RE: [Wg-rms] Stepping down from co-chair role

To: wg-rms@lists.apnic.net
Subject: RE: [Wg-rms] Stepping down from co-chair role
From: Jas Webb <jaswbb@yahoo.com.au>
Date: Fri, 17 Nov 2006 17:39:23 +1100 (EST)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.au; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=h6xkHDed721N5rjEPEY9mn5QAGcU89JTngGCG+XDFRCpDzbZannLK7rne1JFMzn7P1p3JemFobDvHP0cdJsEdP4SbNKD0wKdOliRuJLZ4yXIW38ep2QugumR/iaZxbQauQn1RIQZ1d6ualFktQpOLBDa2HF2rDo+ihp7rionHW4= ;
In-reply-to: <0f7f6eb6917cfc26538a5481a86bf9db@iseek.com.au>
List-archive: <http://www.apnic.net/mailing-lists/wg-rms>
List-help: <mailto:wg-rms-request@lists.apnic.net?subject=help>
List-id: wg-rms.lists.apnic.net
List-post: <mailto:wg-rms@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/wg-rms>, <mailto:wg-rms-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/wg-rms>, <mailto:wg-rms-request@lists.apnic.net?subject=unsubscribe>
Reply-to: wg-rms@lists.apnic.net

Tim,

--- Tim Jones <tim@iseek.com.au> wrote:

> Hi,
> 
> I'll go first then shall I:)

Might as well..

> 
> My main interest is in regards to point 1 below.
> 
> I think deprecating email updates would be a very
> bad idea.

I so SOOOO disagree.. :-)

> 
> Many members currently use "home brewed" IP
> management systems which

Then they own their ability to change! excellent!

> rely on email updates. Deprecating these would mean
> costly and time
> consuming rewrites of these systems, which to be
> quite frank, are
> probably very low on the list of priorities for most
> small/medium ISPs
> these days.

I concede that it is low on their list of priorities
to accept change. But I also think that not changing
is a myopic approach. APNIC is using technology that
is:

1) OLD! 
2) painful to make secure.
3) a undeniable B_i_t_c_h to code for an end to end
solution. (fire and forget code is something a uni
student would advocate!)
4) going to eventually turn in to steaming pile when
new issues come along.. ie
   - everytime APNIC updates an object (think 4 byte
AS)
   - DNSSEC (if APNIC ever decides to go there!)
   - routing security (think the PC term is 'resource
certification')

5) difficult to deal with asynchronous exceptions and
failures.
6) can't do private records. (don't see why my
companies customers should be advertised just because
I automate!)

> 
> If other RIRs are able to provide email updates, I
> don't see why APNIC
> can't continue to.

because the other RIRs are stuck in 1980! ;-)

> 
> MyAPNIC is already there for those who are concerned
> about security. I

MyAPNIC does NOT address any level of secure automated
updates.

> see no reason to spend money duplicating this
> functionality through
> other systems, whilst at the same time removing an
> existing system which
> is heavily relied upon by the "little guys".

You are speaking for yourself right? The company that
pays my bills is small (relatively) and we could save
a huge amount of resources by automating this process
with a immediate secure feedback mechanism. Email
doesn't do that.. you could make email secure - but
that is a kludge. 

Furthermore.. the autodbm thing via email is not
friendly.. even for well formed "objects". Have you
used it? it sucks! I heard a rumour once that APNIC
just adopted the RIPE stuff. This is an opportunity
for the AP community to OWN the registry system.. 

And I WANT easy.. It took me two days and some weeks
of meetings to explain how to use the APNIC whois to a
new engineer. (maintainers, parent objects, yadda
yadda yadda - none of which is sensible IMHO)

It should not be that hard. Members should not have to
put up "hard". 

I want tools.. APNIC should be building tools for us
to integrate with our systems. That would make my life
easier.. not having to find out that either
1) my email to autodbm didn't get there and "apnic
technical" didn't see it hit their email servers
2) i got no responce, fail or otherwise
3) I got a response that 
     a) isn't documented.
     b) can't be explained
     c) is bypassed by the "hostmaster" and "forced"
in.
4) have my spam appliance block email from the whois
server as it isn't well formed.

> 
> Cheers,
> Tim.
>

I accept change is not easy to come to terms with, and
if you see that your organisation is bound to what you
already do, and you can't afford the cost of a better
world - I doubt I will be able to convince you
otherwise. But look to +5years.. do you really think
you should/would be doing the same thing? 

I see the DNS thing that was presented as a HUGE win
for me. a few minutes turnaround (with confidence of
success) is far better than the hours it takes now.

Go and apply that same logic to getting more address
space. .. or ensuring that your customer routes are
covered by some certificate thing...

I was reading the SIDR list (ietf), which seems to be
driven by APNIC people, and I think that it is very
likely that it will happen.. How do you think you will
interact with a _secure_ routing construct with email?
securely?... I see that as a stupid exercise.

O.k.. a blunt response to your email.. but this email
is not at you.. but at the concept of staying with and
having to deal with an unchanging APNIC system that
irritates the s**t out of me..

Simply.. I want to see change.

-Jas

--
Jas Webb

Send instant messages to your online friends http://au.messenger.yahoo.com

Follow-Ups:
- Re: [Wg-rms] Stepping down from co-chair role
  - From: Terry Manderson <terry@apnic.net>

Prev by Date: RE: [Wg-rms] Stepping down from co-chair role
Next by Date: Re: [Wg-rms] Stepping down from co-chair role
Previous by thread: Re: [Wg-rms] Stepping down from co-chair role
Next by thread: Re: [Wg-rms] Stepping down from co-chair role
Index(es):
- Date
- Thread