This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] objection to RIPE policy proposla 2016-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ruediger Volk
rv at NIC.DTAG.DE
Sun Jun 26 20:12:41 CEST 2016
Dear colleagues, I spoke up at the Copenhagen meeting objecting to proposal 2016-02. - the proposal is inappropriate for a RIPE policy - and at least not acceptable for passing - and most certainly so in it's current form. The proposed policy has two sentences. The second sentence looks somewhat appropriate for a policy (though the use of "should" seems strangely fuzzy - at least in the context of the use of "MUST" in the proposal which looks like trying to invoke RFC 2119). The first sentence "requests ... NCC implement functionality" actually implying - specification - design - implementation - deployment - and appropriate documentation (for various stages) of a security [related] system - apparently intended to be used globally as a kind of Internet standard. It would be fine to request the NCC to develope a technical proposal (spec, design, interface documentation) or contribute to work on such - and that's more an issue for activity plan and resource allocation and certainly NOT for a policy. Of course the questions of other contributors and venue for the technical work come to mind. Technically the proposal text is not that clear and complete; I understand incompleteness is intentional. So neither the proposal nor a potential future NCC design can be scrutinized as required for security functionality. But the proposal - as it stands - would imply commitment to deployment when asking for the development. That is not acceptable. I doubt that the RIPE PDP is adequate for doing serious technical specifications; referencing of fully developed specs for use in NCC services is fine in general (though specific cases warrant scrutiny). Thanks for your attention and consideration. Ruediger Volk
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]