RIPE NCC Services Working Group Minutes RIPE 88
Wednesday, 22 May 2024 14:00 (UTC+2)
Chairs: Rob Evans, Bijal Sanghani, János Zsakó
Scribe: Antony Gollan
Status: Draft
The recordings of the session are available at:
https://ripe88.ripe.net/programme/meeting-plan/ncc-services-wg/
The stenography transcripts are available at:
https://ripe88.ripe.net/archives/steno/34/
A. Welcome, Admin
The presentation slides and recording are available at:
https://ripe88.ripe.net/archives/video/1334/
Bijal welcomed attendees and noted this was her first time opening the session after the departure of their former co-chair Kurtis Lindqvist. She noted that James Kennedy was ill and so the RIPE NCC’s Registry Update would instead be given by Marco Schmidt.
There were no further changes to the agenda.
The minutes from RIPE 87 were approved.
B. RIPE NCC Update
Hans Petter Holen, CEO and Managing Director, RIPE NCC
The presentation slides and recording are available at:
https://ripe88.ripe.net/archives/video/1335/
Hans Petter ran through the RIPE NCC’s Annual Report from 2023. He noted that after the charging scheme discussion in May 2023, they had cut back their budget to EUR 37.3M (from an initial budget of EUR 40M). They had reorganised their technical department and invested a lot into strengthening security and sanctions compliance. He noted that while the number of LIRs was declining, the number of members was reasonably stable.
Jim Reid, speaking for himself, said it was good for the RIPE NCC to provide some statistics on how money was being spent, however they shouldn’t provide too much detail or else they might have members trying to micromanage them. If people had concerns, they should speak with the Board or the RIPE NCC itself.
There were no further questions.
C. Technology Update
Felipe Victolla Silveira, Chief Technology Officer, RIPE NCC
The presentation slides and recording are available at:
https://ripe88.ripe.net/archives/video/1336/
Felipe talked about their recent security investigation report regarding leaked credentials for RIPE NCC Access accounts that had been published online. He also talked about their ISAE 3000 certification for RPKI. Once completed, the report would be made available to individual members to review upon request, though only under NDA. He also explained how they were reducing their data centre footprint. Housing and power alone currently cost them EUR 1M per year. Half of that space was used for the RIPE Atlas, RIS and RIPEstat datasets, and they were aiming to reduce that by 70% without losing the years of measurements that they had collected into the history of the Internet.
Maximilian Emig (via Meetecho), speaking for himself, asked if they had evaluated other S3 providers.
Felipe said they had an option with Cloudflare for R2, but S3 proved to be beneficial for now. It was possible they would use R2 in the future.
Jim Reid, speaking for himself, asked if they had considered exit strategies from cloud providers. He was concerned about scenarios where a provider might go bust or deny access to data.
Felipe said they had thought about this, and this was why they were using standards like Kubernetes, for example, as it made it easy to quickly move to another provider or back to a cluster on-premise.
Jim said what had motivated his question was that he was aware of one organisation that was dependent on a particular database service. They had become trapped with a specific cloud provider because they couldn’t afford the switching costs.
Marco d'Itri, Seeweb, asked if they had calculated how much it would cost to take the data out of S3. He said they would no longer have local look-up of the historical data. In that case, he wondered how much it would cost to take the data out of S3 if needed; this was extremely expensive.
Felipe said he could get back to Marco on this.
Ben Maddison, Workonline, noted that Felipe had said the results of the RPKI audit were available under NDA to members (only). He suggested there was a wider group of people than just the RIPE NCC’s membership who had a legitimate interest in this. He encouraged them to think about making it available to non-members as well.
Hans Petter said they would take that into consideration. They also had a SOC 3 report that would be available to everyone. The reason they wanted to limit circulation of the SOC 2 audit was that it contained technical details about vulnerabilities, which could make it a security risk. Hopefully they wouldn’t have any of those vulnerabilities, but it wasn’t something a provider would automatically pass out. They were also aiming for ISO 2001 compliance, but there were issues with vendors in their supply chain having compliance requirements.
Ben agreed it was legitimate to keep this private, he just didn’t think arbitrarily restricting this to the membership was appropriate.
Peter Hessler, Zayo, said he wanted to echo Marco’s comments about the costs of leaving S3. There had been some relatively famous cases where it cost cents to move data in, but millions to take it out. Frankly, this was something he would’ve expected them to have answers to, as it had been brought to the RIPE NCC’s attention earlier in the cloud discussion.
Felipe acknowledged the feedback and promised to look into egress costs and provide numbers.
Randy Bush, IIJ Research, (via Meetecho) asked why the SOC 2 audit would be under NDA at all.
Hans Petter said this was because the SOC 2 audit listed all of the controls they had in place and whether they were effective or not. So if they showed a control that was not effective, then this was essentially a vulnerability. Ideally, the goal was to get a clean report that didn’t show any vulnerabilities, in which case they could theoretically make this public. He would like to do this, but he wouldn’t promise it.
Ben Cartwright-Cox, bgp.tools, said he wanted to note that Amazon had said in March it would waive egress fees for people leaving their services.
Razvan Opera, RIPE NCC, (via Meetecho) said that as the RIPE NCC’s IT Engineering Manager, he was heavily involved in their data centre migrations. He clarified that they had looked at other S3 providers. AWS S3 was chosen in this case because of their previous experience with its performance, they had existing pipelines for deployment, and the security controls they integrated for the landing zone were the controls they used internally. Due to the urgency of the project that was the decision they had taken, and the financials checked out. As Felipe had said, they were constantly looking at other options and would consider them if they made sense in the future. Regarding egress costs, as had already been noted, Amazon was waiving egress fees if they decided to leave, which gave them assurance that costs wouldn’t become unmanageable.
Tobias Fiebig, Max Planck Institute for Informatics, said he wanted to remind everyone of of Kerckhoff's Principle in information security. This suggested that the SOC 2 report given out under NDA might eventually become ultimately public – whether this was intentional or due to some human error. He encouraged them to think in these terms.
There were no further questions.
D. RIPE NCC RPKI Operations Update
Tim Bruijnzeels, Principal Software Engineer, RPKI, RIPE NCC
The presentation slides and recording are available at:
https://ripe88.ripe.net/archives/video/1337/
Tim gave an update on the RIPE NCC’s RPKI operations. They were making improvements to the UI, replacing HSM hardware and the Trust Anchor that they used for offline signing. The ISAE 3000 audit was helping them because it meant they had to formalise their business continuity plans. They had improved their database backup strategy and updated their certificate practice statement. Tim noted that the NRO also now had a programme that was aimed at aligning the RPKI service for the global community. Sofía Silva Berenguer, formerly from APNIC, was coordinating this effort.
Maximilian Emig, UNIBERG, (via meetecho) asked why they had removed the RIPE Database search from the ripe.net website.
Hans Petter said that Phillip Oldham, their Web Services Manager, was at the meeting collecting input on improvements about their website. He would be interested in getting feedback from Maximilian on this.
E. Registry Update
James Kennedy, Chief Registry Officer, RIPE NCC
The presentation slides and recording are available at:
https://ripe88.ripe.net/archives/video/1338/
Marco Schmidt, Registry Services Manager, gave an update on James’s behalf, as he was sick. He shared some statistics on their workload and their customer survey (NPS) scores, which were “world class”. They had achieved this for the past eight months in a row, which showed their services were appreciated. He noted that fraud remained an issue, and shared some details on the number of cases they had reported to the police. He said that two IPv4 transfers had recently been made on the basis of fraudulent documents; these were later reverted once they were made aware of this. He reminded members to protect their services by keeping their email domains and LIR contacts up to date. Sanctions compliance was also keeping them very busy, with an average of 1,300 alerts each month.
Robert Scheck, ETES, (via meetecho) said it had recently been noted on the members-discuss mailing list that the RIPE NCC used an external party to verify ID documents for natural persons. He asked if they could comment on this; sending IDs to the RIPE NCC was one thing, sending them to an external company was another.
Marco said this was about GDPR. Having those IDs in their records was not compliant, and they needed a solution that would help them meet these requirements. This company was based in the EU and compiled with GDPR. It meant they (RIPE NCC) no longer saw those IDs and nothing could happen to them.
Nico Braud-Santoni, Funkfeuer Graz, said Marco had mentioned there was now “last-checked” metadata for database objects. He asked if this could be visible in whois. As a network operator he would be interested if the RIPE NCC could see whether their organisational data was up to date or how he could help with that.
Marco said some of that information was in the RIPE Database, such as company legal name and company address, which could not be changed without informing them. Other data was not in the RIPE Database but was in their internal records.
Nico asked if there could be some way to easily check if their records were up to date.
Marco said the best way was to reach out to them, especially if he was aware that something had changed.
Sander Steffann, speaking for himself, said he wanted to re-request in this WG something had been asked for in Address Policy WG, where Marco had said the policy allowed for stricter checks than the RIPE NCC had been doing. He asked if they could please do these stricter checks. The other part was that Marco had said people were selling AS Numbers online for a one-off fee. This clearly wasn’t compliant with the policy requirements, and yet apparently the requests the RIPE NCC received seemed to somehow comply with the policy (multi-homing requirements etc). He was a bit worried about organisations becoming effectively commercial RIRs, so he asked them to apply some focus there.
Marco thanked Sander for his comment and said they would do this.
Bijal thanked Marco and added that she was pleased to see the information about ARCs there, as that had been one of the requests from the RIPE Database Task Force.
Z. Open Mic
There was no time for the Open Mic section.
Bijal said she was standing down from the WG and would not be standing again. She encouraged others to consider stepping forward as WG chairs.