This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] Draft Activity Plan 2021 - RPKI development
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Mon Sep 28 09:47:42 CEST 2020
Hi, I fully agree that while the budget on RPKI deployment should not be reduced currently, it should be used in other ways. I think 2021-01-01 is a bit too early as last I looked there was still a considerable number of RIPE NCC validators running. 2022-01-01 is probably more reasonable. Though feature updates could stop on 2020-01-01, fixes need to be done for at least a year more I would say. Potential other ways to use the budget includes setting up a way for resource holders to use delegated RPKI published to repositories hosted by the RIPE NCC. Such as I believe NIC.BR is doing. - Cynthia On Wed, 23 Sep 2020, 08:26 Erik Bais, <ebais at a2b-internet.com> wrote: > Dear Hans Petter and fellow members, > > In the draft activity plan, there is a page about the current RPKI cost > and plans of the further development. > > The plans state on Page 14 - 1.6 RPKI: > > 6 FTE and a 963.000 euro budget ... > > <begin quote> > > Activities in 2021 > Our priority over the coming period will be ensuring a stable and > resilient RPKI Trust Anchor and Certificate Authority. > In 2020, we carried out a third-party security and risk assessment of our > RPKI platform. We are now working to define a > complete audit framework for RPKI, with the aim of having the audit > performed early next year by a third party. Next year > we will implement changes to our internal processes and documented > procedures on the basis of this audit, as well as > things like more granular monitoring and small technical changes that > ensure compliance with the relevant RFCs. Aside > from that, we are planning significant improvements in our infrastructure > to allow high availability and resiliency for the > RPKI repositories. > In last year’s Activity Plan, we said we would consider whether we should > continue to support our RPKI Validator, as it > needed further development to match the quality of alternative tools that > were now available. Because our RPKI Validator > remains the second most widely used tool (with 32% “market share”), we > decided that we will continue to support it in 2021 > and we aim to make a longer-term decision soon. > Finally, we will continue to build awareness of RPKI through training, > outreach and promotion efforts. > > </end quote> > > I would like to argue that further development of Proof of Concept > software (the RPKI validator) isn't required anymore now that there are > multiple open source tools available on the market. > > The RIPE NCC isn't a software development house .. and I don't recall the > RIPE NCC has the planning to become one ... > I would like to see further development of the RIPE NCC RPKI Validator > discontinued as of Jan. 1st 2021. > > The backend software / infra for the signing of the RPKI environment still > needs a lot of work and so does the training (awareness) about RPKI .. so I > don't think that the resources or budgeted cost should be reduced, but is > needs to be revised... > I think that the efforts should be put somewhere else on RPKI. > > That the RIPE NCC RPKI Validator is widely used, is because of the > training efforts from the RIPE NCC.. and I think the community is better > served with a more open approach about the usage of other validators, > instead of trying to keep members to use a Java based software package. > > When the RIPE NCC started with the development of the RPKI Validator, > there was a lack of other software ... but as things stand today, there are > multiple open source implementations and this is a nice moment to go back > to the core activity of the RIPE NCC. > > I know that with the above, I would probably not give the internal > development team enough credits for their work and effort in the past > years. > I do value their work to where they brought this, but it is time to put > the focus on the core activities like the signing side of the RPKI and a > more robust RPKI infra instead of the validation software. > > Regards, > Erik Bais > > > > > _______________________________________________ > members-discuss mailing list > members-discuss at ripe.net > https://mailman.ripe.net/ > Unsubscribe: > https://lists.ripe.net/mailman/options/members-discuss/me%40cynthia.re > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20200928/1201806f/attachment.html>
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]