Dear DB-WG Members This is the 1st draft of the agenda for the DB-WG Meeting at RIPE73 at the Meliá Castilla hotel in Madrid, Spain. The DB-WG Meeting is scheduled as usual for Thursday, Oct 27th, starting at 15:00 local time, after the lunch break. The length of our timeslot is 90 minutes. ATTENTION: This time the meeting start and end times have been adjusted by one hour to complement the local Spanish working hours and customs. For the overall RIPE 73 meeting plan please refer to its most up-to-date version at https://ripe73.ripe.net/programme/meeting-plan/ Please feel free to comment agenda items or propose additional topics to be discussed both on the mailing list or direct to the WG Chairs at db-wg-chairs@ripe.net Looking forward to see you all in Madrid. All the best, Job, Nigel & Piotr ________________________________________________________________________ A. Administrative Matters [~10 min] . Welcome . select scribe (thanks to Nigel for volunteering again!) . finalise agenda . approval of minutes from previous WG meeting(s) B. Review of Numbered Work Items (Job Snijders) [~10 min] C. NWI model - where are we? (Job Snijders) [~10 min] D. DB Operational Update New and revised DB-Software functionality (proposed, test, deployment) Recent DB issues (Tim Bruijnzeels, RIPE NCC) [~15 min] E. Afrinic IRR homing project update (Piotr Strzyżewski) [~10 min] F. Recent work on the UI improvements (Alex Band, RIPE NCC) [~20 min] G. DB-WG - What next? (discussion) [~15 min] Y. Input from other Working Groups and/or Task Forces Z. AOB -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl
Hi Piotr Have you forgotten about the almost million personal data sets that the RIPE NCC locked and then asked the community to decide what to do next? I wrote a detailed argument on why I believe this is a serious legal issue some time ago, which not even the RIPE NCC answered: https://www.ripe.net/ripe/mail/archives/db-wg/2016-September/005318.html Bottom line, the RIPE NCC is both responsible for and liable for publishing in a public database the personal details of almost a million people who they have no relationship with, no knowledge of and no contact with. That breaks data protection laws. They cannot hide behind being the 'data controller' or the arguments made by the RIPE Data Protection Task Force many years ago that this responsibility was delegated to the LIRs. If the RIPE NCC's MNTNER object protects these PERSON objects, the RIPE NCC is responsible and liable for this data. The objects should be reverted back to unmaintained and the operational data that references them should be locked. That will force members to sort the problem out themselves, after ignoring it for many years. cheers denis On 19/10/2016 15:52, Piotr Strzyzewski wrote:
Dear DB-WG Members
This is the 1st draft of the agenda for the DB-WG Meeting at RIPE73 at the Meliá Castilla hotel in Madrid, Spain.
The DB-WG Meeting is scheduled as usual for Thursday, Oct 27th, starting at 15:00 local time, after the lunch break. The length of our timeslot is 90 minutes.
ATTENTION: This time the meeting start and end times have been adjusted by one hour to complement the local Spanish working hours and customs.
For the overall RIPE 73 meeting plan please refer to its most up-to-date version at https://ripe73.ripe.net/programme/meeting-plan/
Please feel free to comment agenda items or propose additional topics to be discussed both on the mailing list or direct to the WG Chairs at db-wg-chairs@ripe.net
Looking forward to see you all in Madrid.
All the best, Job, Nigel & Piotr ________________________________________________________________________
A. Administrative Matters [~10 min] . Welcome . select scribe (thanks to Nigel for volunteering again!) . finalise agenda . approval of minutes from previous WG meeting(s)
B. Review of Numbered Work Items (Job Snijders) [~10 min]
C. NWI model - where are we? (Job Snijders) [~10 min]
D. DB Operational Update New and revised DB-Software functionality (proposed, test, deployment) Recent DB issues (Tim Bruijnzeels, RIPE NCC) [~15 min]
E. Afrinic IRR homing project update (Piotr Strzyżewski) [~10 min]
F. Recent work on the UI improvements (Alex Band, RIPE NCC) [~20 min]
G. DB-WG - What next? (discussion) [~15 min]
Y. Input from other Working Groups and/or Task Forces
Z. AOB
On Tue, Oct 25, 2016 at 10:17:52PM +0200, denis wrote: Dear Denis
Have you forgotten about the almost million personal data sets that the RIPE NCC locked and then asked the community to decide what to do next? I wrote a detailed argument on why I believe this is a serious legal issue some time ago, which not even the RIPE NCC answered: https://www.ripe.net/ripe/mail/archives/db-wg/2016-September/005318.html
Bottom line, the RIPE NCC is both responsible for and liable for publishing in a public database the personal details of almost a million people who they have no relationship with, no knowledge of and no contact with. That breaks data protection laws. They cannot hide behind being the 'data controller' or the arguments made by the RIPE Data Protection Task Force many years ago that this responsibility was delegated to the LIRs. If the RIPE NCC's MNTNER object protects these PERSON objects, the RIPE NCC is responsible and liable for this data.
The objects should be reverted back to unmaintained and the operational data that references them should be locked. That will force members to sort the problem out themselves, after ignoring it for many years.
I have not forget about this topic. It is going to be presented by Tim under point D in the agenda. All the best, Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl
Dear RIPE DB WG,
E. Afrinic IRR homing project update (Piotr Strzyżewski) [~10 min]
Glad to see this is on the agenda. Myself and AFRINIC are eager to see this move forward. As far as I recall, the problem statement was roughly agreed on and we all (RIPE DB WG and AFRINIC) feel that ultimately having AFRINIC resources in the AFRINIC IRR is more manageable for all the members in both regions as well as both sets of RIR staff. Please correct me if I am wrong. I believe it’s also clear to everyone that when one or the other of the prefix or ASN is in a different region to the other, resolving where the ROUTE(6) object should live and how authorisation is done between two RIRs is complex and needs some further discussion. I believe it’s states as out of scope of NWI 3 anyway. This should not preclude or block the homing of the majority of ROUTE(6) objects currently in RIPE DB related to AFRINIC resources, where both the prefix and ASN are AFRINIC assigned or allocated. From the AFRINIC organisation point of view, at this stage there is no consideration to change route(6) objects in terms of aggregation or de-aggregation. Nor would we want to see any objects deleted from the RIPE DB that are not already duplicated in the AFRINIC IRR first. A goal here is to serve our members by having their valid route(6) objects managed from the same interfaces and tool as their actual resources, their sub-allocation, their reverse DNS delegations, RPKI ROAs, and so on. And under the same authorisation. As such, AFRINIC does already actively encourage members to migrate their route objects across. We even have some tooling and running code to assist members to do so. But uptake is slow. I believe due to primarily two factors: - General inertia: “If it’s working now, why change anything”. - Upstream carriers that still require RIPE DB IRR objects from downstream operators in the AFRINIC region. I believe (hope) that these two factors are where the RIPE NCC and the RIPE DB community can assist. Of course at the same time the message from AFRINIC *is* one of equal desire to have the objects more and support for the DB WG’s desire to not have out of region objects. No one wants this to be seen as the RIPE DB dictating the way forward, but a certain degree of firmness from both ends would, I believe, help as an incentive to the resource holders to take action for themselves. And AFRINIC is then ready to assist them in creating/copying the objects. To summarise: This is mostly to re-iterate that finding a way to complete this work is understood to be mutually beneficial to both RIPE and AFRINIC communities, membership and organisations in the long run. Without a doubt there will be some challenges with the technicalities of certain sub-groups of objects that are out of date or not perfectly duplicated, but we understand this is unavoidable and are ready to put in the effort to deal with them as the data are looked at more closely. I have a high level of confidence that these will not form the majority of objects to move anyway. Best regards, Daniel
On Wed, Oct 26, 2016 at 12:37:52PM +0400, Daniel Shaw wrote:
- Upstream carriers that still require RIPE DB IRR objects from downstream operators in the AFRINIC region.
what evidence is there that this happens? who is doing this?
On 26 Oct 2016, at 5:24 PM, Job Snijders <job@instituut.net> wrote:
On Wed, Oct 26, 2016 at 12:37:52PM +0400, Daniel Shaw wrote:
- Upstream carriers that still require RIPE DB IRR objects from downstream operators in the AFRINIC region.
what evidence is there that this happens? who is doing this?
Hey Job, WG, As I mentioned to you when we met, far fewer than a year or two back. Thankfully! My experience has been that this is more a *perception* of the downstream operators than an actual reality in most cases. However the perception does create additional friction to having them move to AFRINIC IRR wholesale. But never a block, just a little extra work and extra dialog back and forth to reassure them. My experience has been so far that large transit carriers are more than happy to query the AFRINIC IRR once they’re told about it and have a customer using it. Their default behaviour to their operator customers is “create objects in RIPE DB”, up until either the customer or AFRINIC gets in touch and says “no, and here’s why”. Usually thereafter all is good. :-) I guess writing “require” before was too strong a word on my part. It would have been better to write “frequently request”. The most recent example was BICs - and it’s on my to-do list to reach out to them. Cheers, and have a fruitful face to face! Daniel
Hi Daniel,
On 27 Oct 2016, at 08:20, Daniel Shaw <daniel@afrinic.net> wrote:
Their default behaviour to their operator customers is “create objects in RIPE DB”, up until either the customer or AFRINIC gets in touch and says “no, and here’s why”. Usually thereafter all is good. :-)
Do you think this will be fixed by the proposed communication/outreach phase in which we were (all, not just Afrinic and RIPE NCC but operators too - *NOG meetings etc) supposed to communicate the intent to all stakeholders, then followed by a phase where creating new such objects in the RIPE Database would be disallowed - with a friendly error message essentially saying "Please use the Afrinic IRR for creating this object, read more details here [link]"? Tim
On 27 Oct 2016, at 10:54 AM, Tim Bruijnzeels <tim@ripe.net> wrote:
Hi Daniel,
On 27 Oct 2016, at 08:20, Daniel Shaw <daniel@afrinic.net> wrote:
Their default behaviour to their operator customers is “create objects in RIPE DB”, up until either the customer or AFRINIC gets in touch and says “no, and here’s why”. Usually thereafter all is good. :-)
Do you think this will be fixed by the proposed communication/outreach phase in which we were (all, not just Afrinic and RIPE NCC but operators too - *NOG meetings etc) supposed to communicate the intent to all stakeholders,then followed by a phase where creating new such objects in the RIPE Database would be disallowed - with a friendly error message essentially saying "Please use the Afrinic IRR for creating this object, read more details here [link]”?
Hi Tim, WG, I do. Well I think it’s on the way to being fixed already and would get fixed *eventually* anyway. But I strongly feel that a unified and organised outreach as proposed will vastly accelerate this, yes. And I think that’s a good thing obviously :) Regards, Daniel
Do you think this will be fixed by the proposed communication/outreach phase in which we were (all, not just Afrinic and RIPE NCC but operators too - *NOG meetings etc) supposed to communicate the intent to all stakeholders, then followed by a phase where creating new such objects in the RIPE Database would be disallowed - with a friendly error message essentially saying "Please use the Afrinic IRR for creating this object, read more details here [link]"?
Sorry, your update to the RIPE database is not appropriate. We believe that you should be using the AfriNIC database at https://what.ever. rumy and daniel have a nice webinar explaining this in detail and why you will like it better at https://webinars.are.us/. If this message is in error, please email to no-reply@rirs.are.us randy
participants (6)
-
Daniel Shaw -
denis -
Job Snijders -
Piotr Strzyzewski -
Randy Bush -
Tim Bruijnzeels