[members-discuss] Draft Activity Plan 2021 - RPKI development

Hi,

I fully agree that while the budget on RPKI deployment should not be
reduced currently, it should be used in other ways.

I think 2021-01-01 is a bit too early as last I looked there was still a
considerable number of RIPE NCC validators running. 2022-01-01 is probably
more reasonable.

Though feature updates could stop on 2020-01-01, fixes need to be done for
at least a year more I would say.

Potential other ways to use the budget includes setting up a way for
resource holders to use delegated RPKI published to repositories hosted by
the RIPE NCC. Such as I believe NIC.BR is doing.

- Cynthia

On Wed, 23 Sep 2020, 08:26 Erik Bais, <ebais at a2b-internet.com> wrote:

> Dear Hans Petter and fellow members,
>
> In the draft activity plan, there is a page about the current RPKI cost
> and plans of the further development.
>
> The plans state on Page 14 - 1.6 RPKI:
>
> 6 FTE and a 963.000 euro budget ...
>
> <begin quote>
>
> Activities in 2021
> Our priority over the coming period will be ensuring a stable and
> resilient RPKI Trust Anchor and Certificate Authority.
> In 2020, we carried out a third-party security and risk assessment of our
> RPKI platform. We are now working to define a
> complete audit framework for RPKI, with the aim of having the audit
> performed early next year by a third party. Next year
> we will implement changes to our internal processes and documented
> procedures on the basis of this audit, as well as
> things like more granular monitoring and small technical changes that
> ensure compliance with the relevant RFCs. Aside
> from that, we are planning significant improvements in our infrastructure
> to allow high availability and resiliency for the
> RPKI repositories.
> In last year’s Activity Plan, we said we would consider whether we should
> continue to support our RPKI Validator, as it
> needed further development to match the quality of alternative tools that
> were now available. Because our RPKI Validator
> remains the second most widely used tool (with 32% “market share”), we
> decided that we will continue to support it in 2021
> and we aim to make a longer-term decision soon.
> Finally, we will continue to build awareness of RPKI through training,
> outreach and promotion efforts.
>
> </end quote>
>
> I would like to argue that further development of Proof of Concept
> software (the RPKI validator) isn't required anymore now that there are
> multiple open source tools available on the market.
>
> The RIPE NCC isn't a software development house .. and I don't recall the
> RIPE NCC has the planning to become one ...
> I would like to see further development of the RIPE NCC RPKI Validator
> discontinued as of Jan. 1st 2021.
>
> The backend software / infra for the signing of the RPKI environment still
> needs a lot of work and so does the training (awareness) about RPKI .. so I
> don't think that the resources or budgeted cost should be reduced, but is
> needs to be revised...
> I think that the efforts should be put somewhere else on RPKI.
>
> That the RIPE NCC RPKI Validator is widely used, is because of the
> training efforts from the RIPE NCC.. and I think the community is better
> served with a more open approach about the usage of other validators,
> instead of trying to keep members to use a Java based software package.
>
> When the RIPE NCC started with the development of the RPKI Validator,
> there was a lack of other software ... but as things stand today, there are
> multiple open source implementations and this is a nice moment to go back
> to the core activity of the RIPE NCC.
>
> I know that with the above, I would probably not give the internal
> development team enough credits for their work and effort in the past
> years.
> I do value their work to where they brought this, but it is time to put
> the focus on the core activities like the signing side of the RPKI and a
> more robust RPKI infra instead of the validation software.
>
> Regards,
> Erik Bais
>
>
>
>
> _______________________________________________
> members-discuss mailing list
> members-discuss at ripe.net
> https://mailman.ripe.net/
> Unsubscribe:
> https://lists.ripe.net/mailman/options/members-discuss/me%40cynthia.re
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20200928/1201806f/attachment.html>