Re: [address-policy-wg] 2023-04 Review Phase (Add AGGREGATED-BY-LIR status for IPv4 PA assignments)

[denis walker]

Colleagues

I am back!! Thanks to those who agreed I should never have been away. I am
not going to focus on that for now. I do have a lot to say around that
issue. But that is for another day, on another mailing list. I won't
discuss it here and I will wait until we conclude the discussion on this
proposal. I want people to focus on the message rather than the messenger.

There hasn't been much conversation while I have been away, but still
several significant points that seemed to have been missed by most
observers. I have answered all points raised by several people in this
single email. In these days of uncertainty, who knows how long any of us
will be around. So it is more of an article than an email. But I do end
with a positive recommendation.

Let's start with a comment by Leo:
"We encourage everyone to focus comments on the proposal and its potential
impact. Do not comment on individuals, their characteristics, or
motivations."
The co-chairs have no authority to determine what constitutes part of this
discussion. If individuals use tactics that may confuse the community or
repeatedly make comments that are not true, they make themselves part of
the discussion. The co-chairs have no right to try to prevent these issues
from being highlighted and discussed. People need to understand that
personal criticism is not a personal attack, even if it is strong
criticism. When an individual repeatedly says something that is not true,
to highlight this issue and ask them why they keep saying this is not a
personal attack. Criticism is part of life, especially in business.
Throughout this discussion there has been lots of criticism thrown at me.
My characteristics have been heavily criticised and commented on. Even who
I speak for has been questioned. No one has questioned if an employee
speaks on behalf of their employer. My motivations have also been
questioned. It was suggested that I should not talk about the RIPE Database
on the Address Policy WG. Even though the old design and technology of the
database is one of the key elements used to support the need for
aggregation. So much criticism aimed at me and yet the co-chairs saw no
reason to intervene. They only intervene when I criticise someone.

Then there is motivation. Is it questionable? A lot of the discussion on
policy is political, commercial and self interest based. In these contexts
I believe it is acceptable to question motivation. The co-chairs never
asked what I meant by what I said. Of course the proposal is about
aggregation. It's in the title and the text. But it is about a lot more
than that. There are two main aspects to this proposal. An inconsequential,
minor feature change that people may or may not use. And a major change to
the handling of End User details, which people also may or may not take
advantage of. The two aspects combined can make a massive change to the
available information in the RIPE Database. But the proposal did not even
mention the change to End User details. Is it important? Well after I
pointed it out, some people who had said "+1 I agree with this proposal"
changed their mind and withdrew their support. So for them it was highly
relevant. There are sections in the proposal template for supporting and
opposing issues relating to the proposal. Depending on your point of view
this major change should have been listed in one of those sections. But it
wasn't. So did the proposers fully understand the implications of this
change or not? I must be allowed to ask that question as part of this
discussion. If they did understand it, why did they not mention it? Did
they overlook it, or was there some other reason? Again I have to be able
to ask these questions. This is all about motivation. To ask these
questions and understand what happened is not a personal attack. It is a
reasonable line of inquiry.

Enough about the messenger, let's get back to the message.

------------------------

On Mon, 18 Dec 2023 at 16:49, Edwin Verheul via address-policy-wg <
address-policy-wg@ripe.net> wrote:
>
> I support this proposal.
>
> Since this policy introduces convenience for LIR by aligning ipv4 object
policy to the ipv6 policy, unclear usage of the admin contact should not
prevent this improvement in policy.

This pretty much sums up a lot of people's view of this proposal. It is
'convenient' for the operators. Who cares if it is the right thing to do or
not, it is convenient. It doesn't align v4 and v6, there are significant
differences in the defined aggregations. Never mind if we don't understand
what the data means, let's just change it anyway as it is convenient.

Maybe a few of you should watch John Curran's keynote speech at NANOG on
internet governance:
https://www.youtube.com/watch?v=U1Ip39Qv-Zk

He talks about phases of the internet and how we are now moving from the
'commercial' internet to the 'public' internet. With this public internet,
civil society has/wants a much bigger say in how things work. Organisations
that represent civil society and civil order are more concerned about how
things work. Politicians are concerned about what their voters think. Do
you think civil society cares about operator convenience? They are more
likely to think 'it's your job, do it. That's what we pay you for'. I think
civil society will be more interested in knowing who is spamming them or
attacking their network and can the police catch them, rather than operator
convenience.

Now let's think a bit more about what this data means and how to interpret
it.

------------------------

On Fri, 12 Jan 2024 at 08:56, Alex Le Heux <ale...@funk.org> wrote:
>
> During the discussion about AGGREGATED-BY-LIR status for IPv4 PA
assignments the argument has been raised that this proposal would
substantially change the registration requirements for end-user assignments
in the RIPE DB and the discussion has been going around in circles ever
since.
>
> We would like to point out the following:
>
> From the RIPE NCC Impact Analysis:
>
> Acceptance of this proposal will not change the fact that the RIPE NCC
cannot enforce which contact details members add to their IPv4 PA
assignments in the RIPE Database; this will remain their decision.
>

This is completely out of context. I have asked the RIPE NCC legal team to
clarify what this means but I guess by their silence they declined. To me
this sentence says the member can choose to enter the details of Contact A
or Contact B and choose what the details are. Which one (A or B) and the
details (email or phone) they enter will be their decision. The RIPE NCC
cannot enforce if they enter A or B or email or phone. WHO these contacts
represent is a matter of policy. The current policy says they MUST be
representatives of the End User. That can be enforced by the RIPE NCC, but
they choose not to enforce it.

>
> As well as:
>
> It is fact that the RIPE NCC has interpreted the current policy to not
require a PA Assignment in the RIPE DB to include the actual name and email
address of the end-user since at leas the late 1990s. Registering a PA
Assignment with something like "CUSTOMER-1234" and an email address
pointing to the LIR has been acceptable for all this time.
>

This is completely false. I know Alex well and will give him the benefit of
the doubt that he has not picked up on the detail here. He signed this
email 'for the Address Policy WG co-chairs'. A lot was said about who I
speak for, so I assume Alex was speaking 'for' all the chairs. I was told
that signing as 'co-chair DB-WG' gives what I say more weight and has more
influence on the community. The same must apply when the co-chairs of this
WG collectively sign an email. The community will assume that statement
carries more validity.

Let's look at the detail. Address policy from the early 1990s has made it
clear that assignments must include contact details of the End User. But
ripe-288, 28 Oct 2003 is particularly interesting. The authors of this
version of the address policy were:
Mirjam Kühne, Paul Rendek, Sabrina Wilmot, Leo Vegoda
At that time they were all current or former NCC staff. Leo was the
operations manager of the RIPE NCC Registration Services (RS). Paul was the
senior manager responsible for RS. In this version, these authors added the
exact wording that we have today:
"When an End User has a network using public address space this must be
registered separately with the contact details of the End User. Where the
End User is an individual rather than an organisation, the contact
information of the service provider may be substituted for the End User's."
The wording was very different before this. The document was restructured
and the wording changed. So they must have thought about what this meant. I
cannot believe that when these words were added to the policy by the RS
manager and RS senior manager they were not enforced by RS. Maybe Leo can
give some background to this.

Nothing in this industry changes quickly. So if these newly worded
requirements were enforced just 20 years ago, they must have been enforced
for at least 5 to 10 years. That means the RIPE NCC's interpretation of
this wording, written by the RS manager, has only changed in the last 5 to
10 years. I have been told by some former members of RS that they stopped
enforcing these requirements at runout of IPv4. They told me that when they
had no more address space to allocate, they had no power to enforce these
rules. So they simply stopped enforcing them. This paints a very different
picture. We are not changing policy to match a common practice. We are
dropping policy because it is difficult to enforce, regardless of the
reasons why the policy was introduced.

It is also interesting that, no matter how many times you read something,
you don't always see what it says. A lot has been said about replacing the
admin-c and tech-c contacts in an assignment with the contacts of the LIR.
It has been said that the RIPE NCC now considers this acceptable. But look
at what the current policy actually says:
"Where the End User is an individual rather than an organisation, the
contact information of the service provider may be substituted for the End
User's."
So this substitution is only allowed by policy where the End User is an
individual. You cannot do it for all End Users. This actually makes sense
to me. If I want to contact the LIR's tech or admin contacts, they are
already available in the RIPE Database in the allocation object. Why
duplicate the data in the assignment. The policy says the assignment must
have the End User's contacts. So that is another misinterpretation of the
current policy.

>
>
> In its impact analysis the RIPE NCC has indicated that this proposal does
not change this interpretation.
>
> It should therefore be clear that 2023-04 does not in fact change
anything regarding how end-user details will actually be registered in PA
Assignments.

Interesting choice of words. It may not change how some End User details
'will' actually be registered, but it changes how they 'should' be
registered enormously.

>
> However, is has been argued that this interpretation is wrong and that PA
Assignments in the RIPE DB must include the actual end-user details. And
even though this is out of scope for the 2023-04 discussion, it is still
something that is worth resolving. As changing this interpretation would be
a major departure of many years of accepted practice and potentially
involve updating thousands of RIPE DB objects, we feel this discussion
would be best served by an independent policy proposal that clarifies the
issue and would like to invite the working group to enter one.
>

I agree this needs further clarification. But you can't write a policy
proposal on something you don't understand. We don't know what much of the
data means now or in the past, or why we have these rules, or what we need
now. Until we have the business requirements for the RIPE Database as a
public registry any such policy proposal, including this one, is just a
dangerous stab in the dark.

> Kind regards,
>
> Alex Le Heux, for the Address Policy WG co-chairs

It is interesting that this email was signed 'for' all the co-chairs of
this WG. How can the co-chairs approve this policy proposal (2023-04) while
accepting that another proposal is needed to clarify if the RIPE Database
must include the actual End User contact details? Are they going to approve
a policy proposal that potentially removes this End User detail requirement
and then consider a policy proposal that would require them to put this
detail back into the RIPE Database?


------------------------

On Thu, 11 Jan 2024 at 09:40, Tore Anderson <t...@fud.no> wrote:
>
> Hello Denis,
>
> On 11/01/24 01:40, denis walker wrote:
> > So personal data does not always need consent of the data
> > subject. But you only ever refer to (a) consent.
>
> There are indeed other possible lawful bases than consent, and this fact
> is precisely why I wrote (emphasis added):
>
> «Publishing this information requires *a* lawful basis, *e.g.*, consent.»
>
> Consent is however the only lawful basis singled out by the RIPE NCC in
> the RIPE Database Terms and Conditions and in the 2023-04 Impact
> Analysis, so it seems reasonable to assume that some LIRs will seek
consent.

I wrote the T&C before GDPR was in place. That's why it doesn't refer to
any of the other lawful options. I questioned the IA but the legal team
chose not to respond.

>
> Therefore we need to examine what that actually means in practice. You
> sum it up quite accurately below:
>
>
> > If we take the latest revelation in the IA  on 2023-04, ALL PII needs
> > consent, this has HUGE implications for the RIPE NCC and RIPE policy
> > generally. We MUST have a good understanding of the legal basis for
> > entering PII into the RIPE Database. Consent cannot be conditional. So
> > if a resource holder who is a natural person withdraws their consent
> > to have their PII in the database, it MUST be removed. That may leave
> > an allocation and organisation with no identity or contacts. That
> > would be a policy violation. BUT the resource cannot be reclaimed as
> > that would have made the consent conditional. Also we have an abuse
> > policy that requires all resources to have an abuse contact. If that
> > contact is a natural person and they withdraw their consent their
> > details must be deleted. Again that creates a policy violation. But
> > the resource cannot be reclaimed again as that would have made the
> > contact details consent conditional.
>
> Your conclusion that this situation results in a policy violation, is
> however entirely contingent on your interpretation of the current policy
> as mandating the publication of the End User's (non-delegated) contact
> information.

You did not read what I wrote. I was talking about LIR contacts in
allocation objects. If that is PII (and a lot of it is) the subjects can
now ask for it to be removed. That may leave allocation objects with no LIR
contacts. That is syntactically not possible in the RIPE Database.

>
> Under the RIPE NCC's interpretation of the current policy, on the other
> hand, this situation is entirely unproblematic. Under their
> interpretation, the LIR has, quote, «freedom to take over the
> responsibility as the point of contact for their End User». No PII, no
> GDPR, no problem.

But if the LIR has NO contacts because they have asked for their details to
be removed then you can't replace the End User contacts with non-existent
LIR contacts. You and the legal team have started a chain reaction here by
declaring that ALL contacts in the RIPE Database are there by consent. The
RIPE NCC, as joint data controller for the RIPE Database, now has joint
responsibility, and I presume therefore joint liability, for 2 million
people having given their consent to their details being added into a
PERSON object in the database.

>
>
https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013892.html
>
> > Again you have selected just one example that can support your
> > argument, Farmer Fred. I could have used KPN or Apple Inc as an
> > example which would negate your argument.
>
> KPN or Apple would not be relevant examples, as they (presumably) would
> use non-personal NOC roles which are not PII, and thus out of scope of
> the GDPR.

The RIPE NCC is a corporate body and yet it has many PERSON objects in the
database relating to individual staff members as contacts for their
resources.


------------------------

On Thu, 11 Jan 2024 at 09:45, Tore Anderson <t...@fud.no> wrote:
>
> Hi Denis,
>
> On 11/01/24 03:20, denis walker wrote:
> > On Wed, 10 Jan 2024 at 13:02, Tore Anderson <t...@fud.no> wrote:
> >>
> >> On 10/01/24 11:25, Jan Ingvoldstad wrote:
> >>> Or you could take the other stance and stop publishing *any* contact
> >>> details regarding an object, because you cannot know whether the
> >>> information is personal data or not.
> >> Exactly. LIRs may (but are not required to) chose this approach already
> >> *today*. This is a common and long-standing practice which the RIPE NCC
> >> has repeatedly clarified as compliant with today's policy.
> > This is one of your biggest false statements. The ONLY person
> > repeatedly saying this is YOU. Let's do a fact check here.
>
> Yes, let us indeed do a fact check:
>

Your fact checking is not very accurate.

> Exhibit 1:
>
https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-September/013856.html
>

This is the one time the RIPE NCC made this argument, which I have disputed.

> Exhibit 2: https://www.ripe.net/participate/policies/proposals/2023-04
> (specifically the «counter-argument», which the RIPE NCC Policy Officer
> confirmed to the proposers and the WG chairs as correctly representing
> the RIPE NCC's interpretation)
>

This 'counter argument' is your argument and is completely false.

> Exhibit 3:
>
https://www.ripe.net/participate/policies/proposals/2023-04#impact-analysis
>

I have explained this above. This is the argument about LIRs adding Contact
A or Contact B or email or phone. THAT is their decision. Who these
contacts represent is set in the current policy and is not the LIR's choice.

> Exhibit 4:
>
https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013892.html
>

All the talk about maintainers, descr attributes, DB T&C and documentation
has nothing to do with address policy. All they say here is that this
proposal won't influence how the RIPE NCC currently carries out ARCs. They
are doing it wrong now and will continue to do it wrong.

> Four repetitions so far, all saying the same thing. How many more do you
> need?
>

One statement and no repetitions. They all say something different, which
most people can clearly see.

>
> >> As the RIPE NCC writes in the Impact Analysis (emphasis added):
> >>
> >> «Acceptance of this proposal **will not change** the fact that the
> >> RIPE NCC cannot enforce which contact details members add to their IPv4
> >> PA assignments in the RIPE Database; this **will remain** their
decision.»
> >>

Same repetitive argument again and again. Yes it IS the LIR's decision to
enter Contact A or Contact B or email or phone. It is the POLICY that
determines who those contacts represent. How many more times are we going
to have this same discussion? (Which the legal team will not clarify.)

> >> So, once again: which End User contact details LIRs publish (if any) is
> >> their decision today, and it will be continue to be their decision if
> >> 2023-04 passes.


YES AGAIN the LIR can always choose between Contact A and Contact B, email
or phone. They cannot choose to not enter any End User contact details.


> >> Hence, 2023-04 does not effect any change in this regard.

But as everyone else can see, this makes a huge change.

> > This really does make me cry. The wording in the IA is poor. You have
> > applied an interpretation to this which I do not believe is what was
> > meant. Then the RIPE NCC legal team has remained silent. So I am
> > asking the RIPE NCC legal team to clearly explain what they meant by
> > this wording.
>
> The explanation you request was posted two days after the Impact
> Analysis was:
>
>
https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-November/013892.html
>
> «LIRs are free to choose how to provide services and to who, this
> includes their freedom to take over the responsibility as the point of
> contact for their End User as well as having their maintainer in the
> IPv4 PA assignments they register.»
>
> This explanation aligns perfectly with our interpretation of the
> statement in the Impact Analysis.
>

Wrong again. Yes the LIR is free to take over responsibility for technical
matters. You can always find their contact details in the allocation
object. So the public, civil society, LEAs, and other LIRs can choose who
they want to contact...the LIR or the End User. Between the allocation and
assignment objects you have all the contact details you need...according to
current policy.

The LIR does NOT have the freedom, according to current policy, to replace
the admin-c and tech-c contacts in the assignment object with their own
contact details in all situations. Again the current policy wording is
clear and not interpretable:
"Where the End User is an individual rather than an organisation, the
contact information of the service provider may be substituted for the End
User's."
So you can ONLY replace the assignment contacts with those of the LIR IF
the End User is an individual. Again this is simple, plain English,
originally written by Leo and Mirjam.

> >> Given that, it is hard to see how we could possibly amend the proposal
> >> to change this particular point to an even lesser extent than what is
> >> already the case?
> > Let me help you. Do NOT remove a sentence that has nothing to do with
> > the stated goal of the proposal to aggregate assignments and that you
> > claim does not change anything.
>
> This sentence also has a lot to do with the stated goal of aggregating
> assignments, because it mandates that assignments must be «registered
> separately». That is clearly incompatible with aggregation.
>

**** Finally, FINALLY you have admitted that this change that is not a
change and that changes nothing does actually change something. ****
It changes the registration requirements for assignments, which I have been
saying all along and which you have been denying for months.

------------------------

On Thu, 11 Jan 2024 at 10:19, Jan Ingvoldstad <frett...@gmail.com> wrote:
>
>
> On Thu, Jan 11, 2024 at 9:45AM Tore Anderson <t...@fud.no> wrote:

>> If our ulterior goal was to remove the End User contacts from our own
>> assignments we can just go ahead and do so, right now. The RIPE NCC is
>> already on the record saying that's totally OK, and we would be
>> following in the footsteps of many other LIRs who have already done so.

> While you seem to argue that the RIPE NCC is both omniscient and
omnicompetent, I do not think it is that easy.
>
> I simply think that the RIPE NCC and you are mistaken.
>

After talking to former members of RS I am beginning to think that the RIPE
NCC is not mistaken. They know exactly what the current policy says and
they know what it means. After all, it was written by former RS managers.
BUT they don't believe they have any power to enforce it. This is why they
quietly ignore what the policy says. I'll say more about that in my
conclusion at the end of this email.

> Continously appealing to RIPE NCC as the authority of policy and policy
interpretation is not a good thing.
>
> It undermines the community drive behind policies.
>
> If this is where we are going, it seems that we would be just as well off
by letting EU politicians run the show.
>

If you have watched John Curran's keynote speech at NANOG and think about
the way a handful of operators are pushing this proposal through, the EU
politicians WILL be running the show in the near future.
https://www.youtube.com/watch?v=U1Ip39Qv-Zk


> --
> Jan

------------------------

On Thu, 11 Jan 2024 at 13:11, Tore Anderson <t...@fud.no> wrote:
>
> On 11/01/24 10:19, Jan Ingvoldstad wrote:
> >
> > Continously appealing to RIPE NCC as the authority of policy and
> > policy interpretation is not a good thing.
>
> The RIPE NCC is the secretariat of the RIPE Community and is delegated
> the task of implementing and enforcing the RIPE Community policies, as
> well as to providing training to the LIRs on how to operationalise said
> policies. If that is not an authority worth paying attention to, I do
> not know what is.
>

Exactly, the RIPE NCC is the secretariat, not the policy decision maker.
They are supposed to enforce community derived policy. IF they don't think
they have the powers to enforce a policy they should raise that issue with
the community and seek guidance. They should not just quietly ignore the
policy, or part of it.

> After all, any LIR which prefers the RIPE NCC interpretation of the
> policy in this regard is may simply adhere to it and act accordingly,
> and this is commonly done today. Thus the RIPE NCC's interpretation of
> the policy – mistaken or not – ends up becoming the (de facto) way the
> policy is implemented anyway.
>

If a policy has unintentional interpretations it is badly written. LIRs
should not be in a position to choose between a community view and the RIPE
NCC's view of a policy. A RIPE NCC interpretation of a policy that
conflicts with a community view should not become a de facto
implementation. If such a situation arises the conflict must be resolved.

------------------------

On Thu, 11 Jan 2024 at 14:11, Tore Anderson <t...@fud.no> wrote:
>
> Hi Jan,
>
> On 11/01/24 13:27, Jan Ingvoldstad wrote:
> > On Thu, Jan 11, 2024 at 1:11PM Tore Anderson <t...@fud.no> wrote:
> >
> >   After all, any LIR which prefers the RIPE NCC interpretation of the
> >   policy in this regard is may simply adhere to it and act accordingly,
> >   and this is commonly done today. Thus the RIPE NCC's
> >   interpretation of
> >   the policy – mistaken or not – ends up becoming the (de facto) way
> >   the
> >   policy is implemented anyway.
> >
> > This statement basically renders the point of a policy working group
moot.
>

I totally agree.

> Not at all. Any working group member who is of the opinion that the RIPE
> NCC is interpreting a RIPE Community policy incorrectly, is free to at
> any point submit a policy proposal that clarifies the allegedly
> misinterpreted policy text with the aim to make the RIPE NCC change its
> procedures accordingly.
>

A policy proposal would only be needed if the policy is so badly written it
needs clarity. When the policy is clear and simple, but the RIPE NCC is
either misinterpreting it or doesn't believe it has the power to enforce
it, we don't need a policy change. We need an interpretation change.

> The RIPE NCC's Impact Analysis will then reveal whether or not the
> proposed new policy text does attain its goal and that the RIPE NCC will
> change its procedures as desired, should the proposal pass.
>
> Finally, the proposal will need to reach (rough) consensus in order to
> confirm that the RIPE Community does indeed concur with the proposer's
> opinion that the old policy was interpreted incorrectly, and that the
> RIPE NCC's procedures ought to change.
>

You do not write policy proposals to change the RIPE NCC's interpretation
of existing policy.

> Absent this, the RIPE NCC's operationalisation of the policy will stay
> as-is.
>

------------------------

On Thu, 11 Jan 2024 at 14:35, Sebastian Graf <ripe-li...@sebastian-graf.at>
wrote:
>
> Dear Tore/Denis:
>
> If we are looking at the Policy Language, then i'm not certain we are
reading the same things into it.
> Or maybe i missed something. Feel free to point out the corresponding
section of the policy to me. I'm more than happy to update my views if
strong evidence is presented.
> As a small LIR ... I may not see all edge cases.... but...... So feel
free to point out anything important that i may have missed.
>
> Lets look at the actual language in the policy:
>
> > "All assignments and allocations must be registered in the RIPE
Database. This is necessary to ensure uniqueness and to support network
operations."
>
> The way i read it, this point is filled both with the current state of
things, and also if we have an aggregated status. Space would still be
registered. So the question is what kind of data needs to accompany it.
>

Actually this point is not satisfied by aggregation. When you have all
assignments separately registered, as current policy requires and the
proposers of this policy update have finally agreed is the case, you can
see that each assignment is unique. You cannot assign the same space to two
End Users as you cannot create two assignment objects with the same or
overlapping prefix. With an aggregation object, all you know is that some
part(s) of this aggregated block may be assigned to one or more End Users.
You do not know how much is in use, or even if any of the aggregated space
is currently in use. It does not satisfy the uniqueness condition as you
can't be sure some of the space has not been multiply assigned.

> So lets look at what needs to be documented:
>
> > "Registration data (range, contact information, status etc.) must be
correct at all times (i.e. they have to be maintained)."
>
> I think you are arguing what both of you are considering "contact
information". It does NOT say we state to put personally identifyable
information into it.
>

You are totally correct here. I have never argued for putting PII into the
database.

> If we read the text literally, then only putting enough information to
establish a contact (ie: contact information) would theoretically be
sufficient.
> So theoretically, a "proxy" type of setup for email/postal mail/... could
be permissiable as long as any communication/... is forwarded to the the
actual responisble party.
>
> In fact i would argue for most businesses (End-User or ISP) this is
already the case if they make use of "role" contacts for their
admin/noc/abuse/... handling.
>

Also correct.

> > "Registration data (range, contact information, status etc.) must be
correct at all times (i.e. they have to be maintained)."
>
> The other thing that i do not read from the statement is where it asks to
put "contact information" for the End-User. It simply reads contact
information (one could theoretically interpret this as "contact information
for the party that is responsible for managing the space....).
>

You are missing the infamous lines this proposal wants to delete from the
current policy:
"When an End User has a network using public address space this must be
registered separately with the contact details of the End User. Where the
End User is an individual rather than an organisation, the contact
information of the service provider may be substituted for the End User's."

> ANYWAY....
>
> I still do not feel anything of significance would be lost, if something
could be lost at all.

I guess you don't accept that the registration details of End Users is
significant.

>My personal opinion goes the other way.....I suspect, if anything
aggregated status could potentially lead to more accurate data. Let me
explain: With the aggregation we gain better understanding of the network
usage. PLUS the ability to create more specific assignments (under the
aggregated). So This way, i feel more usable data would be int the
database, compared to now.
>

With an aggregated block all/some/none of the space covered by this block
may be in use by one/many/no End Users. You have no idea about network
usage. All that detail may be lost.

> This would also be in line with the goals in Section 3.0 - Point 2
"Agregation: Distributing IPv4 addresses in an hierarchical manner permits
the aggregation of routing information.".
>

Aggregating address space registration details has nothing at all to do
with routing aggregation.

> If we look at the goal for registration: "Registration: The provision of
a public registry documenting address space allocations and assignments
must exist. This is necessary to ensure uniqueness and to provide
information for Internet troubleshooting at all levels.".
>

Aggregating assignment data does not guarantee uniqueness, or provide
information for Internet troubleshooting at ALL levels.

> If we consider the usefulnes of data entered into the ripe-db for this
purpose, then most useful will be the ISP contact information. Contact
information for End-Users (could be an ISP as well) would also be useful in
some cases. Personal Information for "individual" type end users (ie: Fred
Testuser's DSL Line that comes with a Public IPv4 Address)....to a lesser
extend.
>
> If we look at Section 3.1 ...it reads "Internet Registries (IRs) have a
duty of confidentiality to their registrants. Information passed to an IR
must be securely stored and must not be distributed wider than necessary
within the IR.".
>
> So i am not certain why you are trying to force more data than actually
required/useful into the db. And yes in this context i would consider LIR's
in this to be part of this as some type of "local" IR's.
>

There is always a balance between privacy and the needs of civil society.
It was decided many years ago that anyone operating a network using public
address space should have contact details available in a public registry.
That is still what the current policy says with wording written by Leo (AP
WG co-chair, former RS manager) and Mirjam (RIPE chair). The original
source of this requirement goes back to address policy written in the 1990s
by many varied authors including Daniel (RIPE NCC founder) and Hans Petter
(RIPE NCC CEO and former AP WG and LIR WG chair). Unfortunately no one is
willing to provide any background information to the current RIPE community
about why these rules were originally imposed. That makes it difficult to
discuss if those original conditions still apply to the current
stakeholders of the RIPE Database, who we also can't easily identify.

> During the writing of this email, i realised that you (denis/tore) may
consider the need/usecase for adding a "restricted" flag into the DB, that
would allow adding information, that is only shown to a select audience
(ie: law enforcment, ripe staff and Ripe-Members) - wich could be used to
publish PII data. HOWEVER doing something like that would "extend" the
existing usecase(s) of the DB and dataentry required - as such this should
be in a different Policy Proposal/wg-discussion. Feel free to put one
forward, that we can discuss....
>

I did consider this option when I put forward my RIPE Database Privacy
policy proposal some time ago. The idea of multi level access was not very
popular.

------------------------

On Fri, 12 Jan 2024 at 08:12, Tore Anderson <t...@fud.no> wrote:
>
> Good morning Jan,
>
> On 12/01/24 07:25, Jan Ingvoldstad wrote:
> > I also do not understand what makes it so hard to say that: "Yes, the
> > current policy does state something else than NCC's interpretation of
> > it does, (…)
>
> We do not make statements that we do not believe to be true.
>
> In our opinion, the RIPE NCC implements current policy correctly.
>

How can you keep saying this when everyone knows it is not true. Regardless
of whether or not you support the way the RIPE NCC currently implements the
policy, it is NOT what the policy says. We have been over this so many
times. The policy is so clear in simple, plain English. For whatever
reason, the way the RIPE NCC implements the policy today is NOT what the
current policy so clearly says, as written by a co-chair of this WG.

You even admitted it yourself in an earlier email (listed above) where you
said (and these are YOUR words):

> After all, any LIR which prefers the RIPE NCC interpretation of the
> policy in this regard is may simply adhere to it and act accordingly,
> and this is commonly done today. Thus the RIPE NCC's interpretation of
> the policy – mistaken or not – ends up becoming the (de facto) way the
> policy is implemented anyway.

------------------------

On Fri, 12 Jan 2024 at 08:57, Sebastian Graf <ripe-li...@sebastian-graf.at>
wrote:
>
> Dear Jan!
>
> As mentioned in my previous e-mail: Would you please post the section of
> the policy that you belive has the NCC's interpretation differ from the
> actual wording/language used?
>
> Because i have yet to find a section that states explicitly what is
> considered valid vs invalid contact information (other than being out of
> date or information that does not provide a contact to the user in a
> timely manner). Or a section that restricts what kind of data is
> permissable for "contact information".
>

It is not a question of what is (in)valid contact information. It is about
who the contact details refer to. End User or LIR.

------------------------

On Fri, 12 Jan 2024 at 09:28, Sebastian Graf <ripe-li...@sebastian-graf.at>
wrote:
>
> Dear Jan!
>
> Thank you for your reply. But you have not answerred my question.
>
> We are all clear/well aware on the fact that the policy states
(paraphrasing here: resources need to be registered and the registions need
to have contact information).
>
> We are looking for the DEFINITION of "contact details of the End User.".
This is not directly defined (as far as i can tell) and is therefore open
for interpretation.
>
> Unless i missed something?
>

Yes you have missed something. Take your sentence above "contact details of
the End User". This can be split into two parts:
"contact details"
"of the End User."
You are right, there is no definition of "contact details". So it doesn't
matter if this is email, phone, fax, postal address or if it is in a role
or person object or if it is corporate or personal data. Much of this does
matter when it comes to privacy concerns, but that is another discussion.
What we are primarily discussing here is the other part "of the End User."
So the contact details don't matter for this discussion as long as they
collectively refer to the End User. And this reference is not open to any
interpretation according to the current policy.

------------------------

On Fri, 12 Jan 2024 at 10:35, Sebastian Graf <ripe-li...@sebastian-graf.at>
wrote:
>
> Dear Jan!
>
> You and Denis are arguing that registration/user data needs to include
certain (sometimes sensitive details (ie: PII)) that need to be put in the
database. Your Argument is that this is a policy requirement.
>

That is NOT what we are arguing. There is no policy requirement regarding
the nature of the contact details. The policy states who the contact
details should refer to, ie End User or LIR, for example.

> When I tried to get both of you to spell out what this "user
data"/"contact information" is exactly and where that is defined - We do
not get a clear answer.
>

Because it is not what we are arguing and it is not defined anywhere.

> I have read every single of denis replies/comments.
>
> When asked, neither of you cannot reference a policy section that
actually spells out what is considered "contact details".
>

Because the policy doesn't define this and it is not relevant to this
discussion.

> According to your own e-mail - your opinion is based on a software
interface/implementation (ripe-db). This interface itself is an
interpretation of what the policy could mean.
> The Interface of the DB also does not specify what kind of Information
(regular address, proxy address,...) needs to be inserted. Just that some
fields need to be filled out (and its open to interpret what goes into them
to a certain extent - wich is the point of this discussion).
>

Sorry but you have missed the point again. The discussion has nothing to do
with RIPE Database interfaces, forms or attribute contents. It is about WHO
these details refer to.

> The relationship is policy -to- database. Not Database -to- Policy.
>
> And yet, we have no document or reference that defines what kind of
contact information (direct only, or indirect via proxy/masking/....) is
permissable.

Correct, and it is not relevant.

> Just that it needs to be maintained (meaning "if it works" -> OK).

All data in the RIPE Database should be maintained and kept up to date.

> In my previous e-mail i did argue that in some scenarios working
witout"proxy" data is impossible (think: Role/NOC Contacts).
>

ROLE or PERSON object is also irrelevant to this discussion.

> I have also read your reference
https://www.ripe.net/publications/docs/ripe-705 . It defines an abuse inbox
is mandatory for certain objects. And that it has to be an email address. -
Nothing else.

Also irrelevant to this discussion.

------------------------

So where does all this leave us? During this discussion we have established
that:

-We do not understand what many elements of data in the RIPE Database mean.

-There are some historical definitions in old documents. These definitions
have never been updated, so technically they are the only current
definition available. But some of these definitions do not map exactly into
the modern world.

-Some registration requirements were written in the early 1990s. Some were
re-written in 2003. Much of this was written by people who still have a
high profile in the RIPE community or RIPE NCC today.

-We do not know what the reasoning was for why these requirements were
introduced.

-We do not know who the major stakeholders are who use the data in the RIPE
Database or what information they want and need or what they use it for.

-We have no business requirements for the RIPE Database as a public
registry.

-We do not know what data needs to be registered in the RIPE Database or
what information it needs to serve to who for what purpose.

-An unknown amount of assignment data in the RIPE Database does not comply
with current address policy.

-The RIPE NCC does not enforce the current address policy. This may be
because the RIPE NCC does not believe they have the power to enforce
current policy.

-Some members have made it clear they will not enter any of their
customer's details into a public registry no matter what policy says for
commercial sensitivity reasons. While there are interpretations of current
policy they may be considered in violation of policy. So there are other
reasons why some people may want to push through this change in End User
registration.

-We do not know what the potential consequences may be for some
stakeholders by making this change.

So given all these unknowns, should we go ahead and make this change? It
seems like this has been a long and intense discussion. Some people may
think we have had sufficient input from the community to be able to make a
decision on consensus. But as is often the case, statistics beat
perception. So let's look at some numbers. Excluding the chairs, proposers
and RIPE NCC staff there have been 22 people who commented on this
discussion over the last 6 months. Of these 6 people only made 1 comment
and another 6 made 2 comments. Then 8 people made 3 to 6 comments. One
person made 12 and one made 24 comments. Also 5 people made up the '+1'
brigade. These numbers cover both supporters and objectors. This is quite
typical of policy discussion. Many of the 'regular' vocal community members
who are involved in almost all policy discussions are included in these
numbers. So we are looking at a very small number of people who actually
support this proposal. Given all the unknowns we have identified during
this discussion and the very small number of supporters, should we still
approve this proposal? Bear in mind also that the proposal is basically
about adding an inconsequential, minor, optional feature change for the
convenience of some operators. It also makes a huge change to the
registration requirements of End User assignments which will have an
unknown impact on the public registry and some major stakeholders.

Now let's add in some other factors. I really do recommend that you all
watch John Curran's keynote speech to NANOG about internet governance.
https://www.youtube.com/watch?v=U1Ip39Qv-Zk

He makes some very interesting points that are highly relevant to this
discussion. He talks about 3 phases of the internet. The first one was the
early development, done largely by universities and other early adopters of
the technology, but largely paid for by governments. Then we went into the
commercial phase that covers much of the last 20 years or so. But now we
are moving into a public phase where civil society is more knowledgeable
and is much more heavily involved. During the commercial phase the tech
community could pretty much do what they wanted. If questioned by any parts
of civil society or regulators they could just fob them off with No No No
No... In the new public phase politicians, regulators, organisations
involved in public order are much more aware of the interest by civil
society (people who vote in elections). The public is aware of the dangers
of the internet as well as the benefits. Politicians and regulators must be
seen to be in control. So the days of the tech community saying No No No No
to them are over. Now it must be at least No No No Maybe. The Maybe allows
the tech community to write something down that they can live with, that
politicians can refer to in regulations and everyone is happy.

So how does this relate to 2023-04? We have a public registry that we built
and maintain. But there are so many things we don't understand now in the
2020s. We all know what the registry was. My research has reminded you of
some of the early details. But what is it now and what should it be
tomorrow? We don't have answers to these questions. In the face of all
these unknowns we want to add an inconsequential feature that could have a
massive impact in other areas that we don't fully understand. We know LEAs
have serious concerns. But we have just brushed them aside. This very small
group of operators that took part in this discussion have prioritised their
own convenience over anything else. They have turned that Maybe back into a
No. If you approve this proposal with all these unknowns I think you will
find that train full of regulators that is rumbling down the line, heading
straight for you, will pick up speed. Think of the LEAs sitting in a room
behind two doors. One of those doors opens up to the tech community. You
are about to slam that door in their face. The other door opens up to the
politicians. We still have the option to invite them into our room and talk
seriously with them about their needs. Once you slam that door shut, they
will walk through the other door and you lose control.

Yes I know I am a drama queen. But I am trying to illustrate to you that
actions have consequences. Today's consequences may be very different to
those of yesterday in a similar situation. Nothing stays the same forever.
So is it worth risking the wrath of the politicians for what has been
described as a minor, optional feature change that some will find
convenient?

Let me end by suggesting an alternative path. I have said all this before
and been ignored or insulted. But I will say it again anyway. I am used to
being insulted on these lists with no one protecting me.

1/ Withdraw this proposal 2023-04

2/ Set up a new Task Force with these primary goals:

  a/ Determine the business requirements for the RIPE Database as a public
registry, looking forwards.

  b/ Identify the major stakeholders for the RIPE Database public registry.

  c/ Identify the needs/wants of these stakeholders.

  d/ Based on the above, determine the registration needs of the public
registry, taking account of privacy concerns.

3/ Once we know what we want, design a new data model for the RIPE Database.

4/ Slowly move from where we are now to where we want to be.

Yes I know this is a long term project and yes it will cost money. But the
RIPE Database is so old, with so many things lost in the mists of time, so
many things not applicable to the modern world. If you continue turning
your back on all this, you may find the regulators will tell you what they
want in the registry. That may be far more costly.

I don't think there is anything more I can say on this issue now.

cheers
denis

========================================================
DISCLAIMER
Everything I said above is my personal, professional opinion. It is what I
believe to be honest and true to the best of my knowledge. No one in this
industry pays me anything. I have nothing to gain or lose by any decision.
I push for what I believe is for the good of the Internet, in some small
way. Nothing I say is ever intended to be offensive or a personal attack.
Even if I strongly disagree with you or question your motives. Politicians
question each other's motives all the time. RIPE discussion is often as
much about politics and self interest as it is technical. I have a style of
writing that some may not be familiar with, others sometimes use it against
me. I also have OCD. It makes me see the world slightly differently to
others. It drives my mind's obsessive need for detail. I can not change the
way I express my detailed opinions. People may choose how to interpret them.
========================================================

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/address-policy-wg