ARIN XVII
Public Policy Meeting
Draft Transcript
Tuesday,
April 11, 2006
"This transcript of the meeting may contain errors due to errors in transcription or in formatting it for posting. Therefore, the material is presented only to assist you, and is not an authoritative representation of discussion at the meeting."
Meeting Called to Order
MR. PLZAK: Okay, and so, as a reminder -- and for those of you that are from the LACNIC region. Anyway, I hope those of you that went to the social last night had a good time. If you did, clap your hands.
We've got on tap some policy proposals and a few other things. First of all, let's thank all of our sponsors. And we are going to do this -- I will do this right now.
Remember, yesterday, we had a raffle drawing and so -- I've got that here and I think we've got a fish bowl of things and could I get someone from the audience to come up here and pull one of these things -- So, if I could get the fish bowl brought up here by someone and just come up on stage and hold it. And can I get a volunteer to come forward to do it? Ah, Owen will do it.
So -- have you been to the Cyber Cafe? Ah, okay. That doesn't make any difference. If you pulled your name out of it, it would have been okay with me too. So --
And I know someone else -- Okay. The other person in the room that's definitely favored in this raffle is Andrew Dul.
Okay. And so, as a reminder, it is still open and tomorrow we will have another drawing and this is for a backpack and Registration Services Help Desk is open. I don't know how many people have been there. I understand there's been a few and setting of appointments and so forth and I don't know if Leslie is in here -- She's what? Oh, she's working.
SPEAKER: I'm glad about it.
MR. PLZAK: Yes. So -- and the Billing Help Desk is back there as well. So, please take advantage of the opportunity, if nothing else, just to meet and greet, talk with the people you work with.
Leslie, what's been the traffic load in the RSD help desk? So, she says a lot of people and she'll tell me later. I hear that every day, okay.
So, anyway, don't forget to complete those meeting surveys. There's another raffle for that one too and two guys -- two people will win and I've had --
Okay. Reminder: If you're not on the PPML, this would be a good time to do so. It is the forum -- your forum to raise and discuss policy- related issues. And for those of you who are on it, you have been active participants in it and you've seen a lot of good discussion go on.
So, remember, all policy proposals are always introduced on the PPML. So, if you're not a subscriber, subscribe.
And remember the rules of the road and do as Owen did. State your name, affiliation and whether or not you support or don't support what is being discussed.
So, before we move on and start through the agenda, John yesterday said, "Eh! I'm not going to be here tomorrow." So, it's your last chance to take a shot at him. So -- anyway, if you noticed, John has changed to Scott Bradner. So -- I don't know what -- if you want to say a few words, go right ahead.
MR. BRADNER: Good morning. I'll convey to John your pleasure of him not being here.
SPEAKER: Do you support this discussion?
MR. BRADNER: So far! A while back, the ARIN board decided that they wanted to have stand-by equipment for the Chair and so they designated that the Secretary be that vice-Chair. That's not chair of vice, which I prefer, but it's actually the assistant Chair of hot stand-by equipment. And so, here I am performing a function.
John had a day job thing which could not -- he could not avoid. A customer called up and said, "We're going to meet on Tuesday". He said, "Can we do this on Thursday?" and the answer was, "What part of Tuesday didn't you understand?"
So, he's back there or he's on his way right now. So, you can browbeat me as we go along.
Words from Sponsor
MR. PLZAK: Thanks, Scott. A few moments ago, we applauded our sponsors, the major sponsors for this event and as far as I'm concerned, they've been doing a very good job. It is Teleglobe. And so, Henri Alexandre from Teleglobe, the vice-president of network engineering is here and so, Henri, would you -- do you want to come up and say a few words and -- to the group?
MR. ALEXANDRE: Bonjour a tous. I'm Henri Alexandre, vice-president of Network engineering in Teleglobe, now VSML International Company. Teleglobe stands by ARIN and recognizes the very important role of Internet resources allocation and policy development it plays in the North American Internet community.
We're proud to show our support by hosting ARIN XVII here in Montreal, Teleglobe's hometown for more than 55 years.
We hope you have enjoyed your Montreal Street Festival last night. We wanted to sample for you our most famous summer festivals, namely the Jazz Festival, the Just for Laughs Festival, our world- class Cirque du Soleil, the Formula 1 Grand Prix du Canada which is being held as the end of June this year. It's a great event. The fireworks festival which takes place most weekends and Wednesday nights during the summer. And some of you even had the chance to enjoy the soccer de table festival which is more a -- more of a -- in relation with the fact that soccer has quite developed in Montreal in the last few years. It became the most popular sport now with the youngsters and probably with the older ones also in terms of attendance -- in terms of participation to the sport. Hockey remains, I guess, our favorite but -- there's no such festival for hockey.
We hope you have enjoyed your culinary experience adventure and tasted local cheese, enjoyed beers from our local breweries and we trust you're all this morning still cruising on the sugar rush induced by our maple coffee.
I want to recognize the sponsors that are making the running of the ARIN meeting so smooth. So, Shafik Hirjee and his team for IP Connectivity and the router; Dell for the PC and printers at the Cyber Cafe; Force 10 for the switches for the network; Cisco Systems for wireless access equipment; and all of ARIN's staff for making a fantastic job of making our life as a sponsor easy. So, thanks for the great support of ARIN's folks.
Special thanks for people of Teleglobe who contribute more directly with the event. So, John Sweeting, Sylvie Laperriére and Diane Godin. So, to all the sponsors from other companies and those from Teleglobe, I think we can give a hand --
For those attendees interested, we will offer a tour of our NOC and IP POP on Wednesday afternoon, tomorrow afternoon. So, if you're interested, please look at the ARIN website. The info is there.
Lastly, no true Canadian experience would be complete without discussing about weather. We love to discuss weather so much and brag about it, the up and down of it, we even created a windchill factor, a humidex factor and some other factors which I'll spare you.
The windchill factor is a factor used to make you feel much colder or much warmer than it is on the real thermometer. So, upcoming forecast, today and tomorrow, and I would like to take credit for the weather so far and hope it stays as planned.
So, for tomorrow -- for today, sorry, a high of 16 and even better tomorrow with a high of 18. Mostly sunny for today, possibly some scatter but we're working on it right now.
So, what does -- how does the windchill factor apply there? I means that if you stay in the sun, it's bearable, but if you go in the shade, bring your coat.
Enjoy your meeting. The agenda is packed with registry updates and there are four proposals to discuss. I better leave you to do it and au revoir, a la prochaine et merci beaucoup de votre participation.
MR. PLZAK: Thank you, Henri. Okay. As Henri just mentioned, we do have a rather full agenda today and we will get to see when we get into the policy proposals about how tyrannical the Chair will be too. So --
AfriNIC Update
MR. PLZAK: Anyway, we will begin the morning with the RIR updates. This is the chance for you to learn what's going on in the other regions directly from our colleagues from the various RIRs. So, we will begin with AfriNIC. So, Adiel, if you are somewhere -- ah, here he is over there. And he will be followed by APNIC, LACNIC and then the RIPE NCC. So --
MR. AKPLOGAN: Thank you. That will be a very short status update on AfriNIC. This meeting coincides with our one- year anniversary of being fully recognized by ICANN, so this report will talk about what we have done since April last year.
I will start this presentation with numbers actually, about how we have grown since April last year, our membership, our requests.
You can see that our requests for Internet resource have grown a lot since the beginning of the year and what is more encouraging is the number of new members we had.
We have doubled the number of new LIRs from last year -- from 2004, I mean, because I'm talking here about 2005 numbers. We have more than 100 percent growth from our membership in 2005 which is very interesting but this membership growth is not only small members, we have also noticed a very substantive growth in resource allocation and assignment in the region.
At the top side, you can see the comparative IP before allocation, so we compare month by month between 2005 and 2004 and you can see all along the year, we have allocated more than -- the double of the number of /24 all along 2005. Same for AS number which means for us that the fact that we are more closer to our network operator and we have conducted some amount of training and awareness about RIR and resource allocation has produced some positive results.
Financially too, we think we are doing well so far. If you remember at the beginning of our process, one of our challenge also is to be able to sustain the organization and being able to have sufficient reserve in our account to be able to take over the whole operation of AfriNIC after two year of incubation which has passed the transition process.
So, all along the past two years, 2004 and 2005, one of our goal and our focus was to build a reserve on our budgets to be able, at the end of 2006, to take over the whole operation in the three countries which are running AfriNIC meaning South Africa and in Egypt.
So, you can see that at the end of this year, our reserve will be consequent to be able to cover the whole budget 2007.
This year already, we are funding 50 percent of the budget of South Africa plus our budget in Mauritius, so for us, it's something very encouraging.
As I was saying before, we have conducted some training in 2005 because it was one of our challenge to make our community more aware about IP resource allocation, what is the RIR system and how they can improve the infrastructure by getting their own IP address, doing a multi- homing with -- in a good condition by getting their own AS number.
We have conducted a training in 2008, the country in red -- in orange there are countries where we had training in 2005.
This year also, we have already started implementing our training plant, we had two trainings this year, one in Sudan, which has been done with an IPv6 one day, we had also another training in Cape Town this year.
To make the training more attractive also for the community and based on some feedback we get from them, we had some specific subjects to each LIR training, so it's not only LIR training but we have like IPv6, one day, IPv6 along with the LIR training or DNS -- or DNS, just DNS training.
In Sudan, we had a two-day training, one day for LIR and the other day was an IPv6 because we noticed that many members from our region are interested in knowing more about IPv6 and the results are there, everywhere, we have a IPv6 training, we have many requests for IPv6 allocation and we have also some IPv6 native connection from those countries.
Training was, as you know, Africa has more than 50 different countries, so it's not very easy for us to travel everywhere in a very short period of time, so we feel like it should be very interesting for the community to have a computer-based training material where they can have access to the basics of a resource allocation.
So, with the support of ARIN, we have released a computer-based training material which is available on-line, we have it also on CD, so every new LIR get a copy of the CD-ROM which is a training on how they can interact with AfriNIC, how they could use our WHOIS database and get their request properly done.
So, it's something which has been very successful, we have noticed a lot of downloads from the CBT on our Website and many people are using the CD we have released.
A French version of that CD is also on the way and will be available soon. So, we are trying harder to make the community aware of what we are doing and that is also -- would be -- will contribute to the success of the organization.
As a full RIR, we started having a policy meeting and our last meeting was in December in Cairo where we have discussed some open policy.
We had discussions in Cairo about four policies which got consensus: temporary assignments, direct allocation of -- or PI allocation to assignments, excuse me, to end user. We have update also our criteria for AS number allocation and we have also discussed about the IPv6 allocation from IANA to LIR which is the global policy.
All those policies got consensus and are now on the table of the Board for final ratification.
We got a proposal also for 4-byte AS number policy which has been submitted by Geoff. That policy is still opened, it's still -- I mean, on that discussion. We couldn't discuss that further in Cairo because in our policy development process, each policy has to be discussed at least 30 days on the mailing list before we discuss formally about it during the face-to-face meeting, so the discussion doesn't happen in Cairo because it was submitted less than 30 days before. So, probably we will discuss about that in Nairobi, our upcoming meeting.
Other activities, at the registration service level, beside the regular request evaluation, we also start cleaning our database.
As you know, we got our member and database information from various RIRs during our transition period and we now try to consolidate all those informations, clean our internal database against the WHOIS and make them consistent.
So, it has been a work we have done the past three months and it's quite finished now. At the engineering level, we -- at first, a lot of problems, especially last year with spamming because we got very high number of spam hitting our different mailing -- mail address which we use for evaluation of different kinds of activities.
So, we have tried different solutions and at the beginning of this year, we have experimented gray listing for requests -- especially for our public e-mail address and I would say that since a few weeks, we have implemented on all the e-mail which has allowed us to decrease very significantly the number of spam hitting those e-mails which make the work of IP analyst more efficient.
We have also started developing a Web interface for our member to manage their resources. This includes the membership process itself. Because one of our goal this year is to make the membership process very easy. It's to say that you can become member of AfriNIC by clicking two or three times on the web, filling the information and providing most of the information online. This includes an online payment too, which we don't have now. So, that development is also ongoing. And, probably, we'll have the first version available in Nairobi.
We have also reverse engineer the WHOIS server that we are using. As you know, we start using RIPE NCC WHOIS server, so far our server at the beginning. So, we start re-adapting that server to our process and our policy, which is also a very deep and top activity we are undertaking right now.
The last thing we have done is the data recovery center in Egypt. We have deployed the first infrastructure in Egypt where our server are now up and running. The first thing we are going to do is to mirror our WHOIS server in Egypt location and move ahead with other sensitive server and data we have in South Africa and Mauritius.
At the financial level, we got income tax exemptions from Mauritius government last year, which is very, very interesting for us.
As you know, we have an invoice process which make us invoice all our old members at the beginning of the year. So, we have a very specific invoice period. So, we invoice them at the beginning of the year for the whole year. So, we have invoiced all our members, our 2005 members in January. And, up to now, we had 80 percent of collection rate, which is for us very encouraging. So, we have collected already 80 percent of our 2006 invoices. Our goal is to reach around 90 to 92 percent for this year. So, we are continuing to chase those members and collect the invoices.
We have also started our process for 2005 account auditing. It will be done in the coming week.
Staff update. When we got recognized at ICANN, we were three people working at AfriNIC. Today, we are six, including one traininee - a hostmaster. Two are working in South Africa and four in Mauritius, including our second hostmaster.
We are launching requirement of new staff in the coming week, one as a system engineer, a database manager, and a membership liaison and communication officer. That will allow us to strengthen our structure, our investment structure and work in a more efficient way to tackle our different goals.
Other specific projects, we now, as one of the first official organization dealing with Internet resource management and Internet governance -- we're trying to build a strong relationship with other organizations working in the same technical engineering environment. We have signed an MOU with AfNOG in Cairo to support each other activities and especially supporting AfNOG training program.
We are discussing with other organizations like education network, association of ISP to get a more stronger relationship and work together toward more awareness in our community.
We have also decided to be part of ITU-D, to be ITU-D sector member. Why? Because it allows us to be closer to policy maker in Africa and being able also to reach out to political environment, because, in Africa, as you know, ITU has a very powerful influence on everything related to technology and especially telecommunication and Internet. So, being member allow us to attend meeting and talk about what we are doing about Internet resource management. And it has been very successful so far.
We have also launched a program called 6Mandela, which is the program on awareness. And part of it is the training we are providing along with our LIR training. So, the 6Mandela Project is very, the idea is very wide. It's from training to more -- I mean, more technical thing around activities. So, we are still working on some details about that. And it will be formally launched soon.
That's all as updates. Our upcoming meeting is in Nairobi, 16 to 17 May. It will be held back to back with AfNOG 2007. And our second meeting for 2006 will be in Mauritius from 27 November to 1st December. So, you are all invited to attend those meetings. Thank you. I have nothing more. We're happy to answer any question if there is.
APNIC Update
MR. PLZAK: Okay. Next topic is APNIC. And it's Save.
MR. VOCEA: Greetings from APNIC community. My name is Save Vocea. I'm the policy development manager for APNIC. On the recent APNIC 21 meeting held last month, we had discussion on applying HD- ratio to IPv4. There was no clear decisions made during the discussion. So, let's say that we decided to give it a four week comment, final comment which expires on the 14th of this month. So, that's this Thursday. So, after that, we'll make a decision to abandon these policy proposals or carry it forward.
There's been what's going on in all the other discussions is the 4-byte ASN policy proposal. This was endorsed at the APNIC 21 over the final comment period, month of May. In 2005, these were the successful policy proposals that have been endorsed in the APNIC community. Some of them have been implemented. There's the URL if you want to see more or read more about the proposals.
I'd like to just now share with you the secretariat activities since they were last presented last time by Paul Wilson. Staff are embarking on what is called a client first project to relocate how we can stimulate some of the procedures and even offer better services to the community and to our membership. And this is looking into how we can improve resource request, interaction with members. And what we've done is -- new home page has been redesigned for faster loading.
There continues to be request for training from our community. And our training team has been very busy with delivering of courses of Internet resource management, also offering workshops in routing and DNS. And they're delivered in 34 locations last year, covering 22 economies.
Aside from the physical training, we have also developed e-learning, which is on the way. And the first module for this will be ready by APNIC 22 so that anyone in the community or from the ISP can do his training on line.
We've also engaged Jordi Palet to come APNIC secretariat and offer a train-the-trainers workshop on IPv6. And that's next month.
As you've heard yesterday from the panel on resource certification using X.509 certificate and what APNIC is doing, how it's involved, we would have to facilitate a workshop for the RIRs staff and others that were interested and this was done in APNIC office after the APNIC 21. You heard Geoff Houston yesterday. He updated on what APNIC strategy is.
Also, the secretariat has been able to cutover now to using VOIP telephone services and, you know, it's really important for us to do it because of cost savings that's involved because of the Asia Pacific region is quite a big region, people calling in. So, there is a SIP address for the Help Desk so that people can contact APNIC directly through VOIP.
One of the projects that the members have been involved in is a debogon project as well as today, what people -- and what they're currently doing is try and investigate with a test group on how they can better this service for the members without facing these problems
We have MyAPNIC as an ISP portal for management of IP resource and we've also developed a MyAPNIC lite version. It is to provide a faster access to the IP resource portal. And especially for those economies that face the difficulties.
I must say that -- ourselves, we have some very creative minds, the staff. We have developed Flash movies about APNIC activities and these are all downloadable from the website just to help people understand better what APNIC activities are. And during the last meeting in APNIC 21, we also developed and provided APNIC interactive CD which has resource material in it. People can use that as well in training and also during our outreach-
In the areas of research activities, there's going on like Geoff is our research scientist in that and he's been doing a lot of work in 4-byte ASN, continuously bringing out BGP reports and he's working on IETF.
Now, ICON which is an on-line portal for ISPs was developed in response to a community feedback and what I've put up here is the web site and the URL and I'd like to this community to also have a look and see if you want to subscribe. It's like one-stop shop for ISPs and please do come in and participate and contribute and see how you can help the community develop, please.
In the areas of outreach this is an important area that APNIC has also embarked in to outreach to the operative group, we have a few operator groups in the region, like China, New Zealand and the Pacific Islands and also in South Asia. And we've kind of helped in the programming and resource stuff and also to support the content in some of the events that these NOGs operate.
IPv6 summit, APNIC secretariat staff do get to attend some of the summits to update the community on what APNIC is doing in terms of v6, all the -- in the different countries and economies in the Asia Pacific and this week, some staff are in China to also present on this and following on that later in the month, there will be an APNIC summit in Thailand.
Internet governance has been around and APNIC through the NRO has been participating in the WSIS and also, as a result of that, they'll continue to participate in the Internet governance forum. But there is a report, I think later on this morning. So, I won't talk too much.
APNIC has been involved in the Pan Asia ICT research and development grants program. We provide some field money to the program so that we can help the region with ICT programs.
APNIC has also forged relationships with a lot of other industries stakeholders and there is -- has been signing with a lot of ISP associations and just recently, we've had a memorandum of understanding signing to the ISOC chapter of Australia, NIDA in Korea and the Pacific Islands Chapter of Internet Society that's based in Fiji.
Now, I think most of you are looking forward to this and this is where the APNIC's next open policy meetings will be, two upcoming ones, APNIC 22 in Taiwan and also in 2007, with APRICOT, the meeting will be in Bali so, I'd like to cordially invite you to come and participate, either physically or via remote participation.
So, thank you for listening and any questions?
LACNIC Update
MR. PLZAK: Now, LANIC.
MR. ECHEBERRIA: Thank you very much. Good morning everybody.
I will -- My name is Raúl Echeberría, I'm the CEO of LACNIC. I will report the LACNIC activities in the last period. It will be a very brief report because many things have been said by other speakers.
As usual, I don't know if it is useful to show this graph but I do always and I will continue doing it until somebody tells me to stop please.
But as you can see in this graph, it's the same that Adiel showed in the AfriNIC's report, it is that the growth in terms of allocations of IPv4 in the region. This graph shows the number of allocations made semester by semester.
It's clearly -- there is a continued growing in the allocations in the region. But I don't know if it's good or not but it's what's happening.
Now, it's good because in the developing regions it means two things. The first one is that the market is growing and the second one is that we are serving the community in a better way.
This is the same graph but in /24 numbers of allocations. It also shows that the number of IPv4 allocations is also growing in the region.
The most interesting thing maybe is what's happening in relation with IPv6 in Latin America. As I reported in the last ARIN meetings, LACNIC has started to work in 2004 doing many actions intending to promote the IPv6 in Latin America, not only because IPv6 itself, but for creating an innovation spirit in the community.
The research has been very good and you can see there, we have made 34 allocations of IPv6 in the last year, that is much more than all the allocations that we have made in the previous four years.
As we have worked very much, we organized many activities, workshops and other things that I will comment in the next slides.
The 57 allocations of IPv6 that we have made are distributed and the distribution of IPv6 is more interesting than IPv4 because we have made allocation in most of the countries in the region.
The membership is also growing, we have created some more categories as we have six categories depending on the sizes of the space of the space the ISPs are managing but we also have other categories like end-users or members that are only members but they don't have IP addresses allocated.
Then the total number of members until today is 339 members but it's very interesting in Latin America.
LACNIC, besides the part of doing or trying to do it's core business very well and better every day, it's also involved in many activities in the region and to promote the information society and the growing of the Internet.
This is because there are not many organizations like LACNIC that act in all the regions.
This is because we have leaded the work in matters like IPv6, as I said in previous ARIN meetings, we organized last year what we named a IPv6 tour that consisted in 10 meetings in 10 different cities in 10 different countries.
In total, we had more than 2,500 participants. People from governments, technical communities, students or professionals, ISPs. Different kinds of people- it was very broad and very public. And this was one of the reasons for the growing of IPv6 allocations.
We also host the Latin American IPv6 Forums, the IPv6 Task Force, we have organized many workshops, and so we found persons also related with IPv6.
We have also another project that is named RAICES Project. RAICES means fruit in Spanish and the goal of this project is to deploy root servers in Latin American.
We have launched the first root server in this project in Chile in last December together with the Internet Consortium and we are planning to fund three more this year, one in Venezuela, one in Argentina and one in Panama.
I have talked many times in the past about FRIDA Program, FRIDA Program is a program that is ran by LACNIC with the support of two organizations that is good to remark that are funded by the Canadian government, that they are IDLC and the Institute for Connectivity in the Americas.
And also, we with important contribution from Internet Society and the Global Knowledge Partnership.
Through this program, we are funding at this moment 26 research projects in different areas, social, technologies, public policies and relation and technical approach.
We are, at this moment, finishing the Frida program in its first version and we are preparing the Frida 2 to be launched in the second part of this year.
And we hope to continue having the important sponsorship and support from the organizations that have participated in the first part of Frida.
We are organizing three meetings in issues not exactly related with IP addresses but in the interest of the community, one that has been done in Uruguay in the past month and other two in Bolivia and Colombia. So, we are supporting two new communities, NAPs and Security. And both committees will meet during LACNIC IX, our next meeting and we still hold cooperations with many other organizations, CLARA, ccTLDs, and also a federation of ISPs that promote the use of electronic commerce.
I explain that because this is very interesting in Latin America. There is -- eLAC-2007 is a set of verifiable goals related with the development of the information society in Latin American region.
And it was the -- of the regional conference that was held in 2005 in Rio de Janeiro as part of the proprietary process of the WHOIS.
The government then has met in 2005 and they approved this document with 70 -- I don't know if goals is the right word but 70 achievements that they expect to have before 2007 regarding -- promote the development of the information society.
Governments are still working on implementation of the plans and we have taken what we do against this document and we have discovered that LACNIC has activities that directly contributes with the achievements of 25 of the goals.
Then it shows clearly that LACNIC is a key player in not only in addressing issues but also in the promotion and development of the information society in the region.
And so we show that as a clear example that the only way to develop information society is through the private and public partnerships and this is a concept, an idea that we promote in Latin America.
We expect to have our new facilities for 2006, we have bought a house in -- a new house in -- very well located in Montevideo in Uruguay, that's -- we are -- we will restore this house, it's something that is going slowly because it's an area that is protected by many roles by the municipality and we are trying to get the project that it could be accepted for the authorities.
But hopefully, the second picture shows the -- what will be my -- the view from my desk in some moment of this year.
And so, of course, all of you are invited for the opening in the -- I hope in the last quarter of 2006. Oh, it's beautiful.
Okay, now, Einar already informed about the policies that are being discussed in every region but this is -- I believe it would have seven proposals that are opened and under discussion and they will be considered in our next meeting: WHOIS privacy, how to do end-user resources, the allocation period -- that is the time that we consider in which we evaluate the needs for making the size of the allocations, the ASNs like here and HD ratio on IPv6, there is -- the discussion is similar to the discussion that has been hit in this meeting. And also HD ratio applies for IPv4, the size of the locations in IPv6. There are some concerns that have been expressed in the community and not only in the public list but also directly to the staff or the board of LACNIC.
One of them is regarding the harmonization of allocation practices in all the regions, basically the main concern is regarding the allocation period that we are using different allocation periods in different regions.
And this is something that is being addressed by the NRO and we are very optimistic that we would have improvements, important improvements very soon in this point.
The other concern that we have received and it will be present in the next meeting is regarding the usage of HD ratio and IPv4 that is -- has been discussed in other regions.
The comment is that the people see HD ratios as something that if you say in all the regions, it will increase the consumption of IPv4 addresses dramatically and you use it in only in some regions, it would produce bigger inequities in the distribution of IP addresses among regions. But this is also that we think that it's been understood by everybody as we are also optimistic in this point.
We will have many activities during LACNIC IX, our next meeting, our annual member assemblies that we consider the annual report of 2005, some changes in the fee structure, and also the relationship between LACNIC and other regional stakeholders.
We will host, as I said before, a security Latin America forum that is looking for better coordination among operators in this specific matter. We will host also the annual Internet exchange point meeting, the open policy forum as well, sure, and Latin American IPv6 forum, and, also there will be meetings -- organizations that will meet together with -- in parallel with the LACNIC meeting. That I think, all that make our next meeting very interesting.
Meeting will be held in Guatemala City from 22nd to 26th of May. Guatemala is a very exciting country, it's the main source of the Mayan culture, and I think that's all the people that will join us in the meeting will then show you also the country. That's all. Thank you very much.
RIPE NCC Update
MR. PLZAK: And now RIPE NCC, Axel?
MR. PAWLIK: Good morning everybody. I'll be rather brief. I've heard threats made against me if I would take longer than five minutes, I would be dead. So I'll be rather quick.
I have taken out all stuff that would have been discussed otherwise, policy stuff and the like, so I'm not talking much about that. Well, we have an office on the water as well. Wouldn't want to swim in there though.
All right. Basically this year we are in maintenance mode. We do lots of little things to improve our documentation, to improve our infrastructure and the like, so here is a list of things that we have been done to our documentation.
Training. Our training material has been revised. We also hear that our training is just very, very, very popular, so we are trying to reach out to other audiences. What we are doing also is, what we have been doing for quite some time is we have handed out leaflets saying that "If you need a speaker for your event, we are happy to come." So we see that's flowing back very gently and we are being invited through to other audiences, other parties there as well.
All right, I said our training was rather popular, so we thought we cannot really go out and go to all the places that want us, so we do this e-learning thing basically over the web. We have started to do that, some of the plans are on the slide here, and it proves quite popular.
All right. Systems upgrades internally, what we are doing is basically we are with the view of being able to develop our services and to give our services to our members more smoothly and more gently, we are looking at our back office basically, and, well, that's what we've been doing.
Also, we are looking at ways of shuffling our organization a little bit, but you know, we'll talk about that next time, whenever we decided what we are going to do. But it will be always better.
Membership liaison. We do these regional meetings to reach out to our members, or sections of our members in the non middle and western European part, so we have been going to the Gulf region for quite some while, and also to Moscow, and those things prove quite popular. We've been -- or just someone to go already, been in Qatar and now we are looking at another meeting in Moscow, probably during the September period, and also looking ahead into late this year, or probably earlier next year, January, into the Gulf region.
Also, we have been doing for quite some time round tables for government, and governments and regulators. On a relatively small scale, we just invite everybody that we can think of, and about 40 people came this time to Amsterdam in February, and we hear comments routes or other channels that those things are seen and are appreciated quite a lot, so we will continue to do them.
Also, as you've just heard is that some of the governments love them, but find them a bit too remote from RIPE meeting, so they would prefer some integration of the RIPE meetings. My theory is just when it comes to the big party of the Thursday night, which is great, and it's good governmental relationships there, so what we do this time, we'll have a bit, not quite above, an hour, or 90 minutes, probably on the Friday morning, where we'll discuss and see a presentation or two from those government people, how they think that that should be working. So we are quite happy to see them streaming through into the RIPE framework there.
All right. Also, apart from the regional meetings, we'll also do these governmental things in Russia and the Gulf region. I have been approached two weeks ago, where was it -- at the ICANN meeting, right, by a gentleman from Iran who says that they are going to convene 15 governments from within their region, and wouldn't we like to come there and contribute to that, and I said absolutely. So we'll see what that brings.
Covered governments. Basically, yes, earlier this year, we had our general meeting with the planning for this year -- no, that was last year -- It's too much traveling, too many meetings.
So last year we planned for this year, obviously, and now this year, we are looking back at last year - that is confusing, isn't it -- so we just have our annual report out, and it is being published on the web as we speak basically. The interesting thing here is that it's going very well. We have managed again to have more than two and a half million year of surplus, which we try not to do really but we always fail. Our board has decided they want to have about 12 months of reserve, operational costs reserve, and we are going past that, beyond that, so we'll again have to drive down the fees this year, later this year, with the view of producing that reserve, and then of course, we'll make more members come.
Currently we have 4,300 and a few members, and commence to adhere a very nice growth graph there. That's a very good thing, we've decided to do similar things, make it easy for new members to sign up, and we have been terribly successful with that, maybe too successful. We have heard -- we have heard from one person calling in and begging us to credit this invoice because he doesn't really want to become a member, it was his 13 year old son who signed up, and, well, apparently it's too easy.
Okay, let's see. Right. We will also be talking about the certification activity that probably we are going to take up as well, and that, as I see it, will also have an impact on our membership relations, maybe the financing model that we are using, accounting will be affected, or maybe will change, so we'll talk about that in this membership relationship governance part of it.
Right. Enhanced corporation, that comes out of the WSIS. That seems to work quite well. And what we also find, it's a bit annoying when it comes to those big, let's say UN governed, UN-process governed meetings, and everybody has nice little name plates in front of their seats, and we don't. So we don't like that. We thought we'll also go the way that APNIC has gone before us, and accredit in the UN- way, basically to be recognized as a body that has something to contribute to in this field. So we'll see how that goes. Paul is busy doing that, and there is a deadline looming, so, well, we'll see. I'll report on that next.
Okay, in two weeks time, there's way too many meetings, in two weeks time, we'll all come to Istanbul, I hope. No? We'll all come to Istanbul.
The meeting is bursting at the seams already in terms of time. We are a little bit pressed there. And, of course, you also see that all the evenings are full with exciting side events, apart from governmental relations at the big party. So, there are -- every evening, we have something, I think the address council is meeting everywhere all over the place there. So, it's full. But it cannot be full enough. You're all of course happily invited to come, if you have the time, if you don't get too confused afterwards the meeting you have been at, and let's meet.
If you have any questions or any comments on what you would like to hear from us, then I'm happy to take that on. Also, if you give me any comments of what you don't like to hear from me here, then I'll make it even shorter next time. Thank you very much. Thank you.
IANA Activities Report
MR. PLZAK: Okay. We'll be making a slight agenda modification at this point. The NRO NC report is not ready at this time. So, we'll now call upon David Conrad to put on his black jacket and come up here and provide the IANA activities report. Now, let me check, is Geoff in the room to throw springs and arrows at you? Yes, there he is right there.
MR. CONRAD: So, I'm David Conrad. Some of you might remember me, I was here once. Now, I'm general manager of IANA's. I'm working for the evil empire known as ICANN. Over here, I'll just talk a bit about statistics, because everybody really loves seeing numbers, and graphs, and stuffs, so I have to do that.
Vancouver, I sort of gave - the Vancouver ICANN meeting - I gave a presentation that describes some of the issues that I found at IANA as I joined it. And I'm just giving sort of a little update of that. Talking a bit about some of the projects that are ongoing at IANA and some goals that we have for the next ICANN meeting. Just so you know that I'm actually trying to do something as opposed to taking back, watching my yacht in marina Del Ray Harbor.
This is the current structure of the IANA. I report to Paul. To me, and I currently have Barbara Roseman and Kim Davies on staff reporting directly to me. I have a software developer who is helping us out with some projects. And I'm right now looking for -- to fill two slots. And then, the normal IANA staff, Michelle Coven, which many of you might know. And Yosha Patron who actually was with me at APNIC not long ago has -- didn't want in the first time and has rejoined the nightmare that is something that I run. Yes.
The two little boxes down there at the bottom, one of the problems that we've had is maintaining staff to do reviews of IETF related resource request, simply because they tend to be perhaps not the most exciting jobs in the world as well as the fact that being in the LA area results in people like wanting to go work for movies and stuff. And strangely enough, they prefer movies over reviewing Internet drafts.
So, what we've done is take an approach where we bring in part time people, get a raft of people to try to do this, since it doesn't require a whole lot of technical knowledge. But it does require some experience with the IETF. So, we go to IETFs and figure out who's bored and sleeping on the hallways and ask them if they'll help us. If you're interested, let me know, with that sort of buildup.
So, most of the statistics you'll see follow these sort of patterns, you know, you've got stuff measure going up, and that's bad. Or you got stuff going down, that's good. That pretty much describes all the statistics, and I won't talk anymore about that. Okay. Ah, but I lied! All right, our statistic's really boring, because actually bother me that much. You know, it's like three requests, you know, we processed three requests in March. Wo! Well, you know, I got to have time for my yacht.
Root zone management, this is where we go and scribble all over the root zone and the DNS. Maybe we got a few request of that, and it's, you know, again, yes, it's going down, see. That's good.
Internet drafts, we have to actually review every Internet draft for IANA considerations. And, for some reason, in March, there was a spike in the number of requests, Internet drafts that were posted. That's causing us to actually fall a little behind. But I don't expect that to last, because the IETF members produce that many documents.
Port requests, yet another yeah line. See, it's going down, that's good. We still have quite a few in queued. This is due to the fact that at certain points in the past, for some reason, there was a decision that we didn't really need the process port requests. That has since been remedied. And we are actually kicking the queue down. Right now, I believe we're actually working on some port request that went back to 2001. So, if you happen to have submitted a port request a long, long time ago, you might get mail from us. This is sort of a --
MR. WOODCOCK: Does that mail that we're going to get from you say the request has been honored or --
MR. CONRAD: Yes.
MR. WOODCOCK: -- does it want more information?
MR. CONRAD: Sometimes, we -- well, we actually request more information, you know: Do you really want to continue with this? Yes.
SPEAKER: Does that hold true for Bill?
MR. CONRAD: Except for Bill.
MR. WOODCOCK: Okay, and then, it's an automatic accept?
MR. CONRAD: Yes, every one else. I'm sorry?
MR. WOODCOCK: And then, it's an automatic accept?
MR. CONRAD: Yes, that's right, yes -- As with everything with you, Bill, automatic accept, yes. So, this is one of these yeah kind of -- because it's going down eventually. PIN requests, these are all IDs for people afternoon. We get quite a few of these, fortunately, they're sort of easy to process. And we're actually, this is a process that we're already almost automated. So, that number will eventually go down to hopefully zero. So, those were statistics. Wasn't that exciting?
So, when I first joined ICANN, I had the opportunity to sort of see where things were -- how things were working or not. And, in Vancouver, I gave this sort of table that showed the things that I saw. And, in general, we're still working on a lot of them. The management focus -- That's not me as being the manager, because I'm completely unfocused, but my boss and above.
That was a problem in the past with IANA. ICANN did not have a full understanding of the role of IANA in the Internet. That has -- actually was resolved by the time I joined. I have never had any difficulties getting any of my cross-requests, including the 40 foot yacht in Marina Del Ray honored. No -- There we go.
We also moved to single ticketing system when I joined IANA. Various resource requests were either in no ticketing system or in two ticketing systems which seemed a bit sub-optimal to me.
That's been fixed, trying to migrate some of the historical data that existed in the multiple ticketing systems and to one.
The two things that are sort of outstanding at this point, we have problem that the IANA data is spread out over a whole variety of different databases, everything from Access database, believe it or not, to my sequel to text files to a couple of MFLs and all of this makes things a little more complicated than they need be, we're in the process of trying to reduce the number of databases and part of the process of automating a lot of our stuff will be to actually immigrate into a single database or two. Other stuff.
SPEAKER: Excuse me --
MR. CONRAD: Yes.
SPEAKER: Could you read the target date --
MR. CONRAD: Oh yes, target date.
SPEAKER: We certainly want internationalized domain names, not date.
MR. CONRAD: Well, it's sort of close, but actually -- when you're at ICANN, you actually measure things and meetings. Time is measured in meetings and that is Marakesh.
The next ICANN meeting in Marakesh which, of course, if you're going to Marakesh, you want to go at the end of June.
SPEAKER: When they're filming the next Star Wars movie --
MR. CONRAD: Yes, that was Tunisia, yes. So, moving right along. Actually I did that because I didn't want to be -- I didn't want to commit to a particular date so I wrote it in Arabic.
IANA projects, we currently have a whole bunch of things going on, trying to clean up or improve efficiencies in various areas.
This table sort of provides a listing of -- well, you can almost see the colors, of the major projects that we have ongoing, we're going to have 24 x 7 x 52 availability which means that we're going to have a call centre who can -- perhaps people in various odd times and no, I'm not going to give that to Bill.
Let's see, the other ones of interest, the X.509 addressing -- stuff. IANA is participating in meetings, it's not entirely clear to me at this stage what role the IANA should play, whether we're five or six or, you know, where the one -- binds them all or whatever.
We will continue to participate in meetings until, you know, someone figured -- someone tells me what to do because that's what I live for.
The other thing that's sort of significant that I would actually request help on is this: we are -- the IANA Web page is -- the inability to define anything that anyone actually wants on the IANA Web page is probably the most consistent request or complaint that I have gotten --
MR. PLZAK: It's traditional.
MR. CONRAD: Yes, it is traditional, however, I don't like that particular tradition because I have to find stuff on the Web page and it drives me absolutely insane.
So, we've actually gone to the effort of producing a draft, proposed IANA home page and I have to put all these words in front in order to keep people from screaming at me that, my God, you changed something without getting community input, you nasty conspiratorial bastard, you.
I guess the conspiratorial bastard, anyhow, it's just the nasty part I'm trying to avoid. So, that URL is why it will actually put you at a page that thrives to explain what we're doing, we are requesting input on sort of the design.
We know that it's not complete yet, there are things that are missing, you know, it's a work in progress.
But we would appreciate any input that you could provide on -- you know, what you like, what you don't like.
Kim Davies is a name today, is on volunteer exactly, sort of shepherd this project, he intelligently put his e-mail address as the contact point for any suggestions or comments and I told him he'd probably regret that and he said, "Oh, no, no one will care, no one will send me e-mails".
So, it's now been my goal to see that he is buried in e-mails about comments, so please, comment on the Web page.
I'm intent on hiring two additional people within IANA. My goal is to make everyone's life who works for me a living hell. So, I have to spread that pain. We are putting some automation projects into limited production. We have this back log of requests of various kinds that I have committed to clearing by the Marakesh meeting.
Many people have complained that they actually don't know what ICANN or IANA does. Well, ICANN as well, but that's a separate issue. So, I've actually committed to update and publicly document all the IANA resource allocation related processes. This has actually been requested by not only people within the Internet, but also people within the government advisory committee. So, there's probably a good chance it'll actually be able to get it done.
We are in process of recording data more consistently and comprehensively and the intent is to actually provide that publicly. And, eventually, we will publish that web page. So, if you want to see your name that lights up on the web or something, provide comments and we'll provide an acknowledgement or something. So, any question? Oh oh. No.
MR. HUSTON: You're probably going to say no anyway. Geoff Huston, APNIC. It would be really helpful for those of us poor victims who have to pause the weirdly inconsistent outcomes of your work to actually ask for some degree of structure and authenticity in your registries. When are you going to give us external structured data and sign us?
MR. CONRAD: Oh, that would make things too easy.
MR. HUSTON: So, the answer's no?
MR. CONRAD: No, the answer is yes.
MR. HUSTON: I'm shocked.
MR. CONRAD: In fact, I was just speaking with someone who was sitting in this meeting about that very issue while I ate a cookie just out there. We are in the process of -- part of the process of the automation, where I said we were going to try to raise the number of databases, is to actually go into the data and XMLise that data. I'm not an expert in XML. So, I'm looking for XML experts who will help me come up with the scheme, if necessary, to take the data, present it in an XML structured XML format as well as presenting it in the classic fashion in that some people at least are help people who really want to see, they're not programmers. So, that is something that I've committed to. But, because I don't know XML, I'm not willing to commit to a date at this point in time. It is one of our more exhaustive goals that we're attempting to meet.
MR. HUSTON: And signing it?
MR. CONRAD: Signing it? Sure.
MR. HUSTON: Great!
MR. CONRAD: It's easy. Do you want that with my signature or --
MR. HUSTON: Kim Davies, I believe, is --
MR. CONRAD: There we go, very good. Yes. Yes, Bill.
MR. WOODCOCK: Yes, my signature --
MR. CONRAD: Oh, Bill's signature. How does Bill's signature sound?
SPEAKER: Or Bart?
MR. CONRAD: Or Bart! Any other questions? Thank you very much.
MR. PLZAK: So, thank you for that very comprehensive report, David. Actually probably the best report I've ever seen at this meeting from a person claiming to be from IANA and will admit to it. Yes, I'm damning him with faint phrase. Okay.
SPEAKER: Yes, reverence is not generally and I can't relate it virtue.
MR. PLZAK: Right. So -- Yes, David, we do miss your presence on the ARIN board, one last person to harass Bill, but, you know, we're getting along. So, anyways, we are at the magic time in the morning for the first coffee break. So, let's do that and please be back at ten 10:45 when the bell tolls. Thanks.
NRO Activities Report
MR. PLZAK: The NRO Activities Report by Raúl, wherever he is. Okay, I guess we ought to toll the bell again and go -- I'm going to go get the gong. Here comes Raúl with all his stuff, so I guess he's going to bring it up here for his presentation on his coffee and cookie.
Yes, it's your turn. You're a very popular person, you were so entertaining earlier this morning, we had to bring you back for an encore. We can give you one minute. We got a little heavy metal back there, Jason? We could always bring David back up here to give us some more IANA statistics too, couldn't we?
Okay, Raúl is going to be doing the NRO Activities Report.
MR. ECHEBERRIA: Okay, it's me again, but with a different hat. Now I will make the report of the Number Resource Organization.
When I saw that yesterday the statistics that Ray presented about the participants, I realized that there were more than 50 persons that came to the meeting for the first time, then I had to change some slides to give some more information about the NRO. But don't be afraid, I will be very short.
The Number Resource Organization is an organization that was formed by the Regional Internet Registries in October of 2003. The goals of the organization is to formalize through corporative efforts among the RIRs and protect the unallocated number resource pool, promote and protect also the bottom-up policy development process, and to act as a focal point for internal community in input into the RIR systems. I should add that not only to act as a focal point for receiving inputs, but also to represent the addressing community in different international forums.
Then, the Number Resource Organization will also form at that time for existing RIRs and AfriNIC joined the NRO when it was formally recognized.
The structure of the NRO is the following. We have an Executive Council who is the body who represents the NRO, the Numbers Council and the secretariat. And also, the Executive Council creates coordination groups in different areas.
The Executive Council is formed by one representative from each RIR, usually the representatives are the TOs, and this is list of the members of the Executive Council. I'm the Chair this year, Ray Plzak is the secretary, Paul Wilson is the treasurer, and Adiel Akplogan and Axel Pawlik are happily waiting for new responsibilities in the next years.
The offices rotate every year, what it means that next year, Ray Plzak, if he continue being the representative of ARIN, will be the Chair of the NRO, Paul Wilson will be the secretary, and I will have two years of vacation.
This is the picture of the EC members. You can realize that all of us look a bit younger than now, this is because the picture was taken more than one year ago. I think that it was the last time that we met face to face all together.
The EC meets periodically by teleconference and/or face to face. Last year, we had 10 meetings, as all the meetings are available at the web site, it's a good idea to access the web site and look not only at the meetings of the EC, but also at all the documents and information that there is available in the web site.
In October 2004, one year after being formed the NRO, we signed an agreement and memorandum of understanding with ICANN. And with this memorandum of understanding, the NRO fulfils the role and responsibilities and functions of the ICANN address supporting organization. As you know, the ICANN has different supporting organizations in different areas, and the address supporting organization is one of them than the NRO, because this agreement fulfils the responsibilities of the address supporting organization.
This supporting organization has a council that is named the Address Council, and I will not speak very much about that because there will be a report of the Address Council, the Number Council activities in the -- after me, then, but I will mention something, the -- because this memorandum of understanding that we have signed with ICANN, the NRO Number Council fulfil the functions of the address council of the ASO. The Number Council is an advisory body in number resource policies. It is composed by 15 members, three from each region, and two of those three representatives of each region and community are elected in a large way by the community, and the other is appointed by the respective RIR Boards.
Also, observers from the RIR staff and ICANN observers participate in the address council, Number Council.
The term of office is three years, the Number Council advises ICANN Board, select ICANN Board members too, select also one member to the nomination committee of ICANN. This is the list of the address council members, but as I said before, I think that Martin Hannigan will make a presentation later about the Address Council.
The NRO also has, as I mentioned, coordination groups. At this moment, we have three coordination groups, the communication coordination group, engineering coordination group and the legal team.
The communication coordination group is chaired by Susan Hamlin from ARIN, she's here. The engineering coordination group is chaired by Ginny Listman. She's also here. This is because the chairs of the coordination groups rotate together with the secretariat of the NRO. The coordinator of the legal team, therefore, is Steve Ryan is the general counsel of ARIN. He's also here. I don't see him, but -- okay, he's in the last row in the --
This is the list of the current main topics that are under consideration of the NRO. Some procedural issues, like procedures for the address report and organization, the Executive Council is responsible for setting up the procedures for Address Support in Organization Address Council, then we have been dealing with procedures like how to select the -- how to appoint people for the ICANN board, how to call meetings, and many other issues. As we are discussing the charters for the coordination groups that are being under consideration right now.
Regarding Internet governance, we are busy in all the tasks related with the WSIS follow up. The WSIS, I don't know if all of you know, but is a Summit on the Information Society that was filled in the -- okay, also speaking about that. Thank you very much. As we are also dealing with the establishment of relations with ITU and with a relationship with other bodies like the Governmental Advisory Committee of ICANN.
We are also discussing the NRO incorporation, and a possible contract with ICANN IANA about the services that IANA provides.
This is a set of links that probably you will find useful. The website of the NRO and the websites of all the RIRs. That's all. Thank you very much. Any question?
MR. PLZAK: How many people want to see Raúl come back for a third time? Sorry, Raúl, you cannot leave to go to Montevideo to work on your new house. Your family can stay on vacation without you.
Internet Governance Forum (IGF)
MR. PLZAK: Okay. Now, we're going to have an information presentation by Lynn St. Amour who's the president, CEO of the Internet Society and -- where is she? Oh, she's back there. Okay.
Lynn was supposed to be here Sunday to participate in the foosball tournament but was unable to get here. I mentioned yesterday that there was a challenge that would have been issued last night to the bean counters and it did occur. And I'll let Lynn come up here and talk the trash but the bean counters that they had the trophy there, they would no longer have it in their possession because they were -- So, Lynn, could you please come and talk to us about the foosball match and if you have some time, we can hear about the IGF.
MS. ST-AMOUR: As I'm not going to talk about the foosball match or the soccer table match and I've never heard Internet governance referred to quite so directly as trash before but --
SPEAKER: You need to get out more.
MS. ST-AMOUR: He thinks it was a late night last night.
MR. PLZAK: We have pictures, Lynn.
MS. ST-AMOUR: I have to admit: That I'm sincerely afraid of.
Just one or two quick slides on WSIS because WSIS is in fact the context for the Internet governance.
It's actually a process that was started in 2001. It was a full United Nation's World summit held in two parts in 2003 in Geneva, 2005 in Tunisia and its initial intent, and in fact ISOC participated in the brainstorming session that preceded the definition of WSIS and it was actually meant to tackle issues of ICTs and bringing the Internet to developing countries.
The secretariat was in fact the ITU which is the first place some mischief started to be introduced into the overall topic. Three issues in fact dominated WSIS: Internet governance was first and foremost - despite how it started and how it was built - financing strategies and ICT development and capacity building. And that order is probably a fair representation of the time and attention that it actually got from many of the world's governments.
Certainly from ISOC's perspective and many other folks, we talk about the Internet community, that being many people and organizations in this room, felt very clearly that that was backwards and worked very hard over the course of those four, five years to in fact reverse that focus with relatively little success in terms of reversing the focus, relatively good success in terms of damage control.
One of the outputs of WSIS was in fact calling for an Internet governance forum to meant to be a multi-stakeholder forum for dialogue, not an advisory body, not a policy setting body, a multi-stakeholder forum for dialogue, what we'd probably call a conference.
It also called for a process of enhanced cooperation and that touches the area that has the most concern going forward. I'll talk about both the IGF and the enhanced cooperation in a few minutes.
So, some of the key results from WSIS -- maybe this is the last WSIS slide. For Internet governance, there was minimal impact on the Internet structures for now. Any of you that participated in the process and certainly the RIRs, NRO, ICANN, IETF representatives, ISOC, many, many other organizations participated over the course of the four or five years, will recognize how serious the threat of damage was to the Internet until a lot of our structures and mechanisms.
Much of it is focused on ICANN and ICANN's responsibility. If you go back to its beginning, there was a lot of confusion over ICANN and their role and it was at one point, I think many governments assumed to be complete control of the Internet and covering everything to do with the Internet which, of course, we all know, isn't true.
It's clear that they were also interested in moving on to Internet standards and, in fact, you can find documents that actually talk about their intent to be much more active in Internet standards. It's pretty clear that telephony standards are slowly being replaced by IP standards and that clearly gives them some concern.
But back to a few results. One of the key results is there was a recognition of the role and the importance of the existing Internet governance structures organizations, processes, mechanisms. Very, very, very large education effort went on by many organizations in the room, the RIRs and NRO were very active. ISOC was obviously very active. IETF is active through ISOC as we are in fact their public face with respect to policy and education.
However, one of the things we didn't accomplish which we had, in fact, set out was to be recognized as an equal stakeholder, equal to government, private sectors, civil society. If you participate in those forums, you know that there are very prescribed roles and very specific definitions with respect to what those groups are, whether allowed to participate and when they're allowed to participate.
As one brief example, the United Nation's World Summit, the governments get six hours of participation and private sector and civil society got 15 minutes each for every six hours the governments got and it was extremely regulated, very -- arduous process in terms of lists. Your interventions are usually prescribed, written weeks in advance. So, it's a very formal process and not one which many people in this room actually find comfortable, as Scott just said.
One of the other key results was they did eventually, with some caveats, understand that there's a need to move the debate beyond technical aspects. As I said, they focused on many issues with respect to ICANN. Even in 2004, 2005, the key topics were still on IP address allocation and, in fact, one of the most heated topics was national allocation methods for IPv6 and that's still on the table in many areas. Route servers, DNS , -- for the moment, within the IGF context, they've agreed to set those aside. I don't know that that will hold if we actually go through the next six months and prepare the final agenda, but that is a tacit agreement that, you know, we just spent three, four years coming through that. We need to allow a year or two to let some of that settle in. It's clear that the Internet community heard some of the messages and are striving to make up processes even more accessible and even more open and even more understandable and by those enlightened governments recognize that time is appropriate in terms of letting that process advance and that it's time to focus on some other areas.
Some of the general results was there certainly was an increased focus on ICTs for economic development and capacity building, not nearly enough by many of our desires and wishes, but there was increased focus.
Very good collaboration with the Internet community. In fact, in Tunisia, at WSIS II, the IETF, ISOC, NRO, some of the CCtlds, Internet exchange points all actually shared a booth which is actually called the Internet and it was specifically to show people who are the organizations making Internet work web development continue to operate key aspects of it in one place and make it as understandable as possible.
We all work really well in this model. We have come used to with respect to -- we understand organization structures and boundaries and responsibilities and we actually respect them very well and we know who to turn to for different types of problems.
If you're outside this community it's not at all evident and in either field completely disorganized, completely, you know, by -- and, so one of the things we intended to do and we continue to do through a lot of our communications and really do need our, all of us, individually as well as some things we do collectively, just educate the world on the Internet, how it works, who makes it work, why it works, what are the principles and characteristics we actually feel strongly about is really protected.
The outcomes of WSIS was characterized as everyone was happy which in political circles means it was vague enough that everybody can translate the outcomes into whatever they'd like it to mean to them personally.
As I said earlier, one of the main areas to watch the enhanced collaboration, the IGF is moving along, data move along, I'm sure they'll be some rough spots, we know how to work in that process and we can manage that the enhanced collaboration is the one that's going to be a lot more difficult to understand, more difficult to participate in and possibly the most dangerous.
Different views on what the IGF is. A lot of people believe there should be a place to affect policy or government practices, that it should focus on things like multi -- policy dialogue or government civil society, private sector, all participate as equals and that that is enough as an end in another self.
There are others that feel that -- international policy, not operations but the policy for cost cutting international policy areas, that a forum such as that would, in fact, be helpful.
Others believe that it should be used to advance development agendas. The process for the -- to establish the IGF going forward, if it's actually lead by a representative of the United Nation Secretary General, that's Mr. Nitin Desai, who was, in fact, the -- the Chair and very active in WSIS too, for those of you who participated in either of those forums.
There's a small focus secretary in Geneva lead by Markus Kommer who is from the Swiss government and the IGF advisory group will be appointed by the United Nation Secretary General, he will prepare a slate of 40 people based on the work of Nitin and Markus.
It will have 20 governments, 10 civil societies and 10 private sectors. And if you notice what's missing there, the Internet community is not the fourth and equal sub-group, and we all argued very very hard that we needed to be separate -- a separate sub-group, separate group.
We don't fit easily in the private sector, we don't fit easily in the civil society according to the way the United Nations actually defines those groups and allowed to participation.
The goods news is that they didn't go to some civil society head and some private sector head and there are people that would count themselves as heads of those organizations who said, give me 10 names and got a government who say, give me 20 names.
In that case, we would have found ourselves in a difficult position of having to work within these other two -- two structures.
There's a tacit agreement that they will look for seven to eight Internet Community folks to participate in that group of 40 and they will manage the politics of pulling a group together and getting support from those three groups that are there.
So, we're looking for candidates, this is not an effort lead by anyone organization, the RIRs, I think through the NRO but I'm not certain, are actually going to be submitting some suggestions, ISOC will we're working with the IETF on that, we're also working with civil society in private sector as well, we're working with governments, we have good relationship with a number of governments, everybody is submitting their own short list of candidates and then Nitin and Markus will -- the same thing they did in the WGIG process, which is basically go to a period of socialization with key groups to make sure that the list is represented enough and everybody is happy enough.
The first meeting is in Athens very end of October. WSIS too actually called for five years of IGF, five IGF meetings.
It's pretty clear that that's not a firm requirement, if in fact, this one should turn out not to be useful and not well supported, they will certainly revisit whether or not there is ever a second IGF, third, fourth and fifth. Our contributions have emphasized focusing on development and the areas and impact access to in the availability of the Internet.
When it was pretty clear that we actually weren't going to get with this to stick fully to a development agenda, then collectively and again, you know, a lot of the organizations in this room started arguing that the IGF would be a reasonable place to discuss cost-cutting international public policy issues, those that don't fit neatly into any other form or body or process today and I think the rest of the items on there are pretty clear.
We also have been very very strong in saying that they should limit any new organizational structures or new meetings, I think we're already largely meeting out -- I said to somebody last night, given the Internet, you know, for everyone and it's developing the way it is, it's always the same few 100 people that go to RIR meetings, to IETF meetings, to ICANN meetings, to -- one meeting after the other, so I think there's more work certainly we all could do and I wished the United Nations would focus more on bring the Internet to more people.
I said earlier the IGF is not the end, it's simply one component of Internet government's activities.
The enhanced cooperation really will be the most important area to watch and if you speak to people that have been in United Nations -- and circles for some time, that's the area that -- concerned about and they do use words such as that is a place for mischief.
If there were any threats which we're going to come to, you know, we can loosely refer to it as the intermodal, it will come to that in enhanced cooperation process.
Some of the text and you can find out is on the WSIS site which is at ITU/WSIS, says that the enhanced cooperation is the process whereby governments, on an equal footing, et cetera, et cetera, will carry out their roles and responsibilities in international public policy issues pertaining to the Internet, including the development of globally applicable principles and public policy issues associated with the coordination and management of critical Internet resources.
And it's those last six or seven words that give us the most positive thought. There's a very very large range of interpretation as to what this means.
Negotiations are under way already with governments across the world through their established UN processes and procedures to influence that process.
At the moment, Nitin, again, he's the IETF Chair, is consulting informally and how to start that process.
One of the key elements, I think, people are looking for is to understand what happens within the ICANN and the GAC space.
ICANN has a Government Advisory Council and they've undertaken a process of evolution and reform and if that process should prove -- evolution should prove successful enough, the GAC will either become a vehicle for ICANN with respect to their specific area of responsibility, actually the main name system.
There are some people that believe that the GAC would be the natural place for other issues of Internet policy to establish itself.
There are even some government officials that talk about ICANN and the GAC as anything from becoming some sort of UN structure which would oversee coordination, management, et cetera of critical Internet resources.
So, we're all staying very very close to both the individuals as well as the individuals that are actually responsible for this within the United Nations process as well as working very actively with governments of the world, both those that share our views and those that don't, to our chapters through organizations like NRO, through meetings such as this, through meetings such as the right round table, to participate in that process and influence it, you need to influence it through participation.
Basically staying on the outside and saying, this is a bad thing and this is a bunch of people who don't understand the engine, don't know what they're doing, it's not going to stop the --
So, I think we've all recognized this as distasteful as we have found some of the meetings practices, processes, time wastefulness, et cetera, that it really is the only way to actually influence it.
One of the other things that we should all be aware of is there's a lot of discussions on the forum of the ITU, ITU, as a couple of critical meetings come up, they have something called the -- potentiary which happens late this year, November, I think that's also in Istanbul, if I remember correctly.
It happens every four years, it is where the ITU revisits their four-year strategy, four-year plan and four-year budget. There are a lot of preparatory meetings happening now, there was just one in Dowa with respect to the development agenda, there are a lot of sub-meetings with respect to next generation Internet meetings, spam meetings, every kind of meeting and regional meeting, et cetera, you could imagine, it's a very very intensive playing process, we actually did establish that plan and budget.
So, we are all participating very actively in it, you saw some of the presentations this morning, AfriNIC and folks are becoming members in various sectors of the ITU, that's specifically to participate in those processes and work influence them from -- from the inside.
Last comment, just -- this is really my opinion extremely, unfortunately, the beginning. Certainly success of the Internet is driven -- it's clear that engineer resources are considered by nations to be a strategic asset, I don't think most of us would argue with that point.
It's also clear that the -- has caused us concern amongst some governments which leads them to focus on governance.
So, what should we expect - and this is the last side - in the IGF that it will show immediate value or fail -- of the WSIS will turn away key governments and stakeholders. There are some that argue that's not a bad thing. If it fails, it fails because there's not then a proven need for or it was not successful in addressing needs that other people felt were important.
There will be significantly more activity enhance cooperation. I should say this is an important area of rights for -- Then, earlier, much rise on the ICANN and a GAC evolution. A lot of governments see enhanced cooperation as already under way, as I mentioned earlier through a lot of efforts that were all undertaken. I've been listening very carefully to what we heard through WSIS too.
Other governments in UN Organization see it as a tool to either achieve control objectives or give themselves a new mission instead of activities for the years coming forward. And, certainly, the latter group are very concerned by the Internet and its development. They're very, very active and very serious. And that's it. I don't know if you have questions or --
MR. BRADNER: I just want to follow up just a little bit on that and then maybe a discussion a little bit, because this is important. I talked about it at an ARIN meeting recently and put it -- and there was an article in -- had an article in the ARIN paper here. Basically, the message that we're getting is the Internet is too important to leave to the people who know what they're doing. And that's a very important message we're going to be getting and again, and again.
The ITU is going to be off and contemplating its navel and figuring out what its future is. But it feels that it has the power to do that. In the last ITU penny pot, they came up with a resolution that said fundamentally the ITU was the place to do Internet standardization. And so, they've gone off and proceeded along that line because they have decided that they are the place. And they are -- by God or governments or something to do that.
This is not something to ignore. This is something that could affect us all a lot. Not only ARIN and the potential of real confusion is indeed the ITU proposal of allocating prefixes, P6 prefixes to governments and letting them allocate within countries comes true. Or just in your day job of the ITU deciding that it's going to figure out how to do Internet settlements. So, you transfer traffic to another ISP. They're going to tell you how you charge the other ISP. Now, you collect money from the other ISP.
These are the kinds of things that are on their agenda. Don't ignore them. Please, if you have any discussion, Lynn has been doing a lot of work in this space and command her for that, but help if you can. I can almost see somebody standing at the microphone.
MR. HOWARD: Lee Howard, Stanley Associates. And, firstly, I just want to say: Yeah!
SPEAKER: Thank you. Feel a little better now?
MR. HOWARD: Second --
SPEAKER: Were you playing football last night?
MR. HOWARD: What?
SPEAKER: Were you playing foosball last night?
MR. HOWARD: No, I don't remember any foosball last night. Second, I wanted to ask: Given that I am not a government representative or even an employee of a major multinational telecommunication's corporation, it seems to me my options for participation are somewhat limited. And these are not -- Many of these organizations are not such that they have a public policy mailing list type of mechanism for participation. What would you suggest?
MS. ST. AMOUR: The private sector actually participates through the International Chamber of Commerce. And they're actually evaluating, as far as I know, some of their process with respect to participation. They actually work through a lot of national chamber of commerce structures. That's an option. I mean, if you seriously want to participate, you can send me an e-mail and I can help direct you into the right people to figure out what the right process is. It's st.amour@isoc.org.
MR. HOWARD: Thank you for the horror story.
Policy Proposal 2006-3: Capturing Originations in Templates
MR. PLZAK: I think Lynn would rather be playing foosball or, excuse me, the table soccer we now call it, than dealing with this better. So -- And Lynn, I also would like to thank you for the work you've been doing in this area.
So, we are now ready to move on to our first policy proposal discussion of the day. And that's proposal 2006-3 - capturing originations in templates. And we get to see somebody's removable diskette. And trying again. Ah ah. Okay. This proposal says that ARIN would in all IPv4 and IPv6 number transactions, collect, and display the autonomous system numbers which are permitted to originate a prefix. The AC shepherds to this are Mark Kosters and Suzanne Woolf.
This was first introduced on PTML in February of this year. It designated a form of proposal about a week or so later. The first public policy meeting discussion of this is at this meeting. There have been no revisions to the text since it was originally submitted. From the staff's perspective, significant resource impact, requires template changes, registration software change, directory services change, guidelines change and staff training.
Legal. From a legal perspective, counsel says none. However, counsel has an asteric note here. It says that the third staff comment, which I'll show you staff comments in a minute, indicates a potential issue by increasing ARIN legal responsibility in that as ARIN agrees to verify anything, it may create a legal liability if it is done badly. Staff comments 1, this could be addressed by alternatively enhancing the Internet routing registry. The proposal admitted the network modification template from this listing of template.
And there's a reminder. ARIN can verify that the request was submitted by a an authorized POC representing a vetted organization. ARIN cannot verify specifically the list of ASs that the user permits originally to address prefixes within the address block. In other words, ARIN cannot verify that a specific address ASN can be paired with a specific IP address.
We can tell you that the person that is claiming to be able to do that has in fact received those resources from ARIN. But that is as far as we can go with that. And that's why counsel commented as well.
So, discussion about 33 posts, 10 people, and I won't go through the comments. And so, I believe Sandy -- Oh, she snuck up behind me. Hi Sandy.
MS. MURPHY: Hello.
MR. PLZAK: You're on.
MS. MURPHY: Okay. It's an interesting aspect the way that the proposal process works that I did not have an opportunity to see either the staff or legal comments before I prepared my slides or before I got here. So, none of the slides specifically address the staff or legal comments.
I wanted to tell you where this proposal came from. There are a bunch of people who've been participating in a set of workshops addressing the problem of securing the routing infrastructure. We all know that this has been a problem that's been discussed widely for a long time. There have been a plethora of different solutions suggested, none of which have maintained or even gotten any interaction at all.
So there were three workshops held and the participants were operators, router vendors, researchers, people from the registry trying to come to some idea of what a deployable solution might be. DHS was the host, and this was reported on at a directory services round table at the last ARIN meeting. There's a web site there that you can go to for some of the papers that were presented at some of the workshops.
Okay, so, there was a strong call, one of the things that ran through the workshop was that it would be very, very good from the operators standpoint to be able to come up with an authenticated list of authorized prefix originations, which ASs are authorized by the prefix holder to originate a route to that prefix. This would be useful in many different ways. It would be useful in responding to customers' requests to route a prefix. It would be useful in debugging routing difficulties who is actually supposed to be announcing that prefix. It would be useful for those people who are building routing filters to have an authenticated authorized list from which to generate their routing filters. And it is also the necessary first step for any of the routing security proposals that have been put forth, the very necessary first steps in protection of BGP advertisements.
Okay, so the operator's suggestion was why don't we add a field to the ARIN templates to collect the ASs that the prefix mentioned in that template are allowed, the ASs, the prefix holes are allowed to originate a route to that prefix, and then publish this in a collected list so the people could download it and use it in a way that's described. Possibly this might also be individual queries.
So, I was told that you needed to have a slide with a proposal text, so this is the eye chart, and then here it is spread out over two slides, it will be a little easier to read, and I've underlined what I believe to be the really key phrases here.
The requirement is that ARIN would add an optional additional field to the IPv4 and IPv6 address block transactions, and I originally had a list of all the transaction templates, and it was suggested that that was putting restrictions on what might happen in the future with the ARIN directory services, so I expanded that to try to describe them, and in the process, managed to not have a description which matches the NETMOD template. I beg your pardon. But the additional -- the optional additional field would have in it a list of the ASs that the prefix holder says are allowed to originate routes to that prefix.
This is an advisory field only, it is information from the prefix holder, it is not something that ARIN is validating anymore than ARIN validates and verifies the net name that you put in a template.
ARIN is asked to produce a collection of these mappings from prefix to AS number, a list where every entry would include the address block, the list of ASs, or allowed to advertise that address block, and a tag indicating what type of delegation this is.
Then there's how is this to be publicized, made available to the public? It would be required that ARIN make it available as a bulk transfer with the provisions that if this is included in the bulk WHOIS transfer, that this data is not subject to the redistribution and acceptable use policies that apply to the bulk WHOIS transfer. It would be something that would be redistributable at will, and allow ARIN to also make other means of access to this information. For example, query services, like WHOIS queries, are provided.
So, we need this authenticated list of authorized prefix origination, something I like to call ALAPO. Why ARIN? Well, if we have it done at ARIN, this inherits any scrutiny ARIN is doing on the direct allocations and direct assignments. We also know that the operators are very used to using templates in their ordinary daily operation of their network, so this inherits any self-discipline that the operators have in filling out templates. They're filling out the templates, the field is there, they can put it in. We all note that the operators have not been as disciplined in putting route objects in the various different routing registries.
We need to have ARIN's identification of the proper prefix holder anyway. ARIN is the only person who can state which person is the prefix holder for any particular address block. And of course, it is a potential way to populate the IRR with good data. Nothing in this proposal says that the information collected has to reside in WHOIS database, or in the routing registry, or in some other different data structure.
Okay, why not do this through the IRRs themselves? Well, the difficulty is that the desired authority is that only the prefix holder can speak to who is allowed to originate a route to that prefix. Well, the IRRs don't have any access to the authentication mechanism that they IRRs have with their membership, so the IRRs do not have a way to say the person coming to them attempting to register a route object is the authorized person to speak for that prefix. They don't have access to the authentication mechanisms that the registries have with their members.
Now, there are IRRs run by the RIRs, and by the way, anyone -- the persons responsible for choosing those two three-letter acronyms have -- you know, I try to type them correctly, and I still manage to get them wrong. But the RIR IRRs can validate the authority of the route objects that are being registered in those routing registries for their own members. They have the ability to do that. I understand that RIPE does do that check, if you attempt to register a route object, RIPE follows the suggestions of RFC2725 - I know the number because I just looked it up - to say that both the prefix holder and the AS have to approve of that route object. You have to be able to authenticate from both of those people, so they go even a step further. But as I understand it, entries into the ARIN IRR are validated to being from the correct point of contact. If you're registering the INET NUM or the OT NUM for an address block or an AS number but no validation is done for the route object, it's potential that ARIN could do that, but it is not presently being done.
Furthermore, any of the RIR IRRs that allow registrations for prefixes or ASs that are not in their own membership have the similar problem with the non-RIR IRRs, that they can't do the authentication steps, they don't have access to the authentication.
Okay. So what about the PKI proposal? There was a tutorial on Sunday evening, there was a panel presentation yesterday about doing a PKI that would have a hierarchy attesting to the authorization for the resource hierarchy, the IP addresses and the AS numbers. Well, the PKI resource hierarchy and the WHOIS resource hierarchy really should be the same. You saw yesterday in the panel presentation that there's some dispute as to whether or not these will be the same, will necessarily be maintained to be the same, will be kept parallel, whether they'll be separate, so there's a question there, but they're really intended to map the same hierarchy.
Now, this AS capture in templates addresses the same need that you heard Steve Kent refer to as a ROA, a route origination attestation. It's the prefix holder saying which ASs are allowed to originate a route for that prefix.
Okay, so what are the differences? Okay, well, there's one surmountable difference, the PKI hierarchy is based on very strong cryptography. Use of strong cryptography in accessing the ARIN WHOIS database is weak, to use a phrase. There is a potential for getting certificates that would be used to protect your communication with the ARIN WHOIS database; not many people have taken ARIN up on that possibility, so right now, the authentication for entries in the WHOIS database is based, as I understand it, on mail from, which cryptographically speaking, is not strong.
But there is also a design difference. The assurance of the entries in the WHOIS database is based on ARIN having a method of authenticating to people who communicate with them and doing the validation as a step that the entry is provided, and then storing the information in the database. So, the assurance relies on ARIN's validation of the authentication mechanism at that time.
PKI entries can be validated at any time and at any point, so what that means is, is to maintain the full original assurance of the data that you get from ARIN, you have to get the data from ARIN. If you UUNET gets the data from ARIN and makes it available to their customers, the customers have to decide whether they trust UUNET as well as trusting ARIN, because they can't validate the information. The PKI entries, the CERTS, can be validated by anybody at any time. And I also wrote down here that implementation of this and deployment in use ought to be easier than the PKI, but then the staff proposal was that -- the staff comment was that this would be a significant resource impact, so -- easier might just be a relative term.
And that's the end, and I'm ready to take questions.
MR. DELONG: Owen Delong, Netli Networks, and I completely oppose this policy. I think that the things this policy seeks to accomplish can be accomplished by a lot less effort and improvement in the IRR interface, and the RIR IRRs have all the resources necessary to accomplish the goal here. Making it optional makes it even less effective and less useful, and we should look more at improving the IRR usage and process, and less at changing this.
MS. MURPHY: So, I have three answers to that comment.
The first about whether it's an optional field, I actually got a private comment that it should have been a required field. That could be a change in the proposal if it was something that everybody thought. About making this IRR, I reiterate, only IRRs that are associated with RIRs have a way of authenticating entries, and then only those entries from their members, so this data could be collected in the template and put in the IRR; that would at least inherit the benefits of operator familiarity with using templates and perhaps some self- discipline in actually filling out the field where we know that the route objects are not being presented to the routing registries.
MR. DELONG: We can agree to disagree on that, but I think fixing the IRR process is a more useful method.
MS. MURPHY: Well, I don't know that the IRR process is broken, so -- I don't know. Okay. Next.
MR. PLZAK: Centre-most microphone, back.
MR. BLUNK: Larry Blunk, Merit Network. I oppose this proposal. I think the effort would be better spent on doing the certificate support first, and making use of that. I can see this data getting stale just as the IRR data gets stale. I mean, you may require that people enter it initially, but there's no requirement to update it as the origin AS changes. I'm not exactly sure how you would import the data into an IRR. I mean, would it replace existing IRR data? I don't know if you're talking about the ARIN IRR or other IRRs when you talk about --
MS. MURPHY: I was speaking about the ARIN IRR.
MR. BLUNK: Okay.
MS. MURPHY: Yes.
MR. BLUNK: Let's see -- so I think with the certificates, you could actually use those to -- you talked about authenticating the IRRs with a public certificate, you could use that information to assign data in IRRs and then have a strong form of validation there. Right now, as you mentioned, there's no way of using ARIN information with IRRs, but with the certificates, you could potentially add a signature field to the RPSL objects, and then retain that information in the IRRs, and that seems like a much stronger way of certifying objects. And then, from there, you could progress to something like secure BGP, so again, the certificates seem to be the best direction.
MS. MURPHY: Are you talking about the certificates with respect to the resource PKI that was presented yesterday, or are you talking about the certificates in general?
MR. BLUNK: No, the resource --
MS. MURPHY: If you had the resource PKI, you wouldn't --
You would use that mechanism to sign the route origination, you wouldn't mess around with the IRRs.
MR. BLUNK: Well --
MS. MURPHY: Yes.
MR. BLUNK: -- yes. Okay. I guess that's it. Oh, also, there's no -- we're talking of them as mechanism for AS resources, for AS holders to register prefixes. It seems like you would want a mechanism to do that as well.
MS. MURPHY: The intent here is to prevent ASs from being the ones who speak for what prefixes are being originated. The problem we're trying to solve is that ASs start routing prefixes they're not supposed to. So, if we let the ASs say "and here are the prefixes that I can originate", we have just inherited the problem that we're trying to solve.
MR. BLUNK: Well, you could verify one against the other and compare it and make sure that they match.
MS. MURPHY: Why? I don't understand why that would be of benefit to have the ASs speak, publicly saying what prefixes they originate. They publish each update --
MR. BLUNK: LACNIC is a similar mechanism. I don't know if --
MS. MURPHY: I'm sorry?
MR. BLUNK: -- have you looked at the LACNIC database?
Because they have fields for both AS holders and prefix holders --
MS. MURPHY: Yes.
MR. BLUNK: -- to register information.
MS. MURPHY: Okay.
MS. AZINGER: Marla Azinger, Frontier Communications. First I'd like to thank you for bringing awareness to what obviously is an issue and something we need to work on. However I can't support your proposal because I don't see this as being the answer to resolving the issue that clearly we have about stale information. However, if this proposal were to go forward, I would strongly encourage that it is a mandatory, like you mentioned, and not an optional, because optional kind of equals --
MS. MURPHY: Okay.
MS. AZINGER: Thank you.
MR. SEASTROM: Robert Seastrom, Inter.net, and ARIN Advisory Council. We don't have valuable, or useful data, it becomes less useful over time in the IRRs. It seems to me that this seems to be a framework for cryptographically authenticating data which is simply going to be allowed to go stale anyway. And so I wonder why we don't just have the IRR authenticate, and have something that you have to pass back to the IRR that you got with the prefix that validates that you're the person who's got the prefix. I mean, this seems like a huge infrastructure involving X.509 and, you know, PKI infrastructure when that's really not necessary for the scope of the problem that we're trying to solve.
MS. MURPHY: I'm not suggesting a PKI hierarchy. This proposal does not suggest a PKI hierarchy. It's a capturing AS template --
MR. SEASTROM: It's not clear to me that it needs to be in WHOIS either. We already have an Internet routing registry and ARIN already runs a piece of it. All that needs to be done is validating that people are registering what belongs to them.
MS. MURPHY: Yes, the intent of the suggestion from the operators of putting the things in the templates was that this would inherit the operators comfort level of using templates and the fact that they use the templates all the time as a means of getting them to record this data that's not being recorded. So, it's a --
SPEAKER: Data gathering mechanism method.
MS. MURPHY: It's a data gathering mechanism that's a socialization of the process of the data gathering so that people will do it more often.
MR. SEASTROM: You must be talking about a different IRR than I'm used to dealing with. Thank you.
MS. MURPHY: Well, I'm talking about the templates. I'm not talking about the IRR.
MR. WEILER: Sam Weiler, SPARTA.
MS. MURPHY: Yes.
MR. WEILER: Full disclosure, I worked with Sandy and drafted an earlier version of this proposal. I do support this proposal. I also support the PKI work that was talked about yesterday. I'm puzzled by the opposition to this proposal on the grounds that the effort could be better spent on the PKI stuff. I see this bit of data collection as necessary to support the PKI stuff, necessary but not sufficient. Ah, Geoff shaking his head. I look forward to that explanation.
And I'm not hearing objections as to why this is harmful. If it's necessary but not sufficient, why not just go forward with it. Where's the harm?
And, also, by way of explanation, I don't know if Sandy covered this, I think ARIN could, if the data collected were sufficient, ARIN could use this to populate its routing registry.
MS. MURPHY: Yes.
MR. WEILER: There's nothing in the proposal that would prohibit that. We drafted it in this way to make it simpler to implement.
MR. BRADNER: It seems like it has been presented as a precursor from doing anything with the PKI work that we heard about. It's not that it's necessary, but not sufficient. It's got to be done in order to do the --
MR. WEILER: But Geoff has a different idea, which I look forward to hearing.
MR. BRADNER: Well, Geoff's known for his different ideas.
MR. DILLON: Michael DILLON, BT Radiance. And I do support this proposal, even though, on the mailing list, earlier, I made a comment, something like: "Why are you doing this? This seems to be -- Why aren't you spending more effort in improving the IRRs instead of doing this?" But I think now that I understand what is actually being proposed, I fully support the proposal.
We've also talked a little bit about the PKI stuff here. It's something that I really don't like. I think it's a big complex confusing mess with no clear requirements, no clear path, et cetera, et cetera. However, what Sandy has presented is nice, and simple, and clear, and straightforward. It's a nice incremental step. It's something that makes things better. It's something we can do now. We don't need to worry about big complex architectural changes.
And even though it might involve some ARIN spending some money and putting some effort into a little bit of development on the back office stuff, I think it's fully warranted, because it gives us something we do not have today.
And, because there's so much misunderstanding, I'd like to say what I understand this proposal is. And maybe you'll correct me if I'm wrong, but ARIN allocates addresses to address holders. Address holders may or may not also hold ASs. They may or may not be involved in routing. But one thing is clear, they all hold the right to use a specific address block.
And this proposal is to ask those address holders to inform ARIN which ASs they intend to use, they intend for this address block to be announced through, so that that information can be recorded somewhere, probably in WHOIS. But, hey, once it's recorded and available, you can put it anywhere you want. ARIN can put it in their IRR. Anybody else can grab it and stick it in their own OSS systems or whatever. That's really irrelevant.
But the fact is that ARIN, who is the only organization who has a relationship with all address holders in our region will ask those address holders to supply an additional piece of useful information and then record it and make it available to the people who do routing. Is that correct?
MS. MURPHY: I believe that's a nice summary, yes.
MR. DILLON: Okay. Thank you.
MS. MURPHY: Thank's.
MR. HUSTON: Geoff Huston, APNIC. I don't think I support this proposal. Certainly there are some weaknesses here that I think are quite difficult. Trying to introduce trust and authentication and authority in the routing system requires parties to be able to validate what the information is in a manner of their satisfaction.
MS. MURPHY: M'hm.
MR. HUSTON: What you're doing is, I still think, another instance of security pantomime. That weak, imprecise, unclear, partial, and potentially stale data is not very helpful to anyone. And this kind of mechanism, how do I know that the data that's being passed into ARIN and republished was authentic? How do I have any means of gauging that the process is being used behind some wall that I can't see the details of is useful or reasonable? I can't.
Part of the reason why a PKI structure tends to work is it makes the elements of authenticity and validation a lot clearer. That what the certificate structure does is does the original binding of a keyhold into the resource. And, after that, the public announcement, because it's not just announcing to ARIN, when I am saying, is the control of a resource, I am the valid control of that resource, and I give the authority to originate -- That's, if you will, an announcement to my routing peers, the folks who are actually going to negotiate that route rather than -- to ARIN.
When you take this model and make it even broader and start thinking about the diversity of IRRs, LIRs, and NIRs, and so on, and the level of indirection, the number of players that have direct relationships with an IRR is limited. The routing space is a much more diverse piece of biological floor than that. So, you know, this doesn't seem to actually cut to the issue.
Then comes the issue of: well, if we're going to do something, how do we harness energy, amounts of it to actually solve the problem? And is pantomime a useful step put forward in actually bringing real authenticable validatable informations to the routing system?
As it stands, I don't think this is a useful solution insofar as it merely replicates the known weaknesses we see in the IRR system of partial and out of date information with little real motivation by industry to keep it comprehensive and up to date. So, in that respect, I think this is not a solid way forward for us to really get a routing system that we can trust.
MS. MURPHY: Okay.
MR. BRADNER: Can you get to take a -- thing is actually that's the concept that you understand to say what it is that you do think the right process is to get this information bound and accessible?
MR. HUSTON: I think the information actually has to come through certification systems, as we discussed yesterday. I cannot see any other ways. Now, as an initial step, you could use that certification information to make entries into net routing registries. But if you included the key information, you'd at least be able to understand the accuracy.
MR. BRADNER: Certification meaning that the address holder gets token from the registry and then uses that to make the assertion?
MR. HUSTON: The address holder holds a private key.
MR. BRADNER: Okay. Thank's.
MS. MURPHY: So, I think you echoed the comments that I made about the difference in the design option of this information you have to get from ARIN to maintain the assurance, because ARIN did the validation. And with the PKI structure, anyone can validate the information as they --
MR. HUSTON: ARIN did the validation?
MS. MURPHY: Yes.
MR. HUSTON: Through some process of which I --
MS. MURPHY: Yes.
MR. HUSTON: -- know nothing, and I just trust?
MS. MURPHY: Yes.
MR. HUSTON: Okay, cool.
MS. MURPHY: To this trust part, I'm not agreeing with, but --
MR. BICKNELL: Leo Bicknell, ARIN advisory counsel, Harrah's Entertainment. I'm going to speak with two different hats. The first hat is as an operator who could potentially use this data. I do not support the proposal because it seems to only affect things going forward. We have an awful lot of networks that have already been allocated.
MS. MURPHY: M'hm.
MR. BICKNELL: And they have no information with them today.
And, if we get no process to get information with them in the future, the few new ones are going to allocate, it'd do me no good to have that information. I either need it for everything or nothing.
As a user, I have simply a comment, as an address holder. If this proposal were to go through, I would suggest that ARIN make it easy on the template that is actually used for this to allow me to specify that ASs 1 through 65000 can announce my route. Because that would be very convenient for me.
MS. MURPHY: Incredibly insecure, but, yes, convenient.
MR. BRADNER: One last chance at the microphones, closing the microphones after another minute or two.
MS. MURPHY: I did want to say one other thing. Any of the proposals that we have as trying to come up with a way of securing the prefix originations has to deal with the fact that we have 20,000 ASs already allocated and a gazillion different prefixes and how we actually do the securing of the stuff that's already out there is the very first boot strapping part of the problem is of concern.
And whether we couple this with something that's devoted to extracting stuff and routing history and go forward with new stuff from that point, it is a question of how -- something gets deployed. It's a comment that applies not only to the -- but to the PKI and to any manner as different other sort of solution.
SPEAKER: Actually, I have --
MS. MURPHY: No, I'd suggest you go through the mikes first but I want to comment on --
MR. SCHILLER: Jason Schiller of UUNET/Verizon Business. I want to echo the comments about incompleteness and optionality of this, but putting those aside, what I want to talk about is it's seems to me what you're trying to do here is be able to automatically write a policy to secure the routing infrastructure and if that is the intention of how this would be used, why aren't we looking to folks who are already doing this such as our colleagues over in --
And the reason why I bring this up is because it seems to me that we're collecting too little information. Go doing WHOIS, my age, WHOIS dot right dot net AS702 and watch it scroll up your screen. There's a lot of information collected about the AS to AS relationships and the policies between the AS to AS relationships.
MS. MURPHY: M'hm.
MR. SCHILLER: And what I can't understand is if you want to try to autogenerate securing the routing infrastructure, why would you want to collect less information than what RIPE is currently doing? And if I could ask somebody who's doing this in Europe who's autogenerating their configs, if they could maybe come to the mic and comment on whether all that information is needed or not.
MS. MURPHY: This suggestion is intended to gather the one piece of data that's needed to start off the process of validating BGP announcements and that's validating the route origination. It's not intended as a mechanism that will provide the ultimate security of BGP announcements. That's a much more complicated system.
But this one piece of data which ASs are allowed to announce with a prefix is the necessary first step for any of the security proposals.
So, the data has to be collected somehow. One mechanism is using the PKI resource hierarchy we heard described yesterday which is a cryptographically strong way of doing this but isn't yet in operation. This is a suggestion of doing something that is already in operation and very accustomed for people who are operators to use to collect the necessary piece of information.
Not all the AS policies have impact on BGP security. You don't need all of that stuff. RIPE is actually doing -- at least providing the proper security mechanisms for the route objects that are placed in RIPE.
So, they've got a better handle in that situation. I don't know how complet