RIPE NCC services
5 November, 2014, at 4 p.m.:
KURTIS LINDQVIST: I think we are going to start as we had a rather busy agenda, and we as, you know, have the AGM afterwards. Before we start, the usual reminder that if you are planning on attending the RIPE AGM and you haven't registered or picked up your little RIPE GM name badge, now is the time to do out by registration desk. The presentations in here are going to be part of the RIPE GM so some of the reports from here is considered part of the GMs, it's a good time to pay attention.
Once we are finished here we are going to try and do a transition from here into the GM which is going to be in the same room. The moment we are done here you are going to have to clear this room as quick as possible or double your fee for every minute you stand in here.
With that, lets start the NCC Services Working Group. I am Kurtis Lindqvist, I am one of the two co‑chairs. Together with Bijal. All together. Evan's favourite Working Group. We had to work on that by the next time.
So, the agenda for today, is very small print. First do the admin matters, welcome. The scribe is kindly provided by the RIPE NCC, which is Laura, today, thank you, Laura.
And the agenda is as proposed, that was sent out some days ago, weeks, even. Any additions to the agenda or can we go on with that? Right. Moving on. We also have to formally approve the minutes from RIPE 68 and I don't think there was any comments posted when they were sent to the list.
So unless anyone has any objections, we are going to approve the minutes from RIPE 68. Minutes approved.
So the agenda today will have Nick Hilliard first up talking about the only policy proposal we have in RIPE NCC right now, which is the publication on ‑‑ of sponsoring LIR for legacy resource holders. We will get a RIPE NCC outlook, and a new ‑‑ which I think is done by Axel, it doesn't say in my slide, but the NCC. Then we have the new activities proposal by Salam and Maria, who are members of the Executive Board of RIPE NCC. Then we get the operational update, the RIPE NCC academy presentation by Rumy and some insight into the RIPE NCC handling of recent security threats.
And last, we will just, like all the other Working Groups, discuss how we are going to appoint or reappoint or reconfirm the Chairs of the Working Group. But we will get to that later. And then we have open mic session and last we clear the room as quick as possible.
So, with that, I am going to hand over to Nick. I don't see Nick. Right. I am not Nick so I can't really do his slide. Then I suggest we go to the next point in the agenda, which I am sure that the technical staff is going to hate me for doing, as we are pressed on time, we are going to go to the next point on the agenda and we will do ‑‑ oh, Nick is there, he is coming, I saw someone waving at the back. All right. Just in time, Nick
NICK HILLIARD: Hello everybody. I am sorry for keeping you waiting. So, Nick Hilliard, and this is a publication or at least a proposal that we talked about at the last Working Group session in Warsaw, and since then we have actually made a proposal. So, the issue was that there was a proposal to handle legacy address space, and, at the same time, there was a separate proposal to publish the sponsoring LIR for independent ‑‑ provider independent resources, and the two proposals were going through at the same time and it didn't make a whole lot of sense to try and interrupt the flow of one or the other in order to get one to apply to the other. And we realised this while the two proposals were going through but decided not to fix it at the time, but now they are both gone, they are both through, and it's time to fix the policy.
So the policy is actually very simple. It adds a single term into the legacy resource document, which says: "Legacy resources are subject to the RIPE community policy publication of sponsoring LIR for independent resources." That is it, nothing else. It's very simple. It brings the policy, the legacy policy, in line fully with all other provider‑independent policies.
There has been lots of support in the Working Group, which is great. Nobody has objected. Plenty of time have said yes. More recently, the RIPE NCC has published an Impact Analysis about the proposal and their approach to it is there is going to be a low impact in terms of the NCC having to contact a whole bunch more legacy resource holders, but from every other point of view, it's pretty much plain sailing. So that is pretty much it. Nothing more to say about it. If anybody has any questions, I will be glad to take some.
KURTIS LINDQVIST: So this is open for discussion until 12th of November?
NICK HILLIARD: Yes. The current phase of the proposal ends on that date.
RUEDIGER VOLK: I am not objecting to moving forward on this. Nevertheless, I'd like to put on the record the complaint that policies that retroactively ‑‑ well, OK ‑‑ interfere with existing contractual relations between parties, is a bad idea and should be avoided or very carefully handled
NICK HILLIARD: OK. Thank you very much.
KURTIS LINDQVIST: As the microphones are empty, I guess that is it, then. Thank you, Nick.
NICK HILLIARD: Thank you very much.
KURTIS LINDQVIST: So, just a reminder, the Working Group Chairs really like you to reaffirm support on the mailing list so although you might have given support in previous stages, please do so again because it makes our life much easier. Next is the agenda item presented by Axel.
AXEL PAWLIK: Good afternoon, everybody. Nice to see so many of you. I am the Managing Director of the RIPE NCC, and at this point I am not only giving you the RIPE NCC outlook; I am also giving you the RIPE NCC update, and I think this is really what this is about, and of course also I talk about our plans for the coming year.
So, shock and horror, it's to the right and it's very much up. We have, since we were here one year ago, not here but at the RIPE meeting a year ago, we have had more than 1,300 new member applications and members coming in. So, this is looking very nice. And as I always say at this stage, we are treating this very carefully to keep aware of trends there and to be at the ready in case that should flatten a bit, but it doesn't look like it yet.
So, what have we been doing over the course of this year? You might remember, if you were around in 2013, that we did a survey in the community to give us feedback on what you think about anything, really, that we are doing that we shouldn't be doing that we are not yet doing or we should stop doing, possibly. We reported on that and basically, nearly 50 key items we picked out and reported to you and this is what we want to work on.
The full report was out in September this year, see the URL. The main thing is that the registry remains our main focus, our core business there, although of course we are doing quite a lot of other things there as well. But the registry is the main thing, and we have asked you at some point, a year, two years ago, for a little bit of extra money to put into ripping out the old guts of the system and to replace it with more up‑to‑date software. We have done that and that actually worked quite well, you will see that in the numbers as well in terms of efficiency. Other improvements throughout the organisation, efficiency is one, and still of course, from the nearly 50 points there are quite a number that we are still working on.
So what we have done so far this year is improvements on the LIR Portal, that is something that our members regularly scratch their heads about, if they don't quite like it, so we are improving that all the time in various ways. We also said that we wanted to work ‑‑ continue to work on establishing more of a presence in ‑‑ within the regions, beyond Dubai and Moscow where we now have staff, but also into the smaller pockets where we haven't been going with the RIPE meeting or as RIPE NCC staff before. So this year we have been in Bulgaria and Kazakhstan and Azerbaijan and we are amazed by the amount of attention that we get and the amount of support and happiness by our members from those regions when they see us in the flesh. That is always nice. And in about ten days, a couple of us are going off to Tehran, finally, in this month, to meet our members there; it's a big country with many members in there, so we are looking forward to that, of course, as well.
So, we have talked about getting the academic community a little bit closer to RIPE. I think if you follow the presentations the last two days and today, you will see that that is actually working, we are getting students in to participate and we get quite a nice set of presentations from that.
Always when we ask you, one of your focal points is on language and we should try to broaden beyond pure English. And we are doing that. Among the staff we have in Amsterdam we have quite a spread in languages and over the last years, I'm saying, we have started to more informally make use of the language skills that we have in the house. Also, and that is something more permanent, we are looking ‑‑ oh, you see probably some of the documentations and some of the communications on the mailing list, especially on the regional mailing list being done in more languages than English.
Electronic invoicing in terms of finances, we have to do this. This has been done since January of this year. And since we are getting occasional complaints, some but regularly, when we close down some of our members due to non‑payment, because invoices get lost and somebody moved offices and maybe they haven't seen the invoice, we are making ‑‑ we are taking extra care now that we get somebody on the horn and tell them this is about to happen, this is something that you are aware of, is this intentional or do you want to quickly pay. Many people just pay then, it's good.
Website developments. Yes, the website is big and it caters towards quite a number of different, lets say, stakeholder groups, many different people, not only our members but the RIPE community, but towards governments and law enforcement and the general public. It is sometimes a little bit complicated to find stuff; we have started to work on that and we will continue this and a restructure of what goes where and how it is presented will go live in the first quarter of next year.
Registration to the general meeting, we have occasionally heard is a little bit cumbersome and too many hoops to jump through and can't we make this easier and we have done that. And we also see that that has some effect in getting more registrations in and more participation, which is of course exactly what we want to do. Customer support, we are not only on e‑mail; we do occasionally take phone calls now and we have live chat facilities and we have done quite a number of chats, on average maybe maybe 150 per month, and also there we are using the variety of languages that we do speak in‑house.
So we think we are delivering a better experience for you and of course we are always eager to hear whether you see that as well. The RIPE database newly written documentation is out there. We have worked on resiliency, as we do in many of our services security to certificate authentication has been deployed as we have just heard about an hour ago, about Atlas, we are working on this continuously in terms of presentation and in terms of the technology and the line out there. The number of probes is nicely rising, more than the 7,000 we have, we have 80 anchors out there, that is really becoming a success story and becoming very visible.
Legacy resource holders, yes, we have worked on the policies and now we have implemented the policy and we are now working away busily at those things. So that is basically the high level update on what we have been busying ourselves with over the last couple of months.
Of course, another thing that came up, and you will hear more about that tomorrow in the Cooperation Working Group as well, is the proposal or the offer by the US Government to let go of IANA stewardship oversight. This is something all the customers, in a way, of IANA have to do together and there are quite a number of issues around that, and just let me say, first, that there is the issue of general ICANN as the IANA operator at this time, of ICANN accountability them but those are bigger issues than just our IANA oversight, so we are taking care and the community is taking care to take this general issue of ICANN accountability as sort of arm's length distance and we focus at this time at ‑‑ on the IANA stewardship thing itself, and now the general ICANN accountability can be looked on over a longer term there.
So, of course the idea is that the ICANN customer communities come up with a joint proposal on what to do and how to do it, so we expect something will be ready early next year and then when it is of ‑‑ put through the mill, you will hear about the details there. Of course, we are there and ready to implement it.
From our point of view, not that much has to change, we are fairly happy with IANA services, we think we are fully accountable to our members and our community, so it could all be relatively simple for the numbers part.
So, of course, this is something that like I said, we are accountable to you, we keep you all in the loop quite closely and you have seen that starting, earlier this May, we have communicated about this, we have talked about this in Warsaw already.
Now, like I said, we have to come up with a joint proposal. That is not only true for the over all IANA community but also just for the RIRs. We are five regional communities and all of us are talking to our communities in the regions and we are expecting that similar proposals came out of the regions, but somehow we have to put them together and that is what the last bullet here is, the CRISP team consolidated RIR/IANA stewardship proposal team, basically that is a set of maybe 15 people, want RIR staff to do the work of the writing and consolidating the various proposals but also steering the whole thing to members of the wider community.
So, we are preparing to submit that. It needs to be ready to go into ICG, the coordinating committee, on 15th of January. We are optimistic that we are going to be able to do that.
Of course, in parallel, and like I said there are other things playing into this as well in general, ICANN fashion. We are continuing to talk to the other stakeholders within the ICANN world there. Also, not only to you here but also to other people all over the place, to governments and other stakeholders there, it's important that we do this, that we come up with the right proposal and of course we will talk much more about this tomorrow morning in the Cooperation Working Group.
So, looking into next year, like I said, coming from the survey, we have done quite a bit of work but there is still more things that are open. Again, the main focal points for next year, and of course you already draft activity plan and the craft budget so you know all this, probably, already, then you can continue to do your e‑mail.
The main focal points for us for next year is maintaining a strong and correct registry that is the most important thing. Continue outreach, and external relations to other stakeholder groups but also to our own community in the various parts of our service region.
More efficiency consolidating and improving the current service offering so no big new service offerings but making everything a bit nicer and better than we have in place right now.
Efficiency, internal processes, we can continue to work on that and we will.
So, operational statistics, yes, we are still sitting on this big heap of data and it's not getting any less, so we have renewed our focus on that and we will work on this across all of the RIPE NCC, all departments and we will all contribute to this.
And again, it's important that we know what you want from us on this, but also, again, we are looking to defend your interests also in providing good and interesting statistics to the governments of the world and others.
Local communities, like I said, with this width of community and service region, it is important that we put some attention at that as well for people that are not regularly coming here. We have had great successes in, for instance, going to Russia, many, many years ago, and bringing the neutrality of the RIPE NCC to Moscow and other places, of course, as well, for the local operators community to meet on neutral ground and talk to each other. That has worked so well, not only in Moscow, but also in the Middle East and we are now doing this on a slightly smaller scale also in the other countries that I already mentioned and for the next year we will continue these things, of course, with MENOG and NENOG so we go to Dubai and Russia to Ukraine, but also Georgia, Serbia, Armenia, places we haven't been so often before.
Impartial service delivery. RIPE NCC is a neutral place, it serves all its members and all of its community in the same impartial way. That shouldn't come as a surprise. However, we have had some questions here and there over the last couple of months so our Board has resolved to a statement and you have seen that coming out in the mailing list and on the website as well, basically restating, refreshing that commitment that this is what we do. The convenience of our members, the ability of our members to do business with us is the highest priority and that is what we have in mind when we look at our procedures and the like.
And of course, RIPE NCC staff are neutral as well in delivering services.
Good. Other stuff that we intend to continue to do or do anew, security reviews of the database and the Atlas system. We are looking at improving or documenting and then possibly also improving the reachability of the K‑root server nodes and of course we will feed that back to you and get your input from that as well, what is really needed and wanted. New in‑house ticketing system again that goes into efficiency across departments that will be a bit of a challenge internally but also quite needed now.
I mentioned the website. Some ‑‑ again, some improvements in the way you are dealing with us in terms of Reverse‑DNS and route object creation and we actually hear on‑line payment doesn't work for me or doesn't work as well as it should be, so we are looking to improve there.
Some financials, of course the more interesting or most of the financials we will see in an hour or two in the general meeting, but this is just for general consumption here, membership fee goes down for next year ‑‑ ‑ you knew that already since May. We see more than 10% in increase of members. I give out order to the organisation for the planning for next year that I want to stay on budget, on 2014 budget, also throughout next year and I want to stay roughly on the same staffing levels. So, we managed to pull this off in the planning. The proof is in the pudding, we will see over the course of next year how we do this, but I am quite confident that we will pull that off, which of course would be great.
Like I said, more financials in the general meeting. And that basically is the update and the outlook for now. If you have any questions, I'm happy to answer them. Thank you.
KURTIS LINDQVIST: Any questions for Axel on the outlook? You of course ‑‑ you also published the follow‑up to this survey, and what you had achieved and haven't achieved a few days ago.
AXEL PAWLIK: Yes.
KURTIS LINDQVIST: Maybe a week ago. OK, thank you, Axel.
So, next up on agenda is then Salam and Maria from the RIPE NCC Executive Board with some of the future ideas.
SALAM YAMOUT: Thank you good morning, good evening. Thank you, Kurtis, for allowing Maria and I to present some of our ideas, and let me emphasise that these are thoughts in process that we wanted to share with you. So what does it mean working for the good of the Internet? We think that RIPE NCC should continue working for the good of the Internet. Why? Because first, it has a tradition doing so. And secondly, because as a not‑for‑profit community and organisation, it has a responsibility towards the community.
So, Maria and I thought of many ideas, a lot of the things you are already doing as RIPE NCC, and we just organise them into two big buckets. The first bucket is innovation in the broader sense of the term, I will explain; and digital inclusion, I will also explain.
Innovation. Why is innovation important? Well, two reasons: First, it is important because it's the next technology that is going to affect the networks we are operating. So we need to keep an eye on the future. And by innovation here I mean we are very keen on thinking of not any technology is a good innovation technology, but only the one that does not crosscut with the interests and the businesses of our members.
For example, RACI is a programme also going on by RIPE NCC. However, we think that it should be kind of beefed up and more structured, the academic people are an important part of our community, and RACI, I believe, and we believe, is a bit too shy; it needs to be more structured and to giving more tangible outcome ‑‑ output.
There is a new idea floating around and it's the Seed Alliance that was established in 2010, already three other RIRs, they do innovation grants and awards for innovative ideas in their community. The interesting part is that these initiatives in the three RIRs are 50% funded by the RIR and 50% by the Swedish International Development Agency, so this is an opportunity for us to think about.
We also could be thinking of funding new innovative research projects, for example the CripTech project that you have heard about. Randy Bush will be giving update on it in the Cooperation Working Group tomorrow.
The second bucket is the promotion of the digital inclusion and this is something that is very dear to my heart because I come from one of the many or on the way to development regions of the RIPE region. As, you know, RIPE is uneven in terms of development. However, like we all dream to have one Internet to keep on having one Internet and we should have also one RIPE community, and that RIPE community should answer the needs of the different sub‑regions, because we all pay the same membership fee, then in theory we should all have access to the same resources or needs.
In this bucket, we think of two main programmes, the first one is train the trainer, and here, the idea is to build local capacities from the ground up and have the content or the curriculum available to the community in a language they understand and in format they understand and culture they understand.
We also need to be supporting national and regional fora. This is something we already are doing, but the mailing list is a great thing, but believe me, I have been around you guys for a while and until now, mailing lists is not part of my culture, so we need to start the discussion going face‑to‑face. We need to establish that trust relationship between this RIPE community and the rest of the community that does not necessarily show up all the time. In these meetings I speak only in English, and they're very far away from where the other people live. But if we can start this coming, we can establish trust relationship with all communities and this way, they turn to us and they stay with us as we grow the Internet together and not into different kinds of Internet or they go to somebody else who can give them maybe other ideas.
What is next, I will let Maria talk about this.
MARIA HAUL: Thank you very much, Salam. So, how would you do this? As Salam said, these are ideas we have been discussing, so hopefully we can have a fruitful discussion here in the room. And a proposal from us is actually to have interaction also on the mailing list, NCC services mailing list here. That is a proposal but of course, if you have any other idea how to move forward with these ideas and also as Salam said, many of these actually activities are really already happening but some of them could be boosted up and here it would be very nice to have your comments or your ideas about that one. There might be stuff that you missed or lacked, so please, come forward and give us even more ideas. So this is a proposal that we say that we could have the interaction now in the room, of course, hopefully we can have a fruitful discussion with you guys. But of course on the mailing list will be brought up in the service Working Group in May. That is one proposal how to deal with these things.
When we come closer together with all of you about what actually could be done together, which of these ideas or activities could be boosted up one or the other or even some of the new ideas that we have, of course when we come closer to finalising these in more concrete way further on in the process, of course we need to have goals and time lines and all these kind of things. But that is too early to talk about this now, we want to open the floor for all of you to come with comments on what Salam has presented for you right now. So I think I would like to open the floor for discussions here. Thank you.
KURTIS LINDQVIST: Thank you. So, this is your chance to give feedback on, well, lets call it the buckets, that was presented. Those of you have been around for a while know that RIPE NCC Services Working Group started with this in mind, partly this in mind, to give feedback on activities of the RIPE NCC on how they should do the activities for their members and for the community at large. This is why this is a Working Group and not part of the AGM because this is for services for community and not for the paying members.
WILFRIED WOEBER: Wilfried Woeber from Vienna University and Yack net and one of those guys who have been teaching IT technology for a couple of years. While you were presenting your ideas I had this strange idea, is there any possibility to combine the support ideas with the RACI ideas? Because at the moment my feeling is that the RACI initiative is attracting lots of interesting things, but it is not necessarily stuff which is easily used or integrated into the operational real life environment. So I am wondering whether we could have sort of a chat maybe off‑line trying to find out whether there is an advantage to entice people by a grant, by a support, by suggesting topics to this environment and try to align it with what the real needs are. Thank you.
SALAM YAMOUT: Thank you very much. You are right on, because it's the pipeline, right, so from concept to execution, yes.
KURTIS LINDQVIST: I am disappointed at the attendance microphones because at some point we are going to have to make a conclusion. Is this silent of consent or ‑‑
SALAM YAMOUT: Yes, it's consent.
KURTIS LINDQVIST: At the end of the day, if you remember from the last NCC Services Working Group, there was this discussion that the NCC shouldn't do things that they haven't got a mandate for. Do we think it's a mandate or not, because you are all sitting silently.
ALEXANDER: So, I want to express ‑‑ it's very good that you both was elected into Board half a year ago because, as we see, a lot of creative and new and good and developing ideas was presented. As far as I remember, it was very difficult to get activity plan for the next year, at general meeting now you are trying to develop activity plan two years in advance. It's a good ‑‑ it's really great that what you are doing as Board members with our community and I think that everyone ‑‑ no one here at mics because everyone supports you.
SALAM YAMOUT: Thank you.
KURTIS LINDQVIST: Thank you, well, given the applause I assume we can think that is the support, then. Thank you for presenting and you will post this to the mailing list, the details as well. So again, please send comments on the mailing list and keep discussions on the actual proposals going as well and how to make them concrete and ‑‑ how to realise them because that will give feedback to the NCC board as well and it will later help us as Working Group Chairs to gather some sort of consensus or what you actually think.
And now I have to have a quick peak on who is next on the agenda. It's NCC operational staff updates.
ANDREW DE LA HAYE: Good afternoon. My name is Andrew de la Haye. I am the Chief Operating Officer of the RIPE NCC. And I will go into a bit more depth from where Axel left this presentation, on an operational side of things.
So first, I will give an update on some operational statistics, how are we doing, how much v4 are we hanged out and v6 space and such, and after that I will give a bit of update on where we see member requests coming in, requests for feedback and what kind of actions we are taking as a team.
So allocations from the last /8. This is an interesting slide, this shows the amount of addresses we hand out. So far we handed out 4,719 /22, at least that was yesterday, from the last /8. And that is the bar chart. If you look at the chart behind, it shows the amount of address space we have still left and as you can see, the amount of addresses we have left in the free pool is growing slightly.
One of the things I do like to note as well in this forum is something we discussed in the Address Policy Working Group this morning, which is that we see an increase in /22s going to a single organisation. So basically opening up multiple LIRs and transferring those. The Address Policy Working Group was informed about it and there was a lively discussion and the Address Policy Working Group or members of that Working Group, are going to take action and write a policy around this specific topic.
This is a slide showing the IPv6 allocation trends. Now, it's a sharp growth after v4 run out of course, first of all the IANA run out, after that we see the IP‑NIC run out and the run out of RIPE NCC. So far we allocated a bit more than 8,000 v6 blocks and about half of them are being routed, and that is actually quite nice to note, as I remember two years ago we were at five or six percent of those being routed.
If we look at IPv6 PI assignments, which is actually even more interesting to see, is that there is also a growing trend there. We hand out between 30 and 50 assignments per month, which is a good stage. And this is also something people really have to request for. So if we go back to the former slide where a v6 allocation is basically tied to getting your last /22, this one is really a request from an end user wanting to deploy v6. Now, it's about 1,700 assignments made and 1,000 or a few more than 1,000 are being routed so far.
ASN assignments. Steady pace. Interesting, this is an interesting graph in the middle we see May 2013, up to September 2013, where we were not able to hand out 32‑bit AS numbers. That was due to the global policy that is in place. We were not legible for receiving 32 AS numbers at that stage. And we run out of them. So that is why there is a bit of a a dip there. What I do like to note is that if you look at from September 2013 onwards, we hand out more 32‑bit AS numbers than 16‑bit and that trend continues, which is a good thing.
So how does that reflect in operational team statistics. This is from my full operations team, some ticket volumes, it shows member support, resource request and such. And here we can see that there is still a stable amount of tickets flowing into the RIPE NCC, even though we see quite an increase of new members coming in. Now, we see a bit of a shift from working on resource requests specifically towards member support related items, and those are LIR help tickets, billing tickets, NCC new LIR tickets and those kind of questions. So what we are doing internally is shifting resources from the areas where we see a bit of decrease, into areas where we see an increase.
Overall, we are happy to say that we have seen a decrease in staff levels in this whole area even though we see an increase in membership.
Last thing I'd like to note is that many of these tickets are becoming more and more complex, which require additional attention by my team as well. You can imagine the transfers, mergers and acquisitions, hijackings are taking time to resolve and dig into. And that is a sidenote to this graph as well.
2007‑01 ‑‑ I don't want to bore you to do with this. This is the final update. We are there. At least, we finally found out the context of the last 1,800 resources, where I have to say a bunch of those we found context for and another amount we said OK, we did our due diligence, we did reasonable attempts to find out who the holders of the resources are. There are no contact details and nothing to find on the Internet, so we are going to move them into a pool. And for the others we have been contacting them, and the last update, as I said, we are done with this project so far.
The resources that do go into quarantine will be resources that will be handed out latest if we look at what happens to the last /8 pool.
Something that came out of 2007‑01 is the maintenance and that is actually quite a ticket load on what we see per month, we see about 200 tickets. Those tickets on contractual changes and lots of PI holders were independent resource holders that moved from one LIR to another. It's quite interesting to see it's something we didn't have before this, people do come to the NCC and we keep on being in contact with these people, so that the resources and the database is current and up‑to‑date.
IPv4 allocation transfers and mergers and acquisitions. The top graph shows the transfers of IPv4 allocations, so far including October, we had about 703 transfers and in general that means we see 60 to 100 resource transfers for v4 per month. It's about a /9 in size if you add it all up.
Tickets are quite complex. In many cases the processes and the procedures and policies are quite complex, and one of the aims, which we will show later, is to make those processes more, well, easier for the members specifically and also for us, to make sure that we become more efficient. It is difficult to find the right balance between doing good due diligence and meeting the membership needs.
Resource registration hijackings. I gave a short update last RIPE meeting on this and I also explained that I would go and give November update today. Well, we increased effectiveness of the RIPE NCC processes meaning we reviewed due diligence processes, improved maintainer re‑set process which we have internally and we are educating resource holders how they can protect their resources. And that is what we do through training, direct contact between registration services and the members, customer services and the members and throughout our ARK process which I will go into later. The total number of investigations so far, we have 106 cases ongoing and these are really, really cumbersome to go through. We have to deal with falsified information and ‑‑ it's quite some work and it has special skill set which it needs from the RFPIs going through these. We finalised 127 cases so far, from which 86 were resolved basically in a deregistration of the resources and 41 we referred it either to the correct registration or we pre‑empted a hijack even in a few cases. The 86 cases that resulted in deregistration are all in the area of 2007‑01, so it's all PI space related.
Now, we are getting a lot of feedback from all of you through the membership survey but also through surveys we have during our processes. And I'd like to share some of the actions we have taken. The first one, this is one has been on the list for a while and I have shown this as well a couple of times at RIPE meetings, the assisted registry check or ARC. One of the items that came up was in the membership survey, key responsibilities is to maintain the accuracy and quality of the RIPE registry. We had a cumbersome audit process in the past and we have revamped it where the aim is to have a periodic contact moment with you, and that is probably once every three years, as we look at it now. And one of the other aims was reducing the workload on the LIR side. In addition, we wanted to give you additional value of the audits we are doing, an outside in‑ view of how we look at you. So there is three areas: Registry consistency, legal address, names and those kind of things, resource consistencies, the last is route and rDNS consistency. We did a pilot with 50 LIRs in the summer period, and we got feedback from them, and after that a a month ago or so, six weeks ago, we started with the ARC initiative. So far we completed 190 ARC reviews and we see different items coming back. We measure it and we will also expose that information to you on our website to show what kind of items we are experiencing and see, and to give you a bit of an idea. In 35% of the cases of the 190, so that is one of every three, we have to help LIRs with updating their contact details. And we do, that is a mandatory part of the registry, so that is where we support them and explain them how to go through those processes themselves. It helps finding the right billing people during billing periods and all of that.
In addition, we also give an overview of prefix route inconsistency and rDNS; it's not mandatory, but we did help in 10% of the cases in route inconsistency and in 34% or so we helped organisations getting their rDNS straightened out. All of that we do with help of RIPE stats and RIPE Atlas, so those tools we also help people point so they will be able to use those tools themselves as well.
A big area was membership and getting reresources. The processes seemed to be cumbersome, confusing, especially in the area of transfers. So we started a couple of projects over the last month to focus on this. One of them is the resource request forms. We changed the resource request form, additional allocations and such. The information has been pre‑filled now, so the maintainer information and contact details, you don't have to put it in yourself any more. There is advanced options for experienced users, there is an API available and here I would like to focus on, we did get some feedback from the community, where they asked for an API to test against the new forms, and the API is available since six or seven weeks and up to now nobody tested it. That is one of the things we created this API and made sure it is there for you to test your operational tools against. So please give us feedback if you want.
New LIR processes. One of the cumbersome processes was the LIR process. In general it took about 30 days to go through that, sending e‑mails up and down. We changed that, or we are about to change in Q1 it should be finally ready. All relevant information is requested upfront so you don't get questions throughout the process, which will make life for you as a member or new member, way easier. RIPE database objects will be created for the member. One of the most ‑‑ the most frequently asked questions is how do I do this and how does it work? We help them to pre‑fill it, which can be changed if you have a bit more experience. And applicants will be able to check the status of the application themselves.
The resource transfer process also Q1/Q 2 next year. Reducing the number of transcript types. Currently we have five and reducing them to two. We simplify the process through a wizard. We will reduce the paperwork which we have to send up and down between LIRs and the main thing is to make it easier for you to be able to maintain the quality of the registry because that is why we are doing this.
Maintainer re‑set functionality, that is something we worked on as well. 25% of the questions on RIPE database support were around the maintainer re‑set functionality. And they were basically handled by manual process which we had in place in customers services. We automate that which makes it easier for you to go through the process. There is more security because we are using SSO authentication. Process is simplified through a wizard and less paperwork. Tim will going into a bit more detail tomorrow in the database Working Group on this specific matter.
Now, lots of software improvements we have been working on as well in this area. I just want to focus on the point where we create APIs and set software forward for you to test. For example, in the database Working Group there was a request for a release candidate environment, something people can test against before the new release would go live. I would urge you to use those kind of systems as much as you can to prevent any mishaps.
And finally, Axel also touched upon about this: We want easier ways to contact the RIPE NCC. Well, we implemented live chat for registration and customers services for now and we had about 150 chats and it's a growing trend. People really like it. You can give a star rating afterwards so we can dig into what people like and don't and take that forward to make sure that we align with your needs as members.
And those are the numbers of the operational update.
KURTIS LINDQVIST: Thank you. Any questions on the operational update?
BRIAN NISBET: HEAnet. I don't want to speak on his behalf, but I can't see him walking up, in anti‑abuse earlier today Elvis was raising the issue of hijackings during address transfers when all the information was removed from the database before the new stuff went in. So I kind of just wanted to say, are you aware of that and I was kind ‑‑ I was in anti‑abuse, I wasn't sure whether it was going to require a policy or something to do that or if there was some other way that could be looked at to handle that.
ANDREW DE LA HAYE: That is a very good point. Thank you, Brian. I think one of the main items here is awareness, get in touch with organisations that want transfer resources. First of all, I think the parties helping those people that are transferring resources should be able to explain that to those parties as well, that that might cause some issues. We certainly will also inform people about the risks of those periods that the ‑‑ the period between the transfer.
KURTIS LINDQVIST: A follow‑on question: Is this something that the NCC going to publish guidelines on or do you expect the community to do ‑‑ will the NCC publish some guidelines or recommendations to the workers or transferring parties on how to avoid this on generalised rule?
ANDREW DE LA HAYE: I think that would be a good idea to publish guidelines and practices on that matter.
ELVIS: Just because my question raised this. What we have done is we have advised our customers not to stop the announcements until either the ‑‑ asks for it, basically just not to stop the BGP announcements during the transfer period until the transfer is almost complete. So I suppose, yeah, it's not really a lot that can be done except maybe setting up RPKI to get some notifications about it and just keep on ‑‑ because technically anyone can go ahead and just hijack and announce any kind of address space.
KURTIS LINDQVIST: The hijack can be done either without the transfer.
AUDIENCE SPEAKER: Exactly. This time the hijack happened because they saw sold blocks ‑‑ saw blocks in the RIPE transfer list so they hijack basically the remaining address plus the transferred address from the same block and that was also because in that period of time during the transfer, none of the parties were using address space until things moved and everything got completed. That was it.
KURTIS LINDQVIST: OK. Any other questions? No. All right. Thank you then.
Next up is Rumy.
RUMY KANIS: My voice is leaving me already so I hope I will manage to get it all out before the end. I am the manager of the Training Services Department at the RIPE NCC. And I am here to give you some news on some recent developments within the department. So first, a little overview on what we currently do. A lot of you know we do training courses throughout our service region, so Europe, Middle East, Central Asia. We travel a lot. We cover or try to cover most of the countries, with a variety of face‑to‑face training courses which last from one day or two days or sometimes three days. Those are regular training courses. Apart from that we also do presentations and tutorials that we tailormake upon request. Some examples of this are LEAs or governmental agencies who ask us to provide a special training for their staff or a special training on a specific topic, either at their premises or adjacent to a conference or an event. And then for our members who are not able to come to our face‑to‑face training courses, either because they don't have the time to be away from their office for a full day or don't have the resources to travel, we also provide weekly webinars on different topics. These are one‑hour interactive sessions where people ‑‑ on specific topics where people can interact with trainers and get a quick refresher or quite introduction on a certain topic. We introduces these about two years ago and very popular. We have an e‑learning centre, it's not really a centre, just a web page on which we publish videos and instructional guides that help people through their processes.
So, just to give you an idea on how many training courses we do a year, this is a map of last year, 2013, and all the countries we have been to. As you can see, that is quite a big spread, 115 training courses. This excludes the tutorials and additional activities that we did like the road shows or LEA training courses so this is really our regular weekly training courses. We have six currently in our portfolio, so we go around.
As Andrew mentioned, we value feedback from our community very much, so we look at feedback that we receive, not just membership survey but also after each training course we have a survey and once a year we survey our attendees again to see how our courses were, if our courses were effective to their business. And here is just an overview of the main ‑‑ most of the feedback we have been receiving. The main thing we hear is people want us to come more often. We can't do much more than this, to be honest, I think 115 training courses, we're spreading our resources pretty thin ‑‑ the partners in our team don't really like me very much. They ask for more hands‑on training courses, we have already catered to that, this year we launch advanced IPv6 training course, which is two days, in addition to our basic IPv6 training course which is one day. And we are keep developing that, we have on‑line resources and a lab that we travel with that allow people to have some hands‑on during training courses.
We also received a lot of requests in the membership survey to provide more on‑line resources, more technical guides, more how‑tos, more courses, maybe even have the courses that we do face‑to‑face on‑line. At the same time, people do mention that they do not want to replace our face‑to‑face training courses with the on‑line training courses, and actually this goes both ways. Our members really appreciate seeing us, they like seeing that we are actually humans, that we are friendly, we interact with them, our training courses are very interactive with long breaks, we make sure our members have sometime to talk to us, maybe talk about some of the tickets we have and having that face‑to‑face and that direct contact with them is very important to them and also very important to us because it's a fantastic opportunity to gather feedback about some of the services and tools that we do and make sure that we can make your lives a little bit easier by adapting our tools and our services to feedback we receive during training courses. So by no means we would want to diminish that or change that, we value this direct interaction with our membership.
Another point that we hear a lot about during training courses and in the feedback forums is certificates. At the moment, we provide a certificate of attendance which is basically a sign‑off sheet that you have been here, but this does not prove that people have acquired knowledge. To be able to prove that people have acquired knowledge you would have to a run a test at the end of a course. We don't really have the time for that so at this moment we don't provide certificates proving people's knowledge, basically.
And finally, the webinars are very popular. So, we have been looking at all this feedback and evaluating it. And one of our problems or our main limitations is well, we may have had had a delay here, we don't have a time travel machine unfortunately. If the girls could make one for us that would be awesome. We are limited in the number of locations we can visit either because we don't have the resources, or because of travel security limitations. There is countries in a region that we cannot go to. And we limit our training courses to 20 participants because we value this interaction with them. It means very often people end up on waiting list, they can't make it to our course. And finally, as I mentioned before, we have no time to test knowledge at the end of a training course. Because we prefer to chat with the attendees, help them with ongoing tickets, with specific questions they may have. We don't want to use that precious time by running test and testing their knowledge.
So looking at all these limitations, we are looking at the feedback and thinking what can we do to make our members happy.
Just a little movie.
So, the RIPE NCC academy. What is it? Well, the RIPE NCC academy is ‑‑ we have worked probably about a bit over a year on this project, first trying to see what we want to do and how we want to do it and we came up with an idea of introducing an interactive platform that would allow people to follow courses on‑line and share best current practices with each other and have the courses we do face‑to‑face available on‑line. We want to make sure that people can learn in their own time, either from the office or from home mwhen they have an hour free and not spend a full day doing a training course; and finally, certify knowledge, as I mentioned before.
So, initially, the first course we are going to launch on this platform is the RIPE database course. We receive a lot of feedback and we see in our courses that the database, unfortunately, is still something our members struggle with a lot, it's quite complicated. As Andrew mentioned before, keeping the registry up‑to‑date and having high quality information is important, so our first course we are going to launch is the database course.
I have a little ‑‑ actually before I go into that, one of the things we did is also study educational models and I won't bore you too much with the didactical details in how we went about it, but before we started working on we built a model helping us what framework we want to follow in teaching our members. And actually, it got recognised as being one of the best practices in e‑learning by the e‑Solve project, which is project funded by the EU. Anyway, the course.
I have a little demo for you which is what the platform looks like. There it is. So this is the home page of the platform. We have made sure that you can introduce ‑‑ you can login with the single sign‑on account. There is several modules within the database course. And each module consists of a sub‑module and each has several resources, learning resources in there, which end by some activities which test people's knowledge. Now, the activities that we have or the resources we are are different types, we have screenshots, interactive diagrams, clickable diagrams that you can see here, learning videos, learning resources, quizzes and, at the end, as I said, there are activities. Now, people can actually skip all the resources if they feel confident and go straight to the activities and do all the activities to see if they can obtain a certificate. The advantage of this is that, for example, people who come to our face‑to‑face courses, they can skip all the content and do the test straight away on‑line and obtain the certificate. So here you can see I obtained a ten out of ten and I get the certificate. I may have tweaked my staff to get it for me because I didn't do the course yet you can spend as much time on it as you want. If you have all the knowledge and you just want to do the activities you can go straight to the activities or people who have attended our courses already can skip all the modules and resources, and go straight to the activities or you can spend a lot of time looking at all the resources going through the diagrams.
Future vision. Now, it's just a database course, it took us quite some time to create it, not just because the database course itself was complicated, we had that knowledge already and we had the course already; most times was really getting the platform ready, getting it to work together with our SSO and getting it available for everybody. Which I would like to mention, by the way, our members from other RIRs or members from our community who are not RIPE NCC members, can also follow courses. I think we made this decision because, for example, the database is something that is not just used by our members and we value the importance of the quality of the registry. But also, in the future, we would like to be able to offer modules to other stakeholders; a good example is Europol in the Hague, they have already approached us, they would love to see a course tailormade for them which we could use for others. Other ideas we have is working with universities providing on‑line courses for engineering students on specific topics which would save us a lot of money having to go there if they can follow some of these courses on‑line. And it would establish a greater presence of the RIPE NCC and make us more visible and also get some support for the RIR system.
So, cooperate with the other RIRs in this area as well, obviously it's very important. We will continue with webinars, we want to integrate them within the academy, allowing people who follow course to also do some sessions via webinars. In the future one of our dreams would be to get accredited, get a stamp for the quality we provide. This is more from a training point of view than a technical point of view.
As I mentioned before, we do not see on‑line learning as a replacement of face‑to‑face training ‑‑ we really value the direct interaction with our members ‑‑ we see this as a complement to face‑to‑face training courses.
So, the big reveal, when will it be? The official launch is going to be this Monday, but the academy is live already as of now, I am pushing a magic button. Please be aware our operations team is all here so we have limited support this week, which is understandable, so don't break it, please. As of Monday we can give proper support to it. Let me know and also I would like to do special thank you to Sandra. She is our e‑learning project manner and been working very hard and a lot of sleepless night and blood and sweat went into this. If you have questions or feedback or ideas, talk to me or Sandra and we would really love to hear your ideas on how we can move forward with this and what you think of this and how you think this can be useful for your organisation.
The first 100 people who manage to get a certificate will get a limited edition graduate T‑shirt so you will be uber special. Any questions or comments?
KURTIS LINDQVIST: Any questions for Rumy?
AUDIENCE SPEAKER: I have got the certificate ‑‑ long time ago, can I get it again?
RUMY KANIS: You will have to do it again, sorry.
KURTIS LINDQVIST: OK. No other questions, thank you.
Next up is Ivo.
IVO DIJKHUIS: Good afternoon. My name is Ivo Dijkhuis. I am the Information Security Officer for the RIPE NCC. And I have been asked to tell a little bit about how we handle the recent security threats on the Internet and what the impact was on the services. Basically, what we are talking about is the vulnerabilities that popped up this year and they have nicely called them Heartbleed, Shellshock, Poodle. You might have heard about them. I will not go into detail about what these vulnerabilities are, but they impacted our services and I just want to take you quickly through our processes in handling these kind of vulnerabilities and in the end how it impacted our services.
So basically, it's a straightforward process, and I think most companies will actually do it this way. So the first thing is become aware of what is going on in the Internet, and intelligence gathering and we do that through being subscribed to e‑mail mailing lists but also following social media closely because this is the way to publish things and quickly noticing them. I think also especially our ‑‑ subscribe to mailing list that ‑‑ from software vendors that we use and also it may be the security mailing list or sometimes development mailing list because you never know where a certain vulnerability pops up first. It's a lot of work but worth it.
We also recently published for the first time our responsible disclosure policy, which actually helps us to learn about vulnerabilities in our own network. These are not Shellshock or Heartbleed, these are minor but it helps us to become aware of things that are insecure network and helps us also to mitigate them quickly before anyone can abuse it.
So once we learn about certain vulnerability we will do a risk assessment, we need to know are we affected by it, what is the impact, how serious is it, do we run any services that are impacted by it? Once we know what it is and if it's remotely explodable, for example, that is a major threat, also, is there any escalation, could people get to the sensitive material and sensitive data on the service, the more boxes are checked, the quicker we need to react to it. In the case of Poodle or more actually Shellshock and Heartbleed, it was clear it was very serious and we had to act immediately, which we did, which results in testing the patches that are available or otherwise mitigations, sometimes the vulnerability is already out there but also no patch there yet so sometimes you have to wait. But as soon as we are read out patch is available, we will test it on test platforms and then everything is OK, we roll it out to production. Usually, this is within hours after an update ‑‑ had a patch being published. We can quickly do this in most of the cases because of our highly automated configuration management allows us to do this. Of course, once you have deployed something in production, you want to make sure that it actually worked as you hope ‑‑ how it should be. So we use some skinning tools and external services like SSL labs to check out SSL configurations, and we can see, for example, for Poodle that SSL version 3 indeed was disabled. We also noticed some other SSL configuration issues are still there, and we are aware of that and for some of the services we will fix it in the coming weeks. These are not major things but it's things that we want to fix so it gets even more secure.
Once we have fixed and mitigated the vulnerabilities and especially if it's a major one, we will send out an announcement to the list or publish an article on our main website and tell you guys what we have done about it and if it's affected and if anyone should take action. In case of Heartbleed, when it was feasible that the credentials could have been leaked out ‑‑ by the way we did not find any evidence of that being the case ‑‑ but we also notified you you could re‑set your RIPE SSL password. I am not sure if any of you have done that. That is one of the things we send out in those news messages.
What was the impact of Heartbleed and Shellshock and Poodle for our services? Many cases actual ‑‑ actually in the case of Heartbleed and Shellshock there was no real impact. Yeah we had to patch and update as quickly as we could and we have done that within hours or within a day of being aware of this vulnerability and a patch being available. So this was really a no‑brainer for us. And it does not affect the usability of the services in any way. However, for Poodle, which is basically an SSL version 3 problem, there was an impact on usability; all the software would not be able to work with our services any more. So before we could mitigate this issue, we first had to discuss internally how many of these clients, how many of these web browsers or other types of software are still using SSL version 3 with our services, and then we had to make a decision, can we disable it or not. Turned out for most of our services the versions of SSL that were used ‑‑ version 3 was used in less than one percent or was a tenth of a percent, so it was really low uses, and at that point we decided we have to go for it because some people are still using apparently very old browsers, then again if you won't mitigate it we could endanger the other 99.9 percent of the users, and we don't want that. And this is how we will do it each time one of these vulnerabilities will pop up and we become aware of it; we will go through this process.
So, I also want to highlight some of the other more proactive activities that we do to protect the services.
I think Axel announced we will do some external security audits, some independent companies will help us assess the security of the NCC services and we will start with the database already this November and we will do the rest of the services in the coming year. We also are looking at increasing our DDoS resiliency because we have noticed that, and I am sure that you all noticed, the DDoS become more and more apparent or more and more used by in this world. We also noticed it a little bit, so we are strengthening our infrastructure, but we are also looking at external services, to see what we can use in case we have to absorb a really, really large DDoS which is feasible nowadays.
One other thing is good to mention is we also increase involvement in security community, which means we want to reach out more to ‑‑ we are already doing this and reaching out and go to events with the security community, talk to them, see what lists there are, become aware of threats and I think also the responsible disclosure policy is one of these activities that shows that we really want to interact with this community and try to learn from them. Of course, in the end to make our own services more secure.
Well, that is basically the story. If there is any questions, I will be happy to take them.
KURTIS LINDQVIST: Any questions?
AUDIENCE SPEAKER: Hello. Martin, do you take advantage of being member of security networks or having the membership of RIPE NCC to help you understand what the vulnerability and maybe assessing or you do it simply with RIPE NCC staff?
IVO DIJKHUIS: Yeah, the assessment is done internally, if that is what you want to know, yes. Thank you.
KURTIS LINDQVIST: Any other questions? No. All right. Thank you very much.
So, we have well, second last agenda item. As you probably have known if you attend any of the other Working Groups, which I hope you have, we ‑‑ all the Working Groups will have to define, well Chair ‑‑ selection process, lets put it that way, and the reason behind this was presented in much more detail in Address Policy this morning, that the Working Group chairs decided that the best way was for each of the Working Groups to define their own processes bottom up and you can analyse them in the future. Me and Bijal sent one proposal that we quite bluntly stole from the Address Policy Working Group, to the mailing list some time ago, and we got very few comments, but one of the issues raised was that they didn't allow for participation in the process unless you are in the room and after some discussions with some of the other Working Group Chairs we decided to modify the proposal and steal another Working Group's proposal, i.e. database. And I modify slightly and sent this to the list earlier this week, it could have been yesterday, it's all a bit of a blur, and essentially the proposal we came up was that a Working Group Chair term limit is two years; when the two years are up, the Chair in question will stand for renomination or decide to leave or someone can challenge that position and we will have an election. One of us will offer this renomination or reselection every year, and the maximum number of Working Group Chairs in the Working Group can be three. We don't really see a reason to be three Chairs at the moment, but it could be good to have three Chairs for the future. I think currently the workload is quite fine with having two.
We decided ‑‑ or the proposal is to make call for interested parties in the Working Group mailing list at the yearly intervals, so when the selection is up, interested parties will have two weeks to make their interest known on the mailing list. And the one of us is not up for election that year or selection, rather, I guess, is call for discussion, maybe ship express approval or otherwise of the candidates and after a two‑week period chair not up for election, or Chairs if three of us, would declare consensus on the candidate just like any other policy proposal and done by the Chair not up for renewal, and that would be the outcome of the process. And this will be on the mailing list. If anyone would like to appeal the process then the appeal will be done just as any other Working Group chair decision. So, these are the ‑‑ I think that was the last slide. So our proposal is to write this bullet‑points up in a text but use these as principles for selection process and send this to the list and give you two weeks to comment on this; if not we will take it and run with it.
So, opinions? Views? Comments?
RANDY BUSH: IIJ. This has to be the sixth time I have had to listen to this for 15 minutes and the root cause is the Working Group Chairs couldn't agree on a single way to do it so we didn't have to listen to it six times. By next year, would you do your damn homework.
KURTIS LINDQVIST: Any other view?
RUEDIGER VOLK: Plus one, and if there is actually a reason that each Working Group needs to have a different scheme, it would be interesting, what is this particular reason for having this particular scheme in this Working Group if it actually mattered?
RANDY BUSH: Don't ask that question.
KURTIS LINDQVIST: I will pretend I didn't hear that last question. Anyway ‑‑
PETER KOCH: To clarify Ruediger's confusion, so the disagreement was not that every group should have a separate scheme; the disagreement was about should all groups have the same scheme, and now think about the difference.
AUDIENCE SPEAKER: Heather. Having heard a couple of different groups go over their scheme, they all sounded the same.
KURTIS LINDQVIST: Well, I stole it from another Working Group so I would hope it would be the same.
JIM REID: Speaking for myself, DNS Working Group co‑chair and someone who has been through this stuff for far, far, far too long already. It's not a question of whether Working Group chairs could agree on a particular scheme or not, although that was a particular problem, it was a question of what schemes would be appropriate and some were suggesting ‑‑ ‑‑ process around votes and stuff like like that and I think what Kurtis has proposed here is similar to what other groups have done. There is slight nuances of difference, have a simple lightweight mechanism that doesn't need much discussion or thought, just go on and do it.
KURTIS LINDQVIST: OK. I will write this up, send this to the mailing list and I might even wait for one of the other Working Groups to write it up and copy their texts.
With that, the last item on the agenda for today is the microphone. This is your chance to provide feedback on other topics that was on the agenda or activities by the RIPE NCC or other items that you think they are doing, they should be doing. There is someone at the back who I can't see.
DAVID FREEDMAN: I thought I would pounce on this one. Just to ask a question about ‑‑ hello ‑‑ to just a question about the implementation of 2012‑08 which was the publication of the sponsoring LIR for the independent resources. The last I heard we had an implementation ‑‑ the last I heard there was an implementation plan published in January which said that the project would be split into two phases, the first of which would be modification to the database software and the second would be the contacting of the people with the resources. It was anticipated this would all be finished by Q2‑2014, I am just noting there has been no progress on it.
KURTIS LINDQVIST: Anyone from NCC who wants to respond to that?
AUDIENCE SPEAKER: It is on the database. It is published. But maybe you didn't notice. Sorry.
AUDIENCE SPEAKER: Ingrid from RIPE NCC. We are not entirely finished with it. Out of about 32,000 objects, over 24,000 now have a sponsoring org. The remainders we have started sending out the last e‑mail to ‑‑ for ones that still did not send response sponsoring org, so we should be able to finish that this year or latest quarter one, but we are going quite well.
AUDIENCE SPEAKER: I am asking if we could have an update on it, just how it's going, on the mailing list.
KURTIS LINDQVIST: OK.
AUDIENCE SPEAKER: That is all, thank you very much.
AUDIENCE SPEAKER: Ambroe Bank, I have a question with regard to the training and academy activities. There is a difference between the registry function of RIPE and the other activities that are here, and isn't the training and academy part prone to the remark that it might be a reaction to market failure but isn't that having a competitive advantage that could be asked questions about?
KURTIS LINDQVIST: I don't know if anyone from the NCC wants to respond, but that question has been brought up in the past. It's not the first time.
RUMY KANIS: When you say competitive advantage, you mean whether we would be competing with members who might be able to provide similar training courses?
AUDIENCE SPEAKER: Yes. And in fact, part of it, lets say you have the advantage of your quality and you have the advantage of the fact that there is a base of funding that is, of course, your membership fees, and it might be that ‑‑ give you the possibility to do it in a way that is not on a level field or with other market parties.
RUMY KANIS: Well, to answer your first question, one of the things we always make sure is that we focus the content of our training courses on RIPE and LIR specific stuff; that is our business basically. So explaining to people how to work with the RIPE NCC, how to simplify the processes and to fill in our forms and even the IPv6 course is very much focused on addressing plans with regards to interaction of the RIPE NCC. Although I must say in recent years we used to be much more careful and if you go through the surveys of recent years, actually people want more, especially in least favourable countries, they want more, they ask for more and that is one of the reasons where I would say over the last two years we are a little bit less careful because we just answer to the needs of our members. They ask for more training, they ask for more hands on, and we provide it to them. But by no means we would want to compete.
RANDY BUSH: I just want to underline what Rumy is saying. These are not generic training courses; these are specific training courses in how to use the RIPE tools. So, I think the argument I would make is in the opposite direction, is ‑‑ it would be nice, and I realise some work is being done, it would be nice if it took less training to use the tools.
RUMY KANIS: Absolutely.
RANDY BUSH: And I would specifically like to commend the RPKI and Alex Band and that crew for making that a really slick interface.
AUDIENCE SPEAKER: Fair comment. And the last comment is for Randy's sake of course, thank you.
AUDIENCE SPEAKER: RIPE NCC, just to add a quick thing on a high level to this: One of the additional benefits of some of the projects we run, including training but like RIPE Atlas, it brings a bigger benefit to the community which is not measurable by the amount of money by membership fee that is spent on it. For example, the database course, when people put more accurate numbers in, it benefits everyone basically in the whole community of the Internet, all the providers and that is not measurable by the amount of money that is spent on the course but it's a collective benefit; every member pays a nominal fee for but brings a lot of benefit. I see the microphones are empty so I think we are done. Please clear the room as quick as possible and the AGM starts in 30 minutes. And in 45 seconds your fees have doubled if you are still here. Thank you.
LIVE CAPTIONING BY AOIFE DOWNES RPR
DOYLE COURT REPORTERS LTD, DUBLIN IRELAND.