This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Independent Resource procedure and implementation
- Previous message (by thread): [ncc-services-wg] Independent Resource procedure and implementation
- Next message (by thread): [ncc-services-wg] Independent Resource procedure and implementation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Suchy
danny at danysek.cz
Fri Sep 4 01:19:42 CEST 2009
Hi, On 09/03/2009 05:50 PM, Andrea Cima wrote: > To address your first and second points, the RIPE Database is a public > database. The aut-num objects that you mention are maintained by the > Local Internet Registry (LIR) or the End User and have been assigned by > the RIPE NCC over a number of years. This means that the information > contained in the RIPE Database might be outdated or inaccurate. Yes, this is public database, but updates are restricted to limited number of person in defined hiearchy. And you should have all logs related to these changes. Majority of changes _must_ be authorized by some known maintainer. You cannot have problem to obtain informations about last update time of any information from your database. So, you can easily focus to objects _not_ updated for several years... > However, as a consequence of this project, many LIR organisation name > changes have been initiated by RIPE NCC members and contact details have > been updated by many LIRs, including recently set-up ones. This > contributes to the improved quality of RIPE Database data. RIS data > would have to be compared with the RIPE Database information, > bringing us back to the points listed above. In general, changes of organization name, merging and transfers of LIR aren't simple operation. Manual intervetion is required from RIPE NCC staff to change these key informations about LIR. I this case - you say, that RIPE NCC staff isn't updating these informations in case of change? >From LIR perspective, in case of change there's requirement to provide similar informations to RIPE NCC staff, same as LIR provided at setup time. You're billing each LIR (at least) every year. So, you also have informations about existence of organisation, almost nobody will pay invoice to RIPE NCC behalf non-existing company. Again, it's just about pairing of informations in all of databases, that RIPE NCC has. It seems, that RIPE NCC is lazy to do this! Even, if all LIRs pay you (RIPE NCC) for this work. RIPE NCC has enough staff to do this. > The RIPE NCC is also working on a project to enhance the quality of its > registration data in order to help resolve similar cases in the future. > Creating a separate process for 'small' and 'larger' LIRs would not be > cost effective. Furthermore, the RIPE NCC is impartial and > neutral to all its members. In first place, there's need to improove work of RIPE NCC staff. As I mentioned above, you request many informations from LIRs, but it seems, that this is "one time" communication between LIR representative and RIPE NCC employe, but not reflecting your databases. > In the case you mention, where an LIR uses one AS Number for its > infrastructure, the LIR is requested to select "My Infrastructure" on > the interface provided. No further action is requested from them. I am > sorry to hear that you see this as an abuse. Yes, but this must be done in some tool, which is NOT integrated to LIR portal and which doesn't work with PKI authentication correctly. > To address your concerns related to the software, the current > implementation of "single sign on" enables you to log in once using: > > - Certificate AND password for certification *or* > - Just password (or both) for policy 2007-01 > > It does not currently allow login using only a certificate. Yes, I know my password and I tried to use it. But, I'm able update informations only for "primary" LIR, not for secondary ones assigned to same certificate (and yes, I'm able to update anything on LIR portal). That "new" software is just broken. And probably you wont accept this fact! > We believe that this is a good thing. The ability to sign in using just > 'certificate' degrades the security of the portal; users could generate > such certificates without pass-phrases and then anyone with access to > their computer could log in. I agree, but if I'm sucessfully authenticated, I should be able to update _ALL_ informations, where I'm responsible for them. Not only some of them. > Being an 'external user' and representing many LIRs results in having > to log in as 'primary' user for each of them. This was recognised during > the development of this project as a point for improvement. In the new > version of the LIR Portal, which we are currently working on, this will > be handled in a more user friendly way. Again, why there's new project, new authentication model and finally - more spent time and money for - from user perspective - very simple tool with one submit form. This functionality can be implemented to LIR portal. You can improove security of LIR portal in general, but there's no reason for develop outside - pure new - tools... > Unfortunately, we could not integrate completely with the LIR Portal in > the timeframe given to implement policy 2007-01. We decided not to make > further developments to the legacy code base of the current LIR Portal > because we already had plans to entirely rebuild the LIR Portal. You HAD enough time. First version of policy is more than two years old. And there was NO requirement for implement pure new authentication at all. It's just your obscurity from your side. From your words, it seems, that RIPE NCC software development processes should be _deeply_ inspected. Where's reported process of development of "new" LIR portal? Simple web form with few radio buttons and one submit button really doesn't require hard development. > We are currently working on the LIR Portal migration project. One of the > first milestones will be to make the integration between old and new > seamless for users. As mentioned above, RIPE NCC should report all these activities to RIPE members. Where're published these plans, roadmaps for migration, etc? Where's testing version running? RIPE NCC should NOT be a blackbox, it's membership-driven organisation. You should share ALL these informations with members. > With regards to the RIPE NCC audit you mention, I can ensure you that > this is just a coincidence. Public RIPE NCC auditing procedure isn't much desciptive, there's no real methodology of this process. Existing policy gives rights to RIPE NCC for doing almost anything, RIPE-423 is very vague. And there's not real requirement for some reporting from RIPE NCC. Older RIPE-170 was slightly better, but was changed by some reason to this new - shorter version. There aren't any publicly accessible reports of audit activities for several years. Process of audits isn't transparent to RIPE NCC members. Again, we're talking there about RIPE NCC transparency... Daniel
- Previous message (by thread): [ncc-services-wg] Independent Resource procedure and implementation
- Next message (by thread): [ncc-services-wg] Independent Resource procedure and implementation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]