On 28/04/2012 14:04, Alex Band wrote:
At RIPE 63, six months ago, the RIPE NCC membership got a chance to vote on RPKI at the general meeting. The result was that the RIPE NCC has the green light to continue offering the Resource Certification service, including all BGP Origin Validation related functionality. It's correct that concerns were raised in the area of security, resilience and operator autonomy, as you mention. These concerns are continuously being evaluated and addressed. The response to the update that was given at RIPE 64 two weeks ago indicated that the membership and Community are happy with the approach the RIPE NCC is taking in this regard. Of course I realize that some people will never be convinced, no matter which steps are taken…
Alex, I have to take exception with your statement that people in the RIPE region are generally happy about RPKI and the RIPE NCC RPKI project. They aren't. On the basis of some initial interest in the RIPE community several years ago, the RIPE NCC embarked on a certification + rpki project. By way of clarification for other readers of this mailing list, the RIPE NCC is a Dutch company constituted to carry out the policy requirements of the RIPE community. The way this is supposed to work is that the RIPE community puts forward policy proposals, and the RIPE NCC carries these policies out. Some time after the certification project was started in the NCC, a policy proposal (2008-08) was floated in the RIPE community in order to turn this into official RIPE policy, so that it could be formally carried out by the RIPE NCC. Mid last year, after extensive and heated discussion on the address policy working group mailing list, that policy proposal was withdrawn from the RIPE policy development process because it was clear that a large number of people in the RIPE community were deeply uneasy about a variety of implications. It is true that some of these concerns have been addressed to some extent by the NCC, but the core issues of concern are fundamental to RPKI. Later that year, several potential proposals were put forward by the RIPE NCC board at the Nov 2011 general meeting concerning the future of the RIPE NCC certification project. The RIPE NCC members - who are a fee-paying subset of the RIPE community - voted by 52% to 48% to keep funding the project. By any objective measure, this is an alarmingly slim majority. In short: - a substantial number of people, both within the RIPE community and within the RIPE NCC membership have serious concerns about the long-term legal consequences of this project which have not (in their opinion) been addressed adequately. - the RIPE NCC is now funding a project for which there is no consensus policy supported by the RIPE community, and is doing this on the basis of a hair's breath majority vote amongst its membership. Nick