It’s Day 4 of the RIPE Meeting and everyone was up bright-eyed and bushy-tailed (who are we kidding…). We thank everyone for their dedication and discipline for being in rooms at 9am to keep making this thing called the Internet, that we all know and love, working.
Before we get into the sessions, out in the hallways, Thursday found the RIPE NCC's Learning and Development team celebrating 30 years of work. 30 years of providing high-quality training on a whole bunch of important RIPE-relevant topics that - to paraphrase one speaker who stepped up to the mic just yesterday - delivers network operators and others the knowledge they need from an agnostic point of view.
IPv6: Start now! Avoid costs later!
The WG session kicked off with some administrative business. As co-chair Raymond Jetten’s term had ended, Wolfgang Tremmel was selected as the new co-chair. Welcome, Wolfgang! However, co-chair Nico Schotellius had resigned, so Raymond Jetten will take over his term until RIPE 94. Welcome back, Raymond!
If you think doing things with IPv6 is expensive, doing nothing costs even more. If you need more coffee to solve this conundrum, talk to RIPE NCC’s technical trainer Dmitry Melnik, who presented about the cost of not implementing IPv6. He explained how a number of organisations are investing in NAT, which is only a temporary solution to the IPv4 shortage. As he pointed out, why invest in trying to solve the IPv4 shortage when we have more than enough IPv6? He then gave an analysis of the real long-term costs of not switching to IPv6 and came to $1.2M–$2.1M CAPEX overspent within a 5-year period for IPv4 only instead of dual-stack. In summary:
Audience discussion afterward pointed out how it’s usually enterprises rather than operators that are slow to implement IPv6. And as Sebastian Becker (Deutsche Telecom) pointed out, often smart devices in people’s homes are not IPv6-compatible. So do your part and buy IPv6-enabled devices!
Up next on the stage was Wilhelm Boeddinghaus (Route 128 GmbH), who shared his experiences helping to deploy IPv6 in large organisations. He found that many did not want to allocate a lot of time or money to IPv6 implementation, so his team had shortened the length of their training to accommodate them. Often he found that these organisations were completely unprepared for implementation and didn’t even have an inventory of the data they were running on their networks, which could lead to delayed implementation as they made this inventory. He stressed how important it was to just get started as soon as possible, ideally with a smaller starting point rather than the whole network.
Finally, Jen Linkova (Google) gave some updates on DHCPv6-PD support for Android. Good news - Jen had found that by enabling prefix delegation, it was now possible for Android to run on only DHCPv6, even if the P-flag was not present. This meant that operators could get the best of both worlds by having the flexibility of SLAAC and a managed network with no scalability issues.
RIPE Database WG - so long MD-5 passwords!
Over in the RIPE Database WG, the community started to expand the line of enquiry from whois and whoshould. The session started with David Tatlisu who presented on the review he and fellow co-chair Peter Hessler had undertaken of the outstanding Numbered Work Items (NWIs) on the list. NWI-2, for example, which would lift arbitrary restrictions on the retrieval of historical data and allow for the retrieval of deleted objects that have not been re-created, has not really been discussed since 2014 and so can be closed until people decide to revisit the topic at some future point. Also closed was NWI-17, which was about allowing bulk access to personal data for research purposes. NWI-20 remains open, and a big part of this one is about recognising that email ain’t what it used to be as a communications medium, and with deliverability issues as well as a growing number of people who just don’t use it at all, it would create an optional field people could use to include other preferred means, such as messaging applications.
Next up was Ed Shryane (RIPE NCC) giving the operational update from the RIPE NCC. "This will just take a second," Ed might’ve told himself as he took the podium. Alas – niet zo! as some people like to say. Too much in his presentation to relate fully here, but among the topics was the upcoming deprecation of MD-5 passwords, and notably there are still quite a few people out there still using them, so spread the word people! Oh, and zero whois outages since his last update - noice!
In the Q&A, discussion touched on who is responsible for maintaining all of the emails in the RIPE Database and the degree to which this data ought to be validated and perhaps consequences applied to those found lacking (this question posed by an attendee from Law Enforcement). Niall O’Reilly (RIPE Vice Chair) noted that while it would of course be nice to deploy a few changes that served everyone’s problem in one go, unfortunately it never really worked out like that. Of course, having technically valid contacts is one thing, but whether the person on the other end wants to respond is another matter altogether, and so it can be important to avoid confusion by maintaining a clear distinction between mandatory objects in the RIPE Database vs. various kinds of legal obligations that might apply to the maintainers of those objects.
Address Policy: PART 1
Right at the heart of RIPE, it's time to address the addressing topic. First up, Hervé Clément (ASO AC) walked us through the sequel to the RIR governance doc (yes, we're back on ICP-2 again!) and what it means for the IP address crowd. Randy Bush noted that the three NRO NC members from the RIPE community deserve a big round of applause (and probably cake). From the ICANN side came a friendly nudge that this work really matters - so, RIPE folks, please jump into the discussion before it jumps you.
Next, Angela Dallara (RIPE NCC) did a world tour of policy development across all five RIRs and unveiled a shiny new Policies page on the RIPE NCC website. Jordi Palet The IPv6 Company) spotted a missing piece - LACNIC 2025-02 - very close to the “natural persons” proposal, and waved a helpful flag.
Much of the history of RIPE lies in, and in between, RIPE docs, and Ilke Ihan (RIPE NCC) has been charting the story they tell about our evolution as a community. Through the course of a vivid, visual, and very well-received presentation, Ilke breathed life into a topic that, though it might seem dry to some, is essential to understand where RIPE's at and, maybe, where we're going.
Finally Marco Schmidt (RIPE NCC) gave the Registration Services update, including the informational RFC 9663 which proposes to allocate unique IPv6 prefixes per client which may impact IPv6 policy, improving accuracy for legacy resources without a contract, enhancing resource holder information, and a new request form for stopping sponsorship of independent resources. There were a lot of comments on the impact of the RFC 9663 on IPv6 policy in particular, but also the legacy resource accuracy.
DNS WG: We don't know what we don't know, ya know?
But they did know. Over in the sideroom, Working Group Co-Chair Willem Toorop’s term was coming to an end at RIPE 91 so we applauded Ulrich Wisser as it was announced he’ll be the incoming WG co-chair.
Jim Reid kicked things off with a presentation on Hyperlocal Roots, building on the work of RFC8806. The concept allows resolving servers to hold a local copy of the root zone, which boosts the stability and resilience of the Root Server System (RSS). Jim’s talk focused on a new Internet-Draft, draft-wkumari-dnsop-localroot-bcp, which aims to develop RFC8806 into a Best Current Practice and encourage broader deployment. The draft is expected to be discussed further in the DNSOP Working Group at IETF 124.
Ulrich Wisser (ICANN) took a closer look at the interplay of RRSIG Lifetime and SOA Expire values (which should be chosen to cover the most extreme disaster scenarios). On Meetecho, Petr Špaček chimed in, saying they were happy to improve logging but asked Ulrich to point out what was missing, because, as he put it, “we don’t know what we don’t know, ya know?”
Shane Kerr (IBM NS1 Connect) gave a good TTL101, to a room where everyone already knew that TTL means Time To Live, but where everyone now knew the basics. He wrapped up by saying that there’s really "no secret sauce in anything I do - happy to help anyone who wants it". So give him a shout if you want more info.
Dmytro Kohmanyuk (Hostmaster.UA) explained how Hostmaster.UA switched from regular zone transfers to XoT, including some details and tradeoffs when configuring TTLS (because security and availability is almost always a tradeoff) and Anand Buddhdev rounded things off with an update on what the RIPE NCC has been up to in DNS land.
Finally, the co-chairs thanked Willem for his work on the WG and presented him with some well-earned tea. Because, when it comes to the DNS Working Group, there’s always a little tea to spill.
Address Policy: PART 2
Back in the second session of Address Policy, there were three policies to look at. First up was Rinse Kloek (Kindes), who presented on the proposal from Jordi Palet Martinez and himself on IPv6 Initial Allocations /28 and extension to /28, the aim of which can likely be deduced from the title. Next up was Urban Suhadolnik (TU Graz), who has been looking to revise the community’s ASN assignment criteria. There was some discussion about how much complexity is too much complexity, and whether they really need much in the way of criteria vs a yearly annoyance charge (set via the GM) to discourage hoarding and encourage the return of unneeded resources.
Last up was Clara Wade (AWS), who shared the latest attempt by Tobias Fiebig and herself at an updated IPv6 PI Assignment Policy. In this version, the definition of End Site has been spun off into a separate proposal, section 7.1 is simplified, and some redundant statements have been removed.
In the Open Mic, a few different topics were touched on. Tobias noted the calls for greater simplification of proposed policy text, also noting that he was currently a co-author of 2/3s of the current proposals under discussion and so perhaps others might consider chipping-in, possibly putting more emphasis on Working rather than Group. Sander Steffann also invited the WG to consider whether policies really needed to cater for every single edge case or if it was okay to let some things be dealt with separately.
Standards and sticky fingers in IoT WG
Takayuki Sasaki (Yokohama National University) presented X-POT - an adaptive HTTP honeypot that mimics vulnerable IoT devices then detects and observes the inevitable attacks that come at it. Building an architecture for extracting and tagging exploits, Takayuki and his colleagues have been drawing on the strange powers of LLMs and gathering up a wealth of data to map the peaks and declines in the IoT attack lifecycle.
EUI-64 is the default method for stateless auto configuration of addresses in IPv6, but the approach generates an interface identifier from a device's MAC address that can ultimately expose devices to tracking and targeted attacks. Not good! And although there are methods to preserve privacy, EUI-64 and its flaws are not gone. Bart Batenburg (TU Delft / NOVOSERVE) - who'll defend this work next week (good luck Bart!) - showed us the results right out of the IoT Lab to demonstrate that IPv6's unintended fingerprints are still a problem.
Moving on to other matters, we moved on to Matter - an open-source smart-home automation protocol developed by the various giants that make up the Connectivity Standards Alliance (i.e., Apple, Google, Amazon, Samsung among 20 or so others). One year into his PhD, Andrew Losty (UCL) is looking beyond the Matter hype, and turning a critical eye on Matter's claims on security and privacy.
And finishing off the IoT session, Anna Maria Mandalari (UCL) called on the RIPE community to help close the gap between the RIPE community - with all your collective technical and operational expertise - and the IoT manufacturing world in developing standards to support the implementation of the EU Cyber Resilience Act.
RIPE community plenary
Jan Žorž (ProVision) managed the quickest RIPE Chair team handover ever seen, with Mirjam Kühne ending her five-year term and leaving the stage, only to return to the stage roughly 90 seconds later to start her second term as RIPE Chair, this time with Anna Wilson in the role of Vice Chair. Niall O’Reilly got a well-deserved standing ovation from the room for his service as RIPE Vice Chair - go raibh maith agat! Many thanks to the RIPE NomCom and particularly NomCom Chair Jan for their efforts.
In other RIPE community news, the Rob Blokzijl Foundation will present the next award at RIPE 92, they are seeking both volunteers for the award committee and eventually from January 2026 onwards, nominations for the award.
Laura Lorenzo de Garcia (RIPE NCC) presented on the updated RIPE Fellowship Programme - which has an exciting build your own adventure component. Applications are open if you’re interested!
If you haven’t been to a hacker camp before, Ondřej Caletka (RIPE NCC) gave us a glimpse of what it’s like by talking about the RIPE Community Village at WHY 2025. What’s with the hacker obsession with a certain drink and a shark? Also, if you’ve never been Rick-rolled before, click here. Are people in the room are still confused what’s the difference between RIPE and RIPE NCC. We hope that by the end of RIPE 91, this will be much clearer, if not make sure to join the Newcomers’ session at RIPE 92. He also pointed out that superheroes never really die, the Incredible ROA first seen at RIPE 79 in Rotterdam, then at WHY 2025 and now newly reincarnated at RIPE 91.
How do you build an IXP? Well you start by attending a hackathon… Vladimir Bidikov (FCSE/IXP.mk) shared his journey over the past decade, admirably shortening his 100 slide effort to fit the 10-minute speaking slot. He reminded us that building connections within the RIPE community can lead to many fantastic things - like the establishment of the first IXP in Macedonia.
Then we then heard the IANA Update from Marilia Hirano (ICANN) who reminded operators that the public comment for the IANA and ICANN Operating Plans are opening soon. IANA also rolled over the DNS KSK and operators should check their systems to make sure. IANA also received a compliment from Internet veteran Lars Johan Limann, “If there’s any part of Internet administration anywhere that just works - it’s IANA.” High praise indeed!
The NRO NC reps - Herve, Constanze and Andrei shared an overview of the feedback received in the BoF on updating ICP-2. They are now a well-rehearsed presentation team - with this being their eighth presentation of the year (yes eighth) to the RIPE community alone on this important topic. Read the document and share your input by 7 November (the deadline is real).
The session wrapped up with a lively discussion around harmonising Working Group Chair processes such as term limits and selection.
Bucharest BoFs
As they day rounded off, two last BoFs took place - each well attended despite a long day for all! In the main room, picking up on a line of thought that came of of a side meeting held during IETF 123, a panel of DNS folks gathered to discuss the current state and future of encrypted DNS transport protocols (ADoT/ADoQ). And meanwhile, in the side room, a session with the community to get their thoughts and ideas about where the RIPE NCC needs to go in the next 5-6 years, led by Hans Petter Holen.
And with that... the RIPE dinner awaits. We'll see you tomorrow for the last day of RIPE 91!
Comments 0