RIPE Services Working Group
.
28th October 2020
.
4 p.m. (CET)
KURTIS LINDQVIST: So, I think we're on the hour. Welcome everyone, I am Kurtis Lindqvist I am one of the three co‑chairs for the NCC Services Working Group, which is where you are now, your favourite Working Group, and as always, my co‑chairs are Bijal and Rob Evans, who are here as well, and we'll just quickly run through the agenda and the first admin part. We are going to do agenda item F before the NCC update as well, and, for those of you who are new to the NCC Services Working Group, the NCC update also forms part of the GM so we'll have that just after the admin area, and then we'll have an operational update from Filipa, we'll have a 15‑minute break and we'll have the NCC language support presentation, Executive Board election task force and an open microphone.
.
And the benefit of being virtual as opposed to the in person meeting is that we won't be chasing you out of the room on the hour, if you linger here forever and miss the GM, that's fine. Also, those of you who forgot to register for the GM, you can do that without running out of the middle of the meeting.
.
That's the agenda for today. Alistair is ‑‑ the RIPE NCC provided a scribe, so thank you for that.
.
Just the moderator. And that was the agenda. Unless we have any additions to the agenda, seeing or hearing none, and then we have the approval of the minutes from the last RIPE meeting, which was published on the 13th October. If there is no objections, I think we can assume that they are approved. I don't see anyone lining up to speak or comment.
.
So that's the admin matters. I am going to hand over to Bijal to run through the agenda section F, which is the RIPE NCC Services Working Group selection. Bijal.
BIJAL SANGHANI: Sorry about that. As per the Working Group Chair selection process, this year was Kurtis's turn to stand down as the NCC Services Working Group Chair, so, Kurtis stood down and we sent a call for volunteers. We got ‑‑ unfortunately there was no new volunteers. Kurtis, therefore, I think Rob and I did some work and persuaded Kurtis to stay on, so, Kurtis, I'd like to welcome you back to the NCC Services Working Group Chairs. I feel there should be an applause button somewhere here.
.
So, with that, I want to just say that next year it is my turn to stand down, and I want to say that you know, we want to see new people volunteer and get involved. So, you know, as I am standing down, I want to say if there is anybody that is interested in volunteering or thinking about volunteering for the NCC Services Working Group Chairs, please contact me and I am happy to talk you through what we do and give you a bit of handover, if you like, and during the next coming year.
.
So, with that, is there any comments and questions from the attendees? Seeing none.
.
Okay. So, with that, I am going to hand back to Kurtis for the rest of the session. Thank you.
KURTIS LINDQVIST: Thank you for the virtual clapping and I'm sure all the real‑life clapping. With that, we are on to the agenda and the first presentation, which is from Hans Petter, with the RIPE NCC update. So ‑‑ as per magic, here we go.
HANS PETTER HOLEN: Let's see if I can find the presentation and share it. Pressing all the right buttons in the right order.
.
Yes, thank you. My name is Hans Petter Holen, I have been the Managing Director for the RIPE NCC since 1st May this year. This could have been regular business as usual presentation, but I decided against that. The world is changing and the RIPE NCC needs to pay attention and adapt and to be in a position to continue to serve all our members.
.
So the biggest challenge is really staying to our core values this community was founded upon. I will try to cover some of the major issues that I see around us and that we need to navigate.
.
So, joining the RIPE NCC during Covid kind of felt like coming into the perfect storm. It's going to be a bit about geopolitics, it's going to be a bit about changes in the Internet landscape and membership, Covid‑19, and also, changes in the organisation and internal restructuring.
.
So, when I was interviewed for the Managing Director position, I was asked by the recruiter what would I think would be the biggest challenge I would be facing, and I remember that I answered geopolitics, and little did I know how much time and how much effort has gone into understanding of this, and especially due to sanctions.
.
More and more governments are trying to regulate the Internet, or regain control over what they call national critical resources or national critical infrastructure. They want to make sure that they are not dependent on ‑‑ keep their sovereignty, to have better over sightof the distributed resources in their countries. There may be economic reasons to keep scarce resources in their economy, it may be geopolitical reasons to avoid exclusion from the Internet because of sanctions from other parties; excessive or conflicting non‑EU legislations, I would even add excessive EU legislation as some non‑EU members will argue.
.
The RIPE NCC has to comply with EU legislation, so there was a comment earlier today that I hope that RIPE NCC will focus also on non‑EU legislation, and of course we will continue to track that and will continue to focus on that, but EU legislation and especially Dutch law and legislation has a special place for the RIPE NCC as long as we're a Dutch‑based membership organisation with offices in Amsterdam in the Netherlands.
.
So, the problem here is navigating in this landscape and stay true to our mission, which is to provide service to all our members.
.
So you have probably read some of the messages already that three of the RIPE NCC members have been sanctioned by EU and the Dutch government. So, we have now frozen those members according to the existing audit procedure, and we are in discussions with the Dutch Ministry of Foreign Affairs on what to do. Ideally, I would like to see an exemption from all sanctions going forward. That may, however, not be very likely.
.
Second step would be to get the individual sanctions.
.
And third step would be to at least get exceptions that the actions that we're taking are sufficient to comply with the sanctions.
.
Now, the sanctions from the government is not only the only thing that is of concern. So, we also are dependent on banks to do our operations, and they are under scrutiny, both in the sanctions, but also for money laundering. So banks are very eager to understand their customers and reduce their own risk, so this also causes us quite some work with convincing the banks that what we're doing does not pose a risk to them.
.
We are confident in our compliance, we are also strengthening our process and monitoring going forward, so that we shall be even more robust in the future. And I really want to stress that, that the actions we have taken, I am really confident that we are compliant with the sanctions now. Otherwise, we would have taken further actions.
.
But, of course, this is new territory. There is little legal precedence in this area, so we are in new waters.
.
The board has approved an update to the due diligence for the quality of the RIPE NCC registration data; that has been published, RIPE 748. This is kind of the policy framework that we are using for handling the sanctions.
.
So, it's really also important for me to stress that our position with regards to sanction is really unchanged. So, the board resolved that we shall explore all options for obtaining global exemptions for our operation from sanctions.
.
So, this is really important and we are working with this to watch the Ministry of Foreign Affairs, as I mentioned.
.
We are also committed to comply with the applicable sanctions, of course we have to comply with Dutch law. But we also need to balance this towards supporting the continued stable operations of the Internet. And we really mean that the Internet number resources should be outside the scope of political disputes.
.
So that's reiterating the board position in this area.
.
Now, regulatory impacts is more than just sanctions. We have diverging regulatory frameworks for privacy and security, that makes it difficult to deliver equal service to all members in the service region. That has already been discussed a bit in the Cooperation Working Group earlier today, but I think there are many more aspects of this that we need to discuss moving forward.
.
And I think one thing that's pretty clear, and this is one of the things that kind of hurts a bit to say, is that the status quo will not work in the future. So, therefore, we are working internally now with this and we'll discuss with the board later this year and also engage with the community once we have a clear view on the current status and have made some progress on this work.
.
The ecosystem: We also have changes in the Internet landscape and among our membership. So, it's been really accelerated by Covid in the recent months and we are really seeing changes in the Internet industry in a much more profound manner than before. So, we're all aware of the scarcity of IPv4 and the increasing complexity of legal challenges that follows this. Organisations merged with transfer addresses and the potential for disputes really increases.
.
We also see that members with multiple LIR accounts will transfer their resources, or at least that would be the sensible thing to do, to one LIR account and close the secondary or the multiple LIR's account once the 24‑month holding period is over. So that means, as we will cover later on in the financial presentation in the GM, a potential loss of revenue moving forward.
.
So, what we really have to do is to look carefully into the services we provide and see what we will continue to do and what we can sunset or release back into the community. So, I think this is also an area where it's really important that we work with the community to see what are the core services that we need to continue and what can be released back. As you have seen on the mailing list, we have talked about some services already, like the RPKI validator that will be talked about in other Working Groups today.
.
One of the new things that you heard in the Address Policy Working Group this morning was the seizure of right to registration. So, a court order that originated in Germany and then they used the regular international framework to turn that into a Dutch court order, ordered us to do ‑‑ to process a v4 transfer based on this court order, and Ciaran held a presentation of this in the Address Policy this morning, Address Policy Working Group this morning, and if you are interested in that, please go back to the archives and listen to the details there.
.
So, I think this is a re‑change from the nineties where the policies, the IP addresses have no intrinsic value and the assignment and allocation is only valid as long as the original criteria. After that, we saw mergers and acquisitions in the industry and addresses followed infrastructure from one company to another. Then came scarcity and trading and now we have the first transfer based on a court order to cease the right to registration.
.
So this is changes in the legal landscape that we have to adhere to.
.
Now, Covid‑19, in many ways that has helped us with a lot of things, but it's also creating great pain for us. For me, and for the RIPE NCC, staff safety and well‑being has been a priority. So, even before I joined, the office had closed and everybody was working from home completely since March, and this is consistent with the recommendations from the Dutch government. A return to the office really depends on how the situation unfolds over the coming weeks, and two weeks ago, when I left the Netherlands to go north to Norway, most of Amsterdam closed down, at least all the restaurants and bars, so it really is cooling down the activity in the society.
.
So, other than the changes around us, it's been business as usual.
.
It was a fairly smooth transition to working from home, but I really feel with my colleagues that have to work from home all the time, it really is helpful to meet people and talk, whether it's for lunch or whether it's for a dinner, although that's not recommended at current.
.
We really had to make some big changes to what we were doing. Some of the services we were providing is really easy to maintain, no matter where we work from, but all the outreach and training needed to be completely revamped, and you can see that both in the creation of more online training courses and the NCC open house events.
.
There has also been a lot of work going on from home. I won't go into the detail of all of this here, but this has been covered in other presentations here. So, it's really a big thanks to all my colleagues in the RIPE NCC for all the work that they have been able to do in these difficult times.
.
One of the things that we have also been mindful of looking at is the survey and the follow‑up actions from the survey that was done last year, and we have published a status report with regard to that as well.
.
So, the last section here is touching on the organisation and the internal restructuring may sound a bit dramatic, but as there has been critical questions regarding the brain drain and changes to the organisation over the last two to three meetings, I thought I'd be a bit more open about this than I probably have seen in the past.
.
So, clearly, yes, there has been a lot of people leaving the RIPE NCC, and of course that has affected our knowledge. Now, I am quite confident to say that we do have a lot of good talent and people are stepping up to fill the positions and we are also able to recruit really good talent as well. So it's not a completely bleak picture. Of course, a lot of people living in the same time does affect the organisation.
.
When I joined as Managing Director, I mean, usually you see a new managing director coming in and starting a lot of new projects. Not so in the RIPE NCC. I set out to start a process working on strategy, but I kind of felt myself drawn in ongoing projects on introducing a self‑organising model, so, you probably heard talks about holacracy where it's kind of like running agile on the organisation structure. It may be something that fits us really well, but the change going through this is taking its time.
.
In order to align this with the more traditional requirements such as job descriptions and evaluations and career growth, we also had the Project Phoenix going on working on this. And this has taken a lot of time interviewing a lot of staff and we are still not quite done with that.
.
We have also introduced an integrated risk management framework in the organisation, which is really good in mapping risks and follow‑up actions, but this is also one of these things that takes a lot of time and really, as long as it's a new exercise, takes more time and more attention than it probably should have.
.
And we are still working on the organisational culture using a structured method to do that, but that's also one of these things that has drowned a bit in the first couple of projects here.
.
So, the work I set out to do to find our new direction or adjusted direction kind of has drowned a bit in this.
.
I have, however, looked back at the last three years' strategy and the work that was done there and this one statement was shared to me by one of my colleagues saying that this, Hans Petter, this is something that we really should keep. And the RIPE NCC being about delivering world‑class service while engaging to connect people to maintain the resilience and stability of the Internet. I really like that quote and I think that can give us some guidance into where we want to go. And looking back at the strategy for the last year, there is clearly more work to be done, and I'll talk a bit more about the activity plan in the GM.
.
Of course, this is all about better understanding our members' needs. We need to further strengthen the compliance of the registry while reducing the effort needed to keep it up to date. We need to automate and digital advertise trust across borders, we need to transfer data we collect through the Atlas and RIS services into insight. We need to continue to engage the community in all of our service region. We need to focus on diversity, getting engineers, governments, law enforcements, all young, all genders, faiths and nationalities together in order to work towards a better Internet.
.
Diversity is not enough. We also need inclusion and belonging in the community around us, and it means that we not only have to open the door and welcome new participants but we also have to listen and adapt our ways.
.
So, with that, I will say thank you and take questions.
KURTIS LINDQVIST: Any questions for Hans Petter? This is much easier than standing in a room with a spotlight waiting to see if anyone walks up to the microphone.
ERIK: Hans Petter, what's the internal restructuring started since May the 1st or was that started before that already by the management before? And what is the planning on when it will be done, be complete?
HANS PETTER HOLEN: Thank you for that, Erik, so, the internal structuring was actually started in 2019 or maybe even before 2019. So, that is something that's been going on for a long time, I think you will see the thread in the activity plan how we plan moving forward, there aren't any big surprises there. When the restructuring will end, that's a more difficult question to answer, because going with an agile methodology like holacracy, the change to improve is really a constant state. While we want to be a stable and trustworthy registry and organisation, we also need to constantly improve and I am a believer in continuous improvement and smaller changes over time rather than a big bang, so, yes, I have set out to complete some of these projects by the end of the year, and I am still intending to do whatever I can to keep that promise. But I don't think we will ever stop changing and improving going forward.
KURTIS LINDQVIST: Any other questions? No. If not ‑‑ we have one question from Rudiger Volk, I think asking to send audio.
RUDIGER VOLK: Refining Erik's question. I would ask what is the time horizon that you expect to get to, what's it called, just lost the word ‑‑ a steady state of the ongoing improvement process?
HANS PETTER HOLEN: Thank you for that, Rudiger. And it's a difficult question. As I said before the end of the year, it's clear our ambition to have a clear view of where we are going with holacracy and how we are going to develop. That is something that I promise staff and the board to have a recommendation on before the December board meeting. That's going to be really tough. The Project Phoenix, on job descriptions and how we are going to do evaluations and so ongoing forward, is really something that we need to get in place before the 1st January. The new financial structure, the activity plan and everything is really something that we need to have in place before 1st January.
.
So, 1st Jan is really my first milestone. Can I promise that it will be completed then? Well, of course not, but I will do my very best to make sure that we at least have a very clear view of where we're going before the end of the year.
KURTIS LINDQVIST: I think we have another question.
DANIEL KARRENBERG: I am not speaking as a staff member but as a community member. Hans Petter, you mentioned that there was going ‑‑ it's going to be a review of all activities, and you mentioned RPKI validator as an example of what's already been reviewed and discontinued. How is that review going to happen? Is that the normal activity plan review or is it more, a more stringent review aimed at actually discontinuing more and more activities?
HANS PETTER HOLEN: So, the goal of this from my side is not to discontinue activities. Although the board has asked me to have a careful look at the services and propose sunsetting where that is, where that is prudent. So, the first part of this project is to establish a product lifecycle or service lifecycle model internally in the RIPE NCC so we have to have a clear view of what is research, what is critical infrastructure, what is best effort, so that we have a good understanding of the different service levels that we provide on each services and also align this with the resources that we put into it.
.
So, it will be a lot of small pieces that will, of course, feed into the 2022 activity plan and budget and community discussion before we take any drastic actions. But it's an attempt to professionalise that cycle based on what the rest of the industry is doing with their services and products.
DANIEL KARRENBERG: Thank you.
KURTIS LINDQVIST: I think that's all the questions we have. So, thank you, Hans Petter. And with that, we move on to the next presentation, which is Filippe, with the operations update ‑‑
ROB EVANS: Sorry, my audio apparently is quite low. Sorry, I will try a different speaker for this next one. There was another quick question from Dmitry [come knack]: Hans Petter you have noticed brain drain. What is your strategy to fight it? Are salaries competitive?
HANS PETTER HOLEN: Yeah, that's a very good question, right, and I guess everybody in the RIPE NCC staff is now listening to the ‑‑ what I answer on that question. Part of Project Phoenix is actually to update the job descriptions and map them into a framework that can be used to benchmark the salaries externally. So before I have the outcome of that project, I can't really answer that question. What I'm seeing so far is that, in many areas, the salaries are competitive, and in other areas they may not be. Now, as a non‑profit, it's quite clear that we will not be in the sort of top end of the market, but we do have other benefits like working for the good of the Internet, like being a non‑profit and having the opportunity to engage with the community. So, I don't think we will ever compete on salaries alone, but it's an important thing and it's one of the things that we want to address in the Project Phoenix.
KURTIS LINDQVIST: Okay. That's the end of time. So that's nicely filled to almost the second Hans Petter, so, with that, I'm going to hand over to Felipe for the operational update.
FELIPE VICTOLLA SILVEIRA: Thanks. I am the Chief Operations Officer at the RIPE NCC, and today I'd like to give you an update on what's going on. I'd like to start with the key challenges that we are facing today, and how we are tackling those challenges.
.
For the first challenge it's related to the IPv4 transfer market, it's no secret from anyone here that the RIPE NCC registration of IP addresses that is (inaudible) that is frauds, hijacks and disputes, and all that combined increased the need to have more control.
.
The second challenge concerns our complex geopolitical situation; Hans Petter already gave a good explanation about it. We have (inaudible) within our service region and also digitally performing, I will do due diligence in certain areas.
.
And compliance, that's something I really (inaudible) in that can be hard to achieve.
.
Finally, the registry is becoming fundamental for the operations of the Internet. We need to ensure the uniqueness of the Internet number resources, but further than that, some of our tools, like for example RPKI and the RIPE database, they are becoming part of the critical Internet infrastructure, and therefore concerns with security, resilience and integrity become fundamental requirements.
.
Now, tackling those challenges. One way to do that is to increase our focus on compliance. The RIPE NCC is an organisation established under the Dutch law and therefore we are legally obliged to comply with certain laws and regulations, like, for example, GDPR and (inaudible)...
.
However, compliance is much broader than that; in essence, compliance is all about controls.
.
So, why is compliance important? First of all, because complying with laws and regulations isn't something optional. Cannot really operate above the law.
.
More important than that, we want to ensure the integrity of the registry; in other words, we want to protect our members' resources from being misappropriated. We do that to ensure that we have sufficient controls in place and complying with some international standards like, for example, certifications will not only help us to provide whether our checks and balances are sufficient, but also demonstrate that we are (inaudible) like, for example, through an external audit.
.
With all of that in mind, we have been focusing on the governance of our registry. So since the beginning of this year we have been revisiting our mantras of checks and balances, our escalation procedures, the security of our systems, access level policies, our HR policies like (inaudible) and so on. And there is a lot of that exercise was positive and it was shared with our Executive Board.
.
Now, our main focus is related to European Union sanctions and I'm going to talk about that in the next slide. However, we want to continue with this project for the next year or so, to actually focus on things like external audits of the registry, looking into this international standards, and also closing any potential gaps that we might have in our internal controls.
.
Hans Petter already gave a very thorough explanation on our situation with the European Union sanctions, I am not going to repeat anything there. We have been updating our procedures in our internal tooling in order to ensure that we remain compliant in an efficient way. As part of this exercise, our main goal has been to have clearly‑documented procedures that ensure that we remain compliant, while, at the same time, aiming to (inaudible)... and as part of all these improvements, we have been reviewing our procedures and we have been looking into a third‑party tooling to assist with those checks and also looking into regular external audits.
.
Increasing our controls and our due diligence is unlikely to make our members happy, because in some cases it might mean delays. Therefore, it's very important that we keep a balancing act between performing due diligence and the ease of doing business with the RIPE NCC. We have to perform a number of actions and run a number of projects over the last year or so in order to achieve this goal. However, in this presentation, I want to focus more on the future. So things that we want to do over the next year or maybe further than that.
.
The first thing I want to talk about is to digitise and automate the registry. So, through the usage of digital signatures, to help with contract signing and also to perform due diligence, and the goal of that of course is to counter‑balance and to reduce the paperwork and reduce the bureaucracy.
.
Over the last few years we have been automating many of our core business processes but we want to continue improving in that area.
KURTIS LINDQVIST: Sorry to interrupt you, but you are breaking up quite a bit on the audio and the technical team is suggesting maybe you try and turn off your video to improve the audio quality a bit.
FELIPE VICTOLLA SILVEIRA: How do I do that?
KURTIS LINDQVIST: You turn off the video ‑‑
FELIPE VICTOLLA SILVEIRA: Sure: Yeah, so I was saying that there is (inaudible) through the usage of professional trust model, and we want to continue doing that, continue to looking into the (inaudible) in that concept further.
And also I'd like to remind everyone that improvement in our internal tooling is a continuous process.
Another thing that we have been looking at is to proactively monitor the accuracy of our register. We want to do that, but getting a notification (inaudible) in the bigger structure of organisations with all the members, and these notifications get to a reliable third party. As an example we have a company goes through a merger, but then the member doesn't tell us this happened, then this reliable third party would send us the (inaudible) and you'd be able to follow through that with the member and then get the registry up to date.
.
In the rationale is catching these changes early in the process making ‑‑ getting the right documents and signatures much easier and quicker. So, for instance, if a merger takes place in 2008 and you get the file today, to get the right documents in the right signatures can be a very frustrating process. So this is where we have to improve.
.
Now, I'd like to dive a little bit deeper concerning statistics, and look into our ticket workload and see what kind of insights we get from there.
.
The first thing I want to show you is the number of tickets per category over time and make sure I draw your attention to a couple of points here. The first one is that the decline in the number of resource requests, you can see that through the purple line, and the obvious reasons for that was the (inaudible), so last year we had around 1,500 resource requests. Today, we have a little bit more than 400.
.
I want to draw you attention to the registry update tickets, which is things like transfers, sponsorship change (inaudible) they are the highest number of tickets that we have today. (Inaudible) they have been growing over time as well. So in this slide you can see this trend. Each colour represents a year, and a number of transfer tickets during the year. And you see that every year we have more transfers than the year before.
.
Another trend that you are seeing is a very high number of investigations. The total number peaked at around 2018. But they remain quite high over the last couple of years, and 2020 is not overly ‑‑ you have one full quarter, not full quarter but two months left, and these numbers will probably grow.
.
Another thing that you cannot really see in this chart is that the case themselves (inaudible) are complex with more sophisticated false documents and numerous parties claiming alleged (inaudible).
.
Another trend that you are seeing is a sharp decrease in the number of new LIR accounts. You can see in this chart that you had a very strong peak around mid last year, just before the run‑out. After the run‑out, these numbers dropped significantly, and yet we are more or less at the same level that we were back in 2013. (Inaudible) LIR accounts per month.
So today, we have a little bit more than 25,000 LIR accounts belonging to a little bit more than 20,000 members, which means that (inaudible) 4,794 LIR accounts. These are numbers from yesterday.
.
A large majority of these additional LIR accounts have been opened recently, mostly due to the restriction of one /22 per LIR. And the expectation that most of these additional accounts should consolidate over the next three years.
.
Since this has implications for future (inaudible) going to talk about that in the GM, to get more details there.
.
With all of that in mind, we have been restructuring our customer service and registration service department. This year, these departments have been merged and they are called a Registration Services and the goal of this merger is to optimise our services delivery making sure that (inaudible) matching the workload, which means that we have last new LIRs, last resource requests and more transfers and more complex disputes.
.
And they are also making sure that staff gets properly trained in these growing areas so we have sufficient capacity there.
.
And another thing we have been doing is increasing the engineering capacity by moving some of the former NRS staff into engineering roles, like, for example, product owner.
.
So I'd like to change topics now and focus on RPKI and the RIPE database and the stats they are taking (inaudible) infrastructure.
.
One of the things that we have been looking is into usage of Cloud infrastructure. We have been doing that for the last year or so. And our main goal there is to increase our organisational agility so we are able to scale up and down more easily in case it's needed. Perhaps more important than that, what we really want to do is to leverage on the infrastructure that Cloud providers have with data centres all over the world (Cloud) with providing a very high availability and resiliency for our services, and two of our services that we're considering the migration is the database and the RPKI repositories. I'd like to start with the RIPE database (inaudible)
.
As a proof of concept. There was a presentation in the (inaudible) and there will be a presentation tomorrow in the Database Working Group by Sander, so if you are interested in that, I strongly recommend you attend it.
And also, concerns with security, privacy, GDPR and so on are all being taken into account
.
Right now (inaudible) and let us know your feedback and then depending on the feedback and how this goes, we are going to look into migrating the production into the Cloud.
.
The other service that we are looking into migrating to the Cloud is the Rsync repository from RPKI. The aim here is for very (inaudible) by leveraging on this data centres all over the world. So if a data centre in Europe fails, for example, we can failover to a different region. So that (inaudible) at the same time is very slim.
.
RDP is the other protocol for RPKI repository, has been (inaudible) however, it has a much simpler architecture because of all the multiple regions, however we want to upgrade to the new architecture once (inaudible) is successful.
And we are also working on a (inaudible) so it can failover to our infrastructure in case there is catastrophic failure in the Cloud provider.
.
Another decision that we have made recently is the RPKI validator. The main reason (inaudible) now there are many options available out there like routing editor and so on, so if you have (inaudible) in that area. And we are also taking the feedback from our members and the community into account who expressed a desire for us to (inaudible) example in providing a more resilient RPKI infrastructure.
.
And that alliance pretty much with our thinking as well so our goal here is to straighten our focus basically on the resiliency of the trust anchor. And the timeline is on the slide here so I'm not going to read it out loud. So state here is the 1st July 2021 where we are going to archive the RPKI validator.
.
If you are interested in this topic, tomorrow somebody is going to give a presentation in the Open Source Working Group.
.
So, our key focus over the last year or so in RPKI has been on keeping resilient infrastructure and one of the ways I want to achieve that is through an audit by a third party that's called Ready ‑ Open Security (inaudible) that are part of RPKI. And since this company is ‑‑ specialises in security, they also look into a security aspect of our infrastructure.
.
The work has been just finalised. So we received the report and the result of the audit was mostly positive. Yet (inaudible) found. And there is a quote from the report, they say that implementation of the RPKI core complies with the RPKI RFCs to a high degree.
.
And improvements based on this report we're going to be working on it over the next few months.
.
The other work that we have been doing is the definition of an audit framework for RPKI. We have signed a contract with a third party, called (something) institution and together with them, we are going to define a (inaudible) actual audit report, which is composed by these five principles, security, availability, integrity and so on. And this report is (inaudible) so it can make it tailor‑made to RPKI needs. So that's what they are going to be working on over the next three months or so, and that is where its completed, we're going to hire another company to actually audit us based on this audit framework.
.
So, if you are interested in that, tomorrow somebody is going to give a presentation in the Routing Working Group about some work we're doing with the RPKI issue.
.
So to wrap up my presentation. Our key focus for the next year, perhaps more than that, is to keep the registry compliant in order to ensure its integrity and resiliency of our core services.
Thank you very much. And I can take some questions now ‑‑ (inaudible) albeit on the SpatialChat afterwards if you don't want to ask questions now, you can catch me there.
KURTIS LINDQVIST: Any questions?
ROB EVANS: There is a question from Erik Bais, who asks: Is it possible to receive a copy of the report of radical open security for the RPKI audit?
FELIPE VICTOLLA SILVEIRA: Unfortunately not because it contains security issues, so it can't be disclosed. The audit report from the ‑‑ actual reports that it can be openly published but this is a security report so, yeah, (inaudible) I cannot publish it.
ROB EVANS: Rudiger has asked ‑‑
RUDIGER VOLK: Again jumping on on Erik's question, would the audit report potentially allow you or be used as a base for actually filtering out the security relevant thing but essentially doing documentation of the details of the operation and the system so that ‑‑ well, that can be used for one, for scrutiny by the general community, but also as a pattern and to start off to model other CAs operations.
FELIPE VICTOLLA SILVEIRA: Thanks, Rudiger, for that comment. Yeah, these audit report specifically about the security and the compliance, yeah, as I say before cannot disclose the content, however one thing that you can do is once we make fixes then yes, everything can be disclosed. And the other depth detail is that for the second report, as I mentioned report, that it's you produce a type 3 report and these reports they are public by nature so then in their you see a relevant details about our infrastructure and our processes.
KURTIS LINDQVIST: Any other questions? I thought there was one in the queue, but it disappeared. I think that's ‑‑ I think that was all the questions we had. Any last ones? If not, then, thank you, Felipe, and we are then heading for our little break, which is now down to nine minutes, so, we will take a break, we'll see you all back here in nine minutes on the hour. Thank you.
.
(Coffee break) .