RIPE NCC Regional Meeting Minutes, Russia 2007 |
Tuesday, 2 October 2007
Scribes: Ischa Ropert, RIPE NCC
Opening Plenary
Keynote: Welcome
Rob Blokzijl (Chair, RIPE)
Rob thanked everyone for attending, gave a brief explanation
of RIPE and explained how it is different from the RIPE NCC.
This was followed by a short history of RIPE where he explained
what RIPE is responsible for and what the Internet Engineering
Task Force (IETF) does. He followed on with a more detailed
description of the RIPE community and its function. He gave
an overview of RIPE meetings, working groups and the policy
development process. In his overview of the policy development
process he explained the principles, the process itself and
the address management policy in particular.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/newcomers-ripe.pdf
Axel Pawlik (Managing Director, RIPE NCC)
Axel welcomed the audience and provided a brief introduction
to the RIPE NCC.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/newcomer-ripe-ncc.pdf
RIPE NCC Activities & Services Update
Axel Pawlik
Axel began by discussing the Disaster Preparedness Emergency
Plan, deploying the business continuity plan. He made a statement
that the internal focus, which has been dominant in the company
for the last year, is now shifting outwards again.
He then outlined the vision and strategy for 2008, highlighting
IPv6 deployment, resource certification and the possible trading
of IPv4 address space as the top issues. He expressed the view
that there will be trading of IPv4 address space and that the
RIPE NCC is making sure it is prepared for it. He also stated
that there needs to be better data on who has what address
space as there is increasing interest from law enforcement.
He stated that the RIRs do not want to be involved in the detail
of the workings of the market but that they should be able
to support it if it occurs.
Axel then gave an update of current member numbers, announcing
that the RIPE NCC now surpassed 5000 members. He introduced
the subject of Enhanced Cooperation with governments and provided
an update on external relations.
Axel concluded his presentation by explaining the following
services: Customer Services, Information Services, Database,
Training Services and the RIPE NCC Learning Centre. He then
spoke about the outcomes from RIPE 54 in Tallinn and announced
RIPE 55–57.
Questions
Q: I am responsible for security in one of our Internet companies.
If an Internet resource is subject to a Distributed Denial
of Service (DDoS) attack do I have a platform just to mail
those addresses to LIRs that are responsible for those attacks?
Axel: In case of a DDoS attack can we do something to mail
the originating addresses to a list so we can do something
about it? This goes beyond what the RIPE NCC is supposed to
do but we would be happy to support our members by doing something
like this. I would be wary of taking action as in black listing
addresses. That is dangerous. However, in terms of infrastructure
we would be happy to do this.
Rob: I think one of the most crucial elements in this chain
is having an up-to-date Whois Database, which is the RIPE NCC’s
responsibility. I do not see an easy way for the RIPE NCC to
take action as DDoS attacks are very complicated.
Q: I would like to say a few words about trading IP addresses.
The direct Internet market is worth $135 million per year.
About $28 to $30 million is black money in this market. I think
the DDoS attacks and Internet trading are related.
A: I agree and that is why we should embrace the trading that
will happen. We don’t like it but there will be a need
in the community to trade IPv4 address space. The RIPE Database
will be even more important if this trading occurs. I implore
our community to set up the policies that we need to support
this type of trading. We need to keep track of those records
in the RIPE Database.
Dmitry Burkov (RIPE NCC Executive Board): Security is the
responsibility of government and this goes beyond the responsibility
of the RIPE NCC. The RIPE NCC as an information system is in
wide use with our law enforcement authorities but only as a
reference database. About a week ago we had a seminar between
the largest operators and security services and discussed cooperation.
First, it is the lack of financing against the background of
the Internet boom. In Russia it is easier that in developed
countries as we do not have so many crazy people. We will have
as many problems as the USA where they already have such law
enforcement in place. It is then that we can decide what people
should and should not do. When we talk about IPv4 exhaustion
then the RIPE NCC can only facilitate the changing of policy
but cannot address the technical issues. I do not think IPv4
will phase out, no one will throw out billions of dollars of
hardware, but we should be addressing interoperability between
the two protocols. We should be looking at how these two co-exist
and connect. We should be keeping an eye on the issues. You
will start to have problems when your customers start having
problems gaining access to resources. I do not believe that
today we are in IPv4 and tomorrow in IPv6.
Q: Well Dmitry, my question was different. Is it possible
for the RIPE NCC as a network coordinating centre to perform
some functions because they have this Whois Database? Can they
inform providers of networks that from their address space
there is illegal activity going on? For example, some blacklisting
and notification so this function can be performed. Let me
just remind you it is like the border with the criminal code.
Well we would not like to do that. We do not want to take on
functions that we have no experience with. It will threaten
the infrastructure and we will have to deal with governments
and politics. We can not do this without government and if
we do not have good relationships this will be impossible.
Axel: To add to that I think there is a role and I agree with
you that this is a dangerous area, however, talking about certification
of resources. Certification will make it more difficult to
use other people’s address space. There is a small role
through certification for us there.
Max Tuleyev: As a representative of the white IP address market
I register several dozen blocks of IP addresses for various
providers from Russia, Ukraine and sometimes from Europe, so
I am aware of these IP address problems. In the current model
you can just write a complaint about spam and give it to the
owner of the IP address space through the RIPE Database, but
if the owner is the bad guy then this situation is not regulated
by the RIPE NCC and this is what I would like to discuss.
Axel: That is an interesting case of course and we have said
many times in the past for instance that the RIPE NCC is not
the routing police. We are not the police force, we can do
what we can to maintain accurate records that we can use, you
can use and others can use, that law enforcement agencies can
use. That is what we are aiming to do, to keep that registry
of records in top shape. Apart from that I cannot control what
good or bad people do with those addresses. Certification would
help with secure routing. Actually, that is an interesting
point. If you guys decide that you will employ or deploy secure
routing based on certification, that will enable us de facto
to switch off address blocks, as in de-certifying them. That
would enable us to do more but I am not sure if we want to
be there in terms of liability.
Max: Well resource certification would help but what would
help more is to remove those malicious objects from the RIPE
Database. Today we do not even have any recommendations on
how to behave when you suspect the network administrator is
a bad guy. Maybe you could come up with recommendations on
how to escalate these problems. Who will be the judges and
what will be the applicable law. If you have precedent law
then it is possible but then you have to deal with cross-borders,
and which court will decide what. Well that has some side effects
involved. Another thing is how to check the account data from
the RIPE Database because some part of this question is related
to the fact that in principal if the RIPE NCC decided to keep
this data and have this database and could demand this information
from the users then you should also have in place a mechanism
to ensure this information is correct. If you need more time
to do this then hire the people and do it. You are big and
you can afford it but if I write to an operator who had several
thousand net blocks registered and I do not get answers for
months and for months and I keep getting attacks on me, then
this is abnormal and this must be dealt with somehow. This
operator comes once a year to pay you so you can do something
about it, not me.
Axel: That does not solve the problem however. Just because
someone tells me someone else is bad how do I confirm that?
And that is something I do not want to do.
Statistics and Policy Update
Andrew de la Haye (Chief Operations Officer, RIPE
NCC)
Andrew welcomed the attendees and began the session with a
brief policy update. He noted that four policies had been accepted,
seven were under discussion and one was withdrawn.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/stat-policy-update.pdf
Questions
Q: This is not a question but it is information for the audience.
Is it true from 1 January 2007, the RIPE NCC will be assigning
32-bit autonomous system numbers (ASN)? This will be your default
configuration on a standard request. Do you still have this
policy in place?
A: I do not think we only give out 32-bit ASN numbers. It
is somewhere in the approach to shifting to it but there will
no big changes from next year.
Q: But the default will be ASN 32-bits?
A: Yes the default will be, but on specific requests we can
always go back and then shift over.
Q: Well just recently some policies were changed on what should
be the assignment window given to LIRs and basically all the
LIRs were involved in this activity for more than six months
and they were given a chance to sign without any further confirmation
from the RIPE NCC to give out up to 2000 addresses at one time
and that the auditing process would change. How would the audit
process change?
A: In essence the audit procedure will not change too much.
We will not audit a company within the first six months but
we will do an audit during the year on a random selection of
LIRs to see whether all the objects are in place. We are not
going to audit the /21 assignment window but we do audit during
the year and that is the change.
Draft Charging Scheme 2008 and Administrative Update
Jochem de Ruig (Chief Financial Officer, RIPE NCC)
Jochem presented the Draft Charging Scheme 2008 and Administration
Update containing two main sections: the Draft RIPE NCC Charging
Scheme 2007, including membership developments, and an update
on billing and contract administration including the new Russian
billing pages.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/administration-update.pdf
Questions
Q: You send us documents by mail and by e-mail but in Russia
you normally pay on documents that have a signature and stamp
on them. Is it possible to maybe publish such documents on
your website or on your portal or maybe send them by fax so
we do not have to wait for regular mail?
A: We are working on this with the new invoice system to actually
have the invoice visible on the LIR system as a PDF. You can
click on it, see it and print it out. We hope to make it available
by the second quarter of 2008. If you need it by fax please
let us know and we can fax it to you.
Q: I was just wondering on the previous slide you talked about
document batches. So is it basically four sets of documents
each quarter? How do we let you know that we want to use this
option? Do you have a procedure on the LIR portal?
A: Inaudible.
Q: This draft sheet for Russia, Kazakhstan and Ukraine. Is
it possible to publish these as separate RIPE documents, because
when you publish them on the LIR Portal very few people know
about them but lots of people need them badly, especially general
managers, accountants, etc.
A: What I can show you is what we have online – these
are the pages we have. What you will see here is the template
for an invoice, which we send to you with the act of acceptance
and standard agreement. In addition, there are the documents
for the Ukraine and the Russian Fact Book. Is this what you
mean?
Q: Not quite, my point was different. I was talking about
the document that explains the regulatory basis for dealing
with the RIPE NCC. Why I am asking is for the new local registries
it is very important because they want to make sure that they
will really be able to have a clear regulatory framework before
they sign a contract with the RIPE NCC. They should have some
literature for information.
A: Yes that is a good idea and maybe we can send it directly
to new Russian LIRs for their information.
Paul Rendek (Head of External Relations and Communications,
RIPE NCC): When we get home we will take a look at all these
areas you have mentioned where we have pieces that are translated
and we can make sure that they are available somewhere public
on the site. I don’t think we will have a problem producing
a RIPE NCC document on how to find this – a step-by-step
where everything is. I will get the Communications Department
to produce something and we will send it to the mailing list.
We do understand the difficulties faced by registries in Russia
and we encourage you to give us ideas on how to make things
easier for you.
Information Services at the RIPE NCC
Mark Dranse (Information Services Manager, RIPE NCC)
Mark welcomed the audience and then gave an introduction to
Information Services at the RIPE NCC. In his presentation he
provided a brief overview of TTM, RIS, DNSMON and Hostcount
for the uninitiated. He then gave the background history, as
well as recent and upcoming developments.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-
2007/presentations/InformationServices.pdf
Questions
I would like to ask the people could you raise your hands
who ever has used the Information Services Mark has talked
about and who uses them continuously in your everyday activities.
Who would be interested in establishing a TTM probe in their
network? Who uses them, who uses them continuously and who
uses TTM?
Q: Can you give me an understanding of costs to install a
TTM probe? As far as I understand you have to procure all the
equipment by yourself. Is this correct?
Mark: There is an upfront cost if we provide the hardware
which is 2,500 euro or you supply the hardware yourself and
we supply you with the GPS equipment. I think it is 500 euro
and there is an ongoing service fee each year of 1000 euro.
We are looking at different payment options if the upfront
payment does not suit your company. We would like suggestions
on options that would suit you.
Russian IP-address Geographical DataBase
Sergey Zimin (RU-CENTER)
Sergey introduced himself as from the Engineering RU Centre.
He talked about inquiries from his users and customers who
asked where they can receive the distribution of IP addresses
across Russian cities and other localities. At first they did
not have an answer as they did not have the data. Later they
saw that other organisations were running commercial databases,
which covered these issues. Since they had a real-time mirror
server they thought they should use the opportunity to create
this geographical distribution. And they had to analyse the
traffic of Russian DNS route servers and this task was also
demanded by the RU Center.
He then explained how they provide the information and gave
an overview of how they set up the database, how often they
update it and how they use it.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/ip-geo-db.pdf
Questions
Q: We are a hosting provider and I know many of our customers
use your system. Your system, when you determine from which
city that network is, is it just an information service or,
for example, when an ISP thinks that the network is foreign
but your system says this is a Russian network how can I prove
to my ISP that I am receiving traffic from a Russian network?
Is it data for credentials or is it just for information?
A: This service is just for information. We use the data from
the RIPE Database and maybe you are receiving data from a Russian
ISP but the route from which you receive the data is foreign
so we cannot help you with this.
Q: I would like to comment on the previous question. Foreign
networks can be sourced in Russia and there are enough purely
Russian providers who are more expensive than others to the
End User. How many inquiries do you receive for the correction
of your database?
A: We are talking about two-digit numbers per day but there
is a steady flow of correcting information.
Q: Did I get it right that your database is run manually?
And so do you have any automated procedure to take contact
material from the website?
A: All the data is taken from RIPE Database. By default we
take data from RIPE Database, and if necessary we check with
trace route.
Q: How many entries are there each week? Do you have any statistics?
A: I can give you an estimate – around 10, 20, 30 entries.
Whatever the number you can see them within a year in the logs
of our DNS servers.
Q: We're working with the Data Protection Task Force. We are
looking at the near real-time streams from the database. Are
you publishing personal information in the Database?
A: No, only work phone numbers, nothing else.
Prospects of DNSSEC use in Russia
Alexander Panov (Garant Park Telecom)
Alexander introduced himself and explained that he runs Garant
Park Telecom, one of the largest registrars in domain names
in the national registrar. He represents his company and the
CCTAT.RU, the coordination centre of the Russian National Internet
Section and He talked about the prospects of using the DNSSEC
protocol in the Russian segment of the Internet.
He then presented on the need for DNSSEC, the history of its
creation, the plans for technological and administrative security
measures and user identification in Russia. The DNSSEC RU has
over 50,000 accounts right now in Russia.
Questions
Q: I have a question about the growth. So 50,000 is about
5% of all allocated domain names. When did it start and how
many counts do you receive per month or per week? What is the
growth rate?
A: If you have it as a graph, it will be a straight line just
going up at a slight angle. At March 1996 we started this project
and since then we have linear growth. Maybe together with those
trends that we have seen in the past years as registrars we
have seen applications from our users, we have seen complaints
that someone has tried to grab their DNS information, so the
awareness for DNSSEC is growing.
Q: You are receiving such complaints. Do you have statistics
on the actual occurrence of DNS attacks or maybe to fake DNS
information?
A: We have two court cases in which faking DNS data was involved.
I am not authorised to tell you more about the names but there
are some cases.
Q: And what about percentages?
A: We had two dozen complaints this year of which two of these
were brought to court. One such complaint was about the attempt
to grab all the inquiries which were targeted at the site of
one of the banks. The path was redirecting traffic somewhere
else and then the traffic went back to the target site so it
was difficult to see that the data was grabbed at some point.
It was hard to see that it actually happens, as the troublemakers
are sophisticated.
Q: Your information about DNSSEC is very generic. Maybe you
have some examples of international DNSSEC in real life.
A: There is a generic DNSSEC.net project and whatever I am
talking about now you can access this site and see a detailed
description of the development of this protocol across the
world. The RIPE NCC was the first entity to start using it.
This is an example from real life if you want.
Q: You say you have 50,000 accounts. Are they all assigned
and on your DNS servers? How many of those are not your customers?
A: I think maybe 20 % are not our registrars.
Q: My question is about who uses that. Anyone can use it but
do people actually use it? I do not know anyone who uses it.
A: What counts here is the general trend on how these domain
names are being used. Over 50% of domain administrators registered
in the .ru zone care about their domains only when they need
to prolong the domain name and when you select the hosting
provider or something. To increase awareness and usage of such
protection schemes you can do the following. First thing we
run is a joint project with the coordination centre when the
entire domain zone receives a digital signature on the root
server. For example, if you have a domain administrator who
gets the trouble of course he will put such a signature, but
we want to make this in a preventative manner for everyone
to have a digital signature and this will clear up our domain
zone.
Q: How does it work in real life? For example, you put an
inquiry to the DNS and if you don’t have some module
or something well you will not see that this is not a visual
thing. We have an instruction on our website what you should
do to your domain to get a digital signature. There is nothing
complicated in what you should do and any user can do that
really. Some DNS traffic goes through us and in this case it
is for free and then everything just starts working. What we
are doing is making it harder for troublemakers who want to
fake your site and want to divert your traffic from the target
site. Maybe I will add a comment abut DNSSEC as a technology – if
you do not have global DNSSEC there is no motivation for the
application developers to use DNSSEC and vice versa so this
is a global issue. Right now very few applications support
DNSSEC and the only thing you can do is check the validity
of the zone on your local DNS server but the big question is
what to do next. For example, if the DNSSEC is not applied
on the route server of the .ru zone there is no motivation
to support this on your local domain so we need the comprehensive
approach to make it work.
A: Anyway I did not want to get into the technical details
side because we have a very detailed description of all technical
things on the website and what I was talking about is a political
issue in that we have a great task of clearing up the Russian
domain zone from any possibility to perform any illegal actions.
If we fail to do that in the near future we may start having
grave problems in the near future from the criminals and from
security services who will restrict us even more in the fight
against cybercrime.
Q: I am not talking about technical details. My question involves
how the check is being performed and how can you see that I
am who I say I am? For example, how can you verify my domain
for my customers?
A: What we sign is not the information on the domain. The
information about the site holder is signed and you can see
the signature in Internet Explorer. What we sign is DNS information.
DNS information verifies that this resource uses this and this
serves as its DNS server and it shows that the DNS server is
the right one and prevents the diversion.
Q: I can see the danger that the fake name might look more
reliable to End Users than the real one.
A: No one can prevent the criminal making the site look like
the original site, but those criminals will receive only the
users who mistype the site name. What we prevent here is the
diversion of the traffic from the users who just go to the
original site.
Q: Who is classed as the criminal? If I am a troublemaker
and I use only IPC running on Windows how can you verify to
the site which is original. If you have all inquiries to the
DNS server running through the insecure protocol there are
ways to interfere in this process. It does not involve the
DNS server – there are ways you can divert the good inquiry
and you re-route it to another place. For example, if my ISP
is a criminal or I use someone else’s DNS server, which
provides fake information, who is the criminal in this case.
A: The criminal is the third party who is not involved with
me or with the DNS holder. The criminal is someone who holds
the DNS server elsewhere who fakes the DNS response of the
authentic server. So this third party fools the user and fools
the DNS holder. So the holder of the authentic DNS is not to
blame; it is always the third party who fakes the information
on the way from the user to the DNS – this is how it
works. If you use DNSSEC you will see that your traffic is
being diverted or fake and DNSSEC will work on it
Q: This digital signature, is it distributed within the domain,
within sub-domains or in a unique way?
A: It is distributed through your account.
Q: For example, if a criminal redistributes me to one of his
sub-domains what can I do here?
A: Your inquiry will remain in the framework of the same account.
So you sign the domain but the sub-domain just inherits all
these signatures, so technologically everything goes fine here.
Q: Did you think about the following scenario? A criminal
is your customer. He signs a zone and then launches a DOS attack
on another zone under your control. If you compare the costs
between the unsigned and signed zone well the costs for the
signed zone are much harder.
A: Well a DOS attack is a bad thing but it does not fail your
operation.
Q: But it will deny service to all zones that are hosted on
your servers.
A: Well this may be true but, for example, this will just
be a DOS for a while. Of course there are some precautions,
for example if you launch a DOS attack on all the ten route
servers. I mean technologically to launch such an attack on
such a server is much easier than in the case of an unsigned
server.
Q: So if I make the load on your server a lot higher, it will
make problems for everyone?
A: We have enough resources for that and we can respond to
that technologically.
Q: I would like to ask the RIPE NCC do they have the technological
means to handle such a situation. Suppose I use DNSSEC on a
server. This means that the response to any inquiry is heavier
than in an unsigned server. If a criminal makes a zone on your
sever and launches a DOS attack this means that the DOS attack
will be more efficient than in an unsigned server.
A: Of course you are right and there is always the probability
that a DOS attack will take place. You can try and mitigate.
By having more servers or when such an attack is really dangerous
it is when DNS servers work as reflectors. In a normal situation
the heavier response because of DNSSEC will not be used as
a malfunction. If you misconfigure the servers as reflectors
you can launch a very efficient DNSSEC attack by launching
heavier inquiries.
Q: How many resources does it require?
A: Generally the extra load that DNSSEC poses does not bring
the servers to their knees; it is not a real attack vector.
Q: With most of those signature requests is it single domain
users or is it generated by registrars or big organsiations
that have a lot of subscribers?
A: Well if you look at the facts and statistics it is like
everywhere else – it is around 50/50.
Internet Governance Forum Update Panel Discussion
Dmitry Burkov, Axel Pawlik
Dmitry Burkov began the presentation by describing the World
Summit on the Information Society (WSIS) process, the Working
Group on Internet Governance (WGIG) and the forthcoming Internet
Governance Forum (IGF) in Rio. He then outlined the history
of the WGIG and WSIS processes including the WGIG Report and
Tunis Agenda.
Axel then followed on with an update on the outcomes of the
IGF in Athens and the preparations taking place for Rio. He
included a brief overview of the RIPE position, which supports
a self-regulated environment. He also discussed Paragraph 38
in the Tunis Agreement and the difficulty in defining enhanced
cooperation.
In the presentation he also mentioned proposals that the Russian
ministry needs to consider in order to decide the position
of the Russian delegation at the IGF.
Igor Kokoshin talked about finalising proposals for the Russian
delegation planning to attend the IGF. Igor represents the
radio research institute and he wanted to talk about the proposals
that articulate the position of the Russian delegation. He
hoped the chance to discuss with the audience would give the
delegation a better chance to represent the Russian people.
He saw two positions on governance – one is technical
and the other is broader covering social and legal issues.
He talked about Russia’s position on these two viewpoints
in more detail. He included in this some comments about ICANN.
He suggested that the Internet is managed by a US-based organisation
and how it should keep some of its existing functions but maybe
not all.
Rob Blokzijl then remarked that the IETF is not a part of
ICANN and that Russian people are happy to join the IETF.
Dmitry added that there might be a mistake in the translation.
Nia proposed participating in the Government Advisory committee
(GAC).
Questions
Q: Well I have the same attitude to the Internet too and I
was a little bit surprised that we are talking about one of
those projects. Why not Gloria for example?
A: Well we would be glad to be involved in all the projects
that Russians are involved in not to feel isolated. I think
it is just our internal position to support science and to
provide financing to international projects. Maybe we need
to talk about international collaboration and coordination
in science and technology. But if we are talking about one
specific project that has a weird financing scheme we cannot
use, so maybe that is not quite correct.
Q: The question was if there is no anonymity on the Internet
will people still be willing to use it?
A: Well I don’t think we have 100 percent anonymity
on the Internet except in special circumstances. So it would
not really be different.
Now I give the floor to Mikhail Yakushev to give an
expert view on the IGF process
Mikhail talked about the activities he is involved in as an
expert at the IGF and then he commented on the proposal from
the Russian delegation. He commented on what he thinks is the
right position for the Russian Delegation to take. The consolidated
position on Internet Governance was that it always involved
three groups: Government, Business and Civil Society. Russia
has unique way of regulating telephony but you cannot do this
with the Internet. The geographical positioning does not work
with the Internet. It is agreed that the Internet needs to
be dealt with at an international level but how to do it is
the question. Perhaps the IGF is not the right place.
Mikhail presented an example of where international negotiation
has worked for business with civil aviation. He stated that
the international civil aviation organisation plays a central
role in making this industry work globally.
He said that we need to look at what is happening in other
countries, such as what has happened in UK where health institutions
can access private details on the Internet. If anonymity is
lost on the Internet it will change the structure of the Internet
as it exists today.
He then talked about which issues should be discussed at the
IGF and those that should not.
Questions
Q: What goals or objectives should we be trying to address
at the IGF?
A: Well I think the only goal is to organise a comprehensive
international cooperation to prevent the usage of the Internet
for malicious purposes. I am talking about spam, Malware, etc. – real
problems service providers are dealing with. Once we know how
to address those then we can start to know how to address other
problems. We need lo look at the local issues.
Q: You mentioned Internet affordability in Russia and you
said it was a legal problem. Well I think it is an economic
issue primarily. If we still have little villages and towns
with only three telephone lines and you want wireless for schools
then this is impossible. This is not about legislation but
just the fact that there is no infrastructure. This is a comment
rather than a statement.
A: Well sometimes Russia makes administrative decisions that
hinder the ability for access and increases the cost. We need
to look at that more closely.
Vladimir from the Russian Government makes a short
presentation
He discussed how the Internet has transcended from a tool
to something more important. Now there is e-government. He
explained that there are many towns that do not have Internet
access but it is happening. It just takes time and he gave
an example of a programme that will see lots of schools having
the Internet by the end of the year. He sees the Internet as
the cornerstone of modern society so stability, access and
security are priorities. The question is where we find solutions
to the issues that are arising. He praised the Americans for
inventing ICANN but sees the need to re-address this as the
Internet grows. He believes not a single government or stakeholder
can set the rules for the Internet but only together can they
manage the process. The IGF is seen to begin this process.
He finished the presentation talking about the areas they see
as a governance issue, mainly fighting crime and protecting
their citizens.
Questions
Q: Why not have information support on the Internet like it
is done on the IGF website. We have papers with discussions
on these issues but nowhere to publish them. If we had this
we could give you feedback on what we think about the Russian
proposals?
A: Well we have this domain RU Coordination Centre and they
perform many functions and you can work with that. We can find
a way of cooperating to move forward. As this paper is not
a secret we can make it available so we can involve everyone
in this process. It is a difficult issue so we need to set
the parameters.
Q: In communication law, the Internet is not defined, which
makes it hard to regulate – what are your thoughts?
A: We are talking about Internet regulation in the government.
It will be in your interest that this gets done well – it
will make it easier for your business. We need to find a balance
in fighting terror and advancing the Internet. If it is done
badly then it becomes your problem because it will affect your
business. It is finding the balance that makes it so challenging
and we do not have ready-to-use experience or solutions to
these issues. The Internet is still being born and it requires
very new ways of thinking to address it.
Vladimir apologises and leaves
Q: I looked at Russian regulations related to the Internet
and I found it striking that they try to use the same enforcement
as they have in telephony. Telephony is hierarchical, the Internet
is flat, which means that the regulations do not have the same
effect. Has anything changed?
A: Well I do not know if there are any changes. People write
documents based on what they think they know and their understanding
on what they regulate. They cannot do anything good about things
they do not know. The have no idea about what they are writing
about – so they try to build a sewing machine and instead
end up with a machine gun.
Q: Would the ministry open a forum like RIPE where everyone
can voice their opinion?
A: Well we have no one from the ministry here now so I cannot
say. I can say it has been proposed, but the processes are
very slow, so we'll see.
Q: I am sorry to see the official has left but I'll ask the
question to the people here. RIPE has its own working groups
regulating their own issues so why isn't the Russian Government
involved in that? Why should we have another government-based
forum to talk to other governments?
A: The Swedish and British Governments are active in our working
groups, so there is nothing stopping the Russian Government
from participating. The question in the end is to the Russian
Government: why does it not participate?
Comment from Boris about ICANN: The radio institute does not
see ICANN as a CIA organisation. We suggest that the existing
governance structure should not be touched and we will publish
this opinion in written form. First, the existing ICANN functions
shouldn't be touched; secondly, for new governance functions
for new networks such as Next Generation Networking (NGN) we
would not be happy for ICANN to do this. We would like to do
this locally through our own processes. Our position is also
that you cannot cancel anonymity on the Internet as it will
change the ways it exists. We think that we should encourage
signing on messages to increase protection.
Axel: I want to add that for the type of work the RIPE NCC
does, ICANN does not rule the Internet, the RIPE community
does. For example, there are many more than 13 root servers,
there are now over 200, most of which are outside the US. We
are also looking into certification, as I mentioned before.
This is where we certify that we allocated address space to
you, you can certify that you assigned or sub-allocated to
another entity, and so on. These are examples where the industry
is doing things that will help governments.
Dmitry: You are proposing to change the existing the system
that RIPE has now, but not with ICANN. I can't see exactly
what you are proposing to change. What kind of NGN networks
are you talking about?
A: Well I will argue on terminology: if you do not like NGNs
let us talk about networks of the future, especially routing – there
will be one system that everything will be based on. It will
be on a packet level. Probably IPv6 (or some other version)
or the system of telecommunications of the future will be based
on IP. In this situation with the current DNS, future subscribers
will have not just telephone numbers, but also DNS names. I
think the telecommunications industry will not be happy. Let's
face it, the Internet is not critical to the security of the
country. If the Internet breaks today, things will still work,
not everything of course. If the root can be hacked and it
has major repercussions for the country, it will not be good.
We should base telecommunications networks on the same principal:
if you can hack into this and it collapses, the administration
will not be happy. It is my opinion is that IP addressing should
be regulated.
ccTLD SU Current State
Pavel Khramtsov (RU-CENTER)
Pavel gave a presentation on the current status of the .su
domain zone.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/ru-centre.pdf
Questions
Q: When will DNSSEC be introduced in .su?
A: Last time Max you asked the same question but there is
no discussion yet. Much like the answer last time when asked
for .ru.
Q: Inaudible.
A: We analyse the DNS traffic on the servers, we analyse the
number of inquiries then we rank the domains by the TTL.
Taiwan earthquake BGP analysis
Steve Wilcox (Renesys Corp)
Steve began his presentation by giving details on a major
earthquake that took place in Taiwan on 26 December 2006 where
seven of nine cables were severed. His presentation reviewed
the incident from the perspective of its effect on the routing
table.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/quaking-tables.pdf
Questions
Q: I think the issue is more administrative, not technical.
I know there are several fibre channels from China through
Asia to Ukraine and Europe and this is not used because they
do not offer a good price for Internet-only phone calls. In
Asia they use it to deal with each other.
A: You are absolutely right. There are many cables that exist
but are they are not used mainly for political reasons, especially
with the land cables. We are cheap people on the Internet so
we do not invest in things as much as we should do.
DE-CIX Update
Frank Orlowski (DE-CIX)
This presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/decix.pdf
MSK-IX Update
Konstantin Tchoumatchenko
Konstantin gave a brief update on the Moscow Internet Exchange.
The presentation is available at:
http://www.ripe.net/meetings/regional/moscow-2007/presentations/msk-ix.pdf
Questions
Q: Last year you mentioned that you are doing a test operation
of IPv6. Did you get members that peered with IPv6 and do you
have traffic stats?
A: We don't publish the traffic stats for IPv6 so I cannot
say there was an explosion of IPv6 but the infrastructure is
ready. If anyone is ready they can start using IPv6.
Testbed ENUM with RIPN resources
Elena Voronina (MSK-IX)
Elena gave a presentation on ENUM test bed using Russian Institute
for Public Networks (RIPN) resources. She represents the technological
centre of RIPN and her presentation aimed to promote the ENUM
test bed. She discussed the first attempt to create a global
directory in the 1990s. She then gave an overview of what is
occurring in the world of ENUM delegation, what is happening
in the ENUM working group and how the processes work. She gave
an example of where the delegation was delayed in Kazakhstan,
so due to the refusal they began to make the test bed at RIPE
using the technological resources available. She presented
a flowchart on how it should happen in a generic sense. She
is looking for carriers interested in working with them to
test the technology.
Questions
Q: So there are two ENUM models – user-based and operator-based – which
are you?
A: We are operator-based.
Q: So far you don't have regulatory issues about how to interact
with the carriers?
A: Correct. We are working on figuring it out, but we think
it will come when we complete the test bed.
Q: Can you clear up what happened in this situation with Kazakhstan?
It seems that they have taken two numbers and Russia will take
the other eight?
A: Well Kazakhstan will take the two digits. So far to have
that domain delegated we needed to verify that they would get
the two digits and we did not know that then.
Q: What will be the procedure for membership?
A: We do not have any administrative regulations so everything
will be done on an individual basis.
Q: Who directs the RU coordination centre?
A: If you want to be established as a member of the test we
have prepared a document in a generic form. This defines your
rights and responsibilities and the role you will play in the
role of testing. If you sign this document it is confirmation
of your involvement but we start with a conversation on a technical
level.
Q: How does ENUM work with our long distance telecommunication?
You don't have a license, right?
A: ENUM protocol options are not banned. Technologically,
you can work in any way you want if you can make it work. If
you go commercial, things change. We don't have any issues
with the law in that regards.
Paul thanks Elena and calls meeting to an end.
|
you are here: home -> Meeting Information -> RIPE NCC Regional Meetings -> Moscow 2007 
