RIPE 90
Main room
14 May 2025
RIPE NCC Services
2 p.m.
ROB EVANS: Good afternoon everyone. Welcome once again to your favourite Working Group, the RIPE NCC Services. If you could come in, take a seat, there is plenty of seats available. I should probably try and figure out how the clicker works here.
Welcome to the RIPE NCC Services Working Group at RIPE 90. We have got a fairly full agenda to go through today.
NCC content, I shall point out the NCC speakers that if you run over, you are only taking time from the colleagues you'll have to bump into in the hallways.
So we are going to talk a bit about registry highlights, technology highlights, there is a lot of highlights this time. External engagement, engagement highlights. I'll start by introduce myself. I am Rob Evans the co‑chair along with Stefan. I thank you Mary who is going to be the stenography for us, and we have got Hans doing the Meetecho, and I think it's Anthony doing the notes, so, thank you in advance for all of those.
A slight mistake with the minutes of RIPE 89, apologies for that, they were sent to us at the end of last year. We did a few comments back but then promptly forgot to announce them to the mailing list. So, apologies for that, I sent a link around this morning, so, if you have any comments on the RIPE 89 minutes, just send them to the list within the next couple of weeks before we declare them final.
And with that, I shall hand over to Hans Petter.
HANS PETTER HOLEN: So, thank you Rob. Do you still have the clicker so I can click?
.
So, my name is Hans Petter Holen, and you know me as the Managing Director of the RIPE NCC but I am also been acting Chief Registry Officer for the last year, I am here to give you an update.
The registry, as, you know, it consists of three parts. Registration Services, member services and registry monitoring. The Registration Services looks after the registry as such, the numbers that we have in that one. Member services deals with members, and maybe the most important or biggest workload there as we go see later is handling responses to billings, but also all kinds of support questions that we get from you our community members.
.
Registry monitoring goes into the accuracy part really in investigations in assisted registry checks and so on. That's more of third line compliance for everybody else to some extent.
We look at the budget here, we spent around 5 million euros on this, we spent €63,000 more than the budget, when you take out the technical part of the registry systems like the LIR portal, RPKI and RIPE Database, that used to be part of the registry organisation in 2003, but in 2024, we moved everything into knowledge but we still kept the reporting with the plan we made for the year. So you will see those details about those in Felipe's presentation later.
So, looking at our membership, we have roughly 20,000 members and you see whore the differential between members and LIRs. 19,993 active members, down 84, so they have been loosing a bit. So, it goes a bit up and down, some leave at the end of the year, some join.
Looking at the spread per country. The biggest country for membership is still Germany, are Britain, Russia France and Italy. That's also the top countries for LIRs. Now, when you look at where we grow the most, well, Germany and Britain are still the biggest ones for new members, but then Iran and Turkey come before France. So there is some slight more growth in Iran and Turkey.
Looking at the numbers, you will also see that while members leave us, we close our members, we closed LIRs, we do that for different reasons. The vast majority, 1,340 of the 1,500 closers, is initiated by the members. Typically you want to consolidate your LIRs into just one LIR because the two‑year period after you got addresses from the waiting list has passed so you want to save some money there.
But then we have 196 members that the RIPE NCC took the initiative to close. Now, the biggest group of that, you can see at the bottom circle, 153 of them is because they didn't pay. Well, if you don't pay, we will eventually close your membership. Five went bankrupt, unfortunate but it happens, 29 stopped responding to our requests. And it's not that if you miss an e‑mail one day because you are on vacation, that we close you down. It's after extensive repeated attempts to contact you, or find different ways to get in contact with you, that we come to that step that we close you down because you do not no longer respond to our questions.
The worse part here is the 9, untruthful information. Basically, documents or contracts or whatever that we then determine are not truthful, right, falsified. So, not only do we then close you after investigating and discussing that, but we also report this to the police, to be very clear, committing fraud towards the RIPE NCC is not something that you can do without consequences.
Looking at the resources. We still have some resources appearing on the waiting list from time to time. I mean it's been between 18 and 24 months that you have to be on this list to get resources. Biggest countries that got allocations there is Iran, Lithuania and Germany. On the v6 side you see that we, in total, had 1,116, while on the IPv4 side, 773, so we could wish for much more new allocation and growth in the v6 market than we see on the v4 side.
ASNs, 2400, so that's a steady demand for that. When you look at the right side you see there isn't that big difference from last year to this. If you are more interested in that we have two RIPE Labs articles that we have LinkedIn the annual report that you can read on more details here.
All of these slides here are from the annual report, so if you want more details about this, please have a look at that and read the details there.
Transfers: Yeah, that keeps us busy because you may not need your addresses, you find somebody that needs them more and you agree on a transfer, or you do a mergers and acquisitions rather than a posit transfer. Lots of reasons for this. Here are some statistics on the inflow and out flow from different countries. To the right you can see the difference from transfers between regions. So it's number, if you want to call it, port your numbers space from one region to another, you can transfer it and the biggest inflow you can see here from, to the RIPE region is from ARIN. While the biggest out flow is also to ARIN. So, it's not a balanced trade, so to speak, but there is addresses going both ways.
Quite some addresses also from APNIC, not so much with LACNIC. AFRINIC is not here at all because there is no transfer policy approved in the AFRINIC region, and they do not have a Board that is endorse such a policy. So, that may change in the future but right now transfers can happen between APNIC, ARIN and LACNIC and the RIPE NCC.
Registry accountability. So, we have a programme in place where we do assisted registry checks. We sit down with you and our aim is to do that at least every five years to check that not only your details in the registry are correct, but also that you have updated all the registrations data and your delegations and so on in the way it's supposed to be according to the policies. We do more than 200 a month on this. It's a lot of manual work but we have now started to automate some of that, so you may see more automation coming out in that area going forward.
One of the things that we also took on as a result of a policy proposal some years back it validating the abuse‑c roles, and the community decided that all resources should have ARIN abuse‑c contact and we have extensive automation in place to validate that. And you can see on the right side here that in 2024, we had more than 83 thousand addresses checked but that resulted in 851 that had to be followed up manually to make sure that were correct.
We also received various e‑mails, somebody has abused my computer, my network from this address or that address. So you can report that to us through an abuse form and we will look into that. Most of the time we tell you that yeah, but you need to contact these people or there.
We do also quite some Abuse‑c validation investigations into LIR accounts, LIR resources and end users, and as you may all remember, we had a heavy lift last year in strengthening security on your LIR accounts. So ten years ago we introduced two factor authentication, but last year, we made it mandatory. Now that has as you will see later, caused quite a lot of manual work for us to follow up and help you get that implemented.
So, at the bottom here, you also see some of the information security incidents, we had one major one, five unexpected incidents, priority 3, typically phishing e‑mails towards members. So, a lot of these stuff keeps us busy.
I mentioned assisted registry checks. You can see here a bit of the work that this results in. From the 2 had 45 A completed, 5500 corrective actions updating contact information happened. We worked on checking that you are complying with RIPE policies such as the Abuse‑c policy, proper registration of address blocks and so on. And we also give you information about other services that we provide that can be of interest you have to. Such as RIPEstat, Atlas and RIPE NCC academy.
I mentioned workload a couple of times because member services is kind of a first line to a lot of things that's happened if you don't know who to contact, you will send an e‑mail to NCC. That's 21% of their workload. Two factor hit that quite a lot. We had a 20% almost, 19.4%, increase in tickets during the whole year, and I'm really proud to say that the team managed to do that without an increase in staff. Now they are not that happy that they had to work 20% more or do 20% more, but that's kind of the nature of the game of doing customer service.
As I already mentioned here, a quarter of this is related to billing, you see a pie‑chart here that is labelled chat. Now that's of course many different kind of requests, but if you contact us on chat and it can be solved quickly, then you know 10%, 11% of the contacts to member services is then actually solved. So that's been useful.
Registration Services also increased workload, and what we are working on here and across the whole is really to see where can we make our processes more efficient or even automate them? So that's going to be a theme going forward. If you look at the pie‑chart here you will see that most of the right side of this pie is related to some kind of transfers, whether it's within region or inter regions, MNAs and so on. Now this is counting tickets not recording time on the individual ones, so some things like it says mergers and acquisitions, that may be more paperwork than other things, for instance.
Accuracy is something that's come up, and Marco had a talk this morning about legacy space where, you know, a quarter of the legacy space we still haven't really determined or entered into a contract so we don't have a good coverage of a hundred percent of that. Looking at what we have in the registry for members,
96.6 percent of the members we match with the business registries. Now we use a third party for that with worldwide coverage and they have automatic link to the business registries in countries. So we get updates if there are changes in the business registry. 3.4%, the remaining part, are 680 members that are not matched, and 186 of them are organisations, the rest are private persons that are not in the business registry.
So, if you take out the private persons, we are at 99.4% that we are matching with the business registry.
Another accuracy measurement, and this is just some numbers that we have started following, and we are working on getting good definitions on, you know, accuracy, completeness and so on, to have a guide drive into improving that for e‑mail addresses, yes, we have done a lot of automation to validate Abuse‑c, but not to other e‑mail addresses. So in the RIPE Database for instance we see that 96.8% of the e‑mail addresses they seem to work, well we don't know if anybody reads the e‑mail but they don't bounce, so the issue here is now dealing with the rest that bounces, we need to fix those.
So, this monitoring resulted in 2389 alerts. The so this link to the business registries alerted us with, you know, more, a bit more than 10% of our members on average has some kind of change. 1430 of those resulted in some update on our side, the 956 we determined are non‑essentials. That could be a change in punctuation or a change in translation of names from the native script of that country or so on. If you look at the nature of the changes, legal address is more than half of it. Company name, legal name, registration number or change of status are the types of changes that we discover in this way.
Sanctions is something that has been on our mind for quite some years now. And, you know, half of the sanctions investigations are with members or with end users. And a tiny fraction with inter‑RIRs transfers. So if somebody transfers resources into our region we need to do a sanctions check on both ends so that that trust anchors, which is more work than for multiplex where we already have you registered in and match to the business register. For end users we have working on that matching but that's not fully automated yet so that's next on the list. From the 1785 hits on this automatic substantials matching, we have ended up with, after investigation, determining that 164 are not sanctions and only 13 are. We produce quarterly sanctions report that gives you statistics on this. We don't publish a list of those that are sanctioned. But you can see here that there is a large number of what you can say false positives. With accuracy, it's also important that we know who is sending updates to us and especially when it come to contract, we know that, we want to know that you have the legal right to sign on behalf of the company. We have used a third party service identify to check that your ID is Credit Committee, but we have not yet checked that it's actually your ID. So, we are now starting to use that functionality in identify, in the first phase we will do it in certain investigations, but the long term goal is that you should be able to fully verify that you are are and have a valid ID in the long run. If you don't trust technology, maybe you shouldn't use the Internet, but you don't trust technology with your ID, you can still go to a notary and provide us a notarised copy of your documents. So that will still remain an option.
Customer service is important to us. I mean, you are paying our salaries, you are our members, you are our customers. And we use two metrics, net promoter score, can you recommend the services we provided to your colleagues? And we have an amazing NPS score of more than 88 in registration services, 81 in member services and 80 for ARCs. The only thing is a bit lower, 63 is really still a great score is billing. I kind of understand that, you don't like us to tell you to pay the bill. And, you know, by accident that 63 is approximately the same percentage that actually pays the bills on the due date. So, one way to, you know, not have us tell you can you please pay this bill is to actually pay it, right, that would help us a lot as well. It would reduce the number of follow ups that we have to do.
Follow‑ups. Customer efforts score: How easy was it use our service to say get your problems solved? Amazing scores again. More than 6. 6.7, lowest one again is billing, 6.1. But seriously, 6 is a really good score here.
Same day response is a number that we followed over years. The percentage of tickets that we respond in the same day over the whole year as been on 98.9 percent. That's also amazing results. Some of my colleagues in the commercial world saying that 98.9 percent that sounds really expensive. 80: 20 is what you should aim for. But I think actually being responsive and responding within the same day, if possible, that is a good goal to have. So we strive to do that.
Now, the world isn't always this easy because we have a lot of legislation being pushed upon us, that sounds a bit harsh towards the government. Most of this is sensible things. We want to be that our privacy is taken care of. EPrivacy, digital service act, EU regulations, a couple of regulations that fits into Atlas probes and physical hardware deliver. There are new things. You have all heard abouts in 2. It was supposed to be in place (NIS)... the EU Commission is now following up on that. Credit cool entities directive. E‑evidence package, we will hit those and will change and put more work upon us.
And this leads into the information security and Rick an compliance work which we do for the registry. It's not done by the registry but we need to secure the registry. We have already put in place a station for RPKI where we have a SOC 2 Type 1, which means we have a control system in place that's effective and we are now working on a Type II where they are auditing that was effective to a full year and we are committed to doing that going forward. We are also rolling out 27001, a system across the whole organisation, bit by bit, and that's going to be an audit beginning of next year. But a lot of work on how we work is done this year.
Now, why do we do this? Well we have determined that DNS services we provide do fall under NIS 2, so we have to live up to the requirements in NIS 2 and the easiest way to do that is to implement ISA 27001. That's a control system that makes sure that those requirements are implemented.
Now, for the rest of the services, we may or may not be under NIS 2. That's under the Dutch government to make a determination of. They have not yet done that, but we know that you our members are under NIS 2, and we are in your supply chain, therefore we need to provide towards you assurance that our services are reliable. So that's why we are doing this, and this goes together with our risk management system. I have a slide here on details in a SOC control framework and ISO 270001 that I would love to talk about. I will welcome my colleague to the stage, Gabor de Wit, he is the new chief registry officer, started 1 May, I am here to present rather than him because this was about what we did last year, so I'll give him the opportunity to introduce himself and then if you have any questions to ask, please feel free.
GABOR DE WIT: Good afternoon everyone, I am Gabor de Wit, I am going to keep it short in favour of having the other insightful presentations. I would like to thank RIPE and the RIPE NCC for the warm welcome I have received so far. I feel welcome already, so I think that's very useful. I look forward to collaborating with all of you.
And to make it easy for everyone to recognise nice me later on, as you can see I am still wearing the same shirt, it's easy for me to find me in the hallway later on so let's open up the floor for questions on the story line that we have just heard.
ROB EVANS: Do we have any questions? On the slide of transfers from inter‑RIR, coming from ARIN, is there any measure ‑‑ have you looked at how many of them might be coming from the same entity? For example, widgets ink to widgets NL, is that a...
HANS PETTER HOLEN: We have a lot of data on that so, you know, if you have questions, send them to us and we can see what we can get out of the data. So, you know, we are looking at a lot of different things but if there is a concrete analysis you would like to see, let's talk about that.
ROB EVANS: Okay.
AUDIENCE SPEAKER: Michele. The stats you gave earlier about terminations, you had nine that you terminated you said very diplomatically for untruthful informing but then you kind of sound more like fraud. How did you find them? Was this that you were doing something else and realised that something didn't sound right or was it that you were actively auditing members? I mean how exactly were those identified.
HANS PETTER HOLEN: Yes. All of the above.
AUDIENCE SPEAKER: I suppose the bigger question really is what is the NCC doing in terms of auditing the members? Because you have made kind of very diplomatic, very kind of vague researches to very light touch audits. I mean speaking as a participating member, I would predecessor that you were actually taking a kind of slightly stricter view on this because ultimately aren't the entire model falls apart if the wider world discovers that you have a larger than zero number of fraudulent members.
HANS PETTER HOLEN: Typically something happens and that can be a lot of things. Transfer is an obvious one. If you start to send us a copy of company documents that don't look right and we investigate and check whether they are ask for authorisation and we don't get or we get that things that are obviously falsified, that's one path towards there. But there can be things that pops up during an ARC that doesn't look quite right and we start to do more detailed investigations. So there is no one single answer to this. And it's also a bit limited to how much of this we will reveal because then we will give you a play book on how to avoid what we haven't seen so far. It's a delicate balance. I think last year was the first year I started to talk about that we actually are reporting to the police. That's something that the Board decided ten years ago or something, and we have statistics on that. But ‑‑ and I think it was talked about in Reykjavik and then there was push back from several members saying that oh, but what if I submit fraudulent documents just for fun? It's kind of like we're not in that business, right. This is, you know, real world. You should not do that. So, I'm trying to create awareness that we do actually have a team that takes this seriously. How much detail we should provide on that is a bit up to ‑‑ I don't want to give you a play book on how to avoid our checks and, you know, every time there is something new, that we will look into.
AUDIENCE SPEAKER: Hans Petter I am not asking you to give a play book, that's not what this is about. It's more a case of making, you making it clear that the RIPE NCC takes that responsibility very clearly. Nobody is saying tell us how you are doing it so that we can then avoid it. That's not what's that's about. It's more a case of making it clear: Yes, we do check, yes, we will check, no we don't want this kind of thing. I was in Reykjavik, I remember some of those conversations, were very strange from my perspective and those weren't NCC comments obviously.
HANS PETTER HOLEN: I see my department manager from that department saying yes, we take this seriously, but then you have a clear direction here, right?
ROB EVANS: Thanks.
(Applause)
Now, Felipe with the update.
FELIPE VICTOLLA SILVEIRA: Good afternoon everyone. I am the CTO at the RIPE NCC. Today I would like to give a presentation about the highlights from technology in 2024.
At the beginning of last year we had four main objectives, ensure security and compliance and keeping costs within budget were the main ones about you we also worked at providing a better service for you and also to increase our technical capabilities, which is what the last objective is about.
I'd like to start with Internet measurements. At the beginning of last year we had some big challenges with our Atlas backend, it was an ex IPv and dated solution to store historical data. So had an old cluster that was taking a lot of space in our data centres. That cluster was almost full and it was almost running on very old hardware. So, failures were very common, things like hard dynamics breaking an so on. Something needed to be done with a certain urgency. The controllers which is a component that sits between probes and the backend, often needed some urgent organisation. We came up with a new solution that has three main parts, the first one should be smaller cluster using a recent data for the recent data. So a sort of cache, if you will. We built that using a rented bear metal from.... We started to...AWS S3 which is a cheap objective storage and proved to be quite good. For the controllers we containerised them and deployed the community cluster in AWS as well.
So that allowed us to reduce our data centre footprint quite significantly. We started last year with a total of 46 racks, in two data centres. Today we have around half of that, so it's 26 racks in the two data centres. Our goal is to reduce this further to a total of 1 racks in the two data centres.
So, as for the next steps we're working towards consolidating our data centre presence. We're moving from M 5, one of our data centre, towards the north C and with that move we can further reduce the footprint being from 26 down to 22. And also increase the geographical distance between the two data centres. Today, they are both elected in Amsterdam, so it's quite close to each other. The new one is Utrecht, so it's a little bit more distance, we have a bit more resilience.
We're also working towards a financially sustainable solution for storing RIS and RIPE stats historical data. Our goal is to have a secure and resilient data centre presence for our core services. So for RPKI, RIPE Database, DNS, registry. But also serve as a good alternative to Cloud providers. And we have a whole discussion about the Cloud later in my presentation today.
RIPEstat and RIS are the highlights are that we planned or approach for the reduce of a new UI this year, so my colleague did some research together with her team. And the results were published in a nice Labs article that I recommend to read. My colleagues wrote a Labs article about the new user interface that we launched in February this year.
We have also completed the migration that helped us with the data centre reduction. It was mostly moving dataset between two different clusters and then decommission the old cluster. We have also added 32 new RIS peers.
Internet infrastructure. RPKI, Hans Petter also mentioned about I SOC 2 Type I certification that we obtained last year. During the audit we found no major deviations which is something good and to remind everyone the goal here is to have certification is to ensure the truth in our RPKI system.
And we do that by making sure to have sufficient controls in place and to be able to demonstrate that to the outside world. So, we do that by bringing in an external auditor that basically assesses the effectiveness of those controls and then produces a report that you can request as a member, and I include the link there nor or trust.ripe.net website.
So this is an overview of what's involved in the SOC 2 controls, so you can have an idea of what this is about. We have controls around availability, confidentiality, security and processing. For availability we have nine controls, and they are to ensure things like service uptime, failover readiness and so on. Around confidentiality, it's mostly to protect sensitive data, and we have two controls in place.
Security, that's the bulk of our controls, we have 55 of those, and they are meant to safeguard systems from threats.
And finally process integrity, which you have ten controls, and they are there to maintain system accuracy, completeness and reliability. So that you have an idea of what is control framework is about.
RPKI programme, so this is a programme that they are doing together with the five RIRs, and the main goal of this programme is to achieve a consistent and uniformly secure, resilience and highly reliable RPKI service provision to the global Internet community.
In this programme we have two main goals this year. This is for 2025. To improve, improved transparency, robust and security of the RPKI system. This is about dealing with zero/zero TA over claim problem and we are working towards having an NRO trust anchor. So the goal is to have something that can be shared with the community later this year.
The second goal is to have increased consistency of the RPKI user experience, one way to achieve that is to have an RIR roadmap for the main features that are going to be delivered by the RIRs, like for example when the RIPE NCC is going to deliver ASPA, when ARIN is going to do it and so on.
RIPE Database. Improving the security of the RIPE Database the our many goal here is to phase out MD5 hashes by the end of this year. Last year it was mostly about engagement with the community. To try to find the balance between security and ease of use which sometimes is not something very easy to do. At the beginning of this year, we had provided API keys and we're currently working to implement audit 2 and together they have give alternatives for replacing MD5 hashes. The removal of the hashes themselves will happen only after we deliver the 0 audit 2 solution which is around mid‑of this year. With the exception of inactive accounts which are accounts that have not been used for more than a year.
DNS and K‑Root, the highlights, my colleague gave a nice presentation this morning going a bit more in detail. If you are interested I refer to his presentation. We have improved the resilience and availability of the service by adding host it nodes. All nodes have been upgraded to a new operating system. So I got rid of the old machines. We have also started a process to retire network S.ripe.net, it was completed in January this year.
Now, we had a very lively discussion in the mailing list last week we we really appreciate because we get feedback for our, get guidance from the community on how to proceed. So, I'd like to have a discussion now about our Cloud strategy. You first of all I'd like to explain the current strategy that we are following.
.
The wording is that we aim to leverage Cloud technologies when they bring value to the organisation and to our members, and this value is defined in terms of improving focus for development teams, has resiliency and so on. Like in other words Cloud is a tool and we use it when it's the right tool for the job.
At the same time, we maintain a robust on frame infrastructure for or core services, so our crown jewels if you will. Or for when the Cloud does not provide these advantages. And we have published a strategy framework and service criticality definitions. That happened a couple of years ago one we have been using this as guidance for our usage of the Cloud.
In summary, this framework says that the more critical a service is for the Internet, for example RPKI, the less likely it is that you are going to use the Cloud.
It is like here with our current Cloud usage, not including everything but including a software as a service, you are not including CDNs, about RIPE Atlas, it was in the beginning of my presentation so I'm not going to repeat myself. We're using Google BitQuery for research. We're using AWS, CS for the SSO backend and we're using Google work space for our productivity tools like for e‑mail, calendar, Google slide, these slides are made for example on Google slides.
And our meeting software is also running on AWS, ECS, so that's not a typo, it's also containerised but it's not cubernetis.
(/KAOURB /TPHAOETS) so the question is how we move from here. We have identified this rapidly changing and seemingly unstable international dissatisfaction and due to that and increased risk in using a Cloud infrastructure. Within that context or strategy is being revisited. What we are working concrete on are exit strategies. So that's part of business continuity plans, which are part of our ISO implementation. And also we're having discussions about our future usage of the Cloud.
In the meanwhile, some major deployments to the Cloud have been put on hold but not all of them, because I felt it would be harmful to stop projects that were already ongoing.
In our strategy is shift to go rely more on premises and less on big tech providers.
Budget versus actuals.
The total budget for technology last year was 12 million euros, so that includes parts that are currently reported under the registry but Hans Petter also explained that in his presentation, LIR, RPKI and the RIPE Database. After expenses there were just shy of €300,000 over budget, and the main relationship was the delay in downsiding the data centre. We have planned to do that until August last year, but it happened only in December, so it took a little bit longer:
So, that was basically my presentation today. Some key takeaways here.
Security and compliance was one of our main focuses and we have obtained or SOC 2 certification. Here I would like to give credit to my colleagues, Elinor Ostrom and her team, for doing most of the leg work here.
Cost effectiveness, I have implemented a financially sustainable solution for restoring RIPE Atlas historical data. And Cloud strategy we're currently reviewing our strategy.
That's basically it.
ROB EVANS: Thank you.
(Applause)
AUDIENCE SPEAKER: There is a question from Shane Kerr. The question is: Why is the SOC 2 Type I assurance report not published openly I see there is request requested which might be refused where I have to explain my interest.
FELIPE VICTOLLA SILVEIRA: Because it contains some confidential information, and I see my colleague Elinor Ostrom going to the microphone, do you want to take this one?
AUDIENCE SPEAKER: Yes. I am the information security officer of the RIPE NCC. The reports are basically not public documents. We are released by the auditors to the audit team, and they list non‑disclosure agreement to interested parties. For us, interested parties are members that utilise the RPKI service, or parties that would like to utilise the RPKI service, and would like to understand more about the security and compliance of the service itself. So if you want to see the report, please make a request. This kind of report contains confidential information, that is why they are also released... thank you.
RANDY BUSH: You said you were going to pull back towards self hosting for critical services based on the criticality. I would suggest also for PII, for personal information, is also a factor there, especially considering the Cloud services you are using are hosted in dangerous environments.
FELIPE VICTOLLA SILVEIRA: Thanks Randy, that's pretty much what they are doing today. Like all the registry related information, is confidential, it's all stored on premises.
ROB EVANS: Any more online? No? I guess, thank you very much.
(Applause)
And now next speaker.
HISHAM IBRAHIM: Good evening everyone. I am the chief community officer at the RIPE NCC, and I just want to say I love my job because this is the best part that I get to do. When I talk about the work that we have been doing in the community and highlights on what the activities that my colleagues and I have been busy doing. I am going to try and do justice in less than 20 minutes.
So, the way that we report on external engagement and community is across three lines in the activity plan and budget that I am sure a lot of you have seen. The first being community building and member engagement. This is basically creating environments for people to come together and engage and talk, not very different from what we have here but trying to replicate that across a very big and diverse service region, 70 something countries.
The second line talks about learning and development activities, so all the training and capacity building that we do. As you see highlighted here we do offer in‑person training to our members and for the broader community we offer online webinars and e‑learning platforms and such.
The last bit of how this whole things comes together is the coordination and collaboration, so the prescribing doesn't operate in isolation. We are part of a larger Internet governance structure that operates, well the Internet pretty much, governs it.
We work to defend and support the system because we fundamentally believe that this is the best thing we can come up with at this point in time. And our work does require us to have excellent relationships with government, standardising bodies and also technical community as well, as you can see I am highlighting it a bit.
So going into community building and membership engagements.
This is a nice confetti graph that shows you at a glance where we have been doing engagements, so, creating those environments in person, so, you can see that we try to have this nice wide geographical distribution across our service region. You can see the colour code will correlates back to either RIPE meeting a regional event that we do, we host three of those, Menog, southeast Europe, SEE and, central Asia peering form, but we also do more national targeted engagements, something like the Internet measurements days or NCC days which we didn't do last year, but that's part of the portfolio, hackathons and others. Now for those of you who not like confetti graphs and prefer a more personal approach. This is the slide I like showing every time. This is community the coming together in various meetings and occasions, just really exchanging ideas, building the community and continuing with the legacy that has been built over 35 plus years, I believe.
Which brings me to the RIPE meeting at RIPE 88, where indeed we were celebrating 35 years of RIPE. It was a great meeting in Poland, we heard a lot of great feedback, it was one of the meetings that we managed to kind of get back on track with a long term planning for events and it was easy, and nice and people were happy, which was a great thing.
You can see that reflected in the MPS scoring as well so out of a possible minus 100 to 100, we ended up with a 74, so that is always positive. You might remember the iconic stairway that I think everybody that was there took photos. I see a lot of nods, thank you for that ‑‑ and really the marketing and design team do a really great job in doing this. They ended up trying to up themselves one up more the next meeting, so moving from stairs, they went to the elevators, and this photo came to as close as me being ever an influencers in my life, I may have mentioned this one or twice to a few people. I post it had on LinkedIn I ended up getting like 40 thousand unique people looking at it with 60 thousand views of it, and people actually debating about is IPv6 the future, is it now, did it happen, did it not happen in, is it dead? Sparked a lot of discussion, that parked other stuff as well, but it was a great meeting and again kudos to the teams that work on this. I have heard great feedback also on the marketing here at the meeting, one I think this I want to highlight, please talk to the come team and the marketing team but also Miguel who is our graphical designer, he doesn't usually come to the RIPE meetings but he is here now, so please, I don't know if he is in the room or not, talk to him because he does really amazing work.
RIPE Labs, I am sure a lot of you if not all of you are familiar with RIPE Labs, it is our way of publishing articles that are of interest to the community written by the community but also written by the RIPE NCC staff. One the metrics we always keep an eye on is we have at least a 50:50 balance between articles written by staff and community. That means there is engagement and interest from the community the as you can see that's say true last year, where half of the articles that were published were written by community members the
Now, I highlight here the top three articles in terms of views. I am very happy and proud to say two of them were written by NCC staff, so he will immediately, my colleague, wrote an oral about routing around damage, he will be presenting that in a couple of sessions, I think in co‑op, but also in the Community Plenary as well, was really good article and it got a lot of attention.
The other article that was inspired by the discussions about the elevators was the IPv6 cat that I wrote. It is uncertain if we are going to be doing more branding around this for future meetings, but wait until 92 to see what we will be doing. That is the plan. But it's uncertain, let's say.
There was also a great article about LL M and misinformation problem that was written by a community member, Kathleen, and these were the top three.
We also had ten podcasts and we had around well 33 K unique views.
And if I haven't mentioned him by name, Alun Davis is the RIPE Labs editor and he does an amazing job in making sure that we have great quality content there.
Moving to other stuff we did. There was the redesign of ripe.net. A lot of you would have seep Phil, who is also at this meeting, going around and presenting about how we redesigned the website and how we made it a lot more clear and visible, what RIPE NCC is what RIPE is with different colours and notations that allowed for, hopefully, more ease of use based on the feedback that we hear, that was quite successful.
Fergal, also my colleague, came to the stage and presented on crowdsourcing translation efforts to get some of the documents that the RIPE NCC produces translateed into different languages, trying to lower the barrier of language. As you can see here, a list of different languages that we ended up doing through community crowdsourcing, so, Turkey, Spanish, Italian, Russian, far see, Arabic and English are now available for certain documents online.
In the bottom here, it highlights RACI and the fellows. It's an initiative that is done by community development team managed by Gergana and her team takes care of this and it's a great effort, I am sure anybody that has at a RIPE meeting has listened to at least one Kase talk. It's great to see how we are more welcoming to newcomers coming into these meetings, presenting their work and bringing in fresh perspective, which is something that we want to see more of. I think I have a slide on that later.
Learning and development.
So, last year we also celebrated ten years of RIPE academy. You can see a nice progression of sites and websites over the time in the bottom there of how the academy looked over time. You can see the team that was at RIPE 89 celebrating, so there they are. They are here I believe and please have a chat with them, they do really great work, we get a lot of appreciation for the e‑learning content that they put out there. It is, according to the feedback that we're getting, amongst the best that people get to experience.
Now, not only do we offer the courses, but we also offer certification, so people can get the badges and use them for, well name purposes on LinkedIn and bragging, techies like to brag.
You can see that we offer the, you may or may not remember last summer we covered a campaign and asked people to publish these certificates as they were getting them, and we ended up giving out T‑shirts, again something else that works for techies, T‑shirts. And as you can see in the slide here, the team does a lot of usability testing and a lot of quality control metrics, so that is very much factored in all the work that they do and I must give them kudos, they are quite an independent team that knows what they need to do and they get the job done, so they are really, really great at that.
Last element is coordination and collaboration. And a few highlights here: We have held three round table meetings last year in three different parts of our service region, so we do one annually in Brussels, well all three of them are annual actually. We do one in Brussels, we do one in southeast Europe, alongside the SEE meetings, so last year that was held in Greece, and we also do one in the Middle East, I believe the photo is from that one, in Jordan.
We also have a concept called Breakfast with Ministers, so in service regions that it's difficult to bring people on the regional level, then we go and engage more one‑on‑one with the government officials that we need to do there.
Now, another thing that we have been actively working on is building that recognition amongst other entity in the Committee that I mentioned, Internet governance landscape, to we have pledged last year to partner to connect which is an ITUD development initiative. We pledged there all the capacity work, some of the capacity work and the training courses that we have been doing there, it is highly appreciated by them, this is why I am saying we're getting a lot of great feedback on this. We have plans to continue more. This allows us to help us position ourselves as that centre for expertise and knowledge when it comes to any matters related to our mandate.
A lot of work with the League of Arab States, I believe my colleague has a talk tomorrow in copy that will talking more about the work that he has been doing in this area. We have also been working with the Dutch Internet standards platform and also with regulatory bodies and the European Commission in Brussels, my colleague Romain is here, I don't believe he will be presenting, but please have a chat with him, he always has nice insights to what's happening in Brussels. And we continue to contribute to work done in UN, in EU and stuff. You might remember if you caught my talk last year, there was a lot of submission that is we made to open consultations on to various topics related to Internet governance issues, which I think I have a slide on as well.
Data story telling: So we do a lot of effort there. We have an internal gild that is run by Alun, the RIPE Labs editor, but it really brings together people from across the entire company, so it's not really one department that works on this. It brings together people from the research seem, the comms team, registry, technology, all come together to try to demystify, for lack of a better word, the work that we do.
We put out these regional reports alongside the regional meetings, we use them to produce also for when we do NOG engagements and travel to present in different countries, how we see the Internet performing there. There is the article on ‑‑ it could be topical, the article on the Baltic sea cable damage, but we also have more in‑depth stuff for example like the article that my colleague in the room here did on IXPs in the Middle East.
Now, what ‑‑ you asked the questions about transfers. Interestingly enough we do have an in‑depth report than that we will be publishing in two weeks, we didn't want to launch it with the RIPE meeting, because we didn't want it to be covered with old noise of that that my colleague Marco, the registry manager, and is here from the comms team have put together, and Rene from search have put together a great report that covers I think all the questions that you might have there. But also my colleagues are working on a follow‑up report on the IXP in the Middle East, they do that southeast Europe as well. More of these insights, we produce as much as we can because we use them for engagement and all the stuff I said before.
I am going to have a couple of slides on 2025. But before I go into that I want to thank all my colleagues in the RIPE NCC for all the work that they do in the external engagement and community work, there is a lot more than I can cover in 20 IPs minute, so if I haven't mentioned a project or haven't thanked you be by name, please I want to know that it is highly appreciated all the work you are doing. I could not be more proud. I take the glory of presenting on this but it's really the hard work that the team does.
2025 updates.
Community project fund. You might remember last year we paused the community project fund in an attempt to review that and see if we can make it better, what enhancement needed to be done, because we were hearing some criteria so to speak, which were fair, so, we paused it and we looked at in internally to understand what we need to be doing to make that programme better. Now, after doing some initial research, it became very clear to us that it would require a lot more resources that are currently dedicated to it, but then if we provided that, the direct benefit to the members was unclear. So, we went back to the Board and we presented a bunch of different scenarios, but at the end, the Board decided and approved the proposal to discontinue the CPF. There is a resolution on this, and there is a Board minutes if anybody is interested in reading more about that.
I do want to note that this does not affect those that were awarded funds in 2024. This is about moving forward.
And I really want to thank the Selection Committee that our volunteer members from the community that are the ones that do the selection. We just provide secretariat work, but really, the selection, the process, all that is run by community volunteers, which have been doing an excellent job so far.
The RIPE fellowship review. So if you were in diversity yesterday you would have probably seen Laura on stage talking about the mentorship programme. You might have had some chats with her or other colleagues that actually are part of that of the community development team, that are looking into how we can on board more people into the community, how we can bring them in. RACI has been a great success over the years, fellowship, well various levels of success, but we really wanted to see how we can go beyond just these programmes into making sure that newcomers feel a lot more welcome and we have retained them over time. Giving them certain elements and how we can tie stuff like the e‑learning stuff that we have now, the monitor ship programme that we have, all the community engagement stuff that we do, the programmes, how do we tie all this together to actually give newcomers more a sense of achievements and gamification to how they can be more active within the community.
We are continuing to run the fellowship programme, so we are doing it for this meeting and RIPE 91 as it is. The I say that we do it light, which means we're not going to be doing a call for fellows for RIPE 91 because we have already selected them from the selection pool that we were given for RIPE 90. However for RIPE 92, ideally, hopefully, we would then be ready to launch a new programme and I'll be updating more on that in RIPE 91.
Very quickly, because I am down to my last two minutes. This year is a big year for Internet governance and discussions about this. If you are not into Internet governance, assure you have heard a lot of discussions about sovereignty on the Internet and digital agenda and putting government first, whatever government that is, or block first. And it's very important in this time that the technical community has tear say and makes people understand what is really at stake. I wrote a couple of articles, this is the last one, of a series that is strike to distinguish the Internet from what is built on top of it which is very important we don't could you have the two. We techies, we do Internet plumbing, we say that a lot. It is very important that if well the aesthetics, the smart device that is you are putting in your house, if you are doing that they don't compromise the foundation, you dont's crack the foundation of the building or else the building is ruined, right. That's very important in these discussions moving forward. This is why positioning the RIPE NCC and the RIRs and getting them recognition for the role that they play is very important.
The road to RIPE 100. So, my colleagues now are actively working on that. We now caught up with the two year cycle but now we're planning way ahead to RIPE 100. It's called RIPE 100. We are looking into different locations and where we go. There was a good presentation in the diversity session on accessibility there. We will continue that discussion. But it is really great and something that I really like, we have the iconic stairs again for this meeting, and one thing that I saw with a lot of people is they go and say this was my first meeting, this was my first presentation, this was the first time I saw this. It was really great to hear these stories and it's really lovely to see.
With that, I am done, thank you very much.
(Applause)
I think you can tell how much I love my job, right.
HANS PETTER HOLEN: Thank you, so now we have been talking about what we have been doing last year and some peeks into what we are doing this year, I am going to lift my eyes a bit and try to gaze in the next five years, starting the year after next.
We have a five‑year strategy in place where we try to look at the long term strategic roadmap and we want to publish that a year before that period starts.
Every year, we do an activity plan on the budget. So that's more the tactics on how do we play this and get towards this goal that we set in the strategy. On the short‑term or medium term, a year. But we also have a third level which are the quarterly roadmaps that each of the service teams present for the services. So, if you are looking for promises on when are we going to launch this feature or that, you need to look in the quarterly roadmap, because as anyone working with software development you know that there are always surprises and you can't really promise what comes after the next sprint or the next, but we try to have a clear roadmap for the next quarter and that means we can revise after that based on learned and changing requirements.
We want to have a long term plan, because you, as our members, want stability, you want to know what you can expect from us, and you want to know what you are going to pay in the end, and these things are linked so we want to provide clarity to members and the community about the direction we will take in the coming years, align all staff around the strategic properties, because with 190 people great if we run mostly in the same direction, right. We can't expect everybody to do exactly the same thing at the same time, but it would be great that we all pull in the same direction and that's what we need a strategy for.
We need to engage and motivate externally and internally, we need to have a basis are to the annual activity plan and budget process and ensure a long term development of services and activities.
So, strategy process 2027‑2031. That's a long time ahead, right, who has planned their vacation in 2031? Nobody, right.
Financial planning is something that we didn't think about last time. This time we will also make a financial plan that fits this five year budget to give an indication of what we think this will cost. So, you know, we can dream up the best strategy in the world, but if we don't have the resources to deliver on it then it will never happen. These things need to go hand in hand.
We have a longer planning cycle. We are starting already more than one year ahead. Because I want this strategy approved before I have to make the first activity plan in this cycle. So that means that this plan needs to be in place in May next year. We now have a year to do this. Which seems like oh that's a long time, so no hurry, but also, you know, we have a lot of stuff to deliver in that period, so, it's good to have that time.
Once the high level strategy is in place, we will develop strategies also for the services. So we have measurements services, we have are registry services, we have RPKI and so on, where do we want that service to be in 2031? That's not something you may find in the very high level strategy from RIPE NCC today, but it's an important work to do for each individual service, and since we have a year, we have time for that.
And we want to involve more stakeholders internally and externally. Last time around, this was just after I started, it was mostly done in the exec team with some involvement, some staff and it was heavy involvement from the Board in the end, so I do believe the Board feel strong ownership to the current document but not that much engagement in the community and definitely with all staff, we hope to make that different this time.
They are also using a slightly different methodology this time. And we are doing more ground work before hiring the strategy. So I have put together a strategy team from across the organisation, they are all actually done part time MBA over the last couple of years so I thought maybe they have learned something about strategic planning so we are letting them have a go at doing and facilitating this process for so no expensive consultants here, we do this in‑house, right.
Overall approach to this is diagnose, decide and deliver. So, we know in the first phase that we are doing in Q1 and Q2, we are examining the landscape, the bigger trend and understand where we stand. We map external factor to operating environment or resources and capabilities and we look at input from external stakeholders. That's the diagnose phase. Then in Q3 and Q4 this year we will use this analysis to set the general direction for the coming five years. Check the alignment of omission and vision, or current objectives still apply in this landscape? Define a high level strategy and gather input from external stakeholders. That's when we start to decide on where we want to go. And then deliver from Q4 to Q2 next year, work on more detailed service plans and fine tune the strategy.
So, in February, we started with external analysis, and we used the pestle method for this looking at society and trends, in April and May we looked at the operating environment analysis to understand potential impact on these changes to the RIPE NCC and then also now in April and May, looking at organisational strength, you know, you'll start to look at strengths and weaknesses, it's very easy to get all in all the risks and weaknesses but we do find some strengths and we can build those as well, that's important to take into account. All of this was leading to a strategic SWOT that synthesizing a strategic base what have we are doing. In June they will start to make decisions. It is going to be a workshop with the exec team. We are going to have a workshop with the Board, with the regular community Board meeting then we will then take it from there and bring it forward.
Now, I have talked a lot of about process. What PESTLE to understand the external environment is about gathering input from external stakeholders on thousand they see the factors. So how does the RIPE NCC staff, ski staff, see the political, economical, social, technological, legislative, environmental area develop.
.
On the flipside, we see, as I expect most of you do, increase geopolitical conflict. We see increase in requests for greater insight and control other Internet number resources by governments. In the nineties they hardly knew what they were doing. Now they want to control us. Increased mistrust towards institutions. In the society in general. EU legislation and potential demands from non‑EU countries for parity. Hey, is great, let's copy that and then they have conflicting legislations from part of our service regions. Possibility of further angsts. Rapidly changing and seemingly unstable international dissatisfaction.
Economic side.
Inflation is luckily not as high as it was, but it's very uncertain and it's very tight economic conditions, so while the inflation isn't quite down the way it was before we had this very high peak a couple of years back, it's maybe a percentage point higher. We also see that the predictions from for instance the Dutch Central Bank or the European Central Bank or other national Central Banks, they kind of miss, they say that it will go down and be lower and we see at the end of the year that far too optimistic in reducing inflation. It is more uncertain than it used to be.
Increase cost of attracting and talent. My staff will use this as an argument for getting pay rises again, but this is what we see when we are recruiting. Sanctions and OFAC restrictions. Sanctions it does directly but also indirectly. Feedback doesn't apply to us but banks are concerned about that which Appendix it difficult or importer for us to receive money from owe feedback sanctioned enter entity. US imposed system of tariffs. We have no idea how it will affect any of us yet. And the fluctuating IPv4 market. We had an interesting discussion over dinner here the other day saying that oh the prices are really going down. That's great because that means we now have v6 deployment, or do we? What's happening here? We don't really know yet. We don't know the effect of this.
Social factor. When I joined the RIPE community in the beginning of the nineties, there was a pretty homogenous community, it was all network engineers and if not all had the same education, we were pretty like‑minded. Today we're a much more diverse community, which is great, but it also means that there is more divergence, that's a challenge. But it means we need to pay more attention to it and how do we drive the community towards consensus which may be harder. Less participation from the newer generation. So, that's why we are doing this fellowship programmes and RACI and so on, we want new people in here with new fresh thoughts.
Geopolitical conflict as a threat to the cooperate spirit among community members. Lack of participation from members and community in parts of our service region. Challenges in staying relevant given people can get IP resources where else, and when they meet and collaborate in other forums. Why go to the RIPE NCC when I can rent some IP addresses here? Then you are dependent on a third party and if that third party stops existing you don't have those addresses in the registry anymore. Go directly to the source, right. Those kind of factors and those changes over time where people go for the easy solution rather than the right one.
Technological factor. AI is hitting us everywhere. We have no idea where this brings us, right. It potentially changing the way we work and expectations around the way we work.
Advancements in AI also drives and increase in cybersecurity attacks. Emerging quantum computing technologies reshaping how we deal with cryptography, and that's affecting quite a few of of services.
Evolution of routing security creating new security mechanisms we need to promote and support. I mean it's great to be on the forefront of development, but it's also work to implement them.
Concerns regarding dependence on Cloud providers. Felipe has already talked about that. It popped you up in the PESTLE analysis, we are taking it seriously in the risk assessments and we're taking it seriously in the strategy process but we're not waiting for the next five year strategy to take actions here.
increased deployment of IPv6. That may affect us.
Legislation. Maintained and possibility increased sanctions. Unfortunately sanctions has not gone away. Increased and evolving regulations. I talked about that several times already. Conflicting regulations from different parts of our service region. We are already have that and there is no reason to believe that we will see less of that.
The need to sizably demonstrate compliance. In the nineties it was, you know, enough to just do the right thing and make sure your service works. Today we have to document it and people ask why don't we publish our SOC 2 report because it's confidential. There is to see it like this, where are the weak points and have we taken care of the data services the way we would do.
More tech advancements leading to increased need to regulate, again requiring relevant procedures, risk assessments, misconfiguration plans and business continuity plans. If you have been working in companies that have implemented the compliance efforts like what the RIPE NCC has done, you will know that it's maybe a major change of working, right? I see some people nodding here. And, you know, that's a heavy load on my colleagues, I recognise that in the RIPE NCC. I just have stand here and present on it, everybody else has to actually feel this in the way they work an work differently from what they did last year and the year before.
Environmental factors, climate change, impacting us and our members. Risks to Internet infrastructure and resilience, you have seen our publications on cables and so on. High travel costs and demand for eco friendly events. Hey why do we meet at? Why don't we just do this virtually? How many times have we heard this? And great to see you here by the way, I still believe meeting in person is important.
Pressure to reduce our carbon to the print. Requirement to report on and limit or energy consumption. Infectious diseases affecting the RIPE community and RIPE NCC staff. Let's hope we don't ever see a new Covid epidemic, but it's more likely that we do than we don't in some way.
So, this is the output from the strategy team of the PESTLE analysis. What we have now been doing is workshops with staff. What are the likely areas of impact based on the PESTLE analysis. What opportunities do we see emerging from these. How do we see the expectations and demands made us evolving in line with industry. How are other external factors likely to influence our activities, suppliers industry and peers? What are our internal strengths and capabilities?
.
Then, in June to October, we will have discussions with the Executive Board, and we will have an Executive Team who will dive into this. We will use the strategic SWOT that we talked about earlier, and RIPE NCC's vision and mission as the springboard to look at the overall picture and understand where we stand and where we want to be going. Then draft a high level direction for the RIPE NCC and the different functional areas. So the draft first high level strategy from the RIPE NCC is something that we intend to present to you at the next RIPE meeting. So, please stay tuned.
In September to October, we will also share a summary of our internal analysis, and a high level draft strategic plan with members and community ahead of the October General Meeting. Work will be done internally on the service level strategies, defining strategic objectives for each service in line with the overarching strategy. Develop more detailed strategies for which services, where we need further analysis on this. And here it's really important that we also do bottom up feedback in this. This is not a top‑down exercise. Both internally in the organisation but also from external stakeholders. So, you know, please keep your eyes open for requests on the mailing lists or other places where we would seek input from you on this.
So, we have already done quite a bit on the PESTLE analysis operating landscape workshops. We will be asking for your input on our work on the internal analysis and high level strategic plans ahead of the next meeting. Please participate in this. The whole process will end with a great fun for the RIPE NCC strategy for 2027‑2031 that we will complete by May 2026.
That was it. Are there any questions?
ROB EVANS: Do we have any questions on that?
HANS PETTER HOLEN: If you are interested to talk more about this, please find me or maybe even better, somebody from the strategy team, in the corridors, finger factual is covering them so he is a good person to talk to, or your favourite RIPE NCC staff or executive members and please give us input and suggestions on where we should be moving. Thank you so much. Now they are running to the microphone.
AUDIENCE SPEAKER: Salam, thank you Hans Petter, I am so impressed. I have to say, that there is directions, there is a form and, you know, the community is all behind the, you know, the RIPE community is all behind the activities and everything. My question so you is: What keeps you going in, I mean it was pretty pessimistic in a lot of places. What are you optimistic about?
HANS PETTER HOLEN: That's a big question. This brings me back to the university at the end of the eighties when I got the phone call from Pete, a CWI and asked Hans Petter do you have this kind of modem because our friend at the demos in the Soviet Union, they are afraid that their connection to the rest of the world Legacy holder cut off. And as an engineer at university I was running the UCP node there and I set up a connection to them and I was watching the news feeds on UCP everyday through the critical days of the Soviet Union falling apart. Inter fax was the only independent news media back in the days, that then got to news, independent news out to the rest of the world of what was happening and my tiny part in that by watching that modem and making sure it works was kind of like I can contribute a tiny bit to making the world a better place by making people communicate. So, that's what drives me, I think that the Internet is still a tool for people to connect and interconnect, and make the world a better place. There is a lot of down sides and dips in that belief, but, you know, I still have a firm belief in humanity and we can here make the world a better place by keeping the Internet running.
BRIAN NISBET: I think just the video from our Ukrainian friends talking about communication crisis really feeds into that. My question is a lot more pro vague than Salam's. You talk about the feedback and you want to get more from the community and apologies to the members and apologies if I missed this, is there an e‑mail address? Is there a form rather than us trying to hunt down people in corridors and things like that, but will there be a nice clear process or method?
HANS PETTER HOLEN: My strategy team has promised me that there will be a process and they will reach out to get your input. So, this will be made, right.
BRIAN NISBET: Strategy, yeah, ripe.net exists in five or ten minutes.
HANS PETTER HOLEN: Not quite but I think for the strategy we will use the MAT Working Group, to the services we will use the Services Working Group group. I am not deciding this, they are. I think they got the message.
ROB EVANS: Thank you very much, Hans Petter.
(Applause)
So, just a few closing remarks. As usual, rate the presentations and vote for the PC elections. At RIPE 91, it is my turn to stand down as co‑chair, so, if you are interested in being a co‑chair of NCC Services, please come and see either myself or Stefan or Janos and we can let you know what's involved.
Read the daily meeting blog, the comms team put a lot of effort into, it's funny and amusing and worth a read.
With that I shall thank you very much. We have the GM, I don't know whether it's in here or the side room ‑‑ in here, thanks. So the GM is in here, so if you could make your way out, because we'll have to ‑‑ the NCC will have to check badges, as usual, on the way back in. So, thank you all for taking part and see you in Bucharest.
LIVE CAPTIONING BY
MARY McKEON, RMR, CRR, CBC
DUBLIN, IRELAND.
