Dear colleagues,
I spoke up at the Copenhagen meeting objecting to proposal 2016-02.
- the proposal is inappropriate for a RIPE policy
- and at least not acceptable for passing
- and most certainly so in it's current form.
The proposed policy has two sentences. The second sentence looks
somewhat appropriate for a policy (though the use of "should" seems
strangely fuzzy - at least in the context of the use of "MUST" in
the proposal which looks like trying to invoke RFC 2119).
The first sentence "requests ... NCC implement functionality" actually
implying
- specification
- design
- implementation
- deployment
- and appropriate documentation (for various stages)
of a security [related] system - apparently intended to be used globally
as a kind of Internet standard.
It would be fine to request the NCC to develope a technical proposal
(spec, design, interface documentation) or contribute to work on such
- and that's more an issue for activity plan and resource allocation
and certainly NOT for a policy. Of course the questions of other
contributors and venue for the technical work come to mind.
Technically the proposal text is not that clear and complete;
I understand incompleteness is intentional.
So neither the proposal nor a potential future NCC design can
be scrutinized as required for security functionality.
But the proposal - as it stands - would imply commitment to
deployment when asking for the development. That is not acceptable.
I doubt that the RIPE PDP is adequate for doing serious technical
specifications; referencing of fully developed specs for use in
NCC services is fine in general (though specific cases warrant scrutiny).
Thanks for your attention and consideration.
Ruediger Volk