Re: [address-policy-wg] Last Call - 2023-04 (Add AGGREGATED-BY-LIR status
by Jeroen Lauwers
Hi Denis,
We have read through your message several times, but do not see any new arguments against proposal 2023-04 that have not already been discussed at length in the previous phases of the policy development process.
The main purpose of the Concluding phase is to provide an opportunity for people who have missed the previous two phases to oppose the proposal (see ripe-781), not to rehash discussions from the previous phases. Therefore, rather than repeat our answers in this thread, we chose to simply refer you back to our previous discussions in the previous two phases.
Best regards,
Jeroen & Tore
> Op 5 apr 2024, om 16:51 heeft denis walker <ripedenis(a)gmail.com> het volgende geschreven:
>
> Colleagues
>
> I am not surprised this policy proposal (2023-04) has gone to last
> call. I expected this from the start, no matter what anyone said. And
> I won't be surprised when it is approved. I used to wonder why no one
> would even talk about bringing the RIPE Database into the modern
> world. Why continue to use an ancient, broken tool that is barely fit
> for purpose? It is quite obvious now. Playing on the complexity and
> difficulties with using the database allows people to justify changing
> the purpose and the rules, to make it more convenient. That is simpler
> and cheaper than fixing the tool. It is easy for a small vocal group
> to sell 'simple and cheap' to a silent majority. Convenience is easier
> to do than right. But it may have consequences.
>
> The proposers have assured us all that this proposal is about nothing
> more than introducing this optional, minor, inconsequential feature
> that changes nothing. They have argued that the RIPE NCC has
> "repeatedly" verified their claim that this proposal changes nothing
> 'of significance'. This is based on the RIPE NCC legal team's
> confusing impact analysis and the comments made once and referred to
> once by the RIPE NCC Registration Services through messages passed on
> by the policy officer. The legal team declined to clarify the
> confusing wording of their impact analysis. No one from Registration
> Services was willing to discuss the claims that they have been wrongly
> applying the policy for a number of years, or the reason why and when
> they stopped correctly applying the policy. I thought RIPE NCC staff
> were being encouraged to be more involved in community discussions?
>
> It has been said and confirmed recently by several people from the
> community that we no longer understand what some of the registration
> data in the RIPE Database means, why it is there and why we have these
> rules about it. This is despite the actual, current wording of these
> rules having been written into a version of the policy published in
> October 2003 that was authored by some people who are still leading
> members of this community, and at the time were RIPE NCC staff. The
> infamous line being removed by this proposal was a re-wording of
> earlier rules introduced in address policy with a long list of early
> authors, again including some people who are still leading members of
> this community. I asked if any one of these community leaders would
> offer some background information to the community on this, now poorly
> understood, registration data and the rules governing it. That may
> have helped with our current understanding. If we actually understood
> the data and rules that we are about to change, we might have more
> confidence in doing so. But nothing was said on this background.
>
> Europol has expressed serious concerns about these changes. They have
> stated that it takes time for them to consult with national LEAs, the
> EU commision and other partners. If someone had informed them earlier
> of the changes being considered that may affect them, they may have
> had sufficient time to do these consultations. Or perhaps they would
> have been able to express their deep concerns at an early stage,
> before the minds of the vocal few were made up. I did suggest early on
> in the discussion that the RIPE NCC contacts stakeholders of the RIPE
> Database and invite them to join the discussion. I was quickly told by
> other community members on the mailing list that this was not part of
> the policy development process. [Maybe it should be...]
>
> It is extraordinary that we have now reached a position where the
> convenience of a handful of vocal operators in this community is
> considered so important that we must proceed with all haste to
> introduce this optional, minor, inconsequential feature that changes
> nothing, without delay. That is without even a delay to allow Europol
> to complete it's consultations and report back to the working group. I
> saw references recently on the ripe.net website and LinkedIn about
> some productive meeting between the RIPE NCC and some internet
> governance groups. I hope the attitude of the technical community over
> this proposal won't undermine those meeting achievements. A technical
> community that clearly has not watched John Curran's keynote speech at
> NANOG that covers this very situation involving internet governance,
> the technical community and civil society. I would advise you all to
> watch it:
> https://www.youtube.com/watch?v=U1Ip39Qv-Zk
>
> You may question my comments about the vocal few. But the details of
> the who and how many are there for everyone to see in the public
> archive of these mailing lists. Only 22 people commented during the
> months of discussion over 2023-04. Of those, 6 people only made one
> comment and another 6 only two comments. Some of those 22 also opposed
> this proposal. So the number of people who actually expressed support
> is quite small. When you analyse these details for proposals across
> multiple WGs in recent years, and cross reference the who and how
> many, you see that there is a very small number of vocal people who
> tend to dominate these discussions. It is basically this small group
> of people whose voices dictate RIPE policy. The problem there is that
> we may find policy, accidentally or intentionally, following an agenda
> that suits the needs of these people, rather than the wider, silent
> community. Unfortunately, we don't have any other way to do this at
> the moment. However, when a change is controversial, has many serious
> objections and offers so few benefits, to push it through with so few
> supporters is very questionable. Especially as it has been well
> established during the long discussions that we (collectively) do not
> even understand the registration data and governing rules that we are
> about to substantially change. Nor do we have any firm evidence that
> even the minor benefits claimed by the proposers are likely to occur.
>
> I could go on and dispute the co-chairs' reasoning for declaring a
> rough consensus. But I have said it all before and it has been
> disregarded. Although I don't believe I have yet asked them for the
> evidence or statistical reasoning why they assert that this change
> will encourage those who don't declare any End User data now, will
> suddenly decide to provide it after this change.
>
> It is of course total nonsense to suggest that this change will end up
> offering more accurate data on assignments to End Users. It is quite
> possible that those resource holders that currently don't declare End
> User assignment data now, will simply create two appropriately sized,
> anonymous, aggregated objects below each of their allocations. That is
> 'job done' as far as operations is concerned. Those objects will never
> need to be updated again. No one has any clue how much, if any, of
> that address space is in use, by how many End Users with how many
> addresses each, or who the End Users are, or even if the same block of
> address space has been assigned to more than one End User by mistake.
> All that information will be lost. Including one of the basic
> functions of the registry, to ensure uniqueness of address usage.
>
> Quoting statistics on the number of allocations with no assignments is
> of course simply playing with numbers. It adds nothing to this
> discussion, but is intended to look like a supporting argument. A
> perceived problem that needs to be solved, but may not even exist on
> the implied scale. We don't know how many of those allocations are the
> /22 and /24 allocations made during the final stages of runout. These
> were 'intended' to be for new entrants into the industry who planned
> to provide LIR services. They would not be expected to have
> assignments if they were used for their infrastructure. (Or maybe they
> were not allocated as intended?) Many allocations are also made to
> organisations who do not provide LIR services and have no End Users.
> The address space is simply used by their organisation.
>
> Leo's final comment is a good one to end on.
> "Those LIRs that want to share data are already doing so. Those who
> would like to share some data if it were easier to do so will be
> accommodated if this proposal becomes policy."
> This basically sums up everything. ['want' 'like'] The RIPE NCC
> stopped enforcing address policy after runout because they did not
> believe they had any power to do so. Here Leo is suggesting that
> complying with policy is a choice. Some LIRs will choose to comply,
> others will choose not to comply with RIPE policy. Neither this
> community nor the RIPE NCC has any power to enforce any policy on
> operators. We can agree or disagree on any policy we like, but it
> cannot be enforced. RIPE policy has no teeth.
>
> The proposers have assured us that their focus is on providing this
> aggregation feature. So we must be able to assume that they, and the
> co-chairs, have deeply considered the implications of this change to
> the "status:'' attribute. So there shouldn't be any unintended
> consequences...
>
> Hopefully common sense will prevail and we will pause this process to
> assess where we have been, where we are and where we are going. (I
> think that is unlikely to happen...)
>
> cheers
> denis
>
> ========================================================
> DISCLAIMER
> Everything I said above is my personal, professional opinion. It is
> what I believe to be honest and true to the best of my knowledge. No
> one in this industry pays me anything. I have nothing to gain or lose
> by any decision. I push for what I believe is for the good of the
> Internet, in some small way. Nothing I say is ever intended to be
> offensive or a personal attack. Even if I strongly disagree with you
> or question your motives. Politicians question each other's motives
> all the time. RIPE discussion is often as much about politics and self
> interest as it is technical. I have a style of writing that some may
> not be familiar with, others sometimes use it against me. I also have
> OCD. It makes me see the world slightly differently to others. It
> drives my mind's obsessive need for detail. I can not change the way I
> express my detailed opinions. People may choose how to interpret them.
> ========================================================
>
> On Mon, 11 Mar 2024 at 09:30, Leo Vegoda <leo(a)vegoda.org> wrote:
>>
>> Dear Address Policy WG,
>>
>> There was a consensus on this proposal and we are moving it forward to
>> Last Call. The RIPE NCC will publish an announcement with dates.
>>
>> There was a request, in Rome, for clarity over whether aggregated
>> assignments needed to have a fixed size or could vary. The proposers
>> suggested that a fixed size should be optional.
>>
>> We extended the list discussion by a month and the two issues raised
>> have been addressed.
>>
>> One was End User sites not having the End User's own admin-c instead
>> of the LIR's. There has been extensive discussion of this. One key
>> reason given is that it is common and acceptable to outsource a part
>> of an organisation's operations to another, more skilled, operator.
>> The RIPE NCC's impact analysis noted that the proposal "simply leaves
>> the status quo unchanged." It would not need to update its operational
>> processes.
>>
>> Concerns were also raised that aggregating assignments would impact
>> criminal investigations. But this proposal is intended to improve the
>> quality of data registered by offering LIRs a less arduous way to
>> share registration data. At the end of 2023 there were over 19,000 PA
>> allocations without any assignments. Those LIRs that want to share
>> data are already doing so. Those who would like to share some data if
>> it were easier to do so will be accommodated if this proposal becomes
>> policy.
>>
>> Kind regards,
>>
>> Leo Vegoda, for the Address Policy WG co-chairs
>>
>> --
>>
>> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
6 months, 4 weeks
Re: [address-policy-wg] Last Call - 2023-04 (Add AGGREGATED-BY-LIR status
by denis walker
Colleagues
I am not surprised this policy proposal (2023-04) has gone to last
call. I expected this from the start, no matter what anyone said. And
I won't be surprised when it is approved. I used to wonder why no one
would even talk about bringing the RIPE Database into the modern
world. Why continue to use an ancient, broken tool that is barely fit
for purpose? It is quite obvious now. Playing on the complexity and
difficulties with using the database allows people to justify changing
the purpose and the rules, to make it more convenient. That is simpler
and cheaper than fixing the tool. It is easy for a small vocal group
to sell 'simple and cheap' to a silent majority. Convenience is easier
to do than right. But it may have consequences.
The proposers have assured us all that this proposal is about nothing
more than introducing this optional, minor, inconsequential feature
that changes nothing. They have argued that the RIPE NCC has
"repeatedly" verified their claim that this proposal changes nothing
'of significance'. This is based on the RIPE NCC legal team's
confusing impact analysis and the comments made once and referred to
once by the RIPE NCC Registration Services through messages passed on
by the policy officer. The legal team declined to clarify the
confusing wording of their impact analysis. No one from Registration
Services was willing to discuss the claims that they have been wrongly
applying the policy for a number of years, or the reason why and when
they stopped correctly applying the policy. I thought RIPE NCC staff
were being encouraged to be more involved in community discussions?
It has been said and confirmed recently by several people from the
community that we no longer understand what some of the registration
data in the RIPE Database means, why it is there and why we have these
rules about it. This is despite the actual, current wording of these
rules having been written into a version of the policy published in
October 2003 that was authored by some people who are still leading
members of this community, and at the time were RIPE NCC staff. The
infamous line being removed by this proposal was a re-wording of
earlier rules introduced in address policy with a long list of early
authors, again including some people who are still leading members of
this community. I asked if any one of these community leaders would
offer some background information to the community on this, now poorly
understood, registration data and the rules governing it. That may
have helped with our current understanding. If we actually understood
the data and rules that we are about to change, we might have more
confidence in doing so. But nothing was said on this background.
Europol has expressed serious concerns about these changes. They have
stated that it takes time for them to consult with national LEAs, the
EU commision and other partners. If someone had informed them earlier
of the changes being considered that may affect them, they may have
had sufficient time to do these consultations. Or perhaps they would
have been able to express their deep concerns at an early stage,
before the minds of the vocal few were made up. I did suggest early on
in the discussion that the RIPE NCC contacts stakeholders of the RIPE
Database and invite them to join the discussion. I was quickly told by
other community members on the mailing list that this was not part of
the policy development process. [Maybe it should be...]
It is extraordinary that we have now reached a position where the
convenience of a handful of vocal operators in this community is
considered so important that we must proceed with all haste to
introduce this optional, minor, inconsequential feature that changes
nothing, without delay. That is without even a delay to allow Europol
to complete it's consultations and report back to the working group. I
saw references recently on the ripe.net website and LinkedIn about
some productive meeting between the RIPE NCC and some internet
governance groups. I hope the attitude of the technical community over
this proposal won't undermine those meeting achievements. A technical
community that clearly has not watched John Curran's keynote speech at
NANOG that covers this very situation involving internet governance,
the technical community and civil society. I would advise you all to
watch it:
https://www.youtube.com/watch?v=U1Ip39Qv-Zk
You may question my comments about the vocal few. But the details of
the who and how many are there for everyone to see in the public
archive of these mailing lists. Only 22 people commented during the
months of discussion over 2023-04. Of those, 6 people only made one
comment and another 6 only two comments. Some of those 22 also opposed
this proposal. So the number of people who actually expressed support
is quite small. When you analyse these details for proposals across
multiple WGs in recent years, and cross reference the who and how
many, you see that there is a very small number of vocal people who
tend to dominate these discussions. It is basically this small group
of people whose voices dictate RIPE policy. The problem there is that
we may find policy, accidentally or intentionally, following an agenda
that suits the needs of these people, rather than the wider, silent
community. Unfortunately, we don't have any other way to do this at
the moment. However, when a change is controversial, has many serious
objections and offers so few benefits, to push it through with so few
supporters is very questionable. Especially as it has been well
established during the long discussions that we (collectively) do not
even understand the registration data and governing rules that we are
about to substantially change. Nor do we have any firm evidence that
even the minor benefits claimed by the proposers are likely to occur.
I could go on and dispute the co-chairs' reasoning for declaring a
rough consensus. But I have said it all before and it has been
disregarded. Although I don't believe I have yet asked them for the
evidence or statistical reasoning why they assert that this change
will encourage those who don't declare any End User data now, will
suddenly decide to provide it after this change.
It is of course total nonsense to suggest that this change will end up
offering more accurate data on assignments to End Users. It is quite
possible that those resource holders that currently don't declare End
User assignment data now, will simply create two appropriately sized,
anonymous, aggregated objects below each of their allocations. That is
'job done' as far as operations is concerned. Those objects will never
need to be updated again. No one has any clue how much, if any, of
that address space is in use, by how many End Users with how many
addresses each, or who the End Users are, or even if the same block of
address space has been assigned to more than one End User by mistake.
All that information will be lost. Including one of the basic
functions of the registry, to ensure uniqueness of address usage.
Quoting statistics on the number of allocations with no assignments is
of course simply playing with numbers. It adds nothing to this
discussion, but is intended to look like a supporting argument. A
perceived problem that needs to be solved, but may not even exist on
the implied scale. We don't know how many of those allocations are the
/22 and /24 allocations made during the final stages of runout. These
were 'intended' to be for new entrants into the industry who planned
to provide LIR services. They would not be expected to have
assignments if they were used for their infrastructure. (Or maybe they
were not allocated as intended?) Many allocations are also made to
organisations who do not provide LIR services and have no End Users.
The address space is simply used by their organisation.
Leo's final comment is a good one to end on.
"Those LIRs that want to share data are already doing so. Those who
would like to share some data if it were easier to do so will be
accommodated if this proposal becomes policy."
This basically sums up everything. ['want' 'like'] The RIPE NCC
stopped enforcing address policy after runout because they did not
believe they had any power to do so. Here Leo is suggesting that
complying with policy is a choice. Some LIRs will choose to comply,
others will choose not to comply with RIPE policy. Neither this
community nor the RIPE NCC has any power to enforce any policy on
operators. We can agree or disagree on any policy we like, but it
cannot be enforced. RIPE policy has no teeth.
The proposers have assured us that their focus is on providing this
aggregation feature. So we must be able to assume that they, and the
co-chairs, have deeply considered the implications of this change to
the "status:'' attribute. So there shouldn't be any unintended
consequences...
Hopefully common sense will prevail and we will pause this process to
assess where we have been, where we are and where we are going. (I
think that is unlikely to happen...)
cheers
denis
========================================================
DISCLAIMER
Everything I said above is my personal, professional opinion. It is
what I believe to be honest and true to the best of my knowledge. No
one in this industry pays me anything. I have nothing to gain or lose
by any decision. I push for what I believe is for the good of the
Internet, in some small way. Nothing I say is ever intended to be
offensive or a personal attack. Even if I strongly disagree with you
or question your motives. Politicians question each other's motives
all the time. RIPE discussion is often as much about politics and self
interest as it is technical. I have a style of writing that some may
not be familiar with, others sometimes use it against me. I also have
OCD. It makes me see the world slightly differently to others. It
drives my mind's obsessive need for detail. I can not change the way I
express my detailed opinions. People may choose how to interpret them.
========================================================
On Mon, 11 Mar 2024 at 09:30, Leo Vegoda <leo(a)vegoda.org> wrote:
>
> Dear Address Policy WG,
>
> There was a consensus on this proposal and we are moving it forward to
> Last Call. The RIPE NCC will publish an announcement with dates.
>
> There was a request, in Rome, for clarity over whether aggregated
> assignments needed to have a fixed size or could vary. The proposers
> suggested that a fixed size should be optional.
>
> We extended the list discussion by a month and the two issues raised
> have been addressed.
>
> One was End User sites not having the End User's own admin-c instead
> of the LIR's. There has been extensive discussion of this. One key
> reason given is that it is common and acceptable to outsource a part
> of an organisation's operations to another, more skilled, operator.
> The RIPE NCC's impact analysis noted that the proposal "simply leaves
> the status quo unchanged." It would not need to update its operational
> processes.
>
> Concerns were also raised that aggregating assignments would impact
> criminal investigations. But this proposal is intended to improve the
> quality of data registered by offering LIRs a less arduous way to
> share registration data. At the end of 2023 there were over 19,000 PA
> allocations without any assignments. Those LIRs that want to share
> data are already doing so. Those who would like to share some data if
> it were easier to do so will be accommodated if this proposal becomes
> policy.
>
> Kind regards,
>
> Leo Vegoda, for the Address Policy WG co-chairs
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
6 months, 4 weeks
Re: [address-policy-wg] 2023-04 New Policy Proposal (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by Tore Anderson
Hi Denis,
It would appear to me that your opposition to 2023-04 is largely based
on the premise that it introduces a new possibility for anonymous
assignments, a change which you do not want to see happen. This premise
also appears to underpin many of your musings in your «The bigger
picture» message. I disagree with this premise, as I believe this
possibility is already there in current policy.
Rather than decide to agree to disagree on that point, or endlessly
quarrel about it, I realised that it does not really matter what you or
I believe the policy requirements are - what matters is the RIPE
NCC's understanding of the policy and how they are implementing it. So
I simply asked their Policy Officer (Angela) to clarify this.
Her answers, which I with permission quote in full along with my
questions below, unequivocally confirms that that current policy does
indeed allow assignments to be registered anonymously in the RIPE
database. Hence, your opposition to proposal 2023-04 in this regard
appears to rest on a fundamentally flawed assumption.
Tore: «The context here is an IPv4 assignment that is not made to an
individual and that is not used solely for the connection of an End
User to a service provider.
1. Does current address policy as implemented by the NCC allow an End
User to delegate/outsource the contact information represented by the
mandatory "tech-c" and "admin-c" attributes to another entity,
typically (but not necessarily) the issuing LIR? (There does not appear
to be any disagreement on this point, but I include this question
anyway in case we are both wrong.)»
Angela: «Yes, you are correct. An End User is allowed to
delegate/outsource the contact information represented by the mandatory
"tech-c" and "admin-c" attributes to another entity, typically (but not
necessarily) the issuing LIR.»
Tore: «2. Assuming "yes" to question 1, for an assignment where the
"tech-c" and "admin-c" has been delegated in this manner: Does current
address policy require the corresponding "inetnum" database object to
contain some additional contact information, that is not delegated to a
third party, i.e., it must be refer to a point of contact that is
handled in-house by the End User him/herself?»
Angela: «The current address policy does not require the corresponding
"inetnum" database object to contain some additional contact
information that is not delegated to a third party.
LIRs can use the “netname” attribute to link assignments to end users
and their contact details in internal records.
There is a particular case: when the RIPE NCC receives a request for
assigning an AS number to an End User using a PA assignment, the IPv4
network to be announced by the requested AS must be registered in an
“inetnum” object showing the End User’s name. This can be in the
"descr” attribute or recursively in the "org" object added as
attribute.»
Tore: «3. Assuming "yes" to question 2, what kind of other contact
information is required, and in which "inetnum" database attribute(s)
must it be located? Here are some possible examples off the top of my
head, would any or all of these satisfy the policy requirement for an
in-house non-delegated contact information?
1. A street address
2. A (snail) mail address
3. An e-mail address
4. A fax number
5. A phone number»
Angela: «The answer to question 2 was “no’, however one way to record
End Users’ contact details is to create an “org” object to be added as
optional attribute in the “inetnum” object.
In “org” objects name, address and email are mandatory.
In “inetnum” objects the mandatory contact information are “admin-c”
and “tech-c”.»
Tore: «4. Assuming "yes" to question 2, is it mandatory to identify the
End User by name, or would it be sufficient with, e.g., a street
address without an organisation name (assuming there is only a single
entity located at that address), a post box snail mail address, a
generic user123(a)gmail.com e-mail address, or a phone/fax number that is
not listed in the white or yellow pages?»
Angela: «The answer to question 2 was “no’,...»
Tore (in a new e-mail): «I will ask you a couple of follow-up questions
just to make absolutely, 150%, certain I do not misunderstand you and
end up misrepresenting you to the mailing list:
1. When you write «LIRs can use the “netname” attribute to link
assignments to end users and their contact details in internal
records», this "can" is a MAY, not a MUST, to use IETF lingo? That
is, the LIR is free to instead use the "inetnum" attribute, i.e.,
the IP address(es), to link the assignment to the End User in their
internal record? If that is the case, would it be correct to say
that the LIR are free to set the "netname" attribute to essentially
anything, including a meaningless string of random characters?»
Angela: «Your interpretation is correct, the answer is yes to all
three questions.
Please also consider that the "netname" is not required to be
unique, LIRs can use the same one for multiple assignments.»
Tore: «2. When you write «one way to record End Users’ contact
details is to create an “org” object to be added as optional
attribute in the “inetnum” object», this is also a MAY, not a MUST?
That is, the LIR is free to omit the "org" attribute, even though
the only other contact information contained in the object is the
(LIR-delegated) "tech-c" and "admin-c" attributes?»
Angela: «Yes, the LIR is free to omit the "org" attribute, even
though the only other contact information contained in the object is
the (LIR-delegated) "tech-c" and "admin-c" attributes.
If the LIR requests an AS number on behalf of an end user to
announce a PA assignment, then the PA assignment MUST include the
legal name of the end user in the "descr" attribute or in the '"org"
object set as "org" attribute in the "inetnum" object.»
Tore: «3. To use a concrete example: Let's say «SuperLIR GmbH»
delegated 192.0.2.0/25 to the End User «CarFactory GmbH».
(CarFactory GmbH is not an individual, and the assignment is not
used solely for the connection to the provider, nor to justify an
application for an AS number). SuperLIR inserts the following
minimal database object:
inetnum: 192.0.2.0 - 192.0.2.128
netname: ABCDEFGHIJKLMNOPQRSTUVWXYZ
country: DE
admin-c: SUPERLIR-NOC-RIPE
tech-c: SUPERLIR-NOC-RIPE
status: ASSIGNED PA
mnt-by: SUPERLIR-MNT
source: RIPE
In the event of an audit, SuperLIR GmbH will be able to inform the
RIPE NCC auditors that this object has been delegated to CarFactory
GmbH.
Is the above registration compliant with current IPv4 address
policy, or will the auditors demand any kind of changes be made?»
Angela: «The above registration compliant with current IPv4 address
policy. During an audit we could ask the LIR whether the assignment
is still in use. It does not matter for the RIPE NCC who is using
the assignment, as long as the LIR is maintaining the registration
up to date and is able to contact the end user. This means that if
the LIR moves the assignment delegation from CarFactory GmbH to
another end user in the same country for which is acting as "admin-
c" and "tech-c", the "inetnum" object would still be valid. It is
the LIR's responsibility to keep their internal records up to date
accordingly with the new end user.»
In light of the above, I hope that you will reconsider your opposing
arguments and either withdraw them or restate them in a way that does
not rely on this incorrect assumption. Anticipating this, I will only
address your remaining points that are not based on the
misunderstanding that 2023-04 opens up for anonymous assignments.
> It should not be permitted to aggregate a single assignment to a
> single End User.
While I agree that "aggregating" a single assignment seems like a
pointless practice, I do not quite see why it is necessary to introduce
policy language to ban it.
It is, as I understand it, possible to use AGGREGATED-BY-LIR with an
assignment-size identical to the prefix length in the inet6num
attribute today, but I cannot find a single example of this being done.
(Presumably because it is pointless to do so.)
It is also possible today to "aggregate" a single IPv4 assignment under
the «solely for connection» exception. Whether or not that has been
done is impossible for me to say, but even if it has I fail to
understand why it would constitute an actual problem.
I am not being totally dismissive towards adding a condition à la «an
object with status AGGREGATED-BY-LIR must contain at least two
individual assignments» to the proposal, but I would first like to
better understand the reasons why you feel this is a necessity.
> But the IPv6 policy also includes this:
> "When more than a /48 is assigned to an organisation, it must be
> registered in the database as a separate object with status
> 'ASSIGNED'."
> I don't see your equivalent of this copied from the IPv6 policy into
> your new IPv4 policy. Maybe more than a /24 might be an equivalent in
> IPv4 terms. You refer to 'that specific sentence' so casually, yet
> this is the main element of the current IPv4 assignment policy.
> Dropping this sentence is a major change to the assignment policy.
> This has far more consequences than just adding an optional
> construct.
In IPv6, /48 is the limit beyond which extra documentation requirements
("need basis") kicks in. Assignments /48 or longer can be freely made
by an LIR without any supporting documentation, and this is presumably
why such assignments can be freely registered under a single
AGGREGATED-BY-LIR object. In other words, assignments shorter than /48
has more stringent documentation requirements, and therefore also more
stringent registration requirements.
See https://www.ripe.net/publications/docs/ripe-738#assignments_shorter
As there is no "need basis" for assignments in IPv4 regardless of size,
there simply is no equivalent value, not /24 nor anything else. (Well,
I suppose you could say that /0 is the equivalent value.)
>
> > > > Note that this is not really much different than what you have
> > > > to do today for abuse coming from customer assignments that are
> > > > «registered as part of the service provider's internal
> > > > infrastructure», cf. ripe-708 section 6.2.
>
> Doesn't that suggest they are DSL customers with a single IP address?
No, it does not say anything about the number of addresses in the
assignment nor the layer-1 technology used. It is very common for
point-to-point links (the example given in section 6.2) to be assigned
/31 or /30. If the service provider and/or the customer is using a
first-hop redundancy protocol such as VRRP, it is necessary to assign a
/29 or larger.
In any case, there is no technological reason nor any policy limitation
that would prevent a service provider from assigning a preposterously
large prefix to a point-to-point link, like a /16, let's say.
> Assuming an LIR has chosen to use this new 'optional' status value.
> As many LIRs already have aggregated their DSL customers and tagged
> them as such in remarks attributes, why should they change it?
We do not expect the RIPE NCC to start a mass migration project as a
result of this policy proposal. It is our intention that assignments
made under the old policy would be grandfathered in, similar to how you
still see many objects with the obsoleted INFRA-AW tag remain in the
database today. LIRs would of course be free to change the status value
at any point, should they want to do so.
>
> If it has this new aggregated status you still don't know if it is a
> block of maybe 1000 DSL customers of a collection of randomly sized
> assignments to End Users. You still need the free text remarks to
> avoid confusion.
You do not know that today, either, when it comes to aggregated
assignments made under the «solely for the connection» exception in
current IPv4 policy.
Such objects do not contain an assignment-size attribute, nor does
policy demand that all individual assignments contained within are of a
specific and uniform prefix length. Therefore, such assignments may
contain a hodgepodge of DSL customers, FTTH customers, business
customers, connected with or without VRRP, and so on. This would
continue to be permitted with AGGREGATED-BY-LIR.
Tore
1 year, 1 month
Re: [address-policy-wg] Last Call - 2023-04 (Add AGGREGATED-BY-LIR status
by Marco Schmidt
Hello,
First, let me note that this is not a comment on the policy discussion,
which has now concluded, but a separate response regarding how we ensure
compliance with RIPE Policy. We would like to clarify some aspects that
may be unclear to the community.
The RIPE NCC has always emphasised the importance of documenting
networks through assignments, and we are consistent in what we consider
valid contact information for End User/customer assignments. This stance
has not changed because of IPv4 runout. We do consider the member’s
contact details to be valid contact information for the customer if this
is what the member and their customer have agreed suits their business
needs.
There are a number of policies we follow for ensuring correct contact
information. The policy on IPv4 allocation, RIPE-804, requires that
contact information in the database must be correct [1]. The same policy
also mentions that an LIR can be closed if it “consistently violates the
RIPE community’s policies” [2]. We build on this in our public closure
procedure, where we state that incorrect registration in the RIPE
Database can lead to termination of a membership [3].
Together, this means the RIPE NCC is empowered to close down a member
for incorrect contact information in the database, and this includes
incorrect data about a member’s customers. When we discover incorrect
information, our practice is to follow a collaborative approach in which
we help our members correct the errors. This is in line with our overall
mission to support the broader Internet community, not through punitive
measures, but through educating members in our processes for requests,
ARCs and training courses so that we can collectively work to create an
accurate registry. See also our impact analysis for policy proposal
2017-02 (“Regular abuse-c Validation”) for a detailed description of how
we work with resource holders to correct information before considering
closure, in this case regarding “abuse-c:” contacts [4].
We do not consider it beneficial to the Internet community or our
members to immediately terminate memberships. However, if a member
submits repeated and intentionally incorrect contact information, this
will result in stronger actions on our end.
Kind regards,
Marco Schmidt
Manager Registration Services
RIPE NCC
[1] IPv4 Address Allocation and Assignment Policies for the RIPE NCC
Service Region: https://www.ripe.net/publications/docs/ripe-804/#4
[2] Idem: https://www.ripe.net/publications/docs/ripe-804/#9
[3] Closure of Members, Deregistration of Internet Resources and Legacy
Internet Resources: https://www.ripe.net/publications/docs/ripe-808/#a1211c
[4] Regular abuse-c Validation:
https://www.ripe.net/membership/policies/proposals/2017-02/#relevant-ripe-p…
On 05/04/2024 16:51, denis walker wrote:
> Colleagues
>
> I am not surprised this policy proposal (2023-04) has gone to last
> call. I expected this from the start, no matter what anyone said. And
> I won't be surprised when it is approved. I used to wonder why no one
> would even talk about bringing the RIPE Database into the modern
> world. Why continue to use an ancient, broken tool that is barely fit
> for purpose? It is quite obvious now. Playing on the complexity and
> difficulties with using the database allows people to justify changing
> the purpose and the rules, to make it more convenient. That is simpler
> and cheaper than fixing the tool. It is easy for a small vocal group
> to sell 'simple and cheap' to a silent majority. Convenience is easier
> to do than right. But it may have consequences.
>
> The proposers have assured us all that this proposal is about nothing
> more than introducing this optional, minor, inconsequential feature
> that changes nothing. They have argued that the RIPE NCC has
> "repeatedly" verified their claim that this proposal changes nothing
> 'of significance'. This is based on the RIPE NCC legal team's
> confusing impact analysis and the comments made once and referred to
> once by the RIPE NCC Registration Services through messages passed on
> by the policy officer. The legal team declined to clarify the
> confusing wording of their impact analysis. No one from Registration
> Services was willing to discuss the claims that they have been wrongly
> applying the policy for a number of years, or the reason why and when
> they stopped correctly applying the policy. I thought RIPE NCC staff
> were being encouraged to be more involved in community discussions?
>
> It has been said and confirmed recently by several people from the
> community that we no longer understand what some of the registration
> data in the RIPE Database means, why it is there and why we have these
> rules about it. This is despite the actual, current wording of these
> rules having been written into a version of the policy published in
> October 2003 that was authored by some people who are still leading
> members of this community, and at the time were RIPE NCC staff. The
> infamous line being removed by this proposal was a re-wording of
> earlier rules introduced in address policy with a long list of early
> authors, again including some people who are still leading members of
> this community. I asked if any one of these community leaders would
> offer some background information to the community on this, now poorly
> understood, registration data and the rules governing it. That may
> have helped with our current understanding. If we actually understood
> the data and rules that we are about to change, we might have more
> confidence in doing so. But nothing was said on this background.
>
> Europol has expressed serious concerns about these changes. They have
> stated that it takes time for them to consult with national LEAs, the
> EU commision and other partners. If someone had informed them earlier
> of the changes being considered that may affect them, they may have
> had sufficient time to do these consultations. Or perhaps they would
> have been able to express their deep concerns at an early stage,
> before the minds of the vocal few were made up. I did suggest early on
> in the discussion that the RIPE NCC contacts stakeholders of the RIPE
> Database and invite them to join the discussion. I was quickly told by
> other community members on the mailing list that this was not part of
> the policy development process. [Maybe it should be...]
>
> It is extraordinary that we have now reached a position where the
> convenience of a handful of vocal operators in this community is
> considered so important that we must proceed with all haste to
> introduce this optional, minor, inconsequential feature that changes
> nothing, without delay. That is without even a delay to allow Europol
> to complete it's consultations and report back to the working group. I
> saw references recently on the ripe.net website and LinkedIn about
> some productive meeting between the RIPE NCC and some internet
> governance groups. I hope the attitude of the technical community over
> this proposal won't undermine those meeting achievements. A technical
> community that clearly has not watched John Curran's keynote speech at
> NANOG that covers this very situation involving internet governance,
> the technical community and civil society. I would advise you all to
> watch it:
> https://www.youtube.com/watch?v=U1Ip39Qv-Zk
>
> You may question my comments about the vocal few. But the details of
> the who and how many are there for everyone to see in the public
> archive of these mailing lists. Only 22 people commented during the
> months of discussion over 2023-04. Of those, 6 people only made one
> comment and another 6 only two comments. Some of those 22 also opposed
> this proposal. So the number of people who actually expressed support
> is quite small. When you analyse these details for proposals across
> multiple WGs in recent years, and cross reference the who and how
> many, you see that there is a very small number of vocal people who
> tend to dominate these discussions. It is basically this small group
> of people whose voices dictate RIPE policy. The problem there is that
> we may find policy, accidentally or intentionally, following an agenda
> that suits the needs of these people, rather than the wider, silent
> community. Unfortunately, we don't have any other way to do this at
> the moment. However, when a change is controversial, has many serious
> objections and offers so few benefits, to push it through with so few
> supporters is very questionable. Especially as it has been well
> established during the long discussions that we (collectively) do not
> even understand the registration data and governing rules that we are
> about to substantially change. Nor do we have any firm evidence that
> even the minor benefits claimed by the proposers are likely to occur.
>
> I could go on and dispute the co-chairs' reasoning for declaring a
> rough consensus. But I have said it all before and it has been
> disregarded. Although I don't believe I have yet asked them for the
> evidence or statistical reasoning why they assert that this change
> will encourage those who don't declare any End User data now, will
> suddenly decide to provide it after this change.
>
> It is of course total nonsense to suggest that this change will end up
> offering more accurate data on assignments to End Users. It is quite
> possible that those resource holders that currently don't declare End
> User assignment data now, will simply create two appropriately sized,
> anonymous, aggregated objects below each of their allocations. That is
> 'job done' as far as operations is concerned. Those objects will never
> need to be updated again. No one has any clue how much, if any, of
> that address space is in use, by how many End Users with how many
> addresses each, or who the End Users are, or even if the same block of
> address space has been assigned to more than one End User by mistake.
> All that information will be lost. Including one of the basic
> functions of the registry, to ensure uniqueness of address usage.
>
> Quoting statistics on the number of allocations with no assignments is
> of course simply playing with numbers. It adds nothing to this
> discussion, but is intended to look like a supporting argument. A
> perceived problem that needs to be solved, but may not even exist on
> the implied scale. We don't know how many of those allocations are the
> /22 and /24 allocations made during the final stages of runout. These
> were 'intended' to be for new entrants into the industry who planned
> to provide LIR services. They would not be expected to have
> assignments if they were used for their infrastructure. (Or maybe they
> were not allocated as intended?) Many allocations are also made to
> organisations who do not provide LIR services and have no End Users.
> The address space is simply used by their organisation.
>
> Leo's final comment is a good one to end on.
> "Those LIRs that want to share data are already doing so. Those who
> would like to share some data if it were easier to do so will be
> accommodated if this proposal becomes policy."
> This basically sums up everything. ['want' 'like'] The RIPE NCC
> stopped enforcing address policy after runout because they did not
> believe they had any power to do so. Here Leo is suggesting that
> complying with policy is a choice. Some LIRs will choose to comply,
> others will choose not to comply with RIPE policy. Neither this
> community nor the RIPE NCC has any power to enforce any policy on
> operators. We can agree or disagree on any policy we like, but it
> cannot be enforced. RIPE policy has no teeth.
>
> The proposers have assured us that their focus is on providing this
> aggregation feature. So we must be able to assume that they, and the
> co-chairs, have deeply considered the implications of this change to
> the "status:'' attribute. So there shouldn't be any unintended
> consequences...
>
> Hopefully common sense will prevail and we will pause this process to
> assess where we have been, where we are and where we are going. (I
> think that is unlikely to happen...)
>
> cheers
> denis
>
> ========================================================
> DISCLAIMER
> Everything I said above is my personal, professional opinion. It is
> what I believe to be honest and true to the best of my knowledge. No
> one in this industry pays me anything. I have nothing to gain or lose
> by any decision. I push for what I believe is for the good of the
> Internet, in some small way. Nothing I say is ever intended to be
> offensive or a personal attack. Even if I strongly disagree with you
> or question your motives. Politicians question each other's motives
> all the time. RIPE discussion is often as much about politics and self
> interest as it is technical. I have a style of writing that some may
> not be familiar with, others sometimes use it against me. I also have
> OCD. It makes me see the world slightly differently to others. It
> drives my mind's obsessive need for detail. I can not change the way I
> express my detailed opinions. People may choose how to interpret them.
> ========================================================
>
> On Mon, 11 Mar 2024 at 09:30, Leo Vegoda <leo(a)vegoda.org> wrote:
>> Dear Address Policy WG,
>>
>> There was a consensus on this proposal and we are moving it forward to
>> Last Call. The RIPE NCC will publish an announcement with dates.
>>
>> There was a request, in Rome, for clarity over whether aggregated
>> assignments needed to have a fixed size or could vary. The proposers
>> suggested that a fixed size should be optional.
>>
>> We extended the list discussion by a month and the two issues raised
>> have been addressed.
>>
>> One was End User sites not having the End User's own admin-c instead
>> of the LIR's. There has been extensive discussion of this. One key
>> reason given is that it is common and acceptable to outsource a part
>> of an organisation's operations to another, more skilled, operator.
>> The RIPE NCC's impact analysis noted that the proposal "simply leaves
>> the status quo unchanged." It would not need to update its operational
>> processes.
>>
>> Concerns were also raised that aggregating assignments would impact
>> criminal investigations. But this proposal is intended to improve the
>> quality of data registered by offering LIRs a less arduous way to
>> share registration data. At the end of 2023 there were over 19,000 PA
>> allocations without any assignments. Those LIRs that want to share
>> data are already doing so. Those who would like to share some data if
>> it were easier to do so will be accommodated if this proposal becomes
>> policy.
>>
>> Kind regards,
>>
>> Leo Vegoda, for the Address Policy WG co-chairs
>>
>> --
>>
>> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
6 months
Re: [address-policy-wg] 2023-04 Review Phase (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by Sebastian Graf
Dear Tore/Denis:
If we are looking at the Policy Language, then i'm not certain we are
reading the same things into it.
Or maybe i missed something. Feel free to point out the corresponding
section of the policy to me. I'm more than happy to update my views if
strong evidence is presented.
As a small LIR ... I may not see all edge cases.... but...... So feel
free to point out anything important that i may have missed.
Lets look at the actual language in the policy:
> "All assignments and allocations must be registered in the RIPE
Database. This is necessary to ensure uniqueness and to support network
operations."
The way i read it, this point is filled both with the current state of
things, and also if we have an aggregated status. Space would still be
registered. So the question is what kind of data needs to accompany it.
So lets look at what needs to be documented:
> "Registration data (range, contact information, status etc.) must be
correct at all times (i.e. they have to be maintained)."
I think you are arguing what both of you are considering "contact
information". It does NOT say we state to put personally identifyable
information into it.
If we read the text literally, then only putting enough information to
establish a contact (ie: contact information) would theoretically be
sufficient.
So theoretically, a "proxy" type of setup for email/postal mail/...
could be permissiable as long as any communication/... is forwarded to
the the actual responisble party.
In fact i would argue for most businesses (End-User or ISP) this is
already the case if they make use of "role" contacts for their
admin/noc/abuse/... handling.
> "Registration data (range, contact information, status etc.) must be
correct at all times (i.e. they have to be maintained)."
The other thing that i do not read from the statement is where it asks
to put "contact information" for the End-User. It simply reads contact
information (one could theoretically interpret this as "contact
information for the party that is responsible for managing the space....).
ANYWAY....
I still do not feel anything of significance would be lost, if something
could be lost at all. My personal opinion goes the other way.....I
suspect, if anything aggregated status could potentially lead to more
accurate data. Let me explain: With the aggregation we gain better
understanding of the network usage. PLUS the ability to create more
specific assignments (under the aggregated). So This way, i feel more
usable data would be int the database, compared to now.
This would also be in line with the goals in Section 3.0 - Point 2
"Agregation: Distributing IPv4 addresses in an hierarchical manner
permits the aggregation of routing information.".
If we look at the goal for registration: "Registration: The provision of
a public registry documenting address space allocations and assignments
must exist. This is necessary to ensure uniqueness and to provide
information for Internet troubleshooting at all levels.".
If we consider the usefulnes of data entered into the ripe-db for this
purpose, then most useful will be the ISP contact information. Contact
information for End-Users (could be an ISP as well) would also be useful
in some cases. Personal Information for "individual" type end users (ie:
Fred Testuser's DSL Line that comes with a Public IPv4 Address)....to a
lesser extend.
If we look at Section 3.1 ...it reads "Internet Registries (IRs) have a
*duty of confidentiality to their registrants*. Information passed to an
IR must be securely stored and *must not be distributed wider than
necessary within the IR*.".
So i am not certain why you are trying to force more data than actually
required/useful into the db. And yes in this context i would consider
LIR's in this to be part of this as some type of "local" IR's.
During the writing of this email, i realised that you (denis/tore) may
consider the need/usecase for adding a "restricted" flag into the DB,
that would allow adding information, that is only shown to a select
audience (ie: law enforcment, ripe staff and Ripe-Members) - wich could
be used to publish PII data. HOWEVER doing something like that would
"extend" the existing usecase(s) of the DB and dataentry required - as
such this should be in a different Policy Proposal/wg-discussion. Feel
free to put one forward, that we can discuss....
Regards
Sebastian
On 1/11/24 13:11, Tore Anderson wrote:
> Hi Jan,
>
> On 11/01/24 10:19, Jan Ingvoldstad wrote:
>>
>> On Thu, Jan 11, 2024 at 9:45 AM Tore Anderson <tore(a)fud.no> wrote:
>>
>> On 11/01/24 03:20, denis walker wrote:
>>
>> > This is total madness. You keep saying you have no intention of
>> > changing anything else. You keep saying the wording change
>> actually
>> > changes nothing in practice. Some other people don't agree with
>> you.
>> > Just don't change wording that you claim changes NOTHING and has
>> > nothing to do with aggregation and everyone is happy. The fact
>> that
>> > you are pushing so hard to make this wording change, you refuse to
>> > back down or compromise, you insist on changing wording that
>> changes
>> > nothing and has nothing to do with aggregation...proves that you
>> don't
>> > believe that yourself. The fact is, I suspect that this is the
>> real
>> > change you want. You want to drop the current policy
>> requirement to
>> > define assignments with End User contacts. It is the aggregation
>> that
>> > is the side issue here. There is no other explanation for why
>> you are
>> > insisting so strongly on changing wording that changes nothing.
>>
>> Here we find ourselves in conspiracy theory land, frankly.
>>
>>
>> Uh. While questioning your motives is perhaps a bit rude, this is WAY
>> over the top, Tore.
>>
>> Please retract this weird accusation, I really don't understand your
>> motives for trying to label this as having to do with a conspiracy
>> theory. It tarnishes the discussion.
>
> This goes far beyond «questioning our motives». There is an assertion
> of "proof" that Jeroen deliberately make statements that we do not
> believe ourselves, in other words that we are lying to the working
> group. It is suggested that we are maliciously attempting to deceive
> the working group as to our true motives for submitting the policy
> proposal and what changes it will effect, and that the stated motive –
> introducing AGGREGATED-BY-LIR – is a mere "side issue" which is not
> our true, hidden, motive.
>
> Presumably the RIPE NCC must also be actively participating in this
> deception, or at the very least turn a blind eye to it.
>
> This ticks all the boxes in the Wikipedia definition of a conspiracy
> theory, with the possible exception that Jeroen and I could not
> reasonably be classified as a «powerful group».
>
> That said, labels are unimportant, so consider the statement
> retracted. Let us instead say that we vehemently disagree with the
> allegation that there are any ulterior motives behind 2023-04 and that
> we are actively attempting to deceive the working group in any way.
>
>
>> While you seem to argue that the RIPE NCC is both omniscient and
>> omnicompetent, I do not think it is that easy.
>>
>> I simply think that the RIPE NCC and you are mistaken.
>
> That is fair enough. We note your disagreement with the RIPE NCC as
> well, which we take to mean you do not allege that we are actively and
> intentionally misrepresenting the RIPE NCC's position in our messages.
> That is something, at least.
>
>
>> Continously appealing to RIPE NCC as the authority of policy and
>> policy interpretation is not a good thing.
>
> The RIPE NCC is the secretariat of the RIPE Community and is delegated
> the task of implementing and enforcing the RIPE Community policies, as
> well as to providing training to the LIRs on how to operationalise
> said policies. If that is not an authority worth paying attention to,
> I do not know what is.
>
> After all, any LIR which prefers the RIPE NCC interpretation of the
> policy in this regard is may simply adhere to it and act accordingly,
> and this is commonly done today. Thus the RIPE NCC's interpretation of
> the policy – mistaken or not – ends up becoming the (de facto) way the
> policy is implemented anyway.
>
>
> Tore & Jeroen
>
>
>
>
9 months, 3 weeks
Re: [address-policy-wg] 2023-04 New Policy Proposal (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by denis walker
Hi Tore
I will first answer your points in this email, now I've had more time
to think about it. Then I plan to send two longer emails. One on the
bigger picture and one specifically about your proposal text. It is
disappointing that so many people just said "+1 great proposal". I
think they have responded to the headline and not considered the
details or the implications. So let's consider some of them...
On Wed, 13 Sept 2023 at 08:59, Tore Anderson <tore(a)fud.no> wrote:
>
> Hello Denis,
>
> Let me start off by clearing up a misunderstanding:
>
> My brief example did not mean to convey that non-uniform contact
> information is the only thing that could make a set of objects non-
> uniform and thus unsuitable for AGGREGATED-BY-LIR.
>
> Rather, the exact opposite was the intended meaning - which is that
> almost any attribute can make a set of objects non-uniform. The tech-c
> attribute was only used an example to demonstrate this.
>
> With that out of the way, my answers to your remaining points follow
> in-line:
>
> * denis walker
>
> > Now let's look at a real life example.
> >
> > whois -rBm 195.238.192.0 - 195.238.223.255
> >
> > The first thing to note is that the admin-c and tech-c values are the
> > same in all the more specific assignments. Even the mnt-by is the
> > same, although you make no mention if that is a blokker for
> > aggregation or not. So by your definition these are 'completely
> > uniform' objects and can be aggregated.
>
> As I clarified above, these objects are in my view *not* uniform, as
> they have distinct netname, descr and country attributes (possibly
> others I missed too, I only skimmed through them quickly).
>
> The LIR in question clearly has a policy of publishing the street
> address of each assignee in the descr attribute. That is totally fine,
> and will continue to be totally fine after 2023-04 is implemented, but
> it makes their objects unsuitable for aggregation.
This is where the implications get interesting. Each of the objects in
the example I gave is in itself individually aggregatable. There is
nothing in your policy proposal that says an aggregate must cover
multiple assignments to multiple End Users. You say:
"In case of an audit, the LIR must be able to present statistics
showing the number of individual assignments made in all objects with
a status of 'AGGREGATED-BY-LIR."
So the number 1 is valid. You don't require the block size of the
individual assignments to be specified in the audit. So that 1 could
be the same size as the aggregate or a single IP address.
For every one of the assignments in this example allocation you can
change the status to AGGREGATED-BY-LIR and remove all the
identification and contact information for the actual end user. Your
proposal has dropped the requirement:
"When an End User has a network using public address space this must
be registered separately with the contact details of the End User."
It is not specified in the current policy if those contact details
must be the tech-c/admin-c or the address of the company. So the
objects in my example comply with the current policy.
With the current policy only when an End User is a natural person can
you replace the contact details with that of the LIR. With your policy
ANY or even ALL End Users can replace their contact details with that
of the LIR by changing the status to AGGREGATED-BY-LIR. In theory
every ASSIGNED PA object in the RIPE Database can become an
AGGREGATED-BY-LIR object with only LIR contact details. Now that won't
happen as a lot of responsible End Users will want their contact
details in the database for network problem resolution. But we all
know there are LIRs who provide services to spammers and other
abusers, knowingly or otherwise. You can be sure these End Users'
details will disappear from the database.
>
> > You will also note that all these objects contain optional descr
> > attributes. These attributes contain name and address details of the
> > end user. That is important information for many stakeholder groups
> > using the RIPE Database public registry. That detail will be lost in
> > an aggregation. Given that current policy requires these assignments
> > to be registered in the public registry, many users do include this
> > detail. Now we all know the RIPE Database design and technology is
> > very old and it does currently require some effort to manage this
> > data. (A problem that all users have noticed but no one has attempted
> > to fix.) Given a 'short cut' option, human nature suggests people
> > will use it, even if it is not the right thing to do for a public
> > registry. So aggregating across the whole database, may result in a
> > massive amount of detail being lost from the public registry.
>
> It is important to note that the information you mention as "important"
> here - the assignee's address - is (as you rightly point out) optional
> to include. An LIR is under no obligation to publish this information,
> and the inetnum object does not even contain an attribute dedicated to
> it.
>
> (While the organisation object has mandatory org-name and address
> attributes, the org attribute is optional in inetnum objects.)
>
> Thus the LIR in question already has a 'short cut' option available to
> them, should they feel managing the assignees' address information in
> the RIPE database is too burdensome - they can simply chose to not
> include that information in the first place.
>
> I want to emphasise that this policy proposal does not grant them this
> option, it is already there today.
This again is misleading. The LIR CANNOT do what you suggest with the
current policy. The current policy says:
"When an End User has a network using public address space this must
be registered separately with the contact details of the End User." As
I said above, It is not specified if those contact details must be the
tech-c/admin-c or the address of the company. In the example I gave
the admin-c/tech-c are the details of the LIR. But they comply with
the policy by including the address of the companies. They are the End
User contact details. If they chose to remove this optional
information then they no longer comply with current policy. But you
drop this policy condition. Therefore with your policy proposal you
allow them to remove this optional info and still comply with the
policy. Netname is just a string of LIR defined characters and does
not need to be unique. So they can all be set to the same string.
Country is also LIR defined and generally meaningless so they can all
be set to the same pointless value. So your proposal allows this LIR
to make all these assignments 'the same' and replace them all with a
single AGGREGATED-BY-LIR object. This is a very significant change to
the public registry. With this proposal ANY set of data can be
anonymised. There is no longer any requirement for End Users running
public networks to be identifiable or contactable.
This IS an option granted by this proposal that is NOT there today.
I can see a follow up question to the DB-WG, "How do I aggregate a
whole allocation?" Which may well replace the current question, "How
do I assign a whole allocation?" The consequence of this proposal is
the same as a previous suggestion to make assignments optional. Both
allow for the mass anonymisation of End Users.
>
> > Also note that there are gaps in the more specific assignments for
> > this allocation. For example 195.238.193.224 - 195.238.193.255 is not
> > assigned. Can your aggregated objects span these gaps? If so then we
> > lose sight of what address space is in use or available. It may no
> > longer be needed for further allocations but people do still use that
> > information.
>
> Yes, just as in IPv6, aggregated objects can span gaps. This is
> essential, as the primary use case targeted by AGGREGATED-BY-LIR is
> automated assignment pools with a high churn rate (e.g., a dynamic DHCP
> pool).
This may be your specified primary use case, but it can then be
extended to the entire database.
>
> In such environments, the .1, .2 and .3 addresses might be assigned
> before .2 might get de-assigned again - all within seconds, with no
> operator involvement. We believe it is not necessary to reflect this
> high level of granularity and rapid churn rate in the RIPE database.
>
> > The assignments are all randomly sized. Which is why you have dropped
> > the inet6num assignment-size attribute for inetnum objects. So if I
> > amgetting abuse from one specific IP address what should I do? I have
> > noidea from the aggregated block what the block size is that includes
> > this one IP address. Is there any other way to find this information,
> > maybe from routing details? If not, should I block and blacklist the
> > entire aggregated block? That could affect hundreds, maybe even
> > thousands, of users in some cases. This is not a problem with IPv6 as
> > you know the size of the block containing that address.
>
> My personal recommendation would be to block the specific IP address
> you are receiving abusive traffic from and send a complaint to the
> abuse-c for the inetnum in question.
Are you suggesting that abusers generally work with single IP
addresses, rather than cycling through a block of addresses?
>
> Note that this is not really much different than what you have to do
> today for abuse coming from customer assignments that are «registered
> as part of the service provider's internal infrastructure», cf. ripe-
> 708 section 6.2.
Just a note that ripe-708 was the address policy of 2018. There have
been 5 updates since then.
> That said, AGGREGATED-BY-LIR would here have made it
> clear that the abusive address is indeed assigned to a downstream
> customer and is not part of the service provider's internal
> infrastructure.
Take a look at these two examples of real data:
82.116.118.0 - 82.116.119.255
88.149.40.0 - 88.149.40.255
One is listed in a remarks as "dynamic DSL address pool" and the other
as "DHCP Customers". They are already aggregated. What do we gain by
changing the status on these objects from ASSIGNED PA to
AGGREGATED-BY-LIR? Suppose one LIR changes the status and the other
does not. As you said it is optional. Nothing changes for either LIR
in terms of what they must create, modify or delete in the database.
They are already aggregates. What can a casual viewer of this data in
the database deduce from these two new objects with different status
values? Without parsing the remarks they cannot deduce anything.
Either could be a single End User or multiple End Users. The status
doesn't distinguish either option. Why do we need a new status value?
We end up with two values that are completely interchangeable with no
way to interpret their different meanings without parsing remarks.
The bottom line is that this new status value adds no new benefit, but
can be seriously mis-used to cause considerable damage to the RIPE
Database as a public registry. It WILL be misused by those operating
public networks who wish to keep their details hidden from public
view.
cheers
denis
co-chair DB-WG
>
> Tore
1 year, 1 month
Re: [address-policy-wg] 2023-04 New Policy Proposal (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by Jeroen Lauwers
Hi Dennis,
It is good that you look carefully at the effects of the policy proposal, especially for abusing matters by end users. I only miss the complete pictures for this point. In the hypothetical case l as a LIR would like to help spammers I could use 6.2 as a valid reason for not registering the contact details of the end user. Second I could change quickly the IPs of the spammer and then update this quickly enough in the DB that still no one would be able to get any info. Because before the moment people have time to check the DB the information would be already gone. So as LIR I would be fully complying with the rules of the address policy and still be able to help spammers. And then we not even talking about if abusers would even try to write the proper contact information or privacy laws like GDPR.
In a lot of cases, it would be good to have end-user information but I don’t think we can solely trust on the idea that if we can contact end users a problem would be solved. In my experience, even with technical problems most end users won't have enough skills to solve problems by themself. So imagine than a case where the end user is on purpose abusing the IP space. In the end, it is the LIR's responsibility who is using the IP addresses that are assigned to this LIR. So I think in case of that a LIR is accidental or on purpose accommodating a spammer it is more efficient to focus on the LIR than the end user for stopping the abusing end user.
We hope that with this proposal more IP space will be covered in the database by making it easier to comply with the rules and give fewer LIRs the overwhelming feeling of repetitive tasks. At the moment the IP space without any child assignment in the database is growing every year. And I think we both agree that how more space is covered in the DB the better it is for the community.
Kind regards,
Jeroen
Op 22 sep. 2023, om 05:52 heeft denis walker <ripedenis(a)gmail.com<mailto:ripedenis@gmail.com>> het volgende geschreven:
Hi Tore
I will first answer your points in this email, now I've had more time
to think about it. Then I plan to send two longer emails. One on the
bigger picture and one specifically about your proposal text. It is
disappointing that so many people just said "+1 great proposal". I
think they have responded to the headline and not considered the
details or the implications. So let's consider some of them...
On Wed, 13 Sept 2023 at 08:59, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
Hello Denis,
Let me start off by clearing up a misunderstanding:
My brief example did not mean to convey that non-uniform contact
information is the only thing that could make a set of objects non-
uniform and thus unsuitable for AGGREGATED-BY-LIR.
Rather, the exact opposite was the intended meaning - which is that
almost any attribute can make a set of objects non-uniform. The tech-c
attribute was only used an example to demonstrate this.
With that out of the way, my answers to your remaining points follow
in-line:
* denis walker
Now let's look at a real life example.
whois -rBm 195.238.192.0 - 195.238.223.255
The first thing to note is that the admin-c and tech-c values are the
same in all the more specific assignments. Even the mnt-by is the
same, although you make no mention if that is a blokker for
aggregation or not. So by your definition these are 'completely
uniform' objects and can be aggregated.
As I clarified above, these objects are in my view *not* uniform, as
they have distinct netname, descr and country attributes (possibly
others I missed too, I only skimmed through them quickly).
The LIR in question clearly has a policy of publishing the street
address of each assignee in the descr attribute. That is totally fine,
and will continue to be totally fine after 2023-04 is implemented, but
it makes their objects unsuitable for aggregation.
This is where the implications get interesting. Each of the objects in
the example I gave is in itself individually aggregatable. There is
nothing in your policy proposal that says an aggregate must cover
multiple assignments to multiple End Users. You say:
"In case of an audit, the LIR must be able to present statistics
showing the number of individual assignments made in all objects with
a status of 'AGGREGATED-BY-LIR."
So the number 1 is valid. You don't require the block size of the
individual assignments to be specified in the audit. So that 1 could
be the same size as the aggregate or a single IP address.
For every one of the assignments in this example allocation you can
change the status to AGGREGATED-BY-LIR and remove all the
identification and contact information for the actual end user. Your
proposal has dropped the requirement:
"When an End User has a network using public address space this must
be registered separately with the contact details of the End User."
It is not specified in the current policy if those contact details
must be the tech-c/admin-c or the address of the company. So the
objects in my example comply with the current policy.
With the current policy only when an End User is a natural person can
you replace the contact details with that of the LIR. With your policy
ANY or even ALL End Users can replace their contact details with that
of the LIR by changing the status to AGGREGATED-BY-LIR. In theory
every ASSIGNED PA object in the RIPE Database can become an
AGGREGATED-BY-LIR object with only LIR contact details. Now that won't
happen as a lot of responsible End Users will want their contact
details in the database for network problem resolution. But we all
know there are LIRs who provide services to spammers and other
abusers, knowingly or otherwise. You can be sure these End Users'
details will disappear from the database.
You will also note that all these objects contain optional descr
attributes. These attributes contain name and address details of the
end user. That is important information for many stakeholder groups
using the RIPE Database public registry. That detail will be lost in
an aggregation. Given that current policy requires these assignments
to be registered in the public registry, many users do include this
detail. Now we all know the RIPE Database design and technology is
very old and it does currently require some effort to manage this
data. (A problem that all users have noticed but no one has attempted
to fix.) Given a 'short cut' option, human nature suggests people
will use it, even if it is not the right thing to do for a public
registry. So aggregating across the whole database, may result in a
massive amount of detail being lost from the public registry.
It is important to note that the information you mention as "important"
here - the assignee's address - is (as you rightly point out) optional
to include. An LIR is under no obligation to publish this information,
and the inetnum object does not even contain an attribute dedicated to
it.
(While the organisation object has mandatory org-name and address
attributes, the org attribute is optional in inetnum objects.)
Thus the LIR in question already has a 'short cut' option available to
them, should they feel managing the assignees' address information in
the RIPE database is too burdensome - they can simply chose to not
include that information in the first place.
I want to emphasise that this policy proposal does not grant them this
option, it is already there today.
This again is misleading. The LIR CANNOT do what you suggest with the
current policy. The current policy says:
"When an End User has a network using public address space this must
be registered separately with the contact details of the End User." As
I said above, It is not specified if those contact details must be the
tech-c/admin-c or the address of the company. In the example I gave
the admin-c/tech-c are the details of the LIR. But they comply with
the policy by including the address of the companies. They are the End
User contact details. If they chose to remove this optional
information then they no longer comply with current policy. But you
drop this policy condition. Therefore with your policy proposal you
allow them to remove this optional info and still comply with the
policy. Netname is just a string of LIR defined characters and does
not need to be unique. So they can all be set to the same string.
Country is also LIR defined and generally meaningless so they can all
be set to the same pointless value. So your proposal allows this LIR
to make all these assignments 'the same' and replace them all with a
single AGGREGATED-BY-LIR object. This is a very significant change to
the public registry. With this proposal ANY set of data can be
anonymised. There is no longer any requirement for End Users running
public networks to be identifiable or contactable.
This IS an option granted by this proposal that is NOT there today.
I can see a follow up question to the DB-WG, "How do I aggregate a
whole allocation?" Which may well replace the current question, "How
do I assign a whole allocation?" The consequence of this proposal is
the same as a previous suggestion to make assignments optional. Both
allow for the mass anonymisation of End Users.
Also note that there are gaps in the more specific assignments for
this allocation. For example 195.238.193.224 - 195.238.193.255 is not
assigned. Can your aggregated objects span these gaps? If so then we
lose sight of what address space is in use or available. It may no
longer be needed for further allocations but people do still use that
information.
Yes, just as in IPv6, aggregated objects can span gaps. This is
essential, as the primary use case targeted by AGGREGATED-BY-LIR is
automated assignment pools with a high churn rate (e.g., a dynamic DHCP
pool).
This may be your specified primary use case, but it can then be
extended to the entire database.
In such environments, the .1, .2 and .3 addresses might be assigned
before .2 might get de-assigned again - all within seconds, with no
operator involvement. We believe it is not necessary to reflect this
high level of granularity and rapid churn rate in the RIPE database.
The assignments are all randomly sized. Which is why you have dropped
the inet6num assignment-size attribute for inetnum objects. So if I
amgetting abuse from one specific IP address what should I do? I have
noidea from the aggregated block what the block size is that includes
this one IP address. Is there any other way to find this information,
maybe from routing details? If not, should I block and blacklist the
entire aggregated block? That could affect hundreds, maybe even
thousands, of users in some cases. This is not a problem with IPv6 as
you know the size of the block containing that address.
My personal recommendation would be to block the specific IP address
you are receiving abusive traffic from and send a complaint to the
abuse-c for the inetnum in question.
Are you suggesting that abusers generally work with single IP
addresses, rather than cycling through a block of addresses?
Note that this is not really much different than what you have to do
today for abuse coming from customer assignments that are «registered
as part of the service provider's internal infrastructure», cf. ripe-
708 section 6.2.
Just a note that ripe-708 was the address policy of 2018. There have
been 5 updates since then.
That said, AGGREGATED-BY-LIR would here have made it
clear that the abusive address is indeed assigned to a downstream
customer and is not part of the service provider's internal
infrastructure.
Take a look at these two examples of real data:
82.116.118.0 - 82.116.119.255
88.149.40.0 - 88.149.40.255
One is listed in a remarks as "dynamic DSL address pool" and the other
as "DHCP Customers". They are already aggregated. What do we gain by
changing the status on these objects from ASSIGNED PA to
AGGREGATED-BY-LIR? Suppose one LIR changes the status and the other
does not. As you said it is optional. Nothing changes for either LIR
in terms of what they must create, modify or delete in the database.
They are already aggregates. What can a casual viewer of this data in
the database deduce from these two new objects with different status
values? Without parsing the remarks they cannot deduce anything.
Either could be a single End User or multiple End Users. The status
doesn't distinguish either option. Why do we need a new status value?
We end up with two values that are completely interchangeable with no
way to interpret their different meanings without parsing remarks.
The bottom line is that this new status value adds no new benefit, but
can be seriously mis-used to cause considerable damage to the RIPE
Database as a public registry. It WILL be misused by those operating
public networks who wish to keep their details hidden from public
view.
cheers
denis
co-chair DB-WG
Tore
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
1 year, 1 month
Re: [address-policy-wg] 2023-04 New Policy Proposal (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by denis walker
Hi Jeroen
I only used abuse as one example. But as you have picked up on it I'll
go with the flow.
On Fri, 22 Sept 2023 at 09:45, Jeroen Lauwers <jlauwers(a)a2b-internet.com> wrote:
>
> Hi Dennis,
>
> It is good that you look carefully at the effects of the policy proposal, especially for abusing matters by end users. I only miss the complete pictures for this point. In the hypothetical case l as a LIR would like to help spammers I could use 6.2 as a valid reason for not registering the contact details of the end user.
No you can't, unless they are a natural person (with contact details
replaced in their assignment object with those of the LIR) or only
have a single IP address (DSL customer).
> Second I could change quickly the IPs of the spammer and then update this quickly enough in the DB that still no one would be able to get any info. Because before the moment people have time to check the DB the information would be already gone. So as LIR I would be fully complying with the rules of the address policy and still be able to help spammers.
You might be able to change it faster than a human can read it, but
not faster than a machine can process it. The information has not
'gone'. The database has a historical audit trail. Every change you
make is logged. I am working on a proposal for a one time post
processing of historical data. This will make much more information
available from the data without violating privacy or GDPR. This will
prevent LIRs from doing tricks like this to hide things.
But it is interesting that you seem to think you can make quick
changes to the database without too much effort, when it is something
you want to do. But one of the cornerstones of your argument for this
proposal is that it is too much effort to make quick changes, when it
is something you don't want to do, like complying with policy.
> And then we not even talking about if abusers would even try to write the proper contact information or privacy laws like GDPR.
There are requirements for LIRs to enter correct information into the
database. You know who the End Users are as they pay you for services.
You have contracts with them. The information in assignment objects is
entered by the LIRs not the End Users.
>
> In a lot of cases, it would be good to have end-user information but I don’t think we can solely trust on the idea that if we can contact end users a problem would be solved. In my experience, even with technical problems most end users won't have enough skills to solve problems by themself.
Again you are assuming that the RIPE Database is nothing more than a
phone book for operators to solve network problems. It is a public
registry; it has evolved beyond a simple phone book for operators.
> So imagine than a case where the end user is on purpose abusing the IP space. In the end, it is the LIR's responsibility who is using the IP addresses that are assigned to this LIR. So I think in case of that a LIR is accidental or on purpose accommodating a spammer it is more efficient to focus on the LIR than the end user for stopping the abusing end user.
So as an LIR are you accepting responsibility (and liability) for
abuse from one of your End Users?
>
> We hope that with this proposal more IP space will be covered in the database by making it easier to comply with the rules and give fewer LIRs the overwhelming feeling of repetitive tasks.
You keep pushing this "overwhelming feeling of repetitive tasks"
angle. Machines have been helping with these repetitive tasks since
Charles Babbage developed his analytical engine almost 200 years ago.
Most LIRs have engineers who understand computers. We are after all
the people who manage the global internet. We are running a service
used by the biggest tech companies in the world. So are you saying
that in 2023 we can't manage a distributed database without
overwhelming repetitive tasks?
> At the moment the IP space without any child assignment in the database is growing every year.
You can manipulate numbers to make any point you like. How many of
these 'growing' allocations without assignments are /24 allocations?
Not only has the RIPE NCC been making only /24 allocations for quite a
few years, but people also buy /24 blocks on the open market which
then get registered as allocations. The RIPE NCC /24 allocations were
intended to be used by new LIRs who needed some IPv4 address space for
their own infrastructure. So you would expect them to have no
assignments. But that is not what happened with a lot of them. Many of
these /24 allocations are now held by financial investors, managed by
brokers and rented out to End Users, many of whom are other LIRs who
may then even sub-assign them. None of this is represented in the RIPE
Database as the old data model can't match new business models like
this. There is nothing wrong with new business models. It is an
inevitable consequence of monetizing IP addresses. But the RIPE
Database needs to catch up. That is difficult because no one will talk
about it. This proposal doesn't help with the bigger picture.
You talk about LIRs sometimes being a better option to contact
regarding address space usage. When the LIR/resource holder is a
financial investor with no knowledge of IT, the broker renting out the
space wants to keep a low profile, but they may be providing the LIR
services, and the End User may also know nothing, then who do we talk
to now in this new chain?
> And I think we both agree that how more space is covered in the DB the better it is for the community.
ALL address space is covered by allocations. Having lots of the more
specific information hidden is not better for the community.
Cheers
denis
co-chair DB-WG
>
> Kind regards,
>
> Jeroen
>
>
> Op 22 sep. 2023, om 05:52 heeft denis walker <ripedenis(a)gmail.com> het volgende geschreven:
>
> Hi Tore
>
> I will first answer your points in this email, now I've had more time
> to think about it. Then I plan to send two longer emails. One on the
> bigger picture and one specifically about your proposal text. It is
> disappointing that so many people just said "+1 great proposal". I
> think they have responded to the headline and not considered the
> details or the implications. So let's consider some of them...
>
> On Wed, 13 Sept 2023 at 08:59, Tore Anderson <tore(a)fud.no> wrote:
>
>
> Hello Denis,
>
> Let me start off by clearing up a misunderstanding:
>
> My brief example did not mean to convey that non-uniform contact
> information is the only thing that could make a set of objects non-
> uniform and thus unsuitable for AGGREGATED-BY-LIR.
>
> Rather, the exact opposite was the intended meaning - which is that
> almost any attribute can make a set of objects non-uniform. The tech-c
> attribute was only used an example to demonstrate this.
>
> With that out of the way, my answers to your remaining points follow
> in-line:
>
> * denis walker
>
> Now let's look at a real life example.
>
> whois -rBm 195.238.192.0 - 195.238.223.255
>
> The first thing to note is that the admin-c and tech-c values are the
> same in all the more specific assignments. Even the mnt-by is the
> same, although you make no mention if that is a blokker for
> aggregation or not. So by your definition these are 'completely
> uniform' objects and can be aggregated.
>
>
> As I clarified above, these objects are in my view *not* uniform, as
> they have distinct netname, descr and country attributes (possibly
> others I missed too, I only skimmed through them quickly).
>
> The LIR in question clearly has a policy of publishing the street
> address of each assignee in the descr attribute. That is totally fine,
> and will continue to be totally fine after 2023-04 is implemented, but
> it makes their objects unsuitable for aggregation.
>
>
> This is where the implications get interesting. Each of the objects in
> the example I gave is in itself individually aggregatable. There is
> nothing in your policy proposal that says an aggregate must cover
> multiple assignments to multiple End Users. You say:
> "In case of an audit, the LIR must be able to present statistics
> showing the number of individual assignments made in all objects with
> a status of 'AGGREGATED-BY-LIR."
> So the number 1 is valid. You don't require the block size of the
> individual assignments to be specified in the audit. So that 1 could
> be the same size as the aggregate or a single IP address.
> For every one of the assignments in this example allocation you can
> change the status to AGGREGATED-BY-LIR and remove all the
> identification and contact information for the actual end user. Your
> proposal has dropped the requirement:
> "When an End User has a network using public address space this must
> be registered separately with the contact details of the End User."
> It is not specified in the current policy if those contact details
> must be the tech-c/admin-c or the address of the company. So the
> objects in my example comply with the current policy.
> With the current policy only when an End User is a natural person can
> you replace the contact details with that of the LIR. With your policy
> ANY or even ALL End Users can replace their contact details with that
> of the LIR by changing the status to AGGREGATED-BY-LIR. In theory
> every ASSIGNED PA object in the RIPE Database can become an
> AGGREGATED-BY-LIR object with only LIR contact details. Now that won't
> happen as a lot of responsible End Users will want their contact
> details in the database for network problem resolution. But we all
> know there are LIRs who provide services to spammers and other
> abusers, knowingly or otherwise. You can be sure these End Users'
> details will disappear from the database.
>
>
> You will also note that all these objects contain optional descr
> attributes. These attributes contain name and address details of the
> end user. That is important information for many stakeholder groups
> using the RIPE Database public registry. That detail will be lost in
> an aggregation. Given that current policy requires these assignments
> to be registered in the public registry, many users do include this
> detail. Now we all know the RIPE Database design and technology is
> very old and it does currently require some effort to manage this
> data. (A problem that all users have noticed but no one has attempted
> to fix.) Given a 'short cut' option, human nature suggests people
> will use it, even if it is not the right thing to do for a public
> registry. So aggregating across the whole database, may result in a
> massive amount of detail being lost from the public registry.
>
>
> It is important to note that the information you mention as "important"
> here - the assignee's address - is (as you rightly point out) optional
> to include. An LIR is under no obligation to publish this information,
> and the inetnum object does not even contain an attribute dedicated to
> it.
>
> (While the organisation object has mandatory org-name and address
> attributes, the org attribute is optional in inetnum objects.)
>
> Thus the LIR in question already has a 'short cut' option available to
> them, should they feel managing the assignees' address information in
> the RIPE database is too burdensome - they can simply chose to not
> include that information in the first place.
>
> I want to emphasise that this policy proposal does not grant them this
> option, it is already there today.
>
>
> This again is misleading. The LIR CANNOT do what you suggest with the
> current policy. The current policy says:
> "When an End User has a network using public address space this must
> be registered separately with the contact details of the End User." As
> I said above, It is not specified if those contact details must be the
> tech-c/admin-c or the address of the company. In the example I gave
> the admin-c/tech-c are the details of the LIR. But they comply with
> the policy by including the address of the companies. They are the End
> User contact details. If they chose to remove this optional
> information then they no longer comply with current policy. But you
> drop this policy condition. Therefore with your policy proposal you
> allow them to remove this optional info and still comply with the
> policy. Netname is just a string of LIR defined characters and does
> not need to be unique. So they can all be set to the same string.
> Country is also LIR defined and generally meaningless so they can all
> be set to the same pointless value. So your proposal allows this LIR
> to make all these assignments 'the same' and replace them all with a
> single AGGREGATED-BY-LIR object. This is a very significant change to
> the public registry. With this proposal ANY set of data can be
> anonymised. There is no longer any requirement for End Users running
> public networks to be identifiable or contactable.
>
> This IS an option granted by this proposal that is NOT there today.
>
> I can see a follow up question to the DB-WG, "How do I aggregate a
> whole allocation?" Which may well replace the current question, "How
> do I assign a whole allocation?" The consequence of this proposal is
> the same as a previous suggestion to make assignments optional. Both
> allow for the mass anonymisation of End Users.
>
>
> Also note that there are gaps in the more specific assignments for
> this allocation. For example 195.238.193.224 - 195.238.193.255 is not
> assigned. Can your aggregated objects span these gaps? If so then we
> lose sight of what address space is in use or available. It may no
> longer be needed for further allocations but people do still use that
> information.
>
>
> Yes, just as in IPv6, aggregated objects can span gaps. This is
> essential, as the primary use case targeted by AGGREGATED-BY-LIR is
> automated assignment pools with a high churn rate (e.g., a dynamic DHCP
> pool).
>
>
> This may be your specified primary use case, but it can then be
> extended to the entire database.
>
>
> In such environments, the .1, .2 and .3 addresses might be assigned
> before .2 might get de-assigned again - all within seconds, with no
> operator involvement. We believe it is not necessary to reflect this
> high level of granularity and rapid churn rate in the RIPE database.
>
> The assignments are all randomly sized. Which is why you have dropped
> the inet6num assignment-size attribute for inetnum objects. So if I
> amgetting abuse from one specific IP address what should I do? I have
> noidea from the aggregated block what the block size is that includes
> this one IP address. Is there any other way to find this information,
> maybe from routing details? If not, should I block and blacklist the
> entire aggregated block? That could affect hundreds, maybe even
> thousands, of users in some cases. This is not a problem with IPv6 as
> you know the size of the block containing that address.
>
>
> My personal recommendation would be to block the specific IP address
> you are receiving abusive traffic from and send a complaint to the
> abuse-c for the inetnum in question.
>
>
> Are you suggesting that abusers generally work with single IP
> addresses, rather than cycling through a block of addresses?
>
>
> Note that this is not really much different than what you have to do
> today for abuse coming from customer assignments that are «registered
> as part of the service provider's internal infrastructure», cf. ripe-
> 708 section 6.2.
>
>
> Just a note that ripe-708 was the address policy of 2018. There have
> been 5 updates since then.
>
> That said, AGGREGATED-BY-LIR would here have made it
> clear that the abusive address is indeed assigned to a downstream
> customer and is not part of the service provider's internal
> infrastructure.
>
>
> Take a look at these two examples of real data:
> 82.116.118.0 - 82.116.119.255
> 88.149.40.0 - 88.149.40.255
>
> One is listed in a remarks as "dynamic DSL address pool" and the other
> as "DHCP Customers". They are already aggregated. What do we gain by
> changing the status on these objects from ASSIGNED PA to
> AGGREGATED-BY-LIR? Suppose one LIR changes the status and the other
> does not. As you said it is optional. Nothing changes for either LIR
> in terms of what they must create, modify or delete in the database.
> They are already aggregates. What can a casual viewer of this data in
> the database deduce from these two new objects with different status
> values? Without parsing the remarks they cannot deduce anything.
> Either could be a single End User or multiple End Users. The status
> doesn't distinguish either option. Why do we need a new status value?
> We end up with two values that are completely interchangeable with no
> way to interpret their different meanings without parsing remarks.
>
> The bottom line is that this new status value adds no new benefit, but
> can be seriously mis-used to cause considerable damage to the RIPE
> Database as a public registry. It WILL be misused by those operating
> public networks who wish to keep their details hidden from public
> view.
>
> cheers
> denis
> co-chair DB-WG
>
>
> Tore
>
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
>
>
1 year, 1 month
Re: [address-policy-wg] 2023-04 The bigger picture
by Carlos Friaças
Greetings Denis, All,
Yes, it was a very long message :-)
Well, maybe not, if we keep in mind the time you have worked and thought
about and around the RIPE database.
I obviously don't agree with everything you wrote, while i can agree with
most of it.
2023-04 seems a bad idea to me, but at least it doesn't prevent anyone to
keep on the registration of their assignments if they wish to do so. This
proposal sounds like a "less effort for everyone" proposal, and for me,
even if it's unintended, a way to increase opacity.
Is it enough for a public registry to have just the association between
address space and its direct members? -- i don't believe so.
Some LIRs are not registering their assignments (violating current policy,
right?), so we change/update the policy to make their lack of action as
part of the policy? It sounds very wrong to increase compliance levels
artificially by changing the rules.
I see "arguments opposing the proposal" = none. I would like to disagree.
The quality of publicly available registration data is likely to decrease
if this proposal goes through.
Regards,
Carlos
On Mon, 25 Sep 2023, denis walker wrote:
> Colleagues
>
> I want to look at the bigger picture here. I apologise again for
> another long email. There are many issues here that this community has
> ignored for too long. So I hope some of you will at least read through
> to the end, think about what I say and comment...maybe even support
> the general idea...
>
> Although this has been a discussion with only a handful of people it
> has raised some interesting points. Many followers may have missed the
> significance of some of these points or perhaps not thought deeply
> about them. These include (in no particular order):
> -Different registration requirements for IPv4 and IPv6
> -Differences in the way IPv4 and IPv6 have been allocated and assigned over time
> -Block size (fixed or random)
> -Retro fitting of features
> -Different levels of adherence to policy by resource holders
> -Voluntary nature of supplying some details
> -No consistent approach to supplied data
> -Confusion for some resource holders about what data to publish
> -Effort required to maintain data in the RIPE Database
> -Volatility of some fast changing data
> -Privacy
> -Customer confidentiality
> -Public interest
> -Public registry
> -Registering public networks
> -Addresses defined as free text (sometimes including name)
>
> This is a lot of issues wrapped around one policy proposal. This
> proposal will not address all, or even most, of these issues. I don't
> believe this is the right way forward. But what is the root problem
> here and how can we address it?
>
> There are also some other points to consider. At recent RIPE Meetings
> some prominent members of this community have told me in the strongest
> possible terms that there is no way in hell that they are going to
> list any of their customer's details in the public RIPE Database. No
> matter what any policy says. Commercial confidentiality seems to be a
> very sensitive issue for some resource holders. Of course this is a
> valid concern. But it needs to be balanced. Policy needs consensus,
> but when we have a consensus all resource holders must follow it. That
> is the only way a self regulating industry can work.
>
> Another reason of concern is the alignment of handling both IPv4 and
> IPv6 registrations in the RIPE Database. Where we have two systems
> that are managed in different ways, there are of course two ways they
> can be aligned. We can dumb down the IPv4 data to the level of IPv6.
> Or we can raise the IPv6 data to the level of IPv4. Everyone is
> focused on the dumbing down option. No one has even considered moving
> in the other direction. I have never understood why the IPv6
> registration policy was not written with the same requirements in mind
> as the IPv4 in the first instance. Maybe at the time the automation
> options available then were not as extensive as they are today.
> Computer power and bandwidth were certainly not comparable to what
> they are today. Changes to the RIPE Database data model, interfaces,
> technology and design would make it possible to raise the level of
> IPv6 information available in the public registry to the same level as
> IPv4.
>
> At the heart of this issue is a public registry. But what is that in
> 2023? What does it mean? What should be in it? Who is it for? How do
> we achieve a three way balance between commercial sensitivity, public
> need and privacy? These are the sort of questions I was hoping the
> RIPE Database Requirements Task Force would answer when they started
> their work. The end result was a little disappointing. They didn't
> answer any of these questions. They focussed most of their attention
> looking backwards. Many of us know the history. We want to know how to
> move forwards. These types of proposals are not the right way forward.
> So where should we be heading? I believe we need a new Task Force to
> do what I thought the last one would do. To determine the business
> requirements for the RIPE Database as a public registry in the 2020s
> and beyond. To answer these fundamental questions. To establish the
> registration requirements for a public registry that we can have a
> consensus on and everyone will accept and apply.
>
> Daniel said at the BOFF in Iceland, "It's time to stop tinkering
> around the edges of the RIPE Database". But that is exactly what these
> policy proposals are doing. Here we are trying to retrofit an IPv6
> construct onto IPv4. Straight away assignment-size had to be dropped
> as it won't fit with the way IPv4 assignments are made or how they
> could be retrospectively aggregated. Knowing the blocksize has nothing
> to do with HD ratios and further allocations. It tells you nothing
> about how many assignments have been made from the aggregate, 1 or
> 100. It exists for IPv6 for other reasons. The same reasons we need
> for IPv4 but can't achieve, because the two systems are not the same.
>
> We need to start with a full, forward looking Business Requirements
> document for the RIPE Database, based on accepted business analysis
> procedures. We can follow that with a Technical Requirements document
> outlining how things should be done. Not at the level of defining
> technology or software design, that is for the NCC engineer's to
> determine. This should include the outline design of the data model
> and interfaces to commercial IPAM systems. Syncing bits of your
> internal data, as defined necessary for a public registry, with a
> database really isn't the problem in 2023. There should be no labour
> intensive work here. It doesn't matter if the RIPE Database has 5m or
> 50m or 500m assignment data sets in it. As long as they contain the
> data defined by the requirements to serve as a balanced public
> registry. No one should be manually entering this data. No one is
> going to read this data. We can build tools to provide information
> from this data in a human understandable format. In terms of
> registration requirements there should be little or no distinction
> between IPv4 and IPv6. But that doesn't mean we take the lowest common
> level.
>
> In case anyone is in any doubt, I am suggesting a redesign and rebuild
> of the RIPE Database, based on an updated understanding of what is
> needed to maintain and operate a public registry for all stakeholders.
> I know none of the RIPE community nor the RIPE WG chairs nor the RIPE
> NCC membership (who pay for it) nor the RIPE NCC executive board or
> senior management has any appetite for this. In the past whenever I
> have brought up this subject I have been totally ignored. Replying to
> emails where I have mentioned this, people have noticeably answered
> other points and cut out any reference to redesigning the RIPE
> Database. Many people have gone to extraordinary lengths to avoid even
> having this conversation. Seriously guys, the time has come to have
> this conversation. Daniel tried to start it at that BOFF. The RIPE
> community has just let it drop...again.
>
> The current design of the RIPE Database data model and software is
> about 25 years old. It was a big waterfall project with a big bang
> release and switch over from version 2 in April 2001. Aspects of the
> design, including having all data stored in untouched, human readable,
> text blocks, even predates this. We have had two major rewrites of the
> software in this time in C and then java. But the underlying design
> was not changed at all. Much of it is no longer fit for purpose. This
> attempt to retro fit aggregations from IPv6 to IPv4 highlights some of
> the cracks. It gets harder and harder to make significant changes to
> this system over time. Like assigning a whole allocation which cuts to
> the core of the software design and data model. Just to make this one
> change would be a very disruptive process for all users. Even if we
> decide today to set up a new task force to determine the business
> requirements, then the technical requirements, then redesign and
> rebuild in small agile chunks, we won't have a new system for at least
> 5 years. By then we are working with a 30 year old data model and
> system design. That is the age of dinosaurs in the IT world. Do we
> really want to wait until it breaks before we do anything? Calm,
> collective consideration is a better working model than panic,
> reactive mode. We are long overdue for this.
>
> It does not need to be done again in one huge step. It can be done
> incrementally. Use agile not waterfall methods. The whole system can
> be easily broken down into subsystems which can be worked on
> independently and deployed without massive disruption. I'll give some
> of my own thoughts and ideas on how some of this can be done.
>
> Task Force 1 to determine the business requirements of the RIPE
> Database as a public registry.
>
> Task Force 2 to determine the technical requirements of the RIPE
> Database as a public registry.
>
> Redesigned data model dropping the old fashioned requirement to have
> all data stored in untouched text blocks and be human readable. Stored
> data should be machine parsable and processable. Tools and interfaces
> can be provided to offer information based on the stored data or raw
> data for further machine processing.
>
> Accommodate new business models including the acceptance of investors
> and commercial RIRs operating below the RIPE NCC.
>
> Interfaces to commercial IPAM systems so all the required data can be
> uploaded and synced without human effort.
>
> Expand the LIR Portal to a system of user accounts for anyone who
> enters data into the database and identified/verified power users who
> consume the data.
>
> Notifications are basically an audit trail of changes to your data.
> This should be configured through the user accounts. No need for it to
> be spread throughout the entire database at the data set level. There
> are millions of attributes with duplicated email addresses all over
> the data. This has no public interest value at all and should not be
> public data.
>
> We should design a new authorisation and authentication scheme, also
> configured through the user accounts. Again details about the security
> of your data have no public interest value and should not be public
> data. I don't know of any other web based system that publishes so
> much information about how you secure and protect your data.
>
> The basic data is composed of hierarchical sets of IP addresses. But
> only abuse contacts use inheritance. All contact and management data
> should be inherited. That again could remove millions of items of
> duplicated, redundant data. Structure of contact and identification
> data should also be redesigned with privacy and confidentiality in
> mind.
>
> Resource holder and End User name and address details should be
> properly formatted rather than free text.
>
> Requirements for user registration details in a public registry could
> be re-evaluated and re-designed from the bottom up with a three way
> balance of privacy, confidentiality and public interest in mind.
>
> Language and characterisation of data can be re-evaluated for the
> whole data set.
>
> Routing data could be better structured with usage in mind. Tools
> could be built in to provide the structured data needed by those who
> use this data.
>
> Geolocation data could be built in rather than relying on external files.
>
> Basic, anonymous queries could be limited to bare bones data with no
> PII. More detailed data could be provided only to verified query
> users, with accounts, with different levels of detail.
>
> Historical data could be subject to a one time post processing to
> remove PII from public view but still allow anonymised cross
> referencing that researchers and investigators can do now with the PII
> data.
>
> The whole dataset should be organisation centric. Every piece of data
> entered into the database should be directly or indirectly linked to
> an organisation described in the dataset. There is no reason to allow
> anonymous or orphaned data to be entered.
>
> All changes of this nature could be made independently and gradually
> introduced. But we do need a road map based on a bigger picture so we
> know where we are heading. Especially for the core changes.
>
>
>
> If there is one thing I want you to consider from this message it is this:
> id nunc, aliquo tempore postea fit numquam
>
> I am not well know for my language skills so let me say it in English:
> do it now, sometime later becomes never
>
> cheers
> denis
> co-chair DB-WG
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg
>
1 year, 1 month
Re: [address-policy-wg] 2023-04 Review Phase (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
by Erik Bais
Dear Denis,
Thank you for your long email.
I have a couple comments that I like to make on it, especially about what you state in regards to what our ‘mandate’ is as WG Chairs, on the WG ML and the PDP discussions.
As AP-WG chairs we aim to facilitate fruitful discussions on topics that are within the scope of Address Policy, as this is the Address Policy WG.
As such, we like to keep the discussion, civil, on topic and hope to see PDP related discussions about the policy that is proposed.
We will moderate the discussions, to stay on topic of the said policy, to avoid having very long discussion that are not related to the policy itself.
This policy in particular is quite clear and although it proposes on how to change/register assignments in the database, it doesn’t talk about a complete database redesign or overhaul.
If you like to create a full TF or alike to have a discussion about the state of the DB, please do so in the correct WG for it. ( please read this as . . . not in AP-WG )
So, yes we’ve read your email and we will note your objection.
Regards,
Erik Bais
on behalf of the Co-Chair collective of the AP-WG.
From: address-policy-wg <address-policy-wg-bounces(a)ripe.net> on behalf of denis walker <ripedenis(a)gmail.com>
Date: Saturday, 10 February 2024 at 09:10
To: "address-policy-wg(a)ripe.net" <address-policy-wg(a)ripe.net>
Cc: Tore Anderson <tore(a)fud.no>, Jan Ingvoldstad <frettled(a)gmail.com>
Subject: Re: [address-policy-wg] 2023-04 Review Phase (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)
Colleagues
I am back!! Thanks to those who agreed I should never have been away. I am not going to focus on that for now. I do have a lot to say around that issue. But that is for another day, on another mailing list. I won't discuss it here and I will wait until we conclude the discussion on this proposal. I want people to focus on the message rather than the messenger.
There hasn't been much conversation while I have been away, but still several significant points that seemed to have been missed by most observers. I have answered all points raised by several people in this single email. In these days of uncertainty, who knows how long any of us will be around. So it is more of an article than an email. But I do end with a positive recommendation.
Let's start with a comment by Leo:
"We encourage everyone to focus comments on the proposal and its potential impact. Do not comment on individuals, their characteristics, or motivations."
The co-chairs have no authority to determine what constitutes part of this discussion. If individuals use tactics that may confuse the community or repeatedly make comments that are not true, they make themselves part of the discussion. The co-chairs have no right to try to prevent these issues from being highlighted and discussed. People need to understand that personal criticism is not a personal attack, even if it is strong criticism. When an individual repeatedly says something that is not true, to highlight this issue and ask them why they keep saying this is not a personal attack. Criticism is part of life, especially in business. Throughout this discussion there has been lots of criticism thrown at me. My characteristics have been heavily criticised and commented on. Even who I speak for has been questioned. No one has questioned if an employee speaks on behalf of their employer. My motivations have also been questioned. It was suggested that I should not talk about the RIPE Database on the Address Policy WG. Even though the old design and technology of the database is one of the key elements used to support the need for aggregation. So much criticism aimed at me and yet the co-chairs saw no reason to intervene. They only intervene when I criticise someone.
Then there is motivation. Is it questionable? A lot of the discussion on policy is political, commercial and self interest based. In these contexts I believe it is acceptable to question motivation. The co-chairs never asked what I meant by what I said. Of course the proposal is about aggregation. It's in the title and the text. But it is about a lot more than that. There are two main aspects to this proposal. An inconsequential, minor feature change that people may or may not use. And a major change to the handling of End User details, which people also may or may not take advantage of. The two aspects combined can make a massive change to the available information in the RIPE Database. But the proposal did not even mention the change to End User details. Is it important? Well after I pointed it out, some people who had said "+1 I agree with this proposal" changed their mind and withdrew their support. So for them it was highly relevant. There are sections in the proposal template for supporting and opposing issues relating to the proposal. Depending on your point of view this major change should have been listed in one of those sections. But it wasn't. So did the proposers fully understand the implications of this change or not? I must be allowed to ask that question as part of this discussion. If they did understand it, why did they not mention it? Did they overlook it, or was there some other reason? Again I have to be able to ask these questions. This is all about motivation. To ask these questions and understand what happened is not a personal attack. It is a reasonable line of inquiry.
Enough about the messenger, let's get back to the message.
------------------------
On Mon, 18 Dec 2023 at 16:49, Edwin Verheul via address-policy-wg <address-policy-wg(a)ripe.net<mailto:address-policy-wg@ripe.net>> wrote:
>
> I support this proposal.
>
> Since this policy introduces convenience for LIR by aligning ipv4 object policy to the ipv6 policy, unclear usage of the admin contact should not prevent this improvement in policy.
This pretty much sums up a lot of people's view of this proposal. It is 'convenient' for the operators. Who cares if it is the right thing to do or not, it is convenient. It doesn't align v4 and v6, there are significant differences in the defined aggregations. Never mind if we don't understand what the data means, let's just change it anyway as it is convenient.
Maybe a few of you should watch John Curran's keynote speech at NANOG on internet governance:
https://www.youtube.com/watch?v=U1Ip39Qv-Zk
He talks about phases of the internet and how we are now moving from the 'commercial' internet to the 'public' internet. With this public internet, civil society has/wants a much bigger say in how things work. Organisations that represent civil society and civil order are more concerned about how things work. Politicians are concerned about what their voters think. Do you think civil society cares about operator convenience? They are more likely to think 'it's your job, do it. That's what we pay you for'. I think civil society will be more interested in knowing who is spamming them or attacking their network and can the police catch them, rather than operator convenience.
Now let's think a bit more about what this data means and how to interpret it.
------------------------
On Fri, 12 Jan 2024 at 08:56, Alex Le Heux <alexlh(a)funk.org<mailto:alexlh@funk.org>> wrote:
>
> During the discussion about AGGREGATED-BY-LIR status for IPv4 PA assignments the argument has been raised that this proposal would substantially change the registration requirements for end-user assignments in the RIPE DB and the discussion has been going around in circles ever since.
>
> We would like to point out the following:
>
> From the RIPE NCC Impact Analysis:
>
> Acceptance of this proposal will not change the fact that the RIPE NCC cannot enforce which contact details members add to their IPv4 PA assignments in the RIPE Database; this will remain their decision.
>
This is completely out of context. I have asked the RIPE NCC legal team to clarify what this means but I guess by their silence they declined. To me this sentence says the member can choose to enter the details of Contact A or Contact B and choose what the details are. Which one (A or B) and the details (email or phone) they enter will be their decision. The RIPE NCC cannot enforce if they enter A or B or email or phone. WHO these contacts represent is a matter of policy. The current policy says they MUST be representatives of the End User. That can be enforced by the RIPE NCC, but they choose not to enforce it.
>
> As well as:
>
> It is fact that the RIPE NCC has interpreted the current policy to not require a PA Assignment in the RIPE DB to include the actual name and email address of the end-user since at leas the late 1990s. Registering a PA Assignment with something like "CUSTOMER-1234" and an email address pointing to the LIR has been acceptable for all this time.
>
This is completely false. I know Alex well and will give him the benefit of the doubt that he has not picked up on the detail here. He signed this email 'for the Address Policy WG co-chairs'. A lot was said about who I speak for, so I assume Alex was speaking 'for' all the chairs. I was told that signing as 'co-chair DB-WG' gives what I say more weight and has more influence on the community. The same must apply when the co-chairs of this WG collectively sign an email. The community will assume that statement carries more validity.
Let's look at the detail. Address policy from the early 1990s has made it clear that assignments must include contact details of the End User. But ripe-288, 28 Oct 2003 is particularly interesting. The authors of this version of the address policy were:
Mirjam Kühne, Paul Rendek, Sabrina Wilmot, Leo Vegoda
At that time they were all current or former NCC staff. Leo was the operations manager of the RIPE NCC Registration Services (RS). Paul was the senior manager responsible for RS. In this version, these authors added the exact wording that we have today:
"When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End User's."
The wording was very different before this. The document was restructured and the wording changed. So they must have thought about what this meant. I cannot believe that when these words were added to the policy by the RS manager and RS senior manager they were not enforced by RS. Maybe Leo can give some background to this.
Nothing in this industry changes quickly. So if these newly worded requirements were enforced just 20 years ago, they must have been enforced for at least 5 to 10 years. That means the RIPE NCC's interpretation of this wording, written by the RS manager, has only changed in the last 5 to 10 years. I have been told by some former members of RS that they stopped enforcing these requirements at runout of IPv4. They told me that when they had no more address space to allocate, they had no power to enforce these rules. So they simply stopped enforcing them. This paints a very different picture. We are not changing policy to match a common practice. We are dropping policy because it is difficult to enforce, regardless of the reasons why the policy was introduced.
It is also interesting that, no matter how many times you read something, you don't always see what it says. A lot has been said about replacing the admin-c and tech-c contacts in an assignment with the contacts of the LIR. It has been said that the RIPE NCC now considers this acceptable. But look at what the current policy actually says:
"Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End User's."
So this substitution is only allowed by policy where the End User is an individual. You cannot do it for all End Users. This actually makes sense to me. If I want to contact the LIR's tech or admin contacts, they are already available in the RIPE Database in the allocation object. Why duplicate the data in the assignment. The policy says the assignment must have the End User's contacts. So that is another misinterpretation of the current policy.
>
>
> In its impact analysis the RIPE NCC has indicated that this proposal does not change this interpretation.
>
> It should therefore be clear that 2023-04 does not in fact change anything regarding how end-user details will actually be registered in PA Assignments.
Interesting choice of words. It may not change how some End User details 'will' actually be registered, but it changes how they 'should' be registered enormously.
>
> However, is has been argued that this interpretation is wrong and that PA Assignments in the RIPE DB must include the actual end-user details. And even though this is out of scope for the 2023-04 discussion, it is still something that is worth resolving. As changing this interpretation would be a major departure of many years of accepted practice and potentially involve updating thousands of RIPE DB objects, we feel this discussion would be best served by an independent policy proposal that clarifies the issue and would like to invite the working group to enter one.
>
I agree this needs further clarification. But you can't write a policy proposal on something you don't understand. We don't know what much of the data means now or in the past, or why we have these rules, or what we need now. Until we have the business requirements for the RIPE Database as a public registry any such policy proposal, including this one, is just a dangerous stab in the dark.
> Kind regards,
>
> Alex Le Heux, for the Address Policy WG co-chairs
It is interesting that this email was signed 'for' all the co-chairs of this WG. How can the co-chairs approve this policy proposal (2023-04) while accepting that another proposal is needed to clarify if the RIPE Database must include the actual End User contact details? Are they going to approve a policy proposal that potentially removes this End User detail requirement and then consider a policy proposal that would require them to put this detail back into the RIPE Database?
------------------------
On Thu, 11 Jan 2024 at 09:40, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>
> Hello Denis,
>
> On 11/01/24 01:40, denis walker wrote:
> > So personal data does not always need consent of the data
> > subject. But you only ever refer to (a) consent.
>
> There are indeed other possible lawful bases than consent, and this fact
> is precisely why I wrote (emphasis added):
>
> «Publishing this information requires *a* lawful basis, *e.g.*, consent.»
>
> Consent is however the only lawful basis singled out by the RIPE NCC in
> the RIPE Database Terms and Conditions and in the 2023-04 Impact
> Analysis, so it seems reasonable to assume that some LIRs will seek consent.
I wrote the T&C before GDPR was in place. That's why it doesn't refer to any of the other lawful options. I questioned the IA but the legal team chose not to respond.
>
> Therefore we need to examine what that actually means in practice. You
> sum it up quite accurately below:
>
>
> > If we take the latest revelation in the IA on 2023-04, ALL PII needs
> > consent, this has HUGE implications for the RIPE NCC and RIPE policy
> > generally. We MUST have a good understanding of the legal basis for
> > entering PII into the RIPE Database. Consent cannot be conditional. So
> > if a resource holder who is a natural person withdraws their consent
> > to have their PII in the database, it MUST be removed. That may leave
> > an allocation and organisation with no identity or contacts. That
> > would be a policy violation. BUT the resource cannot be reclaimed as
> > that would have made the consent conditional. Also we have an abuse
> > policy that requires all resources to have an abuse contact. If that
> > contact is a natural person and they withdraw their consent their
> > details must be deleted. Again that creates a policy violation. But
> > the resource cannot be reclaimed again as that would have made the
> > contact details consent conditional.
>
> Your conclusion that this situation results in a policy violation, is
> however entirely contingent on your interpretation of the current policy
> as mandating the publication of the End User's (non-delegated) contact
> information.
You did not read what I wrote. I was talking about LIR contacts in allocation objects. If that is PII (and a lot of it is) the subjects can now ask for it to be removed. That may leave allocation objects with no LIR contacts. That is syntactically not possible in the RIPE Database.
>
> Under the RIPE NCC's interpretation of the current policy, on the other
> hand, this situation is entirely unproblematic. Under their
> interpretation, the LIR has, quote, «freedom to take over the
> responsibility as the point of contact for their End User». No PII, no
> GDPR, no problem.
But if the LIR has NO contacts because they have asked for their details to be removed then you can't replace the End User contacts with non-existent LIR contacts. You and the legal team have started a chain reaction here by declaring that ALL contacts in the RIPE Database are there by consent. The RIPE NCC, as joint data controller for the RIPE Database, now has joint responsibility, and I presume therefore joint liability, for 2 million people having given their consent to their details being added into a PERSON object in the database.
>
> https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013…
>
> > Again you have selected just one example that can support your
> > argument, Farmer Fred. I could have used KPN or Apple Inc as an
> > example which would negate your argument.
>
> KPN or Apple would not be relevant examples, as they (presumably) would
> use non-personal NOC roles which are not PII, and thus out of scope of
> the GDPR.
The RIPE NCC is a corporate body and yet it has many PERSON objects in the database relating to individual staff members as contacts for their resources.
------------------------
On Thu, 11 Jan 2024 at 09:45, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>
> Hi Denis,
>
> On 11/01/24 03:20, denis walker wrote:
> > On Wed, 10 Jan 2024 at 13:02, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
> >>
> >> On 10/01/24 11:25, Jan Ingvoldstad wrote:
> >>> Or you could take the other stance and stop publishing *any* contact
> >>> details regarding an object, because you cannot know whether the
> >>> information is personal data or not.
> >> Exactly. LIRs may (but are not required to) chose this approach already
> >> *today*. This is a common and long-standing practice which the RIPE NCC
> >> has repeatedly clarified as compliant with today's policy.
> > This is one of your biggest false statements. The ONLY person
> > repeatedly saying this is YOU. Let's do a fact check here.
>
> Yes, let us indeed do a fact check:
>
Your fact checking is not very accurate.
> Exhibit 1:
> https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-September/01…
>
This is the one time the RIPE NCC made this argument, which I have disputed.
> Exhibit 2: https://www.ripe.net/participate/policies/proposals/2023-04
> (specifically the «counter-argument», which the RIPE NCC Policy Officer
> confirmed to the proposers and the WG chairs as correctly representing
> the RIPE NCC's interpretation)
>
This 'counter argument' is your argument and is completely false.
> Exhibit 3:
> https://www.ripe.net/participate/policies/proposals/2023-04#impact-analysis
>
I have explained this above. This is the argument about LIRs adding Contact A or Contact B or email or phone. THAT is their decision. Who these contacts represent is set in the current policy and is not the LIR's choice.
> Exhibit 4:
> https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013…
>
All the talk about maintainers, descr attributes, DB T&C and documentation has nothing to do with address policy. All they say here is that this proposal won't influence how the RIPE NCC currently carries out ARCs. They are doing it wrong now and will continue to do it wrong.
> Four repetitions so far, all saying the same thing. How many more do you
> need?
>
One statement and no repetitions. They all say something different, which most people can clearly see.
>
> >> As the RIPE NCC writes in the Impact Analysis (emphasis added):
> >>
> >> «Acceptance of this proposal **will not change** the fact that the
> >> RIPE NCC cannot enforce which contact details members add to their IPv4
> >> PA assignments in the RIPE Database; this **will remain** their decision.»
> >>
Same repetitive argument again and again. Yes it IS the LIR's decision to enter Contact A or Contact B or email or phone. It is the POLICY that determines who those contacts represent. How many more times are we going to have this same discussion? (Which the legal team will not clarify.)
> >> So, once again: which End User contact details LIRs publish (if any) is
> >> their decision today, and it will be continue to be their decision if
> >> 2023-04 passes.
YES AGAIN the LIR can always choose between Contact A and Contact B, email or phone. They cannot choose to not enter any End User contact details.
> >> Hence, 2023-04 does not effect any change in this regard.
But as everyone else can see, this makes a huge change.
> > This really does make me cry. The wording in the IA is poor. You have
> > applied an interpretation to this which I do not believe is what was
> > meant. Then the RIPE NCC legal team has remained silent. So I am
> > asking the RIPE NCC legal team to clearly explain what they meant by
> > this wording.
>
> The explanation you request was posted two days after the Impact
> Analysis was:
>
> https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013…
>
> «LIRs are free to choose how to provide services and to who, this
> includes their freedom to take over the responsibility as the point of
> contact for their End User as well as having their maintainer in the
> IPv4 PA assignments they register.»
>
> This explanation aligns perfectly with our interpretation of the
> statement in the Impact Analysis.
>
Wrong again. Yes the LIR is free to take over responsibility for technical matters. You can always find their contact details in the allocation object. So the public, civil society, LEAs, and other LIRs can choose who they want to contact...the LIR or the End User. Between the allocation and assignment objects you have all the contact details you need...according to current policy.
The LIR does NOT have the freedom, according to current policy, to replace the admin-c and tech-c contacts in the assignment object with their own contact details in all situations. Again the current policy wording is clear and not interpretable:
"Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End User's."
So you can ONLY replace the assignment contacts with those of the LIR IF the End User is an individual. Again this is simple, plain English, originally written by Leo and Mirjam.
> >> Given that, it is hard to see how we could possibly amend the proposal
> >> to change this particular point to an even lesser extent than what is
> >> already the case?
> > Let me help you. Do NOT remove a sentence that has nothing to do with
> > the stated goal of the proposal to aggregate assignments and that you
> > claim does not change anything.
>
> This sentence also has a lot to do with the stated goal of aggregating
> assignments, because it mandates that assignments must be «registered
> separately». That is clearly incompatible with aggregation.
>
**** Finally, FINALLY you have admitted that this change that is not a change and that changes nothing does actually change something. ****
It changes the registration requirements for assignments, which I have been saying all along and which you have been denying for months.
------------------------
On Thu, 11 Jan 2024 at 10:19, Jan Ingvoldstad <frettled(a)gmail.com<mailto:frettled@gmail.com>> wrote:
>
>
> On Thu, Jan 11, 2024 at 9:45AM Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>> If our ulterior goal was to remove the End User contacts from our own
>> assignments we can just go ahead and do so, right now. The RIPE NCC is
>> already on the record saying that's totally OK, and we would be
>> following in the footsteps of many other LIRs who have already done so.
> While you seem to argue that the RIPE NCC is both omniscient and omnicompetent, I do not think it is that easy.
>
> I simply think that the RIPE NCC and you are mistaken.
>
After talking to former members of RS I am beginning to think that the RIPE NCC is not mistaken. They know exactly what the current policy says and they know what it means. After all, it was written by former RS managers. BUT they don't believe they have any power to enforce it. This is why they quietly ignore what the policy says. I'll say more about that in my conclusion at the end of this email.
> Continously appealing to RIPE NCC as the authority of policy and policy interpretation is not a good thing.
>
> It undermines the community drive behind policies.
>
> If this is where we are going, it seems that we would be just as well off by letting EU politicians run the show.
>
If you have watched John Curran's keynote speech at NANOG and think about the way a handful of operators are pushing this proposal through, the EU politicians WILL be running the show in the near future.
https://www.youtube.com/watch?v=U1Ip39Qv-Zk
> --
> Jan
------------------------
On Thu, 11 Jan 2024 at 13:11, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>
> On 11/01/24 10:19, Jan Ingvoldstad wrote:
> >
> > Continously appealing to RIPE NCC as the authority of policy and
> > policy interpretation is not a good thing.
>
> The RIPE NCC is the secretariat of the RIPE Community and is delegated
> the task of implementing and enforcing the RIPE Community policies, as
> well as to providing training to the LIRs on how to operationalise said
> policies. If that is not an authority worth paying attention to, I do
> not know what is.
>
Exactly, the RIPE NCC is the secretariat, not the policy decision maker. They are supposed to enforce community derived policy. IF they don't think they have the powers to enforce a policy they should raise that issue with the community and seek guidance. They should not just quietly ignore the policy, or part of it.
> After all, any LIR which prefers the RIPE NCC interpretation of the
> policy in this regard is may simply adhere to it and act accordingly,
> and this is commonly done today. Thus the RIPE NCC's interpretation of
> the policy – mistaken or not – ends up becoming the (de facto) way the
> policy is implemented anyway.
>
If a policy has unintentional interpretations it is badly written. LIRs should not be in a position to choose between a community view and the RIPE NCC's view of a policy. A RIPE NCC interpretation of a policy that conflicts with a community view should not become a de facto implementation. If such a situation arises the conflict must be resolved.
------------------------
On Thu, 11 Jan 2024 at 14:11, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>
> Hi Jan,
>
> On 11/01/24 13:27, Jan Ingvoldstad wrote:
> > On Thu, Jan 11, 2024 at 1:11PM Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
> >
> > After all, any LIR which prefers the RIPE NCC interpretation of the
> > policy in this regard is may simply adhere to it and act accordingly,
> > and this is commonly done today. Thus the RIPE NCC's
> > interpretation of
> > the policy – mistaken or not – ends up becoming the (de facto) way
> > the
> > policy is implemented anyway.
> >
> > This statement basically renders the point of a policy working group moot.
>
I totally agree.
> Not at all. Any working group member who is of the opinion that the RIPE
> NCC is interpreting a RIPE Community policy incorrectly, is free to at
> any point submit a policy proposal that clarifies the allegedly
> misinterpreted policy text with the aim to make the RIPE NCC change its
> procedures accordingly.
>
A policy proposal would only be needed if the policy is so badly written it needs clarity. When the policy is clear and simple, but the RIPE NCC is either misinterpreting it or doesn't believe it has the power to enforce it, we don't need a policy change. We need an interpretation change.
> The RIPE NCC's Impact Analysis will then reveal whether or not the
> proposed new policy text does attain its goal and that the RIPE NCC will
> change its procedures as desired, should the proposal pass.
>
> Finally, the proposal will need to reach (rough) consensus in order to
> confirm that the RIPE Community does indeed concur with the proposer's
> opinion that the old policy was interpreted incorrectly, and that the
> RIPE NCC's procedures ought to change.
>
You do not write policy proposals to change the RIPE NCC's interpretation of existing policy.
> Absent this, the RIPE NCC's operationalisation of the policy will stay
> as-is.
>
------------------------
On Thu, 11 Jan 2024 at 14:35, Sebastian Graf <ripe-lists(a)sebastian-graf.at<mailto:ripe-lists@sebastian-graf.at>> wrote:
>
> Dear Tore/Denis:
>
> If we are looking at the Policy Language, then i'm not certain we are reading the same things into it.
> Or maybe i missed something. Feel free to point out the corresponding section of the policy to me. I'm more than happy to update my views if strong evidence is presented.
> As a small LIR ... I may not see all edge cases.... but...... So feel free to point out anything important that i may have missed.
>
> Lets look at the actual language in the policy:
>
> > "All assignments and allocations must be registered in the RIPE Database. This is necessary to ensure uniqueness and to support network operations."
>
> The way i read it, this point is filled both with the current state of things, and also if we have an aggregated status. Space would still be registered. So the question is what kind of data needs to accompany it.
>
Actually this point is not satisfied by aggregation. When you have all assignments separately registered, as current policy requires and the proposers of this policy update have finally agreed is the case, you can see that each assignment is unique. You cannot assign the same space to two End Users as you cannot create two assignment objects with the same or overlapping prefix. With an aggregation object, all you know is that some part(s) of this aggregated block may be assigned to one or more End Users. You do not know how much is in use, or even if any of the aggregated space is currently in use. It does not satisfy the uniqueness condition as you can't be sure some of the space has not been multiply assigned.
> So lets look at what needs to be documented:
>
> > "Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)."
>
> I think you are arguing what both of you are considering "contact information". It does NOT say we state to put personally identifyable information into it.
>
You are totally correct here. I have never argued for putting PII into the database.
> If we read the text literally, then only putting enough information to establish a contact (ie: contact information) would theoretically be sufficient.
> So theoretically, a "proxy" type of setup for email/postal mail/... could be permissiable as long as any communication/... is forwarded to the the actual responisble party.
>
> In fact i would argue for most businesses (End-User or ISP) this is already the case if they make use of "role" contacts for their admin/noc/abuse/... handling.
>
Also correct.
> > "Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained)."
>
> The other thing that i do not read from the statement is where it asks to put "contact information" for the End-User. It simply reads contact information (one could theoretically interpret this as "contact information for the party that is responsible for managing the space....).
>
You are missing the infamous lines this proposal wants to delete from the current policy:
"When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End User's."
> ANYWAY....
>
> I still do not feel anything of significance would be lost, if something could be lost at all.
I guess you don't accept that the registration details of End Users is significant.
>My personal opinion goes the other way.....I suspect, if anything aggregated status could potentially lead to more accurate data. Let me explain: With the aggregation we gain better understanding of the network usage. PLUS the ability to create more specific assignments (under the aggregated). So This way, i feel more usable data would be int the database, compared to now.
>
With an aggregated block all/some/none of the space covered by this block may be in use by one/many/no End Users. You have no idea about network usage. All that detail may be lost.
> This would also be in line with the goals in Section 3.0 - Point 2 "Agregation: Distributing IPv4 addresses in an hierarchical manner permits the aggregation of routing information.".
>
Aggregating address space registration details has nothing at all to do with routing aggregation.
> If we look at the goal for registration: "Registration: The provision of a public registry documenting address space allocations and assignments must exist. This is necessary to ensure uniqueness and to provide information for Internet troubleshooting at all levels.".
>
Aggregating assignment data does not guarantee uniqueness, or provide information for Internet troubleshooting at ALL levels.
> If we consider the usefulnes of data entered into the ripe-db for this purpose, then most useful will be the ISP contact information. Contact information for End-Users (could be an ISP as well) would also be useful in some cases. Personal Information for "individual" type end users (ie: Fred Testuser's DSL Line that comes with a Public IPv4 Address)....to a lesser extend.
>
> If we look at Section 3.1 ...it reads "Internet Registries (IRs) have a duty of confidentiality to their registrants. Information passed to an IR must be securely stored and must not be distributed wider than necessary within the IR.".
>
> So i am not certain why you are trying to force more data than actually required/useful into the db. And yes in this context i would consider LIR's in this to be part of this as some type of "local" IR's.
>
There is always a balance between privacy and the needs of civil society. It was decided many years ago that anyone operating a network using public address space should have contact details available in a public registry. That is still what the current policy says with wording written by Leo (AP WG co-chair, former RS manager) and Mirjam (RIPE chair). The original source of this requirement goes back to address policy written in the 1990s by many varied authors including Daniel (RIPE NCC founder) and Hans Petter (RIPE NCC CEO and former AP WG and LIR WG chair). Unfortunately no one is willing to provide any background information to the current RIPE community about why these rules were originally imposed. That makes it difficult to discuss if those original conditions still apply to the current stakeholders of the RIPE Database, who we also can't easily identify.
> During the writing of this email, i realised that you (denis/tore) may consider the need/usecase for adding a "restricted" flag into the DB, that would allow adding information, that is only shown to a select audience (ie: law enforcment, ripe staff and Ripe-Members) - wich could be used to publish PII data. HOWEVER doing something like that would "extend" the existing usecase(s) of the DB and dataentry required - as such this should be in a different Policy Proposal/wg-discussion. Feel free to put one forward, that we can discuss....
>
I did consider this option when I put forward my RIPE Database Privacy policy proposal some time ago. The idea of multi level access was not very popular.
------------------------
On Fri, 12 Jan 2024 at 08:12, Tore Anderson <tore(a)fud.no<mailto:tore@fud.no>> wrote:
>
> Good morning Jan,
>
> On 12/01/24 07:25, Jan Ingvoldstad wrote:
> > I also do not understand what makes it so hard to say that: "Yes, the
> > current policy does state something else than NCC's interpretation of
> > it does, (…)
>
> We do not make statements that we do not believe to be true.
>
> In our opinion, the RIPE NCC implements current policy correctly.
>
How can you keep saying this when everyone knows it is not true. Regardless of whether or not you support the way the RIPE NCC currently implements the policy, it is NOT what the policy says. We have been over this so many times. The policy is so clear in simple, plain English. For whatever reason, the way the RIPE NCC implements the policy today is NOT what the current policy so clearly says, as written by a co-chair of this WG.
You even admitted it yourself in an earlier email (listed above) where you said (and these are YOUR words):
> After all, any LIR which prefers the RIPE NCC interpretation of the
> policy in this regard is may simply adhere to it and act accordingly,
> and this is commonly done today. Thus the RIPE NCC's interpretation of
> the policy – mistaken or not – ends up becoming the (de facto) way the
> policy is implemented anyway.
------------------------
On Fri, 12 Jan 2024 at 08:57, Sebastian Graf <ripe-lists(a)sebastian-graf.at<mailto:ripe-lists@sebastian-graf.at>> wrote:
>
> Dear Jan!
>
> As mentioned in my previous e-mail: Would you please post the section of
> the policy that you belive has the NCC's interpretation differ from the
> actual wording/language used?
>
> Because i have yet to find a section that states explicitly what is
> considered valid vs invalid contact information (other than being out of
> date or information that does not provide a contact to the user in a
> timely manner). Or a section that restricts what kind of data is
> permissable for "contact information".
>
It is not a question of what is (in)valid contact information. It is about who the contact details refer to. End User or LIR.
------------------------
On Fri, 12 Jan 2024 at 09:28, Sebastian Graf <ripe-lists(a)sebastian-graf.at<mailto:ripe-lists@sebastian-graf.at>> wrote:
>
> Dear Jan!
>
> Thank you for your reply. But you have not answerred my question.
>
> We are all clear/well aware on the fact that the policy states (paraphrasing here: resources need to be registered and the registions need to have contact information).
>
> We are looking for the DEFINITION of "contact details of the End User.". This is not directly defined (as far as i can tell) and is therefore open for interpretation.
>
> Unless i missed something?
>
Yes you have missed something. Take your sentence above "contact details of the End User". This can be split into two parts:
"contact details"
"of the End User."
You are right, there is no definition of "contact details". So it doesn't matter if this is email, phone, fax, postal address or if it is in a role or person object or if it is corporate or personal data. Much of this does matter when it comes to privacy concerns, but that is another discussion. What we are primarily discussing here is the other part "of the End User." So the contact details don't matter for this discussion as long as they collectively refer to the End User. And this reference is not open to any interpretation according to the current policy.
------------------------
On Fri, 12 Jan 2024 at 10:35, Sebastian Graf <ripe-lists(a)sebastian-graf.at<mailto:ripe-lists@sebastian-graf.at>> wrote:
>
> Dear Jan!
>
> You and Denis are arguing that registration/user data needs to include certain (sometimes sensitive details (ie: PII)) that need to be put in the database. Your Argument is that this is a policy requirement.
>
That is NOT what we are arguing. There is no policy requirement regarding the nature of the contact details. The policy states who the contact details should refer to, ie End User or LIR, for example.
> When I tried to get both of you to spell out what this "user data"/"contact information" is exactly and where that is defined - We do not get a clear answer.
>
Because it is not what we are arguing and it is not defined anywhere.
> I have read every single of denis replies/comments.
>
> When asked, neither of you cannot reference a policy section that actually spells out what is considered "contact details".
>
Because the policy doesn't define this and it is not relevant to this discussion.
> According to your own e-mail - your opinion is based on a software interface/implementation (ripe-db). This interface itself is an interpretation of what the policy could mean.
> The Interface of the DB also does not specify what kind of Information (regular address, proxy address,...) needs to be inserted. Just that some fields need to be filled out (and its open to interpret what goes into them to a certain extent - wich is the point of this discussion).
>
Sorry but you have missed the point again. The discussion has nothing to do with RIPE Database interfaces, forms or attribute contents. It is about WHO these details refer to.
> The relationship is policy -to- database. Not Database -to- Policy.
>
> And yet, we have no document or reference that defines what kind of contact information (direct only, or indirect via proxy/masking/....) is permissable.
Correct, and it is not relevant.
> Just that it needs to be maintained (meaning "if it works" -> OK).
All data in the RIPE Database should be maintained and kept up to date.
> In my previous e-mail i did argue that in some scenarios working witout"proxy" data is impossible (think: Role/NOC Contacts).
>
ROLE or PERSON object is also irrelevant to this discussion.
> I have also read your reference https://www.ripe.net/publications/docs/ripe-705 . It defines an abuse inbox is mandatory for certain objects. And that it has to be an email address. - Nothing else.
Also irrelevant to this discussion.
------------------------
So where does all this leave us? During this discussion we have established that:
-We do not understand what many elements of data in the RIPE Database mean.
-There are some historical definitions in old documents. These definitions have never been updated, so technically they are the only current definition available. But some of these definitions do not map exactly into the modern world.
-Some registration requirements were written in the early 1990s. Some were re-written in 2003. Much of this was written by people who still have a high profile in the RIPE community or RIPE NCC today.
-We do not know what the reasoning was for why these requirements were introduced.
-We do not know who the major stakeholders are who use the data in the RIPE Database or what information they want and need or what they use it for.
-We have no business requirements for the RIPE Database as a public registry.
-We do not know what data needs to be registered in the RIPE Database or what information it needs to serve to who for what purpose.
-An unknown amount of assignment data in the RIPE Database does not comply with current address policy.
-The RIPE NCC does not enforce the current address policy. This may be because the RIPE NCC does not believe they have the power to enforce current policy.
-Some members have made it clear they will not enter any of their customer's details into a public registry no matter what policy says for commercial sensitivity reasons. While there are interpretations of current policy they may be considered in violation of policy. So there are other reasons why some people may want to push through this change in End User registration.
-We do not know what the potential consequences may be for some stakeholders by making this change.
So given all these unknowns, should we go ahead and make this change? It seems like this has been a long and intense discussion. Some people may think we have had sufficient input from the community to be able to make a decision on consensus. But as is often the case, statistics beat perception. So let's look at some numbers. Excluding the chairs, proposers and RIPE NCC staff there have been 22 people who commented on this discussion over the last 6 months. Of these 6 people only made 1 comment and another 6 made 2 comments. Then 8 people made 3 to 6 comments. One person made 12 and one made 24 comments. Also 5 people made up the '+1' brigade. These numbers cover both supporters and objectors. This is quite typical of policy discussion. Many of the 'regular' vocal community members who are involved in almost all policy discussions are included in these numbers. So we are looking at a very small number of people who actually support this proposal. Given all the unknowns we have identified during this discussion and the very small number of supporters, should we still approve this proposal? Bear in mind also that the proposal is basically about adding an inconsequential, minor, optional feature change for the convenience of some operators. It also makes a huge change to the registration requirements of End User assignments which will have an unknown impact on the public registry and some major stakeholders.
Now let's add in some other factors. I really do recommend that you all watch John Curran's keynote speech to NANOG about internet governance.
https://www.youtube.com/watch?v=U1Ip39Qv-Zk
He makes some very interesting points that are highly relevant to this discussion. He talks about 3 phases of the internet. The first one was the early development, done largely by universities and other early adopters of the technology, but largely paid for by governments. Then we went into the commercial phase that covers much of the last 20 years or so. But now we are moving into a public phase where civil society is more knowledgeable and is much more heavily involved. During the commercial phase the tech community could pretty much do what they wanted. If questioned by any parts of civil society or regulators they could just fob them off with No No No No... In the new public phase politicians, regulators, organisations involved in public order are much more aware of the interest by civil society (people who vote in elections). The public is aware of the dangers of the internet as well as the benefits. Politicians and regulators must be seen to be in control. So the days of the tech community saying No No No No to them are over. Now it must be at least No No No Maybe. The Maybe allows the tech community to write something down that they can live with, that politicians can refer to in regulations and everyone is happy.
So how does this relate to 2023-04? We have a public registry that we built and maintain. But there are so many things we don't understand now in the 2020s. We all know what the registry was. My research has reminded you of some of the early details. But what is it now and what should it be tomorrow? We don't have answers to these questions. In the face of all these unknowns we want to add an inconsequential feature that could have a massive impact in other areas that we don't fully understand. We know LEAs have serious concerns. But we have just brushed them aside. This very small group of operators that took part in this discussion have prioritised their own convenience over anything else. They have turned that Maybe back into a No. If you approve this proposal with all these unknowns I think you will find that train full of regulators that is rumbling down the line, heading straight for you, will pick up speed. Think of the LEAs sitting in a room behind two doors. One of those doors opens up to the tech community. You are about to slam that door in their face. The other door opens up to the politicians. We still have the option to invite them into our room and talk seriously with them about their needs. Once you slam that door shut, they will walk through the other door and you lose control.
Yes I know I am a drama queen. But I am trying to illustrate to you that actions have consequences. Today's consequences may be very different to those of yesterday in a similar situation. Nothing stays the same forever. So is it worth risking the wrath of the politicians for what has been described as a minor, optional feature change that some will find convenient?
Let me end by suggesting an alternative path. I have said all this before and been ignored or insulted. But I will say it again anyway. I am used to being insulted on these lists with no one protecting me.
1/ Withdraw this proposal 2023-04
2/ Set up a new Task Force with these primary goals:
a/ Determine the business requirements for the RIPE Database as a public registry, looking forwards.
b/ Identify the major stakeholders for the RIPE Database public registry.
c/ Identify the needs/wants of these stakeholders.
d/ Based on the above, determine the registration needs of the public registry, taking account of privacy concerns.
3/ Once we know what we want, design a new data model for the RIPE Database.
4/ Slowly move from where we are now to where we want to be.
Yes I know this is a long term project and yes it will cost money. But the RIPE Database is so old, with so many things lost in the mists of time, so many things not applicable to the modern world. If you continue turning your back on all this, you may find the regulators will tell you what they want in the registry. That may be far more costly.
I don't think there is anything more I can say on this issue now.
cheers
denis
========================================================
DISCLAIMER
Everything I said above is my personal, professional opinion. It is what I believe to be honest and true to the best of my knowledge. No one in this industry pays me anything. I have nothing to gain or lose by any decision. I push for what I believe is for the good of the Internet, in some small way. Nothing I say is ever intended to be offensive or a personal attack. Even if I strongly disagree with you or question your motives. Politicians question each other's motives all the time. RIPE discussion is often as much about politics and self interest as it is technical. I have a style of writing that some may not be familiar with, others sometimes use it against me. I also have OCD. It makes me see the world slightly differently to others. It drives my mind's obsessive need for detail. I can not change the way I express my detailed opinions. People may choose how to interpret them.
========================================================
8 months, 3 weeks