RIPE NCC Services
25 May 2016
4 p.m.

CHAIR: I think it's ‑‑ actually I know it's two minutes past four, because that's what the clock says.

Welcome everyone. This is the RIPE NCC Services Working Group, all of your favourite Working Group. And we have a very packed agenda today, as behind me. So, I hope we can go through it quickly. For those of you ‑‑ I am Kurtis Lindqvist, I am the NCC Services Working Group Chair, and for those of you who haven't been to a Services Working Group before, that's a big question why you haven't been there because again this is the best agenda item. And, but, this includes the prelude to the General Meeting of the RIPE NCC that follows right after this session. If you haven't picked up your sticker to attend the GM, now is your last chance to go do so by the registration desk for attending the GM. It will be in here right after this Working Group ends. So, as, you know, we will ask for your cooperation with threats and get you out of here as quick as possible when we're done. So that we can start the GM on time hopefully.

I think that was all the admin matters.

We have a scribe, one of my favourite scribes over all the others, Amanda from the RIPE NCC. Thank you, Amanda. If there's no additions to the agenda, I think we can approve the agenda, we also had the minutes from the previous meeting posted to the mailing list in, I think it was early February this year, and there's been no comments to the minutes, so, I assume we can approve them, unless I hear any objections. Any objections? No. Okay, minutes approved.

And with that we get onto the first agenda item which is the RIPE NCC survey 2016 by Serge.

SERGE RADOVCIC: Hi there. Thank you very much. I see a lot of people are still walking in but that's fine. I don't mind being interrupted because I am always interrupting people when I talk.

My name is Serge Radovic, I am the chief communications officer at the RIPE NCC, and I want to just walk you guys through a bit about what plans we have got for this year, in fact forth end of this year, and that's the RIPE NCC survey. As many of you probably know, we have a multitude of feedback mechanisms that we use. Obviously this meeting is a great one, you know, we ask ‑‑ we talk to you buy guys during the breaks and we ask for a lot of feedback, many of you love to get up here and express your opinion about the RIPE NCC and the way we're going, many of you like to get to the microphone. But we have 13 and a half thousand members and we have an extremely wide community, the RIPE community, and we want to be able to reach out to all of those people and we find that the surveys it one of the best tools that we have to be able to do that.

We conduct these surveys once every three years, we have been doing it since about 2002. Obviously one of the reasons why we do it is to see are we on the right track, are the service that is we are delivering what you want? Can they be improved? What more do you want? Are there other things you want to let us know? And you can do this in an anonymous fashion in your own time, and that's one of the strengths of this. You don't have to tell us who you are, you can tell us as much as you want be, you can be as frank as you can, I know some you don't have a problem with that, others do, and you can sit down and do that in your own time.

The last time we held the survey was in 2013. I think it was a very successful survey. We got 3600 respondents filling it in. 75 of our 76 regions filled in the survey, I can't remember the country that didn't fill in, but that was great turn out. So from the results of that survey, we developed 50 key findings that we acted on. We looked at all of the different areas, that was throughout the, all five divisions of the NCC, and we worked on these actions over about an 18 month period and we reported back on these actions. I think it was very successful in that sense.

But last time we held the survey, I guess things were a little different. We had around 9,000 members at the NCC just three years ago. Today, as most of, you know, we have in excess of 13 and a half thousand. So there was about four and a half thousand new members that have come on board and I am sure the RIPE community itself has grown even further since then, we'd especially like to reach out to some of those newer members as well as our more established members.

We don't ‑‑ we do put the survey together on our own. We develop it with our staff at the NCC and the Executive Board. But, we ask the Oxford Institute, the Internet institute, OOI to help us out in gathering the information. One of the reasons for this is again we want to make it anonymous as possible, so we ask them to collect all the data and they actually do analysis of it and they give us a report back.

However, we do publish the entire results of the survey, every comment, everything that the OOI get, we will get. Except for one thing. There is a prize draw, I'll talk about that later and to be able to get a prize for filling in the survey, you need to give the OOI your e‑mail address to draw a winner out of the hat. We never see those e‑mail addresses. When we publish the complete results of the hundreds of pages of comments and information we get for those who want to delve into, it you will not see those names, you will not see those e‑mail addresses, so we will ensure that the anonomy is kept.

There is three promises I want to make to you guys about this survey. We even got feedback about the survey itself the last time we gave it out.

Promise 1: We will make it a lot shorter. The last survey we had we did get quite a few complaints that it was too long. What we have done this time is we are going to be asking less of those questions about do you think we're doing a good job? We don't necessarily need pats on the back. We want to hear about what we can do better. So we have shortened the survey by quite a bit. I think around 40 questions shorter than the one we did in 2013. So, for those of you who participated last time, I think you are going to see a clear decrease in how long it's going to take you. I estimate between about 10 and 15 minutes. Naturally, some you really like to express yourselves

TORE ANDERSON: We do give you the opportunity to do that throughout the survey and for those of you who would like to do that there's plenty of opportunity to comment. It might take you longer than 10 or 15 minutes if that's the case.

The second promise I want to make is we will report back on the findings of the survey. We will do that at the next RIPE meeting. Both the OOI will deliver a report and we will present that report to you at the next survey and we will publish the report, again, as I said all of the responses will be published on the website.

And the third one, I guess the most important of the promises, is that we will do something with this information. We're not just out there to collect it and then just sit on it. We will analyse it, we will look at what we need to work on. And we'll develop an action point list, again as we did with the key findings last time. And we'll publish those actions and we'll describe our plans and how we're going to make those actions, how we're going to act on those actions. After that we'll report back probably about a year later of the outcome of those actions and what we still need to work on. But we will definitely investigate and act on the findings of the survey.

So, as I said early area, it's not just for members, naturally we'd really like to hear what our members think. How we are spending their money and so on but it is for anyone and everyone who is interested in filling in the survey. It's not limited to one person per organisation. I'm sure large organisations, different people in there would all like to express their opinion and you are welcome to do so. So it is open for everybody and we hope to get as wide a range of responses as possible from all of our, in all interested parties.

So, do get involved. We are officially going to open the survey at the end of the meeting. Obviously we'll send out a communication to the fact that we're doing that. You are going to have time to fill it in. It will be open for about four and a half weeks through to the end of June, so, we will be sending out reminders and we realise that some people do need and incentive to express their opinion so we will be offering some iPads, five of them, in fact, over this period. Obviously the earlier that you fill in the survey the longer you'll stay in the draw to get your name pulled out of the hat so I would encourage you to get in early if you'd like that, to win one of those iPads.

Fergal is one of the key staff members that put the survey together. He is he has done an incredible amount of work in putting it together. He has talked to all of our staff members and he has been extremely busy in doing it and he'll be leading the communications involved in getting as many people as you can. If you'd like to understand a bit more about how we put the survey together, about what we do with the results, you can come and talk to either Fergal or myself. And of course Desiree is also here, she is our contact at OOI who will be helping us analyse and collect the data, so I'm sure she'd be happy to answer any questions that you might have about that.

That's about it. I think I have kept to my ten minutes. There is the link to the survey, I think it's quite easy to remember, as I said we will be bugging you about, it I hope we won't be spamming you too much, but I guess if you all fill it in and we get 13 and a half thousand responses, then I'll stop e‑mailing you, so please do fill in the survey. I think that's it. Are there any questions?

KURTIS LINDQVIST: Thank you, Serge.
Next up is then Paul Rendek with the ‑‑ an update on the RIPE NCC outreach. And try and be as good as Serge.

PAUL RENDEK: Good afternoon everyone, my name is Paul Rendek and I am the director of external relations at the RIPE NCC. I have a short update for you on some our activities. I'm concentrating a little bit this time on maybe some of the challenges that we have in external relations in engaging with the array of stakeholders that we have to engage with, certainly our membership and community which comes first, but there is a whole bunch of other stakeholders out there that we do engage with.

On Friday, there will be a session that will be kind of concentrating on the efforts that are happening regionally, and I think that you'll probably hear a lot more about what's happening there, so I won't cover this in this presentation in any detail.

We have changed a little bit our composition inside external relations. Look at this lovely patch of people we have here. We have grown a little bit. We have folks working for us in Moscow, we will from the 1st July, have a new staff member, Alex Semenyaka, who will be joining the RIPE NCC as one of our external relations representatives from the technical support side of things. Some of you may have met Dick Leaning, he comes to us from Europol, an ex‑copper, we have got an ex‑copper on the ER scene, it's particularly useful for us when we deal with EU affairs and when we deal with law enforcement. So that engagement has been really positive and it's been met very positively outside, so we're happy to have his expertise inside of our group. We have folks located in the Dubai office up there. Some of them I'm sure most of them there are quite familiar to you. And we also have actually incorporated RACI inside of ER, so Greg Anna has joined us in there and she has presented on RACI, I hope that some you have joined to see some of the developments that have happened there. A wonderful talented team, I am very happy and privileged to work with them on all of the things we do.

The role of ER. Just very quickly. Summing this up.

We spent a lot of time on two‑way engagement between the RIPE NCC and our membership and community in our service region. Our service region is pretty big to get around, and I showed you the amount of staff that are there. There's no way we can do this alone. If I take a look the an ER we are probably a lot larger in that we use a lot of our colleagues inside the NCC he, we use community members to do this engagement with us with helps us a lot more. It's a must robust approach to how we do this. We definitely follow developments inside the public policy arena. That keeps us very busy. The IANA transition is something that kept us pretty busy the last year or so, or almost two years. But there's other public policy engagement that we do. And we certainly defend the bottom up industry self regulatory process. We also work on actually explaining IPv6 to some of these other Stakeholders, certainly in the public policy arena. But it's something that we do defend this system and I think it's a very important thing.

We drive RIPE NCC capacity building efforts in different parts of our region. Because the region is so big, people are on different development cycles inside the region. So capacity‑building in one region might mean something different than another. So we do engage in that and try to hit the right kind of capacity building they're looking for from the RIPE NCC.

And we engage and we build relationships with a number of stakeholders there. So actually, I kind of look at us as this Mac truck. I think when the RIPE NCC sees a door that's close and they want it open, I think we're kind of the group that they hit first to go knock on that door until they invite us in for a cup of tea. That's how I see our group in some ways.

And, of course, we influence the debate where we can that's sent value to the interests of RIPE and the RIPE NCC is as an organisation.

So let's take a look at some of the things that we have done to engage our membership here. I have put up this map here. Because one of the things that we're wanting to do is we're want to go hit every single one of the countries in this service region. This takes us a little bit of time and maybe each country has a different kind of engagement that they want to have with us. Certainly if it's the first time, we would engage differently than maybe we would engage in a country like the UK and Germany where we have a very longstanding and older relationship, right.

So, from January the 1st 2015, so roughly a year‑and‑a‑half, we have managed to have events in the dots that you see in red here. A good split between the different regions, I think. We have tried as much as possible to get around where we can. You see this lovely white bit with maybe a little bit of west and central Europe, they probably fall off this map because we concentrated there in 2014 up to 2015, so we have kind of gone out into a different area. I have given some green dots here because there are already some upcoming engagements that we are going to have in this year covering that slot. So it kind of rotates and we need to make sure that we spread the resources well.

RIPE NCC organised events. This shows us a little bit of a different picture. We actually, from the 1st January 2015, we have held 53 events actually in 31 countries. That's quite a footprint for an organisation of our size and dealing with what we have, people out there doing this kind of outreach work. This would include everything probably but the training services. That's another kettle of fish on outreach. I haven't included them here because they have a very broad spectrum of countries that they reach. I wanted to concentrate a little bit more on people like IPv6 road shows or regional meetings that we show. Again, you can see the spread here where we have been been and the indication of levels of how many events we have had in that particular country.

And then all of our engagements. So we take a look at this map, and then the thing starts to look a bit more colourful. Again, this would include NOG participation where we have been asked to actually participate where we fund certain NOGs and where we organise our own meetings, so, this is to give you an indication of where we are, of course you start to see Europe sliding up the scale in events that we would participate in.

So let's take a look at the challenges that we're facing because this is the stuff that I think I'd like to give you. Incidentally I had two community members stop me before this meeting over the weekend, and they said, Paul, you get up there and present and you smile and you give us this great smile and say we're doing great work, but you probably don't give us the complexities and challenges that you have got in the different parts of the service region that we have. So I changed my presentation, and I wanted to concentrate really on just some of the challenges and then I will complete the presentation.

So, some of the complexities we have in Europe, or challenges: the regulatory scene is pretty complex here. We do see that. I think that we try to keep up with the developments that would affect our, this part of our service region. The EU has a very ambitious agenda and it flies all over the place and kind of grasping where or what parts of this are actually important to the RIPE NCC business and RIPE as a community can be quite challenging for us. The latest craze inside of Europe is IOT. It's not that it's not on the agenda everywhere else, but I think that the European regulators and governments have kind of taken a jump there, and when I see IG activity, I'm seeing movement kind of happening away from classic things that we have seen, or engagements that we have had and they are kind of moving into this kind of IOT space. What does that mean, what does that mean for RIPE, for the RIPE NCC? And what does that mean for some of our non‑EU European states? And then of course engaging all the members in Europe. We have diverse levels of developments, economy and size we try to get the right mix there of making sure that we have appropriate engagement. This can be quite a challenge for us for Europe.

Then we move into Russia and central Asia. For that part of our service region, we have quite a large and I would say fairly new‑ish membership for us to engage. So, they have never really actually had any previous engagements with the RIPE NCC. This area is huge. Russia alone, it is a huge country. Once you actually get on the ground and start moving around to different cities there and you realise that you have cities with massive population that is you probably haven't really even considered before, and what they're expecting from an organisation like the RIPE NCC where they actually have quite large concentrations of members.

So the challenges here are for our operations, how are we servicing this part of the service region? We're seeing an increase in folks getting involved in the PDP process, not enough. Not enough I think from the development from where they are on the development cycle, I think that's a challenge for us, trying to make sure we get them in to these processes and a little bit more active.

There's a need for capacity building, and particularly in the caucuses, I would say, in central Asia, no so much I would say like if we look at infrastructure, I think Russia is on a different scale there, there is a very talented community inside of Russia. I think some of the other parts like the caucuses and central Asia are looking at things like capacity building from us and training and these sorts ‑‑ these are the kinds of things that they are wanting to have from the RIPE NCC in our engagement.

And then, of course, there is a need to understand Government structures and priorities. These vary immensely even from this part of the service. In Russia particularly, from what I have seen over the past years of working with some of the governments and some of the regulatory bodies that we see there, is that their ICT agenda and their strategies, they seem to be fragmented across many structures and organisations. It's very hard to pinpoint who you are supposed to be having the relationship with, and sometimes you'll go to a forum and you have a particular Government agency that's there. You go to another one, would you expect the same Government agency pushing the same priorities forward, and it's not. It's a completely different organisation and I haven't really ‑‑ sometimes I haven't really even had a relationship with them previously. So, that is a challenge for us, but it's something that we are spending sometime on.

And then there are geopolitical conflicts and challenges in this part of the region which is probably something we don't traditionally see from maybe western Europe and our engagements there.

Middle East, the last section here. This region in particular, I would say, has a hunger for capacity development the they are really very eager to partner with RIPE NCC and other industry partners that we have on capacity building. And that seems to be a very large concern there. They have a very different market structure. And a very different approach to their business. So how do we ensure that the RIPE NCC actually feels at home, I have put that in this region? It has been a very steep curve in getting ourselves to engage and understand even culturally how we would approach making RIPE NCC feel a little bit home in that region.

And they have different perspective on RIPE NCC service offerings, there is a completely different service delivery and support that you would do in the Middle East than we probably would see in some of the other regions. So this seems to be quite challenging for us.

And then, of course, maintaining the advances that we have made with our arrangements with Government there. I think we have come in, we're seen as a neutral organisation, I think that we have provided technical expertise not only from the RIPE NCC but also using our community in this region, it has gained us a lot of points. They don't look at the RIPE NCC as some lobbying body that's coming in from that Government perspective, and that's very important, because very recently I was quite happy to hear that in Saudi Arabia, that the governor of their CITC, of their regulatory body, actually addressed me and said, I'm so happy to see RIPE NCC, our partner, here in the country. That's a very big statement coming from somebody like a governor, so I'm happy that we have got ‑‑ we have reached that kind of point, but again, keeping this forward takes quite some energy.

So, what are some of our future challenges in some our outreach and external relations programmes? We have an evolving membership. We see that. I think we're taking a look at that inside. I think we, from the outreach area, need to understand who are these members and how can we serve their needs better? What are they expecting from the RIPE NCC? Some of them may have come to us and said I just want the address space, buy, buy, some of them might be expecting something a little different, so we need to actually understand what this ‑‑ you know we have had this curve, I think you have seen presentations, I think Axel will show you, of course, our membership growth, what are these new members expecting from this organisation? That's something that's on our agenda.

The evolving Internet governance landscape. I mentioned that. We spent ten years inside debates with Government trying to remove critical Internet resources off of the agenda inside the IETU and some of the member states. I think we have come a long way in that sense. I feel that the last half year, CIR, although it is on the table, it's not on the table the way it was over the last ten‑year period. We're moving into a whole new landscape, I feel, with where we're seeing our engagements in Internet governance and that's kind of, this is a challenge for us. Like I said, there are new players in in IG space, right, and they're concentrating on areas like IOT, right, all of a sudden we see the debate, boom, moving in that section and they are asking us, what's RIPE NCC's position, what's RIPE thinking of IOT? They want to know that from us as maybe a centre of technical expertise in RIPE that we have placed ourselves in. We need to look at some of these things so we can give them some of the answers, some of the technical facts here, I think that's important.

Again what does that mean for RIPE and the RIPE NCC? Security. It's all the rage inside the governments and regulatory bodies and certainly inside of IOT. So that's ‑‑ and law enforcement. I think some of you may have heard about a group that's been recently formed inside of the ICANN called the public safety Working Group, it's inside the Government Advisory Council, or the GAC as we like to call that. The ICANN PS WG is taking a look ‑‑ this is where I think some law enforcement come together, and various trade, you know, consumer rights protection regulatory bodies and the like are coming together. They are taking a look, we all know this they have taken a look at DNS who is, that's been something that's been on the agenda for ICANN, it's been dealing with that for its last probably six years, I'd say. IP WHOIS probably isn't touched. This group is IP WHOIS is a big thing on their agenda. So they are going to come and they are going to be taking a look at the accuracy of the data, the accountability inside that have and we as a community need to be prepared for this engagement. So we do see this coming.

And collaborating with industry partners. I have mentioned that we have some classic industry partners that we know very well and we work very well with. But we're also partnering with folks like GSMA these days, whether it be in either capacity building efforts, whether it be on the IEG on the public policy front, we're seeing a lot more engagement with the likes of them, IEEE springs to mind, W3C and some of these standard developing organisations, like I said, IEEE, and ITU even of course in this front. So this collaboration is something that we feel is an ongoing challenge making sure that we're represented there well and we work together with them.

KURTIS LINDQVIST: Thank you, Paul. Any questions for Paul?

AUDIENCE SPEAKER: Nurani Nimpuno from NetNod. Thanks for the presentation. And I really like the fact that you kind of go on an issues level per region, for me that's very interesting. Just a few words about the European regulatory environment. I mean, it is getting more and more complex and you have legislation in different countries that are conflicting. And I find it really, really hard to keep up with all those changes. ISOC publishes some sort of a monthly quick update on what's happening in EU policy space, but I was just wondering if you had any ‑‑ either any pointers or if you had any thoughts on sort of doing quick summaries of this is happening, not just you know for, obviously for things that you need to follow but also that operators in Europe need to be aware of.

PAUL RENDEK: That's a fantastic suggestion, Nurani, and probably more important now in what I'm seeing in the IG space, and I am many times standing next to you in that space when we're out there, probably more now than it would have been before, I think before we would have engaged on specific issues, whether it was like you know the IANA transition or whether it was a wicked inside of ITU, very specific things that were maybe hitting IP addressing or critical Internet resources, but as the debate itst moving along we are seeing the new IG space I think is concentrated on regulation, legislation, you're right. I think it would be quite wise for us to take a look at the things that are of course relevant to our business. I think it would be quite difficult for us as a team to kind of look at the whole legislation regulation front on ICT. But I think we can concentrate on those issues that are central to our business at RIPE NCC, and provide something like that. That's a very good suggestion, thank you.

MIRJAM KUEHNE: This is more addition. I would like to point you to another interesting session that we are organising on Friday morning in the best slot of this week, Friday morning, nine o'clock, we will actually be following up on Paul's presentation here and we'll have a panel of discussion with people from the community members from these regions that Paul just mentioned, and we can go into a bit more detail there, I just wanted to point you to that new and exciting session on Friday morning.

PAUL RENDEK: Thanks, Mirjam, because Kurtis would never have given me the time to cover that stuff. Thank you.

AUDIENCE SPEAKER: Milton Mueller here from ARIN. I want to talk about the public safety Working Group, because there are some concerns about that. So a lot of us have put an emphasis on the so‑called threat to multistakeholder Internet governance coming from governmental institutions but in many case there is a stronger threat that comes from within the multistakeholder institutions when the governments act within them in ways that are actually less democratically accountable than when they act as governments. So, one of the problems we had with the public safety Working Group was that they organised themselves not as a multistakeholder committee within the entire gamut of ICANN stakeholders, but they formed a subcommittee within the GAC which means that they don't have to talk to anybody but GAC members and yet they are dealing all the time with issues that affect the civil liberties groups, the businesses and so on. So, I guess at least within ARIN, there was a talk at some point of should we form a GAC and my recommendation was hell no. And I would think that however you handle, I'm not sure how you are handling the relationship to Government within RIPE. Whatever you do I hope you try to maintain the porous boundaries between the governments and the stakeholders and not allow them to be insulated because lots of bad things happen when that happens.

PAUL RENDEK: Thank you very much for bringing that up. I am introducing the word public safety Working Group here for the first time from the perspective of the RIPE NCC. We have engaged here, from the beginning, we were also concerned about their makeup and the fact that it was an arm inside of GAC. Certainly we are engaging with them. I think, moving forward, we wanted to understand what their agenda was. So we have worked as RIRs, we have actually shown up at two particular meetings that they have organised under the PSWG flag. One was a meeting that was held in Brussels, and it was a meeting that was co‑hosted by, get this ‑‑ DG connect and DG home, both working together. They co‑hosted that meeting. Fine. We were invited to the table as RIRs, we came there, we presented. The second meeting actually was held in ICANN, it was open. Right, it was an open meeting. They wanted us to participate a little more than we did the last time and for that particular session, I co‑chaired that session with a Government official, Alice [Minua], if you know her, from Kenya. So they had a kind of co‑chair thing going on, which meant it wasn't all Government. But yes, it was really targeted to governments in that room and their specific agenda. I think what we're going to see moving forward is that when we understand exactly what their agenda point S we're going to have to bring that back to this community, because IP WHOIS is a topic that I think everybody here ‑‑ and their notion of what they want to do with IP WHOIS moving forward, or their accountability of this moving forward, is something we're going to have to bring to the community. It's something that we're going to have to all be involved in and not just RIPE NCC alone. But yeah, thank you very much for that one, Milton.

AUDIENCE SPEAKER: Daniel Karrenberg. Just, one short comment. RIPE community member, one short comment on the last one, I think it's really worthwhile on thinking whether we, as RIPE community and the RIPE NCC want to engage in that framework, or whether we want to engage on the IP WHOIS in the context and frameworks that we already have established. But that was just a comment. My question is another one. You have been using the word "Internet of things", I think, a couple of times, and, if I understood it correctly, what you are signalling is that it's the newest fad, and there's interest in governments on what we think about it. What I kind of miss is what do we do about it? Because, is it evident that the RIPE and the RIPE NCC is nothing but the secretariat of RIPE in this, I would think, does RIPE have an opinion about this? Where would any engagement that you have be rooted in?

PAUL RENDEK: That's a fantastic question, Daniel, and I'm going to try to answer that as fast as I can. I'm going to tell you where I think what IOT means to governments and certainly ITU, because I think the next set of engagement we have with ITU is not so much trying to removal critical Internet resources from the table there but it's what they're looking at when they are talking about IOT, because that's where they focus, they have kind of left critical Internet resources aside and IOT seems to be the big buzz word there, and the ITU want to be recognised as the body where all standards development for IOT takes place. Now, they're busy mustering up their member states to look inside of ITU for all of these IOT issues. Okay. So, that's probably something that already should spark our minds to say wait, we seed to take a look at what's happening here and maybe point their heads in the direction of the communities that are probably dealing with this. We inside the RIPE NCC actually have put a few resources into following this IOT space, this hype, as you are saying, over the last probably about six to eight months. And we're kind of seeing what's the playing field out there. What's everybody talking about and what would the effect be on the RIPE NCC or what should our position be there in defending the interests that are central to us, certainly when we start talking about things like critical Internet resources or you know, v4 and IPv6 and ASNs in our case. We have done some work on this. We have had a document that we're kind of going to be circulating around so we can see whether or not we inside the RIPE NCC can agree on where we are there. We need to bring this I think into RIPE. So, I have actually had some conversations saying I haven't really seen a lot. I mean, Shane's presentation, fantastic. He gave his viewpoint on what how he saw IOT. That was one presentation. I would be interested to see some other minds, maybe at an upcoming RIPE meeting that would share with us maybe some other experiences on the IOT. So, but I think that I can say that at the next RIPE meeting, RIPE NCC and our ER team will probably have a presentation that will touch much more on IOT, I think we'll have our head around the debate by then.

KURTIS LINDQVIST: Okay. Thank you Paul.

So, something I didn't say at the beginning of the Working Group is that the reason the Internet Services Working Group exist is not just the NCC to update ‑‑ to allow the NCC to update you on what they are doing was originally created for the members as an avenue to give comment and feedback on what the NCC does and that is still sort of one of the primary and most important goals of this Working Group. On that note we have the next presentation of Alexander. On what the NCC has been doing in the eastern part of Europe.

ALEXANDER ISAVNIN: So, hello. Mostly I'll be speaking as a member of the community. A member of our community, an active community of other community but in some cases I will step left or right and become a member of RIPE NCC.

So, okay. So, Paul delivered just a fantastic presentation about outreach goals but I don't think that everything is as brilliant as it could be.

So, just a little introduction. RIPE community was founded here somewhere in western Europe, and RIPE NCC was founded as a secretariat for this community to help the community to perform technical tasks, but actually web service agents appear to be three major sub regions with completely different cultures, with travel difficulties, last week ‑‑ Soviet Union, it's Balkan states which also was ‑‑ and have different cultures and level of development, and also middle eastern region, with completely different culture.

So, what Paul hasn't mentioned. Communication and out reaches, a well developed part of RIPE NCC A lot of stuff working, a lot of directors. It's actually mentioned in activity plan. We have offices. But, what's the most important for communications outreach? Is to reach each member, not just the community, but each member of community and each member of NCC must be reached with information, with details of policy development, with ‑‑ well, with updates, with all activities. Why? Because if there is still members who are not well‑informed, who have difficulties understanding processes, well, that developed policy will be like on display at the bottom of the locked filing cabinet in a disused lavatory with a sign on the door saying "beware of the leopard". Well, it will explain the situation. What I want to say. So I will explain ‑‑ but I really appreciate what RIPE NCC staff communications and other staffs does for our community. So, if you hear a little bit critics, don't panic.

Well, what's inspired me to deliver this presentation? In November last year, I had a talk with Internet business ombudsman, there is such a position in Russia. He didn't there was a technical community in Russia. I said I know your company, your hosting provider is a member of RIPE NCC, and RIPE NCC is a secretariat for European community, and there is a NOG, and he says, no, no, what are you talking about? Which membership? Which community? I'm just buying AP addresses. It's you who signed articles of the association, who actually need to join General Meeting, thinks he is just paying for IP addresses. Well, that causes a little confusion, it seems outreach not out reached him. Communications have not communicated. There are some problems. I start collecting other problems I see in my region.

So, as you see, there is a little participation from ENOG in RIPE activities here is the main region. For example, there are two Ukranian companies constantly joining RIPE meetings. There are a little number of Russian companies, and persons who are joining these meetings. No newcomers from these regions. Well if you are talking about race /AOEFPLT I love RACI, a little participation from for RACI from Russia. There was a loose presentation about loads in Russia. There is only one presentation for a network RACI, but actually some days ago have completed world championship on programming, I am in the top ten teams, there are five Russian teams, so actually academics exist, but it seems there is problems of cooperation in this region. Again, maybe different culture.

Well, on previous sessions, there was a beautiful video from Vesna about Atlas probes distribution, if you watch it the right side of the map there was a little white space with a low number of probes, it's also an ENOG region, that could also be some problems. ENOG, there are problems with governmental interaction. No Government persons attending ENOG conferences, I know that for example, German ‑‑ persons from German Government regularly attending and presenting here at RIPE meetings. Or, for example, at CE meetings, regular presenting IT ministers or something like. The last EC meeting which was in Albania, even IT Minister from next meeting in Montenegro, came to invite. What happens? Nothing happens in Russia. In Russia ‑‑ at Russian ENOG meetings, only people four or five levels below ministers only come to greet us. It's something strange. This is from the community side.

But now from membership side. Well, a little low participation of Russian LIRs in GMs. Russia have about 10% of all members of RIPE NCC. And less than 5% of this 10% are joining General Meeting, not in person, with remote participation, that's a problem. Year to year growth of this number, also very little. Some activities are not trans apparent because some rumours saying that NCC is doing something in Russia, but oh all we know is from rumours or maybe later. I will talk a bit later about this.

Well, talking about media activities. Visibility of RIPE as a community of RIPE NCC is really low in Russian media. Why? There are a lot of discussions now about NTA transition, US Government ruling Internet and something like this. But Russian media does not mention RIPE NCC, and RIPE community as stakeholders of this process. Well it's very strange. Unfortunately, as an ENOG member, we are handled some recommendations to our new staff, because two years ago I was introduced Russian staff and about this time two years ago, at [Lanshet], there were handed two main recommendations for external relations director, he was present at this lunch. One of them is having social media in local language on local platforms. Well it was great for RIPE NCC, because, if you see Twitter, Marco Hogwoning twittering and making photos, something like protects RIPE NCC staff of Russia to post beautiful photos and comments and information of presentations in Russia simultaneously? Having blog with references to RIPE Labs with Russian comments.

Well also, there was a recommendation about development new connections. I would like to bring you an example. Tomorrow starts conference for Russian telecom operators, usually it was held at euro mountains, from Moscow. This year it will be at Associate Olympic premises and I bet there are much more LIRs present physically, CEOs and executives present physically at this conference than even registered for General Meeting, but RIPE NCC is not attending it. It's a real pity.

So, this forced me to send the questions to our Executive Board. If you are reading minutes they discussed it at the meeting of the beginning of April. So these four questions I have sent them. What actually objectives of outreach? What needs to be achieved and what are the performance indicators as set for this outreach? And also, we have somehow developed community at ENOG, if you are experiencing difficulties, could we help you? Communications and outreach and something like. Unfortunately, I received an answer for this only yesterday after some reminders to Executive Board members. And I'm not pleased with this you have seen on previous slides the exact questions. I received a beautifully written two‑page answer, which is mostly copy pasted from activity plan and a report. Well if my questions are incorrect, or irrelevant or something like, it could be mentioned. There's no need to write answer, I could understand, but questions wasn't answered.

So, another thing was evidence of transparency, because it mentioned train the trainer at CIS programme. I ask if you have Google, you can open a search, try to find any information from RIPE NCC on transit trainer and CIS, I bet you wouldn't find it, but okay, it exists. So, as I mentioned, the culture is a little different. The word 'secretariat' ‑ which is NCC for community in Europe ‑ in Russia, it means something different. In Russia 'secretariat' is somebody who protects big boss from a community. So, does really RIPE NCC work like this? I hope no. I don't know, I have more questions than answers in this presentation.

So, I would like to ask you, which action we should take? Should we have ‑‑ should we develop a special RIPE regional outreach policy? Should we start a BoF, a task force or even a Working Group for this? Well, doing it to help our Executive Board to develop such KPIs. Do we need to organise previous activities, not maybe just audit, but make more public, because Paul is talking about ‑‑ when he was asked from Mike especially ‑‑ it was in private session, he tells a lot of beautiful things, but I'm not sure that everyone in the audience know them. For example, let's have a test. Who is in this audience is aware of participation of RIPE IPv6 roadshow in ITU contest? Who is an aware? One person ‑‑ similar neck is not counted. What should we do. That's my question. It's not your questions,

Please, comments.

KURTIS LINDQVIST: Thank you, Alexander. Any questions or actions or comments to Alexander's presentation and questions?

ALEXANDER ISAVNIN: No need for outreach policy.

HANS PETTER HOLEN: I heard you said you had sent a letter with questions to the RIPE NCC Executive Board and that you got an answer whether they cut and pasted from activity plan and from the annual report. I think that sounds very good that they were able to answer your questions with things that are ‑‑

ALEXANDER ISAVNIN: I'm not sure that they answered my questions.

HANS PETTER HOLEN: Well that's something you claim. But to me, it seems when I read the activity plan and the annual report, it states what the RIPE NCC is supposed to do for the next year. If we're not satisfied as a community or actually as the members who then elect the board who directs the organisation on what the RIPE NCC should do, we should make sure that that gets into the annual plan. And in the past years we have done quite some discussion on what they should do and shouldn't do. So, I think we have a process for that. And I'm quite sure that they would like positive suggestions on what to do better in the regions. I'm not sure we need an outreach policy. I think the outreach activities of the RIPE NCC is sort of a matter for the organisation, not for the community. But, I'm quite sure that they are more than happy to receive positive suggestions on what to do better. Thank you.

ALEXANDER ISAVNIN: Well, Hans Petter, and how to measure successful activities? Okay. I will ask this question personally.

AUDIENCE SPEAKER: One of the two Ukrainian companies that frequent RIPE meetings. First of all, I see a lot of people attending ENOG meeting and I don't know about Russian Ombudsman but I think most people who are LIR members read the fine print. And also I don't think we should make any region or country to be privileged, you know if it's as large as Russia or as small as Denmark, just to me all people are created equal, so, if you think, for example, that people in Russia would benefit, say, from localised translation, well now we have two people in that office in Moscow, maybe they can help with that. I know that had been done and I have received Russian language RIPE policy announcements, which are beautifully translated, so, I mean we should just do small steps. Nothing it perfect. RIPE isn't perfect, and as I say, let's do something simple and ‑‑

With Hans' comment, maybe it's not quite community issue, although that's a bigger debate than I want to discuss right now.

ALEXANDER ISAVNIN: I'll give a Russian example and an ENOG example because I live there. Also Russian language is still one of the main communication language is CS countries. So...

AUDIENCE SPEAKER: Are you suggesting to use that language sure, then we should add German as well.


AUDIENCE SPEAKER: I have so many comments that it's just going to take a long time but maybe I'll start by saying the Internet ombudsman in Russia never said that because I was at that event, and after that came to Dmitry, it's ‑‑ the name of the ombudsman, and said Dmitry, do you really think you are buying addresses from us? He said, hell, no. He said, who told you that? I said, this guy. He said, okay, someone was drunk. The thing is by the Russian legislation you have to have an agreement that actually says because you are buying services from foreign company, so you are actually have to have a buying agreement. That's it. So, the second thing, if you feel unsatisfied that the Russian Minister of communications did not agree to you personally, then you should have not skipped the Georgian event that we had, the Armenian event that we had, the Kazakhstan event that we had, each had the head of regulatory body or the advice Minister or the Minister coming to us and greeting. So, maybe that's just an issue with the Russian Minister and, yeah, maybe you should write a letter.

ALEXANDER ISAVNIN: And Russian Minister of outreach.

AUDIENCE SPEAKER: We should get to the Russian Minister to agree to you personally, that would be on top of our list for the next year, speaking about outreach itself. This year, we have 15 countries in the region, we have covered, by now, only three, which are going to be covered in Q3 this year, it's... so all the rest of the countries were covered. We also introduced the member lunches as you know a specific outreach programme, because we understood that the ENOGs cannot cover the region. The RIPE NCC regional meetings that we did twice a year, cannot cover the region as well. So we need to introduce something smaller, something lighter to reach out to members that never saw RIPE NCC at all. And yeah, so, this is how we managed to do like those events that Paul mentioned, there are dozens of them across the region they were all highly successful and for example, after the events that we had, this year, we're seeing new, three new IGFs being born in the region, it's Belarus, Georgian and central be Asia IGF, and it's all a continuation of the outreach that we're all doing in the region, together with our partners from ISOC as well. So, what else?
PDP, you mentioned that the PDP no one knows about the PDP, if you have seen the slides that Marco was presenting this morning, it actually shows that Russia is in third place in PDP engagement behind UK and Germany. But you also have to take into account that despite that we're doing a lot of things to make people in our region understand what's happening with the PDP and Dmitry from Ukraine said that we are doing once a month a PDP update in Russian to let people know what's happening, there are still you know a gap, Russia and the Russian region, they are not English speakers, so, to actually participate in PDP, you have to be you know, at least a bit fluent in English, to, and even with that, Russia is being the third place in PDP activity and that never happened before.

Speaking of OGM, I think you are going to see the map, you saw the map that Russia actively participate in GM, so I don't really know where the data comes from.

ALEXANDER ISAVNIN: The data came from the same map because you have specific thing like membership lunches. All right it's about KPI should be introduced. You have membership lunch in Riga in Lithuania. Well, I have compared the map ‑‑ Latvia, sorry. I have compared map, previous General Meeting, three registration, this meeting, three registration, so somebody had free lunch? This is.

AUDIENCE SPEAKER: The idea of having a member lunch is just to get people registered for General Meeting.

ALEXANDER ISAVNIN: It's measurable, because now it seems to me, I have not told this previously, but it looks like outreach and communications becomes outreach and communications for outreach and communications, not for community. You are having lunches, does involvement increases? As I told, I had to deliver about one hour talk with an Internet business ombudsman telling him about the RIPE NCC and the history and something like this. It's the job of Axel Pawlik. Well... that's one point. When I'm talking about KPIs, because something is measurable like joining general meetings. And why is this important? I have one slide for this. If the RIPE NCC would not work with membership, get a real involvement, then it could appear that we know it's lot a LIRs being registered for last /22, for a sell IP addresses and something, it could appear one moment that technical LIRs control but a few number of people will out number real working LIRs, and then this could happen.

KURTIS LINDQVIST: I think we are going to have to take this to the mailing list because we are seriously out of time. And I do understand the discussions about the members is quite important for this Working Group, but we also have a GM following that we have to start on time. So thank you very much, Alexander, and I hope ‑‑ encourage you to continue this on the mailing list.

Next, is Axel Pawlik with the RIPE NCC update.

AXEL PAWLIK: Hello. I am Axel, I am heading the secretariat, although that doesn't seem to fit Alexander's view of my hairdo. I'm sorry about that. Also, don't panic, there will be no singing fish in this presentation, as far as I know. I didn't upload it myself to we'll see.

A quick update from the RIPE NCC, what does 2016 look like for us and what do we have in mind and a couple of questions towards the end.

We'll do all that quickly. So, from the annual report I'm sure most of you have read it. It's looking generally very good. We have lots of meeting attendees, we have lots of additional members. We meet many of our members and community members in those meetings in trainings and the like. We did lots of allocations of address space. Stuff like that.

Financial overview. In 2015 we made a loss, isn't that weird. There are some complications in giving money back to our members and how this is looking on the books, so that results in a slight deficit and you are very welcome to button‑hole your home later on in the General Meeting about that.

We did give back quite a lot of money to our members, which is fully in line with our text in the Netherlands, very nice. Reserves are still 25 million, still more than a hundred percent that we are shooting for, that's looking very good. Operational expenses were just under budget. Staff numbers are a little bit under budget as well. Cost per member that's significantly reduced as well. I'm quite happy about that.

Membership growth is weird and wonderful. Very much up and to the right. So, we see lots and lots of new members coming in, lots and lots of new different members coming in. There used to be a time when we had members that were mostly ISPs. That doesn't seem to be the case any more. There are new guys in there. And we are looking that we are analysing that, we are trying to find out what the mostly enterprise members there. We are trying to find out what the ‑‑ if there are any specific needs they have for services and what those needs might be so we try to reach out to them and analyse all this a bit further.

We have recently done a first step in looking at sort of the type of membership development, what type of members we have, basically demographics there and we'll look at that in some further detail there and report back to you, of course.

We just heard from Paul quite a bit about engagement and outreach, what he said on the external relations part also goes very much into community engagement and talking to our members. Again, lots and lots of things that we have talked about before so I'll keep this relatively short.

We have said last year that in 2016 we wanted to look at maintaining a strong registry and we have seen that also in the policy discussions earlier today, that that is seen as a very important thing for us to do. So, that's on the table certainly.

Talking and displaying accountability of the RIRs and especially of the RIPE NCC. In the whole term around the IANA stewardship transition was very important, still is very important. We are still working together with the other RIRs and we are looking very good there and that's been acknowledged by others in the wider ICANN community there as well.

Continued stability of the RIR system. That is what we are doing for you, that is very, very important to us, system of allocating Internet numbering resources is seen as a very nice and well functioning thing these days and that needs to stay that way. So we're looking at that as well. We reported about that, the stability fund and things like that.

Outreach. Yeah we talked about that already.

Statistics and analysis, like I said we're looking at membership statistics, we're looking at other statistics as well and we want to see whether we can bundle some of that information up in very nice, easy to understand bundles that we give to you and our other stakeholders as well.

Further focus during this year, at the end of the year and on Friday we'll have the great big membership survey again which will be not as big as last time. And I would ask all of you to fill that in when you see it as soon as possible of course and of course there are iPads you can win. RIPE Atlas. More than 9400 connected probes. We have seen many of the things that people are doing with the measuring network. That's really nice and we want to continue to develop that and facilitate your measurements.

K‑root, we said we would expand gently, we have done that, seriously 40 instances around there around the world and of course excites most of our staff terribly these days is the view that we might, will probably move to the new offices in the course of this year, so looking at that nice new offices is where we have better communications among ourselves facilitated by the building and the layout. I'm sure you'll see photos of that later on when that actually has happened.

Due diligence. Yes, I know we can be a pain in the butt asking all sorts of awkward questions, this is important that we do this. We do see all sorts of the fraud going on, increasing steeply over previous years. Lots of things that we have to deal with from falsified passports and fake company house documentation. Stuff like that. That is something that shouldn't happen. It is happening, we have to read that weed that stuff out and be sure that we do the right things there and send applications back if we have to.

So, we have been told very clearly by our board we should do all this stuff and of course it is being done.

So, the one thing you can do is keep your contacts up to date and then we are happy, you're happy, the registries up to date.

What we will do sooner or later, we'll go and call you and ask more questions. Actually, the registry check is a mini audit thing where we give you all the information, show you all the information that we have of your undertakings there and we ask you and we'll have asked some of you already, whether they are still correct and to point out to us the items that are not correct and to correct them. We have done more than two and a half thousands of those assisted registry checks, a couple of them, quite a number of them, dozens of them this week as well. They prove to be very popular, much more than I had feared. So, in terms of statistics, more than 94% actually results in changing and improving the records, which is very, very good. So we'll continue this activity although it's quite a resource intensive thing.

Other service updates are to come tomorrow mostly and a little bit on the Friday as well, so I won't go into any great detail here. I'll just refer you to the more in‑depth presentations especially tomorrow.

And do come on the Friday morning please.

So, your vote counts for the elections at the General Meeting, certainly. There are two board seats available, we have four candidates which is lovely, that's democracy in action. You get a unique chance to find my new bosses, it's also exciting for me as well. So your board, your representative on the RIPE NCC Board will guide me, he will guide my stuff on what we should be doing, the way we do it, it's important that you do that, so this afternoon, right after this, you have your chance.

Right. A question we want to ask you about the development work here. We have heard earlier yesterday I think mostly about all sorts of things that are going on, Randy talked about validators and stuff like that. We do see RPKI is actually taking off somewhat. We have nearly 3 and a half thousand members with certificates, certificates are nice, it depends on what you do with them and doing things with them at some point relies on the validator. We have of course software out that works, but we also have concerns about scaleability if this up‑and‑to‑the‑right curve continues. Also, we do get quite a number of requests for valid functionality there by our members, so it's a good thing that this is happening. But we also think we should actually work and enhance the thing and make it better and easier to use and more smooth and involve ‑‑ bring on more functionality there. So I hope that the community supports that activity. Do tell us so if you do that, and then we would like to take on that activity and then get it over it quickly so that you have a shiny new toy to play with and do your business with.

Any other questions for now? I'm happy to entertain those. I hope I made up some time here. Elvis?

ELVIS VELEA: One quick question. I know I asked Alex Band at some point about this, and it has something to do a bit with the RPKI validator and with RPKI, with certificates, blah blah blah. Do you plan to provide members with a tool, a method to download a certificate signed by the RIPE NCC like a PDF saying these are your resources?

AXEL PAWLIK: I don't quite get the question. I have somebody else coming up.

AUDIENCE SPEAKER: You can download your certificates, there are open tools to decode them, they are probably not very useful and easy to use for you.

ELVIS VELEA: The idea was provide an easy method to ‑‑

AXEL PAWLIK: Easy to use facility, Tim?

AUDIENCE SPEAKER: Just also quickly, currently no. And most of the standards on this are developed in the IETF where the focus is on secure and to the main routing, however if people see value in this kind of work, then we can definitely discuss it.

AXEL PAWLIK: All right, any other questions for now?

KURTIS LINDQVIST: Thank you, Axel. Then the next presentation a follow‑up from the last meeting which in my paper says it's Jari Arkko, it's on the IETF long‑term endowment fund.

[SPEAKER]: First, thanks for the towel, this is really cool. Second, I want to say at that time ISOC community thanks you for this time for giving this time for us to present to you and if you are looking at the programme, I'm not Jari Arkko, that's Jari Arkko, this is Greg Kapfer. Jari is the Chair of the IETF and Greg works at ISOC, he is the CFO. I am an ISOC board member but I am also the Treasurer there, if he goes to jail, I might go with him and so we're here basically to kind of provide you guys an update on the presentation that happened last time, and basically what we're here to do is talk to you about really what we're looking for more than the actual mechanism. And what we're looking for is long term support for the IETF.

So this is what I affectionately call the IETF funding wedge. The two things to note about this. There are three legs. The bottom leg is the meeting and registration fees that happen at each meeting. Then the host and sponsorship, then on top the ISOC contributions. The membership is up and to the right.

So, how does the Internet Society support the IETF? Well, that's the top wedge, right. So the Internet Society has been funding the IETF for about 25 years at this point. And you can see that the number has been going up and the wedge has been increasing. This year it's going to be a little over $2,000,000 and I guess over the last 16 years it's been about 22 million dollars. In terms of other funds, number 2 and 3 there it's the boring stuff, it's the legal fees, insurance contracting and stuff. And there are also some funds that are pledged in the continuity fund for emergency measures essentially.

So, things don't stay the same. But, what we do see staying the same is ISOC's commitment to funding the IETF. It will be a cold day in hell if they stop funding it and probably over my dead body, basically primarily because of the makeup of the board where a third of them is through the IEB appointment and then another third comes through the organisations and sometimes these organisations are interested in the IETF as well. And as you see, up and to the right part, the wedge getting bigger, we basically kind of expect that to continue. One of the things that was probably a little subtle in the bottom wedge, as you saw that things are starting to go down a bit. That's because essentially travel costs are really high and people would like to use this thing called the Internet to have meetings. We are trying to support hubs and do online. It's not perfect because we're working on it because it's the IETF community it looking for this. One of the problems that we have is that our current sponsor ship model is essentially tied to meetings and it's primarily short‑term. Luckily we have been working to try to evolve this model so what we now have is a thing called the IETF global hosts and companies like [Yari] at Ericsson they have signed multi‑year deals or like a million dollars a pop and we have five of them, so it's Ericsson, Comcast, NBC Universal, Juniper and Cisco.

So what are we looking for? We really are trying to seek the long‑term stability IETF. I think the IETF wants that. ISOC wants to give it. ISOC is not pushing them. The IETF is actually the one that's requesting this stuff. We want to supplement our existing sponsorship model. It's regard to get meeting hosts every time. We think it's really important that we have a direct connect between the various Internet organisations and the IETF and we really would like to support our, broaden our supporters, basically to make sure what the IETF is doing has broad impact.

And, not to think I have buried the lead here, we want you to join us and others and dedicate long term funding to the IETF. We don't care how it gets done. We just prefer you to do it. Right now we have got two options on the table that we have talked about. Others are available. The first one you heard about is the IETF endowment. That's why it's still on there. Because it is a thing. The other is to provide an annual funding service like other people have done. However, the goal here really is just to have a long term stability for the IETF. And that's it. Thanks. And the three of us are up here to answer questions unless you want to add anything. I kind of blew through that really quickly, so...

AUDIENCE SPEAKER: Erik Bais. I'm going to restate the question that I had at the last GM. What are you going to offer this community in respect to fixing BGP communities for 32 AS numbers? We want something in return here.

[] JARI ARKKO: Personally, I am not working on that particular topic, so I'm not really certain exactly what we should be doing, but you know, we can talk afterwards and figure out what is it that we can do, is there enough discussion going on? Are we saying no to some things that are not happening? Or what's ‑‑ I mean, we can certainly talk about that, but that's a really technical thing. The Working Groups of the IETF decide what goes forward and not the management.

AUDIENCE SPEAKER: I would strongly suggest that if we vote with money here ‑‑ I would strongly suggest that if we vote with money here, that you know, get involved in this particular topic specifically which is you know very important in this room.

SPEAKER: This is the guy that I see at all the meetings

RUDIGER VOLK: This is kind of really a strange approach, kind of when you ask the question as you ask it, kind of I would ask well, okay, what contributions should the IDR supposed to be, to come in if it is delivered? Kind of we have some problems that sometimes essential, crucial problems are only addressed in a very delayed fashion. And, I guess, sometimes identifying those failures is really missing. I know that a long time ago I was asking for this, well, okay, we didn't get there.

KURTIS LINDQVIST: Okay, this is not the IETF bashing session, that's on Friday morning.

JARI ARKKO: And while this is not the IETF bashing session, we actually do gladly take bashing here and elsewhere and we're trying to evaluate where we are doing well and where we are doing badly, and we frequently get comments on the the IETF mailing list about things that we have done right or wrong. So... we should talk. Curt.

HANS PETTER HOLEN: Great initiative. IETF needs funding. Personally, I have been a member of ISOC for particularly that reason since 90‑something and I'm more than happy to pay my annual membership fee to make sure that IETF still has funding. I also contributed to the IETF endowment at the last meeting, so I encourage everybody in the room to pick out a credit card and give your small fair share. And then it's a matter for the Executive Board and the general, the membership to figure out how the RIPE NCC can contribute in a more substantial way. And I think it's important to think that, yes, we need to make sure that we have stable standards. Also in the future, the IETF created IPv4 space and IPv6 space for us. Without that we wouldn't be here.

KURTIS LINDQVIST: Middle microphone at the back and then I think you are going to have to ‑‑

AUDIENCE SPEAKER: IETF contributor. I don't think there is need for payback, the payback we are getting is we are maintaining Internet standards that you are using so I would hope that this is something that actually supports your work, and I would actually be happy to see more of you also in IETF meetings and raising the voice and telling us what the needs are because we are trying to support everybody in the room.

SPEAKER: I will say that I do see the RIPE NCC people and the CIDR Working Group all the time.

AUDIENCE SPEAKER: I didn't say they are not there, but like I would like to see even more of you guys at those meetings.

NIGEL TITLEY: Chairman of the RIPE NCC Board. I would just like to say that we would really, really appreciate some guidance from the members on this. It's a reasonable amount of money that we are going to need to commit if we are going to commit it. We would like some guidance please, it's your money and although we love spending it, we do like to hear from you occasionally. Thanks.

KURTIS LINDQVIST: Nigel, before you walk away, how do you want people to do this? Do you want to ask the room now? Do you want them to contact the board or stop you in the hallway?

NIGEL TITLEY: There's about a dozen means of communicating with the board and I actually list them at every General Meeting. You can talk to us in the hallways, you can send us e‑mail, e‑mails personally, e‑mails via the Executive Board mailing list, the members discuss list. There is about a dozen ways of doing it and I could even ask for a show of hands here if you want, but that's really more Kurtis's prerogative.

KURTIS LINDQVIST: It's the guidance from you, because I don't know if a hundred percent of the room ‑‑ I think Nigel's point is that the board doesn't want you to be silent on this issue. Even if you agree or don't agree you have to give them the feedback on what to do. Is that fair?

NIGEL TITLEY: That is absolutely fair. Thank you.

KURTIS LINDQVIST: Okay, thank you very much.

And for those of you who are probably done, we have got one more thing. We have a policy proposal in NCC Services, as you know we don't have very many of them. But, policy proposal 2016‑02 that was posted two weeks ago, and here is Erik to present the policy proposal.

ERIK BAIS: This is the first draft of a policy proposal. For those that have not read the, this particular proposal yet, I would strongly suggest to do so. And it's for a very specific thing why I actually have created this.

So, this is the ‑‑ we haven't got much traction on the mailing list on this yet. There was some, but I do encourage you to not only here in the room, but also, you know, definitely give your feedback on the mailing list.

In short: I would like the RIPE NCC to implement functionality that allows number resources, in compacts and more specifics, to be authenticated via a date‑expiring API key. Now, that's a mouthful. Basically, currently third‑party databases used for IRR‑based filtering, Level3 db, RADB, NTTCOM, they don't enforce RIR authentication, and you can think at one end say, well we have done this whole like 25 years, and nobody you know, there was never actually an issue. But it actually is an issue and it will become more of an issue. It is a design flaw, I think.

So, the idea is this: this might actually ripple down for two other RIRs as well. We need to start somewhere and for me it's actually easier to do the implementation here because I actually have RIPE space so I actually care about my own RIPE resources to be protected in databases that are not RIPE databases. And the reason why I want to protect them is to avoid BGP hijacks and squatters and spammers to actually be able to create route objects in databases that are perceived to be valid by others, and, by that, actually allowing others to route prefixes that are mine while I didn't authorise them.

So, if it is not allowed in those databases to create the actual route objects, that means I have a higher chance that those routes will not be propagated globally.

So, is this actually an issue? Yes, it is. This is a picture I have taken from a very good blog post on the BGP MON website. The data itself came from stats.ripe. Andrei made a nice block about this topic. So, there are actually parties in certain countries that actually do announcements very short, they hijack space, announce it very shortly, and basically start spamming on the space, release the announcement, that's it. And they actually do it by creating the filtering, the route objects in the third‑party databases. Because, you know, just because they can. And nobody checks if whatever they put in those databases is actually valid.

And this is actually the same thing. You know, this was a document ‑‑ this was a PI space from the Dutch foreign ministry that was actually been hijacked for one‑and‑a‑half weeks in the Netherlands. It actually highlighted some into the newspapers, senate questions, parliament questions were actually asked about this, why nobody noticed, that's a different story, but the fact that they were able to do this was actually you know, pretty substantial, and it was a similar group as the other one.

So what will this fix? It will reduce the number of improper prefixes in the third‑party database. It will reduce an old historic incorrect objects, because in the question that I have put in the proposal, I would like to see exploration of the API key by date so we can do historic cleanup. Similar with the domain names, if you are not interested enough to reregister or extend your key, you know, it should be getting out of the registry. And the resources are for the RIPE region now and others might follow. But I do care about the RIPE region.

So, this is where we are. So we need input. And we would like to have a good discussion on, you know, where we see this might go. There might not be a good solution currently on the table, because maybe it's too much technical detail in the current document that I have provided. But, that was just to provide the actual input in how I see is it currently, and I would like to get some feedback from the room. And we definitely need to have a chat with the guys from RADB, Merit, NTT and others and see what they can do or want to see in their database implementation. So... let's see.

KURTIS LINDQVIST: So before we go to the microphones, I actually have a question, and that is, on the mailing list several people asked for a high‑level diagram to explain the idea. I don't know if you ever responded to any of the e‑mails asking for that. Have you decided to add that or issue a second version of the document?

ERIK BAIS: First, I think we should have a discussion on where can we move this towards, and then, you know, the actual implementation or how it will actually look like. I don't care much on how we get to the solution, as long as there is some kind of, you know, authentication done per resource in combination with the AS number so that we can basically know for sure that those are my resources that I'm actually putting in those databases.


ELVIS VELEA: Hi. Erik, I like the idea. I'll support the proposal. I have a question. Have you actually discuss this with any of the third‑party IRRs, RADB ‑‑

ERIK BAIS: Yes, we have spoken to the guys from NTT as well.

ELVIS VELEA: Do they want to implement something that connects to the NCC?

ERIK BAIS: Did you read the mailing list?

KURTIS LINDQVIST: The answer on the mailing list was "yes".

GERT DÖRING: I commented on the mailing list, but I have been thinking about it a bit more. I fully agree that the problem needs solving. I still totally disagree with the solution you propose. When you look at what you proposed for the NTTCOM ‑‑ I won't be proposed something for the NTTCOM registry and they get a list that the RIPE NCC is authoritative for and do not accept route objects at all for these ‑‑ for these prefixes except if they are mirrored from the RIPE database. Problem solved. And like, RADB is mirroring RIPE so they have all the official route objects. There's no need to ever put a route object for a RIPE network into RADB, right?



ERIK BAIS: Because that works if you actually have the AS number in the RIPE database as well.

GERT DÖRING: Maybe we need to finally fix that bit.

ERIK BAIS: Like I said, either we fix one side or the other. I don't care much how we get to the solution.

GERT DÖRING: Introducing complex computer mechanisms, I don't think that's the right way forward.

KURTIS LINDQVIST: Geoff was next, actually.

GEOFF HUSTON: Look, this problem is not the first time the problem has been stated. It's a problem that we all understand I think pretty well. There is a longstanding draft in the IETF, it's draft IETF CIDR, RPSL signing or something, and one of the other ways of thinking about a solution is to actually use a signing structure derived from the RPKI and sign objects in the database. We kind of liked this in the IETF because in essence, what it says is, a bit like DNSSEC, I don't care where I got the information from, but if the signature is valid and the resources it describes in the certificate match the resources in the object, I can trust that it's authentic. My point of coming up to the microphone here wasn't to argue that my solution is more superior to yours or anything else. What I'm trying to say is there are a myriad of solutions around this space and there is a number of venues looking at this. Rather than simply saying RIPE should do... I would suggest, gently, that you should explore what other solutions are already being suggested in standard bodies and operational bodies and try and come along with the rest of us in making solutions that work for everybody, vendors, operators and RIRs all all together. So, I would encourage you, rather than just simply proffering my solution is best, think about what other folk are also thinking about in this space and work with us and help to us get so something we can all use. Thank you.

RUDIGER VOLK: I would actually raise a kind of more fundamental doubts about the approach. Actually I think putting out a policy proposal to the Services Working Group is kind of not really a fitting approach if it's actually asking for some technical stuff that is not really materially defined. And then the question ‑‑ maybe if we have something where a technically mature tdesign is available, well, okay, we might find some way we are making reference to that in a policy proposal makes sense. I'm not completely sure, it might be something for the General Meeting about will allocating money resources. Now, for the technical discussion, the question is: what is the appropriate venue? And I'm quite sure doing a technical discussion on this in the Services Working Group is even within the RIPE context, kind of the most unfitting place, because we are ‑‑ this is routing, this is security, this is not really ‑‑ a technical discussion that has to be had is not really a RIPE services thing.

ERIK BAIS: I agree.

RUDIGER VOLK: And kind of, I have more notes on what I think we should have in consideration when shaping the technical discussion. I think overall, some of the speakers agree with me that yes, the problem of routing security is well known and understood as existing, and needing urgent attention by quite a number of people. And there are activities, as Geoff was pointing to, in many ways and kinds and venues, that are addressing it.

As Geoff was pointing out, we actually need to take a broader view for selecting the right path among the options for making actual progress and just limiting a single approach as a policy proposal quite certainly is not appropriate. What I think and what I'm seeing is in the proposal, it says we are asking for an implementation of something. Implementation of the security function for doing serious security functions, you know things are tricky. So, for judging a security design, you really want to scrutinise all the technical details so that you do not create something that has loopholes and, well, okay, has corner cases where you are not getting what you want. So, kind of I guess, the goal, the over reaching goal is quite clear. What the exact problem that you are addressing with the proposal is not quite sure. Whether we have, in the proposal, a clear and complete statement of the requirements, I doubt. Whether we have a clear design definition of what should be happening, I think it's quite clear it's not there and you are asking for an implementation. So there is a large gap between the proposal and what would be needed to be done, and well, okay, if we are to decide whether we agree to the proposal, well, okay, we would agree to jump over that large gap, that's not acceptable, that's a bad idea, and I think we should have a technical discussion.

KURTIS LINDQVIST: I suggest ‑‑ I look forward to summarising e‑mail on the mailing list because we are really out of time. Rob, did you want to ‑‑ your last ten seconds.

AUDIENCE SPEAKER: Just very, very briefly, Rob Evans, just for another 15 hours co‑chair of the Working Group. I can applaud you on stepping right in there and putting this out there because this is something we have been prevaricating over for a fair old while, and there is ‑‑ there are alternatives. I mean, you might not ‑‑ there is an agenda item for the working group tomorrow making ‑‑ something again by Jared from NTT and there's Database Working Group to make progress on this, Ruediger and Geoff have said, there are forms that we should be start to go work on this, and I think we should work together basically.

KURTIS LINDQVIST: All right. Thank you. The comments are open until Monday. So, please send comments on this. We are seriously out of time. So I'm going to ‑‑ we'll talk with Erik afterwards on the mailing list how to go forward once we have the final comments.

ERIK BAIS: Well, I think it may actually be helpful to you know, add some more time for comments. I was actually wanting to have this out before the RIPE meeting, and that was done. And I definitely you know want to use the RIPE week to actually get some discussions going on on this, and then take it to the mailing list and actually see if we can get to a solution in the future and I'm very well aware that ‑‑

KURTIS LINDQVIST: We can talk about it afterwards and I'll talk to Marco and we'll set it out later today. Thank you. Erik and with that, we have the shortest open microphone session ever because it ends now. And thank you all for coming and please leave the room as quick as you can because we want to be back here in ten minutes. Thank you.