Hello,
I would like to open discussion related to "Action Required: Contractual
Relationship for Independent Resource Assignments" emails, that almost
all LIRs received from RIPE NCC in the past. I have some notes from
perspective of small LIR (or from perspective of person helping running
multiple small LIRs).
My first note points to system in general. Although RIPE NCC has many
required informations in own existing databases already, it requires
additional action from LIR in general. Typical small LIR has one or more
PA allocations and exactly _one_ autonomous system registered. In RIPE
database, there are records matching allocated PA prefix and ASN (route
objects with proper origin AS and related inetnum objects, many ASNs has
paired LIRs org: in aut-num object). In addition, RIS service (with
history!) can be used for verification of these informations obtained
automatically from database.
For incomprehensible reason, RIPE NCC doesn't use these informations at
all and instead of this abuses ALL LIRs with submiting simple form with
exactly one record within it. I thing RIPE RCC has enough resources
(financial and human) to do that automatically.
My second note points to implementation of this new tool. I discovered,
that I'm not able to "new" tool used for confirmation. I'm using PKI
login feature and I have one identity paired with more LIRs. Although
I'm able login to the LIR portal and modify everything I need with my
certificate, I'm _NOT_ able to update informations on "Independent
Resources" page.
The main reason is, that RIPE NCC created new and separated (!) tool
instead of simple integration of new feature/functionality to existing
LIR portal. So, instead of reusing existing code used for LIR portal
authentication, new outside code was developed for this new tool. And
this new code doesn't implement all authentication features from LIR
portal. In my point of view, this is quite unprofessional approach of
modern application development. Aplications should be multi-layer,
allowing easy new feature implementation.
I reported this issue to RIPE NCC on friday last week, but first
"answer" I received yesterday from RIPE NCC was initiation of audit in
one LIR. Just fortuitous event? I don't believe. I have no problems with
audit itself, I have all records, but this takes some additional time
(and of course, money). Just because I claimed some problems to RIPE NCC
staff due to problematic internal _implementation_ of new policy.
Ok, I would like to open public discussions about this problem. There
are some questions to answer and discuss:
* why RIPE NCC just doesn't use informations from RIPE database in case
of their availability and verifiability, why abuses small LIRs instead
* why aren't RIS data used for automatic obtaining of requested
informations, where this can be applicable
* why RIPE NCC didn't integrate "confirmation" tool to existing LIR
portal and why new outside application with _limited_ functionality was
developed instead of reusing of existing code and functionality
* what architecture is used for LIR portal in general, can be there
easily implemented new features
Of course, I understand, that there are large LIRs and some historic
mess, where this action may be required due to lack of records in
existing databases. But, I think this is NOT a case of LIRs started in
past couple of years, where all required data should be available.
With regards,
Daniel