the whole concept of tree-structured CAs an architectural failure. With that in mind, I do not want to see the NCC drawn into that swamp. It just increases the NCC's attack surface.
Well, let me draw a little picture of what I'd think of: Currently: - most "trusted" root-CAs in browsers are out of any control, thats bad, big failure (as we can see when they sell certificates to dictators for "monitoring"-purposes) - anyone can get a cert for gurgleme.com ;) I dont trust any of them.. And no user will ever verify fingerprints etc.. Future(?): - After many years, only really trusted, community-controlled (in terms of what they are allowed to do) are accepted anymore, at least in sensitive environments. - Certificates are only given out based on a (human!) decision based on policies, so if he/she is within the net, on the provider (LIR) speaking through etc.. Surely: this needs human resources but when looking at the prices of Verisign etc - these could be easily paid..
Instead of commercial instances that just print money and sell them in case without anything (just price) to dictators like *.google.com
Any attempt to manage trust as a commodity and to sell it in a competitive market, where the majority of customers and consumers (with a broad definition of both) do not understand the technology and the risks - is doomed to fail.
Isn't it somehow our job to think about how to protect the consumer from being a lemming of the industry ? ;) best regards Michael

In message <5059E1B4.6030507@elabnet.de>, at 17:16:04 on Wed, 19 Sep 2012, Michael Markstaller <mm@elabnet.de> remarked:
I still havent understood, why the author of this braindead letter is quoted as "ambassador" (ambassador for whom or what??)
In the USA many official titles are entitled to be kept after a person has left office (in this case formerly the US Ambassador to the UN). This includes persons appointed by the President or the US Senate, or elected to public office. Ambassador Wallace was appointed by President George Bush, who also retains his title despite leaving office. In the UK this style is less common, but can include retired army Colonels and Professors (and members of the Privy Council are "The Rt Hon" for life). Perhaps there is some etiquette like that in Germany also? -- Roland Perry

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20.09.2012 08:02, Roland Perry wrote:
In message <5059E1B4.6030507@elabnet.de>, at 17:16:04 on Wed, 19 Sep 2012, Michael Markstaller <mm@elabnet.de> remarked:
I still havent understood, why the author of this braindead letter is quoted as "ambassador" (ambassador for whom or what??)
In the USA many official titles are entitled to be kept after a person has left office (in this case formerly the US Ambassador to the UN). This includes persons appointed by the President or the US Senate, or elected to public office. Thanks, didn't knew that (partially but not fully) I found it confusing, its like underwriting "CEO" for smthg I'm not just because I was once somewhere else.. The remainder should be up to the lawyers, lets see..
best reagrds Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBb2zMACgkQaWRHV2kMuAIpsACgod8n+EgPCBSyJo3cohEIF/83 lzwAni2FrvbFUpiwSK4F7lQUAw9uIxvk =idri -----END PGP SIGNATURE-----
participants (11)
-
Carsten Schiefner
-
Erik Bais
-
Gert Doering
-
Jim Reid
-
Kurt Kayser
-
Michael Markstaller
-
Nick Hilliard
-
Nigel Titley
-
Roland Perry
-
Sascha Luck
-
Wilfried Woeber