[members-discuss] Draft Activity Plan 2021 - RPKI development
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Mon Sep 28 09:47:42 CEST 2020
Hi, I fully agree that while the budget on RPKI deployment should not be reduced currently, it should be used in other ways. I think 2021-01-01 is a bit too early as last I looked there was still a considerable number of RIPE NCC validators running. 2022-01-01 is probably more reasonable. Though feature updates could stop on 2020-01-01, fixes need to be done for at least a year more I would say. Potential other ways to use the budget includes setting up a way for resource holders to use delegated RPKI published to repositories hosted by the RIPE NCC. Such as I believe NIC.BR is doing. - Cynthia On Wed, 23 Sep 2020, 08:26 Erik Bais, <ebais at a2b-internet.com> wrote: > Dear Hans Petter and fellow members, > > In the draft activity plan, there is a page about the current RPKI cost > and plans of the further development. > > The plans state on Page 14 - 1.6 RPKI: > > 6 FTE and a 963.000 euro budget ... > > <begin quote> > > Activities in 2021 > Our priority over the coming period will be ensuring a stable and > resilient RPKI Trust Anchor and Certificate Authority. > In 2020, we carried out a third-party security and risk assessment of our > RPKI platform. We are now working to define a > complete audit framework for RPKI, with the aim of having the audit > performed early next year by a third party. Next year > we will implement changes to our internal processes and documented > procedures on the basis of this audit, as well as > things like more granular monitoring and small technical changes that > ensure compliance with the relevant RFCs. Aside > from that, we are planning significant improvements in our infrastructure > to allow high availability and resiliency for the > RPKI repositories. > In last year’s Activity Plan, we said we would consider whether we should > continue to support our RPKI Validator, as it > needed further development to match the quality of alternative tools that > were now available. Because our RPKI Validator > remains the second most widely used tool (with 32% “market share”), we > decided that we will continue to support it in 2021 > and we aim to make a longer-term decision soon. > Finally, we will continue to build awareness of RPKI through training, > outreach and promotion efforts. > > </end quote> > > I would like to argue that further development of Proof of Concept > software (the RPKI validator) isn't required anymore now that there are > multiple open source tools available on the market. > > The RIPE NCC isn't a software development house .. and I don't recall the > RIPE NCC has the planning to become one ... > I would like to see further development of the RIPE NCC RPKI Validator > discontinued as of Jan. 1st 2021. > > The backend software / infra for the signing of the RPKI environment still > needs a lot of work and so does the training (awareness) about RPKI .. so I > don't think that the resources or budgeted cost should be reduced, but is > needs to be revised... > I think that the efforts should be put somewhere else on RPKI. > > That the RIPE NCC RPKI Validator is widely used, is because of the > training efforts from the RIPE NCC.. and I think the community is better > served with a more open approach about the usage of other validators, > instead of trying to keep members to use a Java based software package. > > When the RIPE NCC started with the development of the RPKI Validator, > there was a lack of other software ... but as things stand today, there are > multiple open source implementations and this is a nice moment to go back > to the core activity of the RIPE NCC. > > I know that with the above, I would probably not give the internal > development team enough credits for their work and effort in the past > years. > I do value their work to where they brought this, but it is time to put > the focus on the core activities like the signing side of the RPKI and a > more robust RPKI infra instead of the validation software. > > Regards, > Erik Bais > > > > > _______________________________________________ > members-discuss mailing list > members-discuss at ripe.net > https://lists.ripe.net/mailman/listinfo/members-discuss > Unsubscribe: > https://lists.ripe.net/mailman/options/members-discuss/me%40cynthia.re > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/members-discuss/attachments/20200928/1201806f/attachment.html>
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]