Peter Hessler - 2023-11-29 10:24:07
@Alex ALLOCATION vs ASSIGNMENT is merely an implementation detail that is not interesting outside of "can I bgp announce it" and "can I take it with me when I leave that ISP"
Dmitry Serbulov - 2023-11-29 10:24:15
Conversations about how to manage IPv4 look strange. We have nothing to actually manage. When, however, we will return to the issue of introducing an address fee. Why the NCC stopped this dialog again. I will vote in principle for budget cuts if the NCC continues to ignore this topic
denis walker - 2023-11-29 10:26:08
@peter allocation vs assignment is NOT merely an implementation detail, is it also a responsibility issue
Elvis-Daniel Velea - 2023-11-29 10:26:12
data also tends to get stale, if data needs to be refreshed and how often should also be something that would need to be discussed. currently, there are millions of objects in the database that have old data that is no longer up to date
denis walker - 2023-11-29 10:27:07
@elvis that is also a technical issue with regard to managing the DB which no one will talk about
Elvis-Daniel Velea - 2023-11-29 10:28:54
we add stuff to databases but we hardly clean up… at some point that stale data will just make all valid data unreliable
denis walker - 2023-11-29 10:29:44
@elvis that is why data should be automatically synced
Peter Hessler - 2023-11-29 10:30:03
automatically synced with what?
denis walker - 2023-11-29 10:30:27
parts of your IPAM data
Peter Hessler - 2023-11-29 10:30:40
there are already a number of tools that will sync from IPAM systems to the RIPE DB, if people wish to use them
Peter Hessler - 2023-11-29 10:31:01
but the key here is that people don't wish to use them
denis walker - 2023-11-29 10:31:47
then they have no argument about the amount of manual work involved
Brian Storey - 2023-11-29 10:31:54
For me it's quite simple. If the data is important, it should be accurate. Not being bothered to maintain it is not really an excuse. If it's a requirement and it's not being done reliably, that's a separate / compliance issue. You can argue it's actually easier now to maintain this sort of data than in the past.
If the data isn't important, don't bother with it at all.
Peter Hessler - 2023-11-29 10:32:35
you can't make people care, especially for a thing that doesn't provide them with a direct benefit
Peter Hessler - 2023-11-29 10:32:47
for example dnssec, ipv6, rpki, etc
Brian Storey - 2023-11-29 10:33:28
That's not really in the spirt of a community working together then is it ;-)
Peter Hessler - 2023-11-29 10:33:39
that's the reality of the situation
Peter Hessler - 2023-11-29 10:33:58
we can't pretend to live in an ivory tower
denis walker - 2023-11-29 10:34:21
@peter civil society can 'make' people do things by demanding legislation, is that what you want?
Peter Hessler - 2023-11-29 10:35:13
of course not
Peter Hessler - 2023-11-29 10:35:36
but they already have access to that information, via court orders etc
denis walker - 2023-11-29 10:36:33
for civil society court orders is a barrier
Peter Hessler - 2023-11-29 10:36:44
yes, as it should be
denis walker - 2023-11-29 10:38:48
right now the RIPE DB sits between national business registries that give you full disclosure of who operates a company and domain refistries that tell you nothing more than the registry that manages the registration...let's not take the RIPE DB down to the useless level of a domain registry
emmanuel kessler - 2023-11-29 10:39:10
we use court order but direct access helps ut greatly too
Peter Hessler - 2023-11-29 10:39:34
I have to disagree with you there, in general I prefer the domain registry model
Peter Hessler - 2023-11-29 10:39:48
I loathe how much PII is in RIPE
denis walker - 2023-11-29 10:40:44
as my first attempt at a privacy policy last year showed, there doesn't need to be so much PII in the DB for corporate entities
emmanuel kessler - 2023-11-29 10:41:31
the other question is about the granularity of data In the end.
emmanuel kessler - 2023-11-29 10:42:23
IPV4 aggregated...loss of information ??
Peter Hessler - 2023-11-29 10:42:57
yea, but a big ISP isn't going to create an individual admin-c for every home they service.
Brian Storey - 2023-11-29 10:43:35
Indeed
emmanuel kessler - 2023-11-29 10:44:15
but then, the evolution means problems for LEA
Peter Hessler - 2023-11-29 10:44:30
not to mention, when I as a network admin send abuse reports to a network's admin-c, tech-c, or abuse-c, I get no response at best. usually a "reject" bounce message from their email service provider
Elvis-Daniel Velea - 2023-11-29 10:44:34
I am with Peter here. There is too much private data in the RIPE database that should not be there. what should happen here is that the LEAs should figure out what kind of data they would want from the database then make a policy proposal which could get the community approval. That policy could describe what data needs to be registered, who maintains it and what happens when the LIR does not comply
denis walker - 2023-11-29 10:45:15
@peter there is one telco that does create an assignment object for every customer, they are responsible for a third of person objects in the DB, there has to be a compromise
Brian Storey - 2023-11-29 10:45:46
@peter "yea, but a big ISP isn't going to create an individual admin-c for every home they service." Indeed
Peter Hessler - 2023-11-29 10:46:11
also, I would flatly refuse such an admin-c. that would put my life in danger.
Elvis-Daniel Velea - 2023-11-29 10:46:49
Peter, what if you just don’t know.
Elvis-Daniel Velea - 2023-11-29 10:46:55
.
Peter Hessler - 2023-11-29 10:47:17
I check somewhat often, but yes that is a big risk
Peter Hessler - 2023-11-29 10:47:42
and I hope my estate would sue them for being partially responsible
denis walker - 2023-11-29 10:47:52
if you are a director of a company operating from home your home address is listed in a business registry
Peter Hessler - 2023-11-29 10:48:29
yes, and my opportunities are limited because of that
Peter Hessler - 2023-11-29 10:48:40
I can't join as a personal LIR for the same reason
Peter Hessler - 2023-11-29 10:48:54
because then ripe would publish my home address, and that is a safety risk for me
Peter Hessler - 2023-11-29 10:53:15
giving my details to a provider is one thing, the provider publishing that in a database with no real access restrictions is another
Brian Storey - 2023-11-29 11:03:25
@Peter. Agreed. We know in some form or another that data is eventually used for purposes for wihch it was not intended.
Peter Hessler - 2023-11-29 11:05:57
yea, and we certainly need to balance the needs of several disparate groups (often in direct conflict) when we decide what can/should be collected and provided
Sander Steffann - 2023-11-29 11:08:30
We miss you here Tore!
Tore Anderson - 2023-11-29 11:08:43
Yeah wish I could be there :/
Sander Steffann - 2023-11-29 11:08:55
It's been too long
Tore Anderson - 2023-11-29 11:09:07
Indeed
Peter Hessler - 2023-11-29 11:09:08
hopefully at the next meeting :)
Elvis-Daniel Velea - 2023-11-29 11:12:00
lol
Peter Hessler - 2023-11-29 11:12:05
it's true!
denis walker - 2023-11-29 11:13:43
simply not true!!
Leo Vegoda - 2023-11-29 11:20:01
Comments and questions to be read out should be put in the Q&A tab. I will read them out for you
Peter Hessler - 2023-11-29 11:20:17
one incoming, let me type a bit
denis walker - 2023-11-29 11:25:08
definition of admin-c does not mention location
Elvis-Daniel Velea - 2023-11-29 11:25:43
I am in the queue, right?
Leo Vegoda - 2023-11-29 11:25:53
Yes, Elvis
Erik Bais - 2023-11-29 11:32:45
We are going to close the mic.. and take the rest of the questions to the list.. due to time and agenda.
Elvis-Daniel Velea - 2023-11-29 11:33:49
ok
Erik Bais - 2023-11-29 11:35:07
sorry Elvis
Alex Le Heux - 2023-11-29 11:35:16
The assignment-size attribute is mostly there in IPv6 because historically there's been a lot to do about /48 vs /56 assignment sizes in IPv6 policy, isn't it?
The question here should be: What benefit would it provide exactly in IPv4?
Peter Hessler - 2023-11-29 11:36:34
it would give external parties some information about how much is allocated to one customer. e.g. if you're getting abuse from an IP address you could block up to the assignment-size.
Elvis-Daniel Velea - 2023-11-29 11:37:12
without an assignment size, there’s no way to know how fragmented that block is
Peter Hessler - 2023-11-29 11:37:19
or you could aggregate discussion on IPs to the assignment-size
Peter Hessler - 2023-11-29 11:37:52
true, you'd have to assume it was per IP
Tore Anderson - 2023-11-29 11:38:05
@denis In your last message to the list, you mention a definition of admin-c that, quote, «must be physically located at the site of the network»
Leo Vegoda - 2023-11-29 11:39:18
So, as with contact information, how will the people looking up the record want to use the data
Elvis-Daniel Velea - 2023-11-29 11:39:48
in IPv6 aggregated-by-lir comes with the assignment size, in IPv4 this policy will introduce a different aggregated-by-lir
Tore Anderson - 2023-11-29 11:41:08
We could certainly make assignment-size mandatory in IPv4 AGGREGATED-BY-LIR too, if an independent justification for it is identified and articulated clearly
Leo Vegoda - 2023-11-29 11:42:53
As always, if you have a comment of question to be read out, please place it in the Q&A tab. I will read it out for you
Peter Hessler - 2023-11-29 11:43:41
@Tore not sure about if we should make it mandatory, but I do think that assignment-size in IPv4 should be the same definition as in IPv6: prefix size. I'll send a comment to the mailing list with that.
Tore Anderson - 2023-11-29 11:44:32
Great, thanks!
Peter Hessler - 2023-11-29 11:45:34
Gert _is_ from the community :)
Tore Anderson - 2023-11-29 11:46:03
For the record, I agree - it would be more confusing to have different definitions of the same attribute. If that does not accomodate for CIDR-unaligned assignments, so be it – that's kind of an corner case anyway.
denis walker - 2023-11-29 11:46:51
@Tore site of the 'enterprise' not the 'network' or 'data centre'
Tore Anderson - 2023-11-29 11:48:10
@denis «…at the site of *the network*». The «enterprise» part relates to admin-c for AS numbers, if I understand your message correctly
Elvis-Daniel Velea - 2023-11-29 11:52:56
some comments in Q&A
Elvis-Daniel Velea - 2023-11-29 11:53:21
I posted mine minutes ago :p
Elvis-Daniel Velea - 2023-11-29 11:55:52
thanks Erik!
Elvis-Daniel Velea - 2023-11-29 11:57:04
second time today, hope it’s not personal :P
Leo Vegoda - 2023-11-29 11:58:05
Elvis, it's because I keep thinking that Meetecho will scroll to new newer comments but it does not. I need to keep scrolling down every couple of minutes
Elvis-Daniel Velea - 2023-11-29 12:02:09
👍
denis walker - 2023-11-29 12:03:28
@Tore you are correct, so I agree that the definition of admin-c does need updating, but whether it is location of the network or enterprise it is still related to the End User
denis walker - 2023-11-29 12:04:36
@Tore BUT the current address policy refers to the End User 'contact' not their admin-c
Tore Anderson - 2023-11-29 12:09:46
@denis Indeed. But I hope you agree that the RIPE NCC are clearly saying that they do consider End Users "outsourcing" this point of contact role back to the LIR/ISP is compliant with policy.
If we want them to change their mind about that, we need to change the policy to explicitly deny such "outsourcing" and tell the NCC to enforce that new practice. That would have implications for inet6nums and aut-num objects as well, assuming we want admin-c to have the same meaning across all object types.
Tore Anderson - 2023-11-29 12:11:50
In short: passing or killing 2023-04 will not update the admin-c definition one way or the other
denis walker - 2023-11-29 12:12:59
@Tore it is not about 'admin-c'. You are the one who tied this End User contact to these mandatory attributes tech-c and admin-c. The current policy is clear, the assignment object MUST include the End User's contact. That point cannot be 'outsourced' without violating the policy. You need to answer the question of why did the policy require this End User contact
denis walker - 2023-11-29 12:14:04
@Tore or 'we' as a community need to answer this question
Peter Hessler - 2023-11-29 12:14:30
thanks all!
Brian Storey - 2023-11-29 12:15:54
I think it's worth observing that the outsourcing typically is complimented with a description of the assignment. A "middle ground" if you will.
Tore Anderson - 2023-11-29 12:16:08
@denis The RIPE NCC have on four separate occassions confirmed that they consider such "outsourcing" to *not* be a policy violation (of the *current* policy). Please do not shoot the messengers here, it is not Jeroen and I who are disagreeing with you on this, but the RIPE NCC.
Brian Storey - 2023-11-29 12:16:38
"a description of the assignment" to who / what the assignment has been made.
denis walker - 2023-11-29 12:17:24
@Brian I agree that allows compliance with current policy and still putting the LIR as the admin-c
Tore Anderson - 2023-11-29 12:18:40
@Brian Sure, but keep in mind that the identity of the End User is not the same as its contact info. Conversely, working contact info does not necessarily need to identify the End User (think "burner phone" for example)
denis walker - 2023-11-29 12:19:33
@Tore the RIPE NCC is wrongly interpreting the current policy. The policy is very clear...an assignment MUST include the End User contact. The policy does not mention that this contact must be in the admin-c
Brian Storey - 2023-11-29 12:21:58
@Tore - Yup understood.
Tore Anderson - 2023-11-29 12:22:25
@denis Thank you. I had been hoping that we would reach common ground on this. 🙂 As in, if there indeed is a problem here (and I prefer to remain neutral on that particular question), it is with [the RIPE NCC's implementation of] the *current* address policy.
denis walker - 2023-11-29 12:24:49
@Tore @Brian we can argue these points until eternity. The bottom line is that no one really knows what is needed today by the stakeholder groups using the RIPE Database. This was something I hoped would come from the last task force but they didn't address any of these issues. We need to understand what different groups want and need from this data and agree on what is 'reasonab;e' to provide. Without answering these fundamental questions it is hard to move forward
Tore Anderson - 2023-11-29 12:30:25
@denis Agreed. I think what is needed is actually a policy proposal that tries to clarify this in some meaningful way. Like updating the definition of admin-c, if necessary, and/or making a clear policy statement that the RIPE NCC cannot possibly mis-interpret (like «each assignment needs a non-delegated contact» or something), and/or adding a new mandatory "nondelegated-enduser-c:" attribute, or... I wouldn't know where to even start on such an undertaking (and it would also need to take into account the pre-existence of AGGREGATED-BY-LIR, since it's already there in IPv6), but I think it is necessary to have something like that to have a meaningful discussion going forward.
denis walker - 2023-11-29 12:33:23
@Tore if we are getting down to basics then one anomoly we need to consider is having one address policy. Not alligning the separate v4 and v6 policy conditions, but having just one address policy
denis walker - 2023-11-29 12:34:45
@Tore and whether people like it or not, this does require updating the RIPE Database design, technology and data model
Tore Anderson - 2023-11-29 12:35:35
I am in no way opposed to that idea. There is a lot of redundancy between the two policies. But it would be a massive undertaking (just the policy part!)
denis walker - 2023-11-29 12:36:19
every journey starts with just one small step
Tore Anderson - 2023-11-29 12:36:28
Certainly not what I signed up for when I agreed to co-author 2023-04 😄
Tore Anderson - 2023-11-29 12:37:28
If Someone™ manages to make a unified policy document, that the RIPE NCC's Impact Analysis says has "no impact" in all areas, that would be a good starting point
denis walker - 2023-11-29 12:39:50
we have sleepwalked into this position by forgetting the past, not looking to the future and making random steps in different directions with no overall plan