Re: [ripe-list] RIPE Labs article on sanctions and solutions
In message , Chris Buckridge wrote: >We have just published an article on RIPE Labs regarding economic >sanctions and related work that the RIPE NCC is engaged in and funding: >https://labs.ripe.net/author/chrisb/towards-a-sanctions-solution-space/ I hope and trust that it will be posible to revisit some of these issues this coming winter when, it appears, many of you will likely be freezing in the dark. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message , petra.zeid...@dlr.de wrote: >Just for curiosities sake, are you this Ronald Guilmette? >https://krebsonsecurity.com/tag/ron-guilmette/ I am. >Otherwise: yes, there is no pan-European Operators Group. As far as I'm >informed, despite its name, NANOG does not cover Mexico, so the idea of a >NOG covering mostly the language area it's in is not that absurdly novel. The NANOG list covers the geography of Quebec and many Caribbean nations as well. Note that all of the WHOIS records as well as 4 out of the 5 web sites of the 5 regional Internet registries (including www.ripe.net) are all written in English. I wonder if that indicates anything. >So reaching all European NOGs would be work, but it wouldn't be very useful >work, since the people populating either RIPE lists or the NOG lists are >usually not the ones that could decide to break contracts, unless the entity >is not a very large one. I think you are wrong about that. But it doesn't really matter. Occasionally, the opinions of the lower echelons of worker bees in any organization are in fact listened to. "It's everyone's duty to start the avalanche." -- Barley Blair (Sean Connery) -- The Russia House (1990) Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <171d5ee3-7acf-f516-05df-dd3547e8b...@karrenberg.net>, Daniel Karrenberg wrote: >The archives have sufficient examples of the waste of bandwidth by this >person. Let's save everyone's time and continue to ignore his provocations. By all means, please continue as Europeans to just ignore both me and also the war raging on your very doorstep. Ignoring reality would seem to be one of the things you folks excel at, which goes a long way towards explaining why you're all having such trouble getting natural gas right about now, even though Ronald Reagan warned you all to avoid becoming too dependent on Russian energy, way back in the 1980s. https://www.nytimes.com/2022/07/30/business/europe-natural-gas.html Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <0179b1838aa0431d812be7a7b40cf...@yellowfox.net>, Peter Stimpel wrote: >Wow, How I missed this "if you are not with us, you are against us" calls. I gather that it is altogether easy to be both cavalier towards and dismissive of any attempts to seriously discuss the topic of personal ethical responsibilities in response to these world-changing events in Eastern Europe, at least while the view is from your comfortable and no doubt air-conditioned office in Kesselsdorf, far far from the actual carnage. >Seriously: you made your point, could you leave it at that, please. RIPE is >the wrong playground for this in my opinion. I say yet again, show me the European equivalent to the NANOG mailing lists that we here in North America have and i will be only too happy to go there and raise these issues. I've checked here: https://en.wikipedia.org/wiki/Internet_network_operators%27_group and although there seems to be no shortage European country-specific network operator groups (and associated mailing lists) I'm not seeing any pan-European place where I could make my case to network operators throughout Europe. (This, to me, is rather incomprehensible, especially given the number of European networking companies that have connections in more than one European country, but this is only one of the smaller points that mystify me about the seemingly determined and deliberate dis-unity in Europe.) >As far as I understand, RIPE >should not use its resources to make political impact And I have not suggested otherwise. Just because I elected to raise the issue of our _individual_ responses to the war in Ukraine here on ripe-list doesn't not automatically imply that I either expect or even hope for any formal response from RIPE itself. I don't. This just seems to be the one and only mailing list in the entire universe where it might be possible to communicate with a large number of individual European network operators. >If your point was to reach out to people and make a statement pro Ukraine: >got it, thanks for the reminder, end of communication. My goal was to reach a maximal number of European network operators and to put it to them all that they can and should join with the over 1,000 companies on the following list and curtail their business relations with Russia: https://som.yale.edu/story/2022/over-1000-companies-have-curtailed-operations-russia-some-remain >There are plenty of >communities and social networks, where private people can put effort into >helping ukrainian people with the situation, or make (imo useless) "fckptn" >statements. RIPE mailing list is no such place. Thanks, but Facebook and Twitter are clearly not going to be effective venues for reaching European network operators, specifically. And if I have left any doubt, let me be clear that this was and is my goal. I'd like to ask each and every one of you folks here who are decision makers and who run European networks how well you can sleep, knowing that you continue to provide connectivity to an aggressor nation, relentlessly bent on a 19th century style war of territorial conquest in Eastern Europe, and whose government ruthlessly annihilates any and all opposition, both within its own borders, and even, when they need arises, on the streets of London. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <7a091dee-27a3-4992-a3bc-840e5724d...@rfc1035.com>,
Jim Reid wrote:
>> On 15 Aug 2022, at 09:03, Ronald F. Guilmette wrote:
>> Yes, and as I think I've already made plain, I don't care about the official
>> response of RIPE.
>
>In that case, take your whines somewhere else. This list is for general
>discussion about RIPE matters.
Fine. Show me the mailing list that I can use to reach a maximal number
of actual network operators within Europe. Show me the European equavalent
and counterpart to NANOG.
I'll wait.
>But since you don't care about that,
>you're clearly posting to the wrong place. And since you don't care
>about RIPE (NCC)'s response, you've no reason to expect anyone here to
>care about what you have to say.
You obviously care.
>> You really just aren't getting this are you?
>
>No, it's you who really isn't getting this. For starters, you don't seem
>to understand the difference between RIPE and RIPE NCC. Or how to get
>"policy" changed in these two fora. For RIPE, submit a policy proposal...
Has anything I've said indicate that I'm looking for a policy change from
RIPE?
I'm not. That would be a fools quest.
>Third, you've given no indication why RIPE
>(NCC)'s stance is unsatisfactory or what could be done to make it
>better. For some definition of better.
I did not indicate that I felt it was. You're projecting your own mental
framework onto what I actually have said.
What I actually did say is that the organs of internet governance are,
quite understandably, extremely limited in what they are able to do, even
in response to such unique a world-changing events as war. And even the
EU is having a hard time finding a consensus response to the events in
Ukraine since late February. But as I have also observed individual
companies can and have, on their own initiative, and without being forced
to do so by any authority, elected to curtail their business with Russia
since the beginning of the conflict. If this fact is not apparent to
you, then please allow me to share with you some reference material:
https://som.yale.edu/story/2022/over-1000-companies-have-curtailed-operations-russia-some-remain
>If you have *constructive* proposals on what RIPE or the NCC could do in
>addition to the current sanctions...
I do not. I never said I did. Like the EU, RIPE is limited to doing only
what can achieve unanimous or near unanimous consensus. That's extremely
limiting. But individual companies certainly have the freedom to go beyond
the bare minimum of what either RIPE or the EU would have them do. (Over
a thousand companies that have done that are named at the URL given above.)
I have merely come here to suggest that more European companies act
independently
and follow suit by going beyond what is mandated in the way of cutting ties to
Russia.
>IMO it's highly unlikely that a bunch of Internet geeks wagging their
>finger at Mr. Putin and putting him on RIPE's naughty step will make any
>difference to his ugly war in Ukraine. Let's face it, the international
>sanctions that are hurting Russia and Putin's cronies haven't made a
>difference.
Apparently, your news sources are different than mine.
>Rather {than} indulge in virtue-signalling...
Is that what the 1,000+ companies on the list above are doing? Mere
virtue-signalling?
Since the start of the war, British Petroleum (BP) has elected to disconnect
itself entirely from the projects it was involved with in Russia. Some
estimates put the cost to BP of this move at over $25 billion dollars.
That's a lot of virtue-signalling!
>I think all of us could do far more
>good by helping refugees or contributing to relief efforts or putting
>pressure on our politicians to put more pressure on the Kremlin to stop
>the carnage. Or any combination of these three things.
You're entitled to your opinion, of course, as I am to mine.
Regards,
rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <72136d1a-6d94-11b2-571b-522a291e5...@schiefner.de>, Carsten Schiefner wrote: >And let me finish with a personal plea: could you please find yourself >other playgrounds where people might actually be more prone to accept >your insults... Who have I insulted, other than the Russian government, all those who are, by their actions, effectively proping it up, and those who value money above the lives of innocents? (I do not and shall not appologize if I have insulted any of these). I also won't apologize for raising anyone's blood pressure. That is, I think a rather minimal price for you to pay, in relative terms, while innocent children are being wantonly slaughtered. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <6d84e84e-c44c-4433-a21e-e18c30fff...@frobbit.se>, =?utf-8?b?UGF0cmlrIEbDpGx0c3Ryw7Zt?= wrote: >The relationship between EU (and other States) and Russia, and because of >this between us individuals and Russia, is dealt with elsewhere than at >RIPE. Exactly! And if you will be kind enough to point me at the European equivalent/counterpart to our NANOG (North American Network Operators' Group) mailing list, then I shall depart immediately to share my message of personal responsibility over on that mailing list, instead of this one. I have however found no such pan-European network operators' group OR associated mailing list, other than ripe-list. Was my research just inadequate? If so, please do enlighten me! >It has been demonstrated for you how the issue have been discussed >and deal with in RIPE. Yes, and as I think I've already made plain, I don't care about the official response of RIPE. RIPE has to do what RIPE has to do. I've posted here in an effort to try to reach individual network operators throughout Europe. If there is a better place to do that, then please let me know what it is. I'm all ears! >Regarding EU and disconnecting Russia, that has already been discussed as >part of the sanctions discussions, and this resulted in conclusion related >to the 6th sanction package that can be found here... You really just aren't getting this are you? Governments, for their own reasons, can and will make the decisions that suit them. The EU is such a governmental entity, and it has reached a decision that is now *mandated* throughout the EU. Individuals and individual companies are free to go further than the "official" set of EU sanctions (and many have)... a set of sanctions which were arguably chosen so as not to excessively offend any "important" economic interests within any of the EU nations... much like the situation with the ongoing Russian energy imports. And that is exactly what I am suggesting, i.e. that individuals and individual companies on the Internet can and should go beyond the minimalist sanctions that ALL of the EU member states were able to agree upon, unanimously. Those sanctions are and should be viewed as a minimal *floor*, i.e. the bare minimum that any and every company and person in the EU should be willing to abide by. Any person and any network operator can do more than the minimum required by the current EU sanctions. And some have. I have merely suggested that it is a moral imperative to do more, and to do so now. If this is at all controversial then I believe that that says more about Europe and the people and companies within it, than it does about me. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Russia
In message <202208141023.27eanvpw090...@bela.nlnetlabs.nl>, Jaap Akkerhuis wrote: > "Ronald F. Guilmette" writes: > > > An interesting observation, and a question: > >My observation is that you jump to conclusions based on thin air. I do not. I observe. Show me all of the discussions that have taken place here on this list, since the outbreak of the war, about Russia and its actions, and about what the proper response to those actions should be among those who value life above money. You can't, because there haven't been any. >If you just did a minimun of research as in a search for "ripe >Russia" you would have been better informed. Done! I see this, which is just a lot of institutional platitudes: https://www.ripe.net/participate/member-support/the-ripe-ncc-and-ukraine-russia "An Open Internet Remains the Goal" That certainly _sounds_ like a very high-minded and principled response. But is it just purely coincidental that this goal happens to align nicely with the goal of European network operators to maintain their current level of profitability. despite annoying little interferences like war, carnage, and human tragedy on a grand scale? In any case, I would neither have hoped for nor expected anything different from the various organs of what passes for Internet governance, such as ICANN and RIPE. None of these believe that it is their responsibility to intervene in any way, and perhaps they are right in taking such hands-off posisions. Time will tell. My comments were not directed at them, but rather to the myriad individual European transit providers and IXes that continue to do a robust business with Russia, even as hundreds or thousands of other western companies have curtailed or entirely ceased doing business with Russia. What excuses do each of these individual companies offer up for their maintenance of both the pre-war status quo and their own profitable movement of packets? If the only excuses they can offer up are some lame platitudes about the free flow of information, e.g. so that the populace in Russia can learn the truth about what their government is doing, then I have a free clue to offer: Six months in and that ain't working. Like not at all. The BBC's recently reinvigorated shortwave radio service is likely doing a better job of getting the truth to Russians, at present, than all of the IP packets flowing in or out of the country. What *is* being manitained however is connections to Russian web sites, thus allowing Russia to continue selling its goods and services to China, India, and the other remaining countries that still desire to do business with this rogue nation. Those who fail to learn from history are doomed to repeat it, and it saddens me greatly to see that Europe has either forgotten the primary lesson of the 1930s, or else has failed to learn it at all, i.e. that a failure to forcefully confront agression at its outset is a mistake that will be paid for in blood many times over, and usually by people other than the ones who made the mistake. Disconnect Russia! This isn't the job of RIPE, or ICANN, or anybody else. It is the moral duty of each of you reading these words, as individual ethical and moral beings. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
[ripe-list] Russia
An interesting observation, and a question: Nearly six months ago now, on February 24th of this year, Russia began a "special military operation" against the sovereign nation of Ukraine. Since that time, fully three quarters of the member nations of the United Nations voted to condemn this unprovoked military action, and numerous nations in both Europe and all around the world have adopted extreme sanctions against Russia in response it its actions in Ukraine. These sanctions cover the gamut of economically important trade relations, including energy, banking, and high-technology goods. Despite all of the foregoing, I have just checked the archives for this mailing list for the past six months and it appears that in all of these past six months there has not even been so much as a single mention of Russia or the Ukraine War, or the ongoing threats coming out of Russia against NATO nations, EU nations, and European nations generally. Why? Are all members of the Internet community in the RIPE region so reluncant to even mention the word "Russia" because you all hope to just keep doing business as usual, even as Europe is plunged into the most destructive and deadly military conflict since the Second World War? Are all of you so completely focused on your bottom lines that you can turn a blind eye to the daily slaughter of innocent civilians, including children, in Ukraine? To put it another way: What exactly *is* the excuse of the RIPE region membership as it does its level best to pretend that there isn't even a European war going on? The best analogy I can think of is the Swiss during the NAZI era. It appears that, As long as the gold keeps coming in, everybody's happy. Regards, rfg P.S. I fully expect this post will be censored, because apparently nobody in Europe wants to even talk about all of the helpful network interconnections that are being supplied by EU/NATO nations to Russia, even after six months of unprovoked carnage and more than 10,000 Ukrainian's dead and 10 million displaced. That's OK. The European Internet community can continue to pretend that nothing has happened, and go on with business as usual, but the world knows better, and history will not forget the self-serving cowardice of the RIPE community in this time of deadly conflict. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
[ripe-list] AFRINIC vote buying
Even though this relates to a whole different Regional Internet Registry, I think that some (many) of you may be interested to watch this video and to learn what's been going on of late down in the AFRINIC region. https://www.youtube.com/watch?v=32xCurWfJo4 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] [Community-Discuss] [arin-ppml] Update on Litigation Between AFRINIC and Cloud Innovation ltd
In message Ibeanusi Elvis wrote: >This "sockpuppet" ideology and terminology that has become an excessively >overused irrelevant term in this mailing list. What is wrong with sharing a >link of interest or a link that a member consider relevant to him/herself. >Freedom of expression is always promoted in this community as long as it >does not go out of line. Members of this community including the AFRINIC >organization itself always share updates and links; never have it been >considered an act of being a "Sockpuppet". Lets stop throwing words around >in this community mailing list and create unwanted confusion. Sockpuppetry is not an "ideology". It is a well-established fact of life on the modern Internet, just as "astroturfing" is in real life. If you don't know that then it is because either you are ignorant or else it is because you are pretending to be ignorant. The poster in question is using and was using a fradulent name together with an essentially anonymous gmail account. The name given in the From: header is bogus and is a reference to a non-existant fictitious person, as anyone who simply takes a moment to google the name can readily see. This is fundamentally different from Real People posting to these lists. Real People have histories, known connections, and readily identifiable employers. Sock puppets have none of these things. If you don't like people talking about sock puppets on these mailing lists then perhaps you should, in the first instance, try to get the sock puppets to stop posting garbage and unenlightening recycled company PR blurbs to these mailing lists. Most of us have real work to do, and if we really want to be bombarded by commercial advertisments being written and spread around by specific individual companies, at their request or prompting, and for their benefit, then there are other places where we can seek out that kind of stuff. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
Re: [ripe-list] Confidentiality, or that lack thereof
In message <48758939-bb53-43ff-8855-49c1af18b...@v6x.org>, =?utf-8?Q?Andreas_H=C3=A4rpfer?= wrote: >I really have no idea where this discussion is heading, I am not a lawyer, >etc. etc, but let me play "devil's advocat" and be a bit provocative :-) That's fair. >* My ad-hoc assumtion for any organization would be that any partner/ > member/customer information is confidential unless the affected parties > have agreed to make it public. > > viz. https://www.ripe.net/publications/docs/ripe-733#31 I note again that you are citing a Section (3.1) of a document that relates to the IP address allocation process. The title of the document is "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region". 3.1 Confidentiality Internet Registries (IRs) have a duty of confidentiality to their registrants. Information passed to an IR must be securely stored and must not be distributed wider than necessary within the IR. When necessary, the information may be passed to a higher-level IR under the same conditions of confidentiality. I would argue that BY DEFINITION the above assurances relate to information provided as part of a justification for IPv4 address space, and that they thereore do not apply to information submitted to RIPE NCC, much earlier, as part of the package of information that RIPE NCC requires in order to transform a prospective new member into an actual RIPE member. That trans- formation, of a prospective member into an actual one, is clearly a separate and different process, and one to which the confidentiality commitment expressed in the above quoted passage cannot reasonably be construed to apply. >Jurisdiction, at least, is easy. RIPE-673 (initially quoted by >you but outdated) and all it's successor documents until the current >RIPE-745 state in the very last section: > > Article 11 - Governing Law > > 11.1 All agreements between the RIPE NCC and the Member shall be > exclusively governed by the laws of the Netherlands. We agree. Please note that The Netherlands does itself operate a *public* national corporate registry, one from which anybody anywhere in the world can fetch basic incorporation documents, albeit subject to a small fee per document. (I myself have used this web-based public service on multiple occasions in order to obtain various Dutch incorporation documents.) It would seem that the jurisdiction of The Netherlands has no problem with the notion of making basic incorporation documents public. Why then should RIPE deviate from that admirable national standard? (That transparency with respect to basic incorporation documents is not by any means unique to the Netherlands, by the way. Rather, this rudimentary transparency is the widely-accepted norm throughout essentially the entire civilized world.) >> *) Isn't the publication of WHOIS information a quite apparent and obvious >> violation of this purported "duty of confidentiality"? Or whould that >> be more accurately referred to as "the exception that proves the rule"? >> >> Could there be other and as-yet unenumerated exceptions to the >> general rule? > >I would not consider this an exception. What goes into WHOIS and/or >into the RIPE database is well documented and can be known in advance >by anyone applying for resources. What are you saying, exactly? Are you claiming that members, e.g. ones allegedly incorporated in some of the world's more opaque jurisdictions, such as Belize, etc., have either some expectation, or perhaps even some right to expect that even the bare minimum facts regarding their corporate existance shall be preserved as a deep dark secret, AND one which RIPE NCC is somehow obliged to become a co-conspirator in hiding from the world? As noted above, the people and the government of The Netherlands don't appear to have any problem with making basic incorporation documents public. Why then should RIPE? Is RIPE attempting to emulate the ignoble example of FIFA by going out of its way to be opaque, and by so doing, either tacitly or consciously facilitating God only knows what? Basic incorporation documents are neither "sensitive" nor relevant to the competitiveness of any given member. As I have said, if you have incorporated as "XYZ Widgets" in the Duchy of Grand Fenwick, how does that information being public either hurt you or help your competitors? Clearly it does neither, thus renderding any pointless and unnecessary secrecy about such basic documents on RIPE's part, nothing other than an additional tool in the toolboxes of bad actors, including some that, even as we speak, are attempting to bring down the entire edifice of the global system of Regional Internet Registries, including RIPE. Regards, rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message ,
Gert Doering wrote:
>On Tue, Aug 24, 2021 at 05:18:06PM -0700, Ronald F. Guilmette wrote:
>> There is no question in my mind that the former category of information MUST
>> be held in confidence by RIPE NCC. The latter category, maybe not so much.
>
>I agree that otherwise easily attainable information ("chamber of commerce")
>does not need to be treated as "confidential".
Thank you for what seems to be general agreement with my position on this
question/issue.
Unfortunately, the term "easily obtainable" may be somewhat misleading in
this context.
There are many jurisdictions scattered around the world, that have elected
to go out of their way to NOT make even such simple things as corporate
registration documents available to the public, and there are at least
a few RIPE member organizations that claim to be incorporated in each of
these Belize, U.A.E., the British Virgin Islands, the Isle of Man,
and the Seychelles Islands, just to name a few.
It may come as a surprise to some, although not to me, that over time there
has appeared to be some correlation between some of these entities and what
some might call "bad behavior". Indeed, at the present moment, multiple
legal disputes currently ongoing in the courts of Mauritius threaten to
put one of the world's five Regional Internet Registries, AFRINIC, out of
business, and these legal cases have been brought by multiple companies
that are purportedly incorporated in the Seychelles:
https://www.internetgovernance.org/2021/08/19/a-fight-over-crumbs-the-afrinic-crisis/
Given the nature of the modern Internet, and its ever more central place
in the lives of ordinary people around the world, I personally feel that
the price of admission to this vast global and interconnected wealth-
generating machine should, at the very least, include making your basic
incorporation documents public. It would be Good and Helpful, in my opinion,
if the five RIRs agreed with this simple and minimalist disclosure requirement.
>OTOH, maybe it's just the easiest approach to things - "keep *any* document
>submitted by the LIR as 'confidential'" - so there is no need for individual
>NCC employees to decide on the nature of a document...
I believe you are making this seem more complex that it really is. I really
doubt that there are any staff members within RIPE NCC who are so blindingly
ignorant that they could not easily tell a corporate registration document
from a document showing user counts, equipment purchases, etc., of the kind
that has typically been required as part of a justification for IP space.
The latter is quite obviously "business confidential". The former, not so
much.
Regards,
rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message Leo Vegoda wrote: >On Tue, Aug 24, 2021 at 5:18 PM Ronald F. Guilmette > wrote: >> As you will see from my immediately prior post however I am of the opinion >> that there is a clear and bright line between THAT sort of "sensitive" >> information (which might be used, misused, or abused if it were to fall >> into the hands of some business competitor) and the mere national corporate >> registration document which all prospective new members that are not natural >> persons must provide to NCC prior to even being accepted as new members. >> >> There is no question in my mind that the former category of information MUST >> be held in confidence by RIPE NCC. The latter category, maybe not so much. > >Are you making a proposal for the RIPE NCC to change the way it >operates, or something else? I only wish that I could even answer that question. Sasdly, I cannot, for the simple reason that the various RIPE legal, policy, and procedure documents which I have seen so far, and which other people have been kind enough to point me to, have not served to clarify what the current policy with respect to corporate registration documents, or if there even exists a current policy with respect to those documents. (My sense is that there currently exists -no- policy relating to those documents.) It would be technically inaccurate, I think, and a misuse of the English language to say that I desire to see a change to something which does not now even exist. Regards, rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message , Gert Doering wrote: >Leo has been around about as long as I have - and his understanding of >the reasoning matches mine. Excellent! All three of us have the exact same shared understanding, it seems. >Let me illustrate this a bit: "back in the days", ISPs were given IPv4 >allocations based on network deployment *plans*. Like "we intend to >expand to neighbouring country , cities , and , and >we expect to have customers there by mid next year" Right. This is what I have termed "sensitive" and/or "competitive" information in my immediately prior post. And I am 100% supportive of the notion that all such "sensitive" information should at all times be held in the strictest confidence by NCC, even regardless of whether such confidentiality has been formalized or not. (It just makes good sense.) As you will see from my immediately prior post however I am of the opinion that there is a clear and bright line between THAT sort of "sensitive" information (which might be used, misused, or abused if it were to fall into the hands of some business competitor) and the mere national corporate registration document which all prospective new members that are not natural persons must provide to NCC prior to even being accepted as new members. There is no question in my mind that the former category of information MUST be held in confidence by RIPE NCC. The latter category, maybe not so much. Regards, rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message
Leo Vegoda wrote:
>I have always understood that the confidentiality requirement was
>intended to apply to any business information supplied to justify an
>allocation of resources...
This has been my (informal) understanding also. And it seems altogether
reasonable.
>I understood that the goal was to assure
>the businesses operating networks that chatty staff would not gossip
>about what those businesses planned but had not announced.
Yes. This matches my uinderstanding also, and for whatever it may be
worth let me just say that I am in complete agreement with this rationale.
I quote now from an Internet source describing a once common phrase here
in the U.S., i.e. "Does Macy's tell Gimbels?":
The rhetorical question "Does Macy's tell Gimbels?" was a popular phrase
used throughout the 1930s-1960s which meant that business competitors
are not {going to} share trade secrets with one another. It comes from
the rivalry between the large upscale New York department stores Macy's
and Gimbels.
Obviously, -competitive- information of the kind used to request or justify
allocations of number resources is, and quite properly should be entirely
confidential. I have no question about that.
But that sort of information... information relating to number resource
requests, allocations, or the justifications for those... are -not- the only
information that RIPE NCC holds in relation to any given member.
I refer again bullet point #2 in Section 2.2 of the RSA, which prospective
new members agree to even well before they either request or receive any
number resource allocations:
* A recent extract from the Commercial Trade Register or equivalent
document proving the registration of the Member with the national
authorities.
I am persuaded that in the specific case(s) where the prospective new member
is *not* a natural person, a document which has been provided, by a prospective
new member, to RIPE NCC and which purports to attest to the mere valid legal
existance of some such corporate non-natural entity cannot reasonably be
classified as "competitive" or "proprietary" information of a type which
would be at all likely to render unfair advantage to some real or even
hypothetical business competitors.
If I am your business competitor, and if I find out that you have incorporated
your business using the name "XYZ Widgets" in the national jurisdiction of
The Duchy of Grand Fenwick (google it) then how does my knowing those two
rather rudimantary bits of information either (a) help me or (b) hurt you?
I do not believe that it can be reasonably argued that it does either, since
your mere legal existance as a legal corporate entity does not provide me
with any notable competitive advantage. Besides which, if you have been
honest and truthful, then this same information should be appearing also
in your public corporate "ORG" WHOIS record anyway, right?
So, may we agree that there exists "sensitive" competitive information, of the
kind that might be submitted as part of a justification for number resources,
and which must be held in confidence by RIPE NCC, and that there is also
an additional and separate category of "non-sensitive" non-competitive
information which NCC is -not- obliged to hold in confidence, especially as
it has no bearing on either requests for, or assignments of number resources?
>If you believe there is a need to add clarity, you are welcome to
>start a discussion in the Address Policy WG.
Well, I do thank you for the suggestion, but as I have been at pains to note
above, from where I am sitting this doesn't really bear on address policy
*at all*.
Yes, when a member that has been accepted as a member requests number resources
then they must submit "sensitive" information to NCC and that information must
thenceforth and forever after be held in confidence by NCC. But what about
the corporate registration document that a prospective member must submit
even well before they even become a member, and also, by implication, well
before they are even in a position to request number resources?
Regards,
rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message <50a2de7b-3184-406a-8ae0-78062a807...@v6x.org>, =?utf-8?Q?Andreas_H=C3=A4rpfer?= wrote: >The "Due Diligence" document > >https://www.ripe.net/publications/docs/ripe-748#5--confidentiality-and-privacy-issues Thank you. Here is the relevant section: 5. Confidentiality and Privacy Issues The RIPE NCC maintains a duty of confidentiality towards the legal or natural persons that request Internet number resources. Information passed to the RIPE NCC is securely stored and will not be distributed further than is necessary. Details of the process of handling personal data by the RIPE NCC can be found in the RIPE NCC Privacy Statement. This forces me to just reiterate the various questiions I raised in my immediately preceeding post, e.g.: *) Where did this purported "duty of confidentiality" come from and what is the legal or policy basis of it? *) Does this alleged "duty of confidentiality" only apply selectively, in certain cotexts or with respect to certain information, such that the public WHOIS records do not run afowl of this duty? >... together with a link to the RIPE privacy statement > > https://www.ripe.net/about-us/legal/ripe-ncc-privacy-statement Please note that the RIPE privacy statement appears to be -exclusively- about -personal- information of natural persons. It seems that the two documents that you have provided links to are together performing a sort of coordinated linguistic/HTTP sleight of hand. In Section 5 of the first document it is alleged that there is a "duty" towards -both- natural persons and also towards any an all -other- legal entities, even as it refers the reader to the second document (the RIPE NCC Privacy Statement) which quite obviously talks only about the privacy that shall be accorded to natural persons. I do not and shall not take issue with GDPR. It is the law of the land and provides reasonable privacy protections to all natural persons. But I do believe that it is safe to say that the overwehlming majority of RIPE members are not natural persons, and it still appears to be rather entirely opaque to me what duties of confidentiality are owed to these non-natural entities. If thare exist yet other documents that might further clarify that, I would greatly appreciate being directed to them. Regards, rfg
Re: [ripe-list] Confidentiality, or that lack thereof
In message , Leo Vegoda wrote: >On Mon, Aug 23, 2021 at 6:38 PM Ronald F. Guilmette > wrote: >> >> Some long time ago, somebody (I can't remember who anymore) told me that >> "business information" given by a member to any RIR... which presumably >> included RIPE... was considered to be "confidential" and would not >> thereafter be shared by the RIR staff with any other or outside party. > >Are you referring to this? > >https://www.ripe.net/publications/docs/ripe-733#31 Well, yes and no, by which I mean "I can't even tell." Here is section 3.1 of the above document: 3.1 Confidentiality Internet Registries (IRs) have a duty of confidentiality to their registrants. Information passed to an IR must be securely stored and must not be distributed wider than necessary within the IR. When necessary, the information may be passed to a higher-level IR under the same conditions of confidentiality. There are muliple reasons why the text above fails to answer my question. *) The first sentence makes a quite sweeping and a quite generalized assertion and yet provides exactly -zero- references to support the assertion. From whence does this alleged "duty of confidentiality" arise? From law? If so, which law and in which jurisdiction? Or did this purported "duty" spring, fully formed, like Athena from the brow of Zeus? *) Isn't the publication of WHOIS information a quite apparent and obvious violation of this purported "duty of confidentiality"? Or whould that be more accurately referred to as "the exception that proves the rule"? Could there be other and as-yet unenumerated exceptions to the general rule? *) Given that the title of the containing document is "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" may it be safely inferred that this purported "duty of confidentiality" applies only to "Information passed to an IR" at a point in time when some member actually requests one or more IP Address Allocations, and thereafter? More specifically, does it apply to "Information passed to an IR" at some point in time *before* a member requests IP or other number resource allocations, e.g. at a point in time when a *prospective* member is applying for membership in RIPE? My points above are, of course, pertaining only to information relating to legal entities other than natural persons, for whom GDPR is controlling. I should say also that although some may view me as nitpicking, these matters are of grave and serious concern, not just to me, but also to law enforcement and "open source" researchers everywhere. Regards, rfg
[ripe-list] Confidentiality, or that lack thereof
Some long time ago, somebody (I can't remember who anymore) told me that "business information" given by a member to any RIR... which presumably included RIPE... was considered to be "confidential" and would not thereafter be shared by the RIR staff with any other or outside party. Now I am trying to figure out (a) if that is true and (b) if so, why it is true and (c) what the limits may be of that rather sweeping generalization, if any. At the moment, I am specifically and only interested in the answers to these three question with respect to RIPE. I hope that you will all forgive me for my apparent inability to find answers to these questions on my own. I have googled around a little bit, searching for such things as "RIPE" and "NDA" or "RIPE" and "disclosure" and I'm still not finding anything that jumps out at me as providing answers. I'm sure that it is my fault that I'm not able to find answers to these basic questions on my own, but I hope you all will bear with me anyway. In particular, I am looking at the current RIPE RSA, and I'm not finding anything in that that addresses confidentiality in any way: https://www.ripe.net/publications/docs/ripe-673 Did I just miss it? Is RIPE contractually committed to some specific sort of confidentialty with respect to materials received from members, or from prospective members? If so, where is that committment documented? I'm intested in this topic of confidentiality *in general*, but I have a special and particular interest in the contractual confidentiality commitments, if any, undertaken by RIPE with respect to bullet point #2 in Section 2.2 of the RSA: * A recent extract from the Commercial Trade Register or equivalent document proving the registration of the Member with the national authorities. Is RIPE obligated by either contract or policy to confidentiality with repsect to the mere corporate registrations of its members or prospective members? If so, by what rule? And where is that rule codified? Regards, rfg
Re: [ripe-list] [Community-Discuss] Call for AFRINIC’s registry service migration to other RIRs
In message , Randy Bush ? wrote: >i think they hired trump and giuliani to lie and escalate. their >problem is that they are lying and trying to escalate to an audience of >internet operators who have decades of experience with a pretty stable >system It has taken quite some considerable period of time, but I do believe that we have finally located something that Rady Bush and I actually agree on. >(until they illegally ripped off a lot of address space and got >caught). Owing to my personal propensity to avoid inflammatory assertions which might incur the potential for some personally directed legal actions on the basis of defamation, I shall not associate myself with this additional parenthetical remark on the part of Randy Bush. I will say only that a significant number of valuable IPv4 addresses appear to have been effectively "liberated" from the AFRINIC region for use elsewhere, and primarily in the Far East, and even more specifically by a number of relatively youthful legal entities in Hong Kong. Regards, rfg
