objection to RIPE policy proposla 2016-02
Dear colleagues, I spoke up at the Copenhagen meeting objecting to proposal 2016-02. - the proposal is inappropriate for a RIPE policy - and at least not acceptable for passing - and most certainly so in it's current form. The proposed policy has two sentences. The second sentence looks somewhat appropriate for a policy (though the use of "should" seems strangely fuzzy - at least in the context of the use of "MUST" in the proposal which looks like trying to invoke RFC 2119). The first sentence "requests ... NCC implement functionality" actually implying - specification - design - implementation - deployment - and appropriate documentation (for various stages) of a security [related] system - apparently intended to be used globally as a kind of Internet standard. It would be fine to request the NCC to develope a technical proposal (spec, design, interface documentation) or contribute to work on such - and that's more an issue for activity plan and resource allocation and certainly NOT for a policy. Of course the questions of other contributors and venue for the technical work come to mind. Technically the proposal text is not that clear and complete; I understand incompleteness is intentional. So neither the proposal nor a potential future NCC design can be scrutinized as required for security functionality. But the proposal - as it stands - would imply commitment to deployment when asking for the development. That is not acceptable. I doubt that the RIPE PDP is adequate for doing serious technical specifications; referencing of fully developed specs for use in NCC services is fine in general (though specific cases warrant scrutiny). Thanks for your attention and consideration. Ruediger Volk
participants (1)
-
Ruediger Volk