[members-discuss] RIPEdb registry need to be ready for separating?

On Fri, 2022-04-01 at 01:34 +0300, Serg Galat wrote:
> 
> 
> > On 23 Mar 2022, at 15:32, Denys Fedoryshchenko
> > <nuclearcat at nuclearcat.com> wrote:
> > 
> > Dear Serg
> > 
> > First, are we seriously discussing topic based on tweet of some
> > random anonymous person???
> > All this flood based just on that?
> > Please provide more credible and informative source.
> 
> All as usual, someone unknown opening a Polichenell's Secret.
> 
> Is this enough credible and informative source?
> https://labs.ripe.net/author/alexander-isavnin/the-russian-sovereign-internet-and-number-resources/
> 
I'm not seeing really anything new here.
Yes, the country is plunging into the abyss of bureaucratic procedures
that will make telecom operators and content generators less
competitive in the global market. But, this is their internal affair
and it is up to them to decide how to deal with their internal issues,
and not to you or me, foreigners.
Very similar questions from government agencies were received, for
example, in Lebanon and Turkey, at least, so what? 
The only difference was that the procedure was done with varying
degrees of literacy and automation, and government agencies could be
interested in other details. For example, some countries are asking for
all customers on the ASN, with their names and phone numbers.
For some reason, this did not arouse your sharp interest.


> > 
> > Second, i don't think it worth discussion, because only several
> > options are possible:
> > 1)They can make their copy of registry, with more extended data and
> > LIR will maintain their records in RIPE according RIPE rules.
> > Outcome: Thats doesnt change anything for rest of world. Russian
> > operators will have more paperwork
> > 2)They cut LIR from managing resources, and some russian government
> > agency will act as proxy.
> > Outcome: Some headache for RIPE, but for rest of the world data will
> > be consistent, again.
> > 3)They will make their own IP space and live in their own bubble.
> > Outcome: Nobody will peer with Russia as before, likely it will be
> > some sort of NAT to go in/out "Russian intranet".
> 
> The first and third are the problem only of Russian LIPs. But my
> concerns are about the second. How and who validate this data? Russian
> government? Ok. Will you sure that some IP address and ASn is from some
> Siberian ISP and not FSB?
Do you really think that the FSB will appear only from the subnet where
it says FSB, RUSSIA, KREMLIN and at the same time they should wave a
Russian flag? Or law enforcement or counterintelligence of any country?
Just please, take part in conferences, ask how it all works, so as not
to write such nonsense.
In cases of some questionable activity, one of the major purposes of
the RIPE records is to identify the "legal routes" to real owner of the
subnet. But this will not be done by a private person, but by law
enforcement, which will specify who exactly was behind this IPv6
address or IPv4 connection tuple.
Concluding, if the state where IP addresses are operating does not want
to cooperate on some issues, incl. identifying a rogue person, the
accuracy of the data in RIPE does not play a significant role.

> 
> > 
> > The only colossal harm to connectivity can be caused by those whose
> > emotional voices are heard here more and more often and who are
> > pushing RIPE to violate the neutrality, with their "ideas" to
> > disconnect someone or take away their addresses.
> > This will end up with regional RIRs losing trust, ceasing to exist
> > and each state will be managing its own address space.
> > In my opinion, this will be the end of the Internet as we know it.
> 
> Are you hear this from me? Then why did you say me about? My question
> is - what will we need to do when this happens? We - I mean internet
> community. And RIPE NCC in particular.



> 
> 
> > 
> > On Tuesday, March 22, 2022 19:55 EET, Serg Galat
> > <greysticky at gmail.com> wrote:
> >  
> > > Dear colleague,
> > > Thank you for your opinion. I'm understand you opinion - everything
> > > working right until everyone is do everything right.
> > > What I fear? I'm wrote about a little before
> > > 
> > > "Have you understood what was written on the plan-scheme?
> > > I let myself to translate records on bottom - "Российские локальные
> > > регистратуры должны будут отключиться от международного реестра и
> > > переключиться на российский"
> > > Russian local registries (LIRs) will have to disconnect from the
> > > international registry and switch to the Russian.
> > > Are you understand what this means for RIPE/EU community?"
> > > 
> > > Those. Russian LIRs stop registering and updating their data in the
> > > registry?
> > > So, what is next?
> > > And I'm not at all interested in what they will do in their
> > > national
> > > registry. And in what form they will use one. But I'm concerned
> > > about
> > > the validity of the data in RIPEdb.
> > > 
> > > On Tue, Mar 22, 2022 at 5:21 PM ivaylo <ivaylo at bglans.net> wrote:
> > > > 
> > > > 
> > > > Dear Serg, Dear colleagues
> > > > 
> > > > I do not know exactly what are the purpose of your questions and
> > > > fears,
> > > > but from a technical point of view (for the functioning of the
> > > > Internet
> > > > in the region) they are unfounded.
> > > > 
> > > > The Internet is a global structure with limited resources. To
> > > > function
> > > > this structure, resources _MUST_ be fairly allocated and have a
> > > > clear
> > > > and accurate register in which to describe them. This is taken
> > > > care of by
> > > > the IANA organization. It delegates the relevant resources based
> > > > on the
> > > > requests and needs to the respective RIRs (Regional Internet
> > > > Registries -
> > > > RIPE NCC, APNIC, ARIN, LACNIC, AFRINIC). They, in turn, delegate
> > > > to local
> > > > Internet registers - LIRs (we). And LIRs delegate resources to
> > > > the end
> > > > users. Each LIR is obliged to create and maintain up-to-date
> > > > records for
> > > > the resources under its control. And the LIR's records are kept
> > > > in
> > > > the database of the respective RIR.
> > > > 
> > > > RIRs are required to provide publicly, freely, up-to-date and
> > > > accurate
> > > > information on all records in their database so that all Internet
> > > > participants (routers) can verify that the relevant resources are
> > > > used by
> > > > the entity to which they are delegated.
> > > > 
> > > > Everyone in the Internet can create their own database of records
> > > > for
> > > > Internet resources, the question is whether other participants in
> > > > the
> > > > Internet will believe and comply with his data. Every country in
> > > > the world
> > > > (in theory) can pass a law or laws that regulate an industry. If
> > > > the
> > > > Russian state decides to make its own register, and obliges all
> > > > operators
> > > > operating on its territory, OK, it would affect the Internet
> > > > connectivity in the territory of the Russian Federation (if their
> > > > DB is
> > > > out of sync with the rest of the world ). Everyone else in the
> > > > world will
> > > > continue to use and trust RIRs databases.
> > > > 
> > > > Below I answer your questions from technical point of view...
> > > > 
> > > > 
> > > > Ivaylo Josifov
> > > > VarnaIX / Varteh LTD
> > > > Varna, Bulgaria
> > > > 
> > > > 
> > > > On Mon, 21 Mar 2022, Serg Galat wrote:
> > > > 
> > > > > Dear Athina,
> > > > > 
> > > > > I have read your reply with great interest.
> > > > > You have done a great job with an impressive result. However, I
> > > > > will
> > > > > allow myself to repeat some of the questions that I am sure the
> > > > > entire
> > > > > community is interested in, and which have not been answered.
> > > > > And so:
> > > > > a) You said "The RIPE Database, along with the equivalent
> > > > > databases of
> > > > > the other RIRs, must remain the authoritative source to
> > > > > determine
> > > > > uniqueness of Internet number resources", when and if russian
> > > > > register
> > > > > with self isolated, will RIPEdb will be authoritative source?
> > > > 
> > > > Of course IANA and RIRs DB was,are and always will be
> > > > authoritative
> > > > sources.
> > > > 
> > > > > b) Will it be possible to consider RIPEdb records as valid? Or
> > > > > will
> > > > > part of the registry be compromised? What part? Or the entire
> > > > > registry?
> > > > 
> > > > RIPE db was,is,and will be valid except cases when there are
> > > > technical
> > > > problems.
> > > > 
> > > > > c) What action RIPE NCC will do when and if the Russian
> > > > > national
> > > > > register will self isolate from RIPEdb, as they plan. Based on
> > > > > some of
> > > > > their sovereign bills, of course?
> > > > 
> > > > Nothing.
> > > > 
> > > > > 
> > > > > And finally, I didn't have this question before, but you said
> > > > > "They
> > > > > told us that their database will have the same data as the RIPE
> > > > > database and it's just for backup" and I want to ask - do you
> > > > > believe
> > > > > them? After the statements of the Russians "we are not going to
> > > > > attack
> > > > > anyone," can they still be trusted now?
> > > > > 
> > > > 
> > > > As I explained on top, they can do whatever they want with their
> > > > copy of
> > > > the db, we do not need to trust anyone else except IANA and RIRs.
> > > > I do not
> > > > understand your fear here.
> > > > 
> > > > > On Mon, Mar 21, 2022 at 5:48 PM Athina Fragkouli
> > > > > <afragkou at ripe.net> wrote:
> > > > > > 
> > > > > > Dear Serg, all,
> > > > > > 
> > > > > > I would like to give some background on this matter and
> > > > > > describe the RIPE NCC?s view.
> > > > > > 
> > > > > > We have been closely following legal developments with
> > > > > > respect to Russian Internet regulation and provided updates
> > > > > > in the past:
> > > > > > https://labs.ripe.net/author/maxim_burtikov/russia-regulatory-update/
> > > > > > 
> > > > > > The creation of a local database of all Internet resources
> > > > > > was part of the Russian Sovereign Internet Bill. According to
> > > > > > Russian government officials, this was an effort to establish
> > > > > > the security and resilience of a ?Russian segment of
> > > > > > Internet?.
> > > > > > 
> > > > > > In February 2021, the RIPE NCC had a discussion with the
> > > > > > organisation responsible for implementing the database to
> > > > > > learn about the technical details. They told us that their
> > > > > > database would have the same data as the RIPE Database and it
> > > > > > was only intended as a back-up. They also stated that the
> > > > > > RIPE Database would remain the primary source of data. Please
> > > > > > note that while we sought to understand the details, the RIPE
> > > > > > NCC did not contribute to this work in any way.
> > > > > > 
> > > > > > It is also worth noting that other governments in our service
> > > > > > region also maintain similar databases, whether as back-ups
> > > > > > or for other purposes. The RIPE NCC has always understood
> > > > > > that governments will want to ensure diligent administration
> > > > > > within their territories. We have sought to offer technical
> > > > > > knowledge so that these efforts do not have a negative impact
> > > > > > on Internet stability.
> > > > > > 
> > > > > > Our position on this matter has been firm:
> > > > > > 
> > > > > > The RIPE Database and the other RIR databases remain the
> > > > > > authoritative source to determine uniqueness of Internet
> > > > > > number resources. It is critical for Internet stability that
> > > > > > any databases maintained by governments are consistent with
> > > > > > the RIPE Database. Inconsistencies between these various
> > > > > > databases and the RIPE Database may have severe consequences
> > > > > > for the uniqueness of Internet number resources, which is
> > > > > > fundamental for the global Internet.
> > > > > > 
> > > > > > Having said that, it is true that regulatory developments
> > > > > > over the past decade include deliberate efforts to protect or
> > > > > > otherwise affect the local Internet infrastructure, and these
> > > > > > have the potential to impact our operations even as
> > > > > > unintended consequence or side effect.
> > > > > > 
> > > > > > This concern has been highlighted on multiple occasions at
> > > > > > RIPE Meetings and in the RIPE Labs article ?Caught in the
> > > > > > Middle: Regulatory Impact and our Mission as the RIPE
> > > > > > NCC?:https://labs.ripe.net/author/athina/caught-in-the-middle-regulatory-impact-and-our-mission-as-the-ripe-ncc/
> > > > > > In this article we explained that national or international
> > > > > > legislation has already started to interfere with our ability
> > > > > > to provide the same services to all RIPE NCC members on an
> > > > > > equal basis, and this has the potential to impact the
> > > > > > operation of the global Internet and might ultimately lead to
> > > > > > fragmentation of the Internet.
> > > > > > 
> > > > > > As we work to mitigate potential threats to our ability to
> > > > > > provide services to our members or to the operations of the
> > > > > > Internet, we will keep the following principles in mind:
> > > > > > 
> > > > > > ? The wider Internet governance system is essential to the
> > > > > > stability of the global Internet and should not be undermined
> > > > > > ? The RIPE Database, along with the equivalent databases of
> > > > > > the other RIRs, must remain the authoritative source to
> > > > > > determine uniqueness of Internet number resources
> > > > > > ? All networks must be able to access Internet resources and
> > > > > > related services on an equal basis, regardless of geography
> > > > > > 
> > > > > > We will share more information about this work with the
> > > > > > membership and the community in due course.
> > > > > > 
> > > > > > Kind Regards,
> > > > > > 
> > > > > > Athina Fragkouli
> > > > > > Chief Legal Officer
> > > > > > RIPE NCC
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > On 17 Mar 2022, at 23:10, Serg Galat <greysticky at gmail.com>
> > > > > > wrote:
> > > > > > 
> > > > > > Dear Athina,
> > > > > > 
> > > > > > Please take a look here.
> > > > > > In my opinion, no one fully understands how it can end for
> > > > > > the entire
> > > > > > community by implementing such a project.
> > > > > > 
> > > > > > On Wed, Mar 16, 2022 at 3:53 PM Serg Galat
> > > > > > <greysticky at gmail.com> wrote:
> > > > > > 
> > > > > > 
> > > > > > Dear Andrzej,
> > > > > > 
> > > > > > Looks like Russia created its own NIR. Against all policies,
> > > > > > as RIPE as global.
> > > > > > It was not clear whether this was discussed and agreed with
> > > > > > RIPE as RIR.
> > > > > > On scheme I saw a broken link to RIPEdb after release. What
> > > > > > will be
> > > > > > for all other members of all other RIR?
> > > > > > Will it be possible to consider RIPEdb records as valid? Or
> > > > > > will part
> > > > > > of the registry be compromised? What part? Or the entire
> > > > > > registry?
> > > > > > 
> > > > > > DNS and "The Great Russian Fire Wall" - these next questions,
> > > > > > but not
> > > > > > so critically important, to my mind.
> > > > > > 
> > > > > > On Wed, Mar 16, 2022 at 10:45 AM Andrzej ?awa
> > > > > > <andrzej.lawa at dawis-it.pl> wrote:
> > > > > > 
> > > > > > 
> > > > > > W dniu 15.03.2022 o 20:58, Serg Galat pisze:
> > > > > > 
> > > > > > Dear Andrzej,
> > > > > > 
> > > > > > I agree with you, but the question is - what's going on?
> > > > > > 
> > > > > > 
> > > > > > IP registry separation seems to be not true, however it looks
> > > > > > like they
> > > > > > will be separating their DNS systems, or at least enforce
> > > > > > (within
> > > > > > Russia) fake DNS entries for "undesirable" foreign domains. I
> > > > > > don't know
> > > > > > about IP blacklisting... but it seems their government will
> > > > > > try to
> > > > > > create something akin to the "Great Firewall of China".
> > > > > > 
> > > > > > And some big backbone operators are cutting off Russia from
> > > > > > their
> > > > > > infrastructure.
> > > > > > 
> > > > > > Usually very active Russian LIRs are unusually silent.
> > > > > > 
> > > > > > Well, there's this Russian (or maybe Soviet? I can't recall
> > > > > > if it
> > > > > > originated in pre-revolutionary Russia or later in Soviet
> > > > > > Union) saying:
> > > > > > "Tisze budiesz, dalsze jediesz". I suspect they don't want to
> > > > > > say
> > > > > > anything that might get them into trouble - especially since
> > > > > > even
> > > > > > admitting there's any war going on can land them in jail.
> > > > > > 
> > > > > > --
> > > > > > tel. 500 206 0268
> > > > > > DAWIS IT Sp. z o.o. z siedzib? w Pruszkowie
> > > > > > Adres: ul. Staszica 1, 05-800 Pruszk?w
> > > > > > KRS 0000319237 I NIP 5342409456 I REGON 141663620
> > > > > > 
> > > > > > _______________________________________________
> > > > > > members-discuss mailing list
> > > > > > members-discuss at ripe.net
> > > > > > https://mailman.ripe.net/
> > > > > > Unsubscribe:
> > > > > > https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.com
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > --
> > > > > > Sergey
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > --
> > > > > > Sergey
> > > > > > 
> > > > > > 
> > > > > 
> > > > > 
> > > > > --
> > > > > Sergey
> > > > > 
> > > > > _______________________________________________
> > > > > members-discuss mailing list
> > > > > members-discuss at ripe.net
> > > > > https://mailman.ripe.net/
> > > > > Unsubscribe:
> > > > > https://lists.ripe.net/mailman/options/members-discuss/ivaylo%40bglans.net
> > > > > 
> > > 
> > > 
> > > 
> > > --
> > > Sergey
> > > 
> > > _______________________________________________
> > > members-discuss mailing list
> > > members-discuss at ripe.net
> > > https://mailman.ripe.net/
> > > Unsubscribe:
> > > https://lists.ripe.net/mailman/options/members-discuss/nuclearcat%40nuclearcat.com
> > 
> > 
> >   _______________________________________________
> > members-discuss mailing list
> > members-discuss at ripe.net
> > https://mailman.ripe.net/
> > Unsubscribe:
> > https://lists.ripe.net/mailman/options/members-discuss/greysticky%40gmail.com
>