Monday, 24th October 2022
At 2 p.m.:
MIRJAM KUEHNE: I hope you can hear me well, I feel like I have to come down to the microphone, the stenographers cannot hear you. ‑‑ hear me, rather. I hope you can all hear me. Please come in and take a seat. Yes, let's get this started. Welcome to the RIPE 85 meeting here in Belgrade. My name is Mirjam Kuhne, I am the RIPE Chair and we also have Niall O'Reilly who was just standing next to me and has disappeared, the Vice Chair of RIPE is also hear and thank you, you may sit down again. It's great to see so many of you, please take a seat, come in, take a seat, we will have a number of opening presentations, I will start with the ‑‑ with my opening speech just a few minutes and then we will some words, some welcoming words by the local host, then we will have the RIPE NCC tell you a bit more about the logistics of the meeting and what you should be aware and we have a short presentation at the end about the elections of the NRONC.
Now, this is our second hybrid meeting, so after the meeting we had in Berlin, it's the second meeting now we are coming together, plus we of course still continuing to provide online meeting with our team from Meetecho, is also there, who are there in the background helping outside out, so some of you are probably listening to this online, which is great, and we will have somebody who will monitor the Q&A queue there in case there are any questions.
This is the number of registrations we have so far, it's amazing to see how many online attendees we have now, it's a lot more than we used to have in the past before we had this Meetecho system in place. And we also have a lot of newcomers, which is fantastic, we had a newcomers session earlier today and I really hope we hear a lot from newcomers during the week and I would like to extend again invitation to come find myself or Niall O'Reilly during the week, I would like to hear feedback of course not only from the newcomers but I would like to encourage the newcomers to ‑‑ don't be shy, I can't come talk to the RIPE Chair, I want to hear from you and how you are experiencing this meeting and, yeah, it's especially important to have newcomers at this meeting so it's great to see such high numbers.
This is actually the first time since RIPE 71 we are in this region, we had a meeting RIPE in Bucharest, RIPE 71, somebody calculate how many years this is ago, I don't know, how many years ago, so it's great to be back here in this region, it's the first time we are in Belgrade and we have some fantastic local hosts who helped us put this together, together with the RIPE NCC team, and it's really good to see also a lot of local registrations on the attendees list, from Serbia and neighbouring countries, and also good local content on the agenda, which is really good and that's what we are trying to encourage of course and that's one reason we are travelling around with the RIPE meeting.
Yeah, I showed the same picture in Berlin but now it's amazing we have 74 countries registered here at this meeting, attendees from 74 countries and really see also a number of more registrations from people from countries that don't normally have hard time coming to meetings if we organise them within the EU so it was worthwhile coming here definitely.
Remember last time in Berlin when I opened the meeting, everybody was so excited to see each other for the first time again in person and it was a really good atmosphere at the meeting, a really good vibe, have very fun memories of the RIPE meeting in Berlin but I had a number of concerns and I have looked that up again this time and I thought there's still some concerns e‑ there was Covid, still not over, I see some of you are wearing masks which I appreciate, and I have my mask, standing here is relatively safe so I am not wearing right now, please respect each other's choices and distance and make sure you don't enter each other's space if you don't want to. We hand out masks at the registration desk, we have tests so please take your responsibility there.
Another concern I had back then in Berlin, I remember I said I have to relearn had you to socialise after this time of pandemic and being locked in, I think some of us have started to travel again and feels a bit more comfortable again being in a crowd like this so that's great and I hope you are enjoying socialising with each other of course.
The third concern I had back then and that's unfortunately still a big concern, is the war in Ukraine and I know we have attendees here from Russia, from Ukraine, from 72 other countries, we have a large number of countries here at the meeting, and I know this can be emotional and there could be tensions but I really hope that we as a community continue to do what we have always do, to connect and to combine and coordinate with each other and I really hope you will continue to do this as a RIPE meeting here and to provide that platform for all of us to come together and do the work we have to do.
Should there be anything that you experience that, you know, is out of line or you feel uncomfortable with or think is violating the Code of Conduct, here is a summary of the Code of Conduct. As I said, please treat each other with respect, we come here together with a very different backgrounds, convictions, expertise, cultures, languages and we are here to collaborate. You should have ticked the box and read the Code of Conduct so I hope you agree to abide by it. If there's anything you would like to report we have a number of trusted contacts, again at the meeting, unfortunately, Rob Evans can't be here this week for work reasons so there are three ladies here Vesna is over there, Lia and Saloumeh, I don't know if she is in the room, there you are, so these three trusted contacts are there for you during the week, you can find them ‑‑ they have a little red badge but you see their pictures now so they will be around in the could coffee break areas and you can send e‑mail to them at trusted contacts [at] ripe [dot] net if there's anything you would like to report in confidence or you would just like to have a talk to them about something you've noticed. They are trained people, everything will be treated in confidence and they are very trustworthy community members.
Now, this is the meeting plan for the week. We are again, we will have a full week, it's mostly plenary sessions today and tomorrow and then Working Group sessions on Wednesday and Thursday, as usual. We have some BoFs today and tomorrow, I would really like to encourage you also to participate in those, for those of you who don't know what that means it's just more informal gathering of people coming together to talk about certain topic that doesn't fit in the Working Group or it's not an official group that meets here at the RIPE meetings so the Programme Committee has selected those BoFs. And then we have, as I said, the Working Group sessions on Wednesday and Thursday, mostly, and then more ‑‑ and the General Meeting on Wednesday afternoon for the RIPE NCC membership and then more plenary session on Friday.
This is the Programme Committee who has kindly put together the agenda for the plenary sessions. Francisca here is the Chair of the Programme Committee and many other Programme Committee members are also here at the meeting and they've done a fantastic job again I think to put together a really interesting and mix and diverse programme for you. There are two seats available for re‑election this time, and nominations close on Tuesday so you can still come up and volunteer to become a Programme Committee member for the next term, speak to any of the Programme Committee members who are here, they can tell you what this means and how much time it takes and there's also documentation on the website, you can find, you can nominate yourself or someone else and then voting take place from Tuesday to Thursday, you can find out here the information but also on the RIPE 85 website, if you go to Programme Committee it's all there. And then the results will be announced in the closing plenary on Friday.
I'm sure the Programme Committee is really looking forward to a number of nominations and volunteers who want to work with them.
The other part of the meeting, as I said, are the Working Groups and there are 12 Working Groups at the moment and here is the list of all the Working Group Chairs at the moment, and they are the ones who put together the programme and the agendas for the Working Groups that they are responsible for. There are a number of Working Group Chair seats that are also up for renewal and I think most of them have been ‑‑ have been discussed and selected on the mailing list already and you will hear more during the week, during the Working Groups who is replaced and who has to leave and who is coming in so it's great to see the new volunteers as well, we need new people also to take on these roles.
Of course not all about work, work, work, we have social events so here is a list of social events, pretty much every day this time, you can do something in the evening and socialise with each other. This information is all on the website as well, I am not going to read it all out but today at the end of the plenary session is the usual welcome reception and you are all invited to come and hang out and meet each other and meet us and the Board and the Chairs and everybody else.
And as I said, we couldn't do this without the local hosts, SOX, and a number of sponsors who have helped us to put this meeting together. I was told the clicker is working a lot better this time. It doesn't want to show us the sponsors but they are all online. There they are, look, good old‑fashioned paper. So the sponsors, AMS‑IX, IPv4 global and the Internet Society and the two hosts, and the two hosts, and I think this was almost my last slide, there's maybe one more after this, after the sponsorship slides, probably a slide that shows Niall and myself and our e‑mail addresses and how you can reach us and find outside, but you can just come and talk to us, that's easy, it got stuck on the social events, I wonder what that means? I would like to invite the local hosts actually to come up on stage, I know there is someone here from SOX and RNIDS and I would like to invite you to say a few words to welcome the participants here, I am really happy to have you here on stage. Someone kill the slides, please, we don't need them any more. The next one up will be the once from Hans Petter after the ones from the local hosts. Thank you.
SPEAKER: Hello everyone ‑ I am the CTO of SOX, Serbian local internet exchange covering south‑eastern part of Europe mainly working in Serbia but we are here in region. I wish to welcome you all in Belgrade and at the RIPE 85 meeting. For five years, we were in discussion with the RIPE to ‑‑ regarding bringing this important event in Belgrade. We wait patiently for our turn and then there was ‑ ‑ today we are here. We believe that together which is presented, we represent great part of Serbian Internet community, as critical ICT infrastructure in Serbia and one of organisers of Serbian NOG, we support many of important activities that makes Serbian Internet more secure or more stable and more performing.
Some activities SOX could do with you like hosting CDNs, root servers and measurement systems. Some require more local participants, having said that, we wish you very productive meetings and discussions and we know you will have good time in Belgrade.
Finally, I would like to thank everyone at RIPE for patience and support of not just SOX and our needs but first and foremost, Serbian Internet community. Thank you very much and enjoy Belgrade.
SPEAKER: Hi, everybody. I will try to be short. Thank you for coming, I invited you at RIPE 84 in Berlin and I am really happy to see this number of people attending meeting in person. Also, I would like to say thank you to those who are unable to come to Belgrade and be here with us. I am representative of one host and we are small CCTLD activity in different communities, we are a long time member of RIPE, we are active with centre and with ICANN as well as and DNS ARC and we are delighted to three big meetings at the same time in Belgrade.
I am sure that this meeting will be really good and actually excellent and that except enjoying sessions at RIPE meeting you will enjoy a city and this nice weather that we ordered for this week. So, enjoy and if you need any help we will be around and you can ask anything. Thank you.
MIRJAM KUEHNE: Well done on the weather, this is a big surprise and I think we are all enjoying having lunch outside, it's fantastic. Next up is Hans Petter Holen managing director of the RIPE NCC who is going to tell us more about the meeting.
HANS PETTER HOLEN: You may stay but I need the microphone, right. So, slides, yes, thank you. I am the managing director of the RIPE NCC, so I have been sent up here to give you some practical information so Meetecho is something you can use for remote participation but if you are in the room you can also use it to take part in the meetings. So it requires meeting registration, you can book mark your unique login so please don't share that and you can do Q&As in a special Q&A window so if you don't want to go to the microphone to ask a question, you can do that in the Q&A window. There is also a chat but some of us are kind of used to ask questions in the chat but don't do that because they will not be read out, that will be in the Q&A. There is a live‑stream page so if you want to watch this in your hotel room and the streaming, then you can do that as well without logging in. And there is recording of all the sessions so if you miss anything you can watch them when you come home.
In the Meetecho AP web page there are different icons and see them here, for audio video you have the Q&A button that I just mentioned, you can see the stenography and sometimes you will notice, especially if I am on stage, there may be be something completely different in the transcript, I have some screen dumps from reading it in the past, reading the transcript may also be an interesting experience. You can see the list of participants there.
On site, there is a Meetecho light app, so you can scan this QR code on the back of your badge so that's why that one is there, and you get simpler interface, and if you don't have a QR code on the back of your app talk to the registration desk and they may be able to help you.
So, yeah, and then if you want to get in the microphone queue there is a button in that app so you do that so you get in an ordered queue. This is technology taken to a new level so I guess the Chairs here will see how that works. I see them smiling on the first row. Special chat, so if you are not present you can socialise in the spatial chat as well, there is a coffee break area and there is a link with passwords e‑mailed to you. There is a Networking App that you can use to book meetings with other people here at the venue and you can find the attendee list at the RIPE 85 website.
Covid‑19: Mirjam mentioned that already, we all wish it was all gone but be careful. You can get self‑test and face masks at the registration desk if you want to be careful, so please respect people that wear face masks and do not necessarily get that close to them. You can get these markers, red, yellow and green, to indicate your social distancing preferences.
And if you get some symptoms, please test yourself and please do not come to the venue if you are infected.
Any questions? I see none, so then I'm handing over to my colleague Ulka, so you can switch to her presentation.
ULKA ATHALE: Good afternoon, everyone, I am a communications officer at the RIPE NCC. Am I clear? So normally the NRO NC presentation it's traditionally taken place in the Address Policy Working Group but the work with the timeline of the hybrid meeting, the PC and the RIPE Chair team were kind enough to give me a few minutes here. This is about the number resource organisation Number Council election. So this is an election to fill one seat on the NRO NC which also serves as the address supporting organisation, the Address Council, ASO AC, for three‑year term starting in January 2023 and ending in December 2025. The term started by Filiz Yilmaz and completed by James Kennedy will end on 31 December this year. Thank you for having volunteered your time. The NRO NC has three representatives from the RIPE region, there's one representative who is elected by the RIPE NCC Executive Board, that's Herve Clement and two collected representatives currently Sander Steffan and James Kennedy.
For the election that we will have at RIPE 85, the candidate with the most votes will be elected. We have two candidates standing in this election; El'ad and James Kennedy. Abstentions do not count towards the voting result. If you would like to learn more about the candidates, we've got the candidate bios, their motivation statements and videos, if they chose to submit one, up on the website at the link here. There's a web page on the parallel events on the RIPE 85 website with more information.
To register to vote and check in, it's pretty simple: You need to register for RIPE 85, in case urban watching on this on the live‑stream. If you have already registered and you are an online attendee please select the option to vote in the NRO NC election. If you are on sign attendee in this room and you can't remember whether or not you selected this option and you would like to vote, please go to my colleagues at the registration desk and they can check on that for you.
The next most important thing is you must be checked in for RIPE 85 to be eligible to vote. And you can confirm whether your status is marked as checked in by going to the attendee list on the RIPE 85 website, if there is a green tick mark next to your name you have been checked in.
The deadline to register to vote and check‑in is Tuesday the 25th October at 2 p.m.
If you are an online attendee, you can check yourself in using the link in your personal registration page. You received an e‑mail this morning from the RIPE team. Please select your unique link and you can go to your RIPE 85 options and select the vote in the NRO NC election and also check yourself in.
Voting will take place electronically using a third party platform. Every registered voter gets one vote. We will use assembly voting for this election, as a third party election platform. Your vote is anonymous, it's encrypted, you can verify the encryption of your vote and there's a bulletin board that logs activities. How can you vote? If you voted with us before you used to only receive one e‑mail from our previous voting system. Here, you will receive two e‑mails, one with your unique voting link and a second e‑mail with your voting registration number. Think of the registration number like your PIN code, you need to enter your personal registration number which we will e‑mail to you and then you will get access to the voting system.
And then it's quite simple: You can just select the candidate of your choice or choose to abstain and submit your vote. We have a detailed step by step voting guide available.
Just a reminder of the dates and deadline. The deadline to register and vote and check in is tomorrow so you are slightly under 24 hours to remember to do that. Voting will open tomorrow evening at 5 p.m. It will close on Friday morning at 9 a.m. and the results will be announced during the closing plenary.
And if you have any questions, please feel free to find me or send an e‑mail to nominations [at] ripe [dot] net. Thank you.
FRANZISKA LICHTBLAU: From here on the Programme Committee will take over for this session and I am Franziska Lichtblau and this is Jan and we are going to be chairing your session today, a warm welcome and we are happy to have you here. We will kick off our session with some food for discussion because Tobias will present his perspective on not exactly what could go wrong in the world but what actually is going wrong in the world we will hopefully have lively discussions.
TOBIAS FIEBIG: Good morning, today I am here to present work with a colleague from University of Doris Aschenbrenner, it means burning the ashes in German. On 13 prepositions but more like statements on an internet for the burning world.
What do I mean with burning world? Well, kind of literally that, ill our world is burning, we have seen it during the summer in Europe and a couple of years ago in Australia, our world is kind of on fire, we have seen it in France this year. Our continent is drying up. So we are running out of water and I mean in the end, humans kind of, well, we did a lot to make that happen, we really did a lot.
And I mean, we don't stop at industry; we also have this tendency of burning our world further down and down by waging war against each other, by exploiting each other, by disadvantaging each other. Can I get my slides back, please?
Right. Straight back to the fire. So let's skip back to war. Right. So, we also like to wage war as humans. Usually, in the pursuit of that, we are destroying infrastructure and we are destroying our livelihoods and in the end everything is just burnt down, torn to ashes, unusable. And the thing is, in this presentation I will take sides, I will point fingers and I will point fingers at organisations, at people, which I, from my perspective, like to point fingers at.
The thing is, everyone is necessarily the hero of their own life story, so you might come from a different place and have a different perspective and in your world view the roles might be switched, an organisation I point my finger at state, they might be the heros in your story but there will also be villains in your story as much as these sides are here as in mine and if you switch my arguments around, you will probably arrive at the same conclusions, no matter who the hero is in the end.
So, let's get into the more technical stuff, what we are basically all here for. Care and centralisation. The first statement we are making, and by the way, there is a small QR code on the slides which due to the spacious set‑up of this room might not be overly useful but it will lead to you a block article on the corresponding statement. Proposition is one is operating systems requires system operators to execute care towards their systems, their infrastructure, but also to their users, and people always look a little bit funny but if you talk to operators and tell them do you know the situation when a user comes into your office and is like, so about my dissertation, do you have back‑ups, something happened? And in that situation, as an operator your main task will not be the technical task of restoring that backup, your main task will be maintaining that user's emotion because that user is scared, they might have lost something very, very important, and now it's gone, so no matter if you have the backup or not, dealing with that, well, care situation, that emotional labour situation will be a major part of your job. Even though you will probably not find it in any official job description.
And the same holds for infrastructure. Sometimes you have to, well, put in the extra effort, pull the night‑shift, just to make it ‑‑ to keep things running.
At the same time, we are seeing that the Internet is more and more centralising in discussions I see over the past couple of years things are just moving towards the bigger things. Famous examples being Cloud Flare, Amazon, the Microsoft Cloud, things are moving there and we are claiming this has happened due to a lack of care in the operations of the Internet because let's be honest, if you are a small AS, you basically cannot run on the Internet any more because you can just be DOSed away by a big we have a, basically enabled by amplifier, by people not exhibiting care when they run systems connected to the Internet, not caring about the impact misconfigured system has on the rest of the world. They go to Amazon and Cloud Flare and Akamai and those can stomach such big DDoS attacks. But in the end, our carelessness has brought us to those big clouds.
And at the same time, there is also a tension between privacy and security there, because if you ‑‑ if you are like kind of a nerdy person, I might have to look for that, you always a little bit sceptical of these Cloud set‑ups, Google reads my e‑mail, if you are running your own name server it's easy to misconfigure it, it's insanely easy to just forget to check for certain password and I mean I misconfigured a system once, the you could lock in with any password, doing these things is insanely easy, if you are a larger company like a regional ISP your security team for your mail set‑up will be much smaller than the security time for Gmail is larger than the whole ISP you are working for and of course these people have much more resources to make systems secure. So boil down to, well, the core of it, our proposition 3 says you basically have a choice: Either you run it yourself and eventually leak your own e‑mails on the Internet or you have it with Gmail and Gmail reads your e‑mail, which is kind of like a shitty situation. Which brings us to proposition 4, which is that centralisation and profit in general are inherently incompatible with actually executing care and this is a relatively simple thing. If we think how we run systems and make systems scale, we don't want to have funny little snowflakes, we don't want to have peps when we are talking about systems, we want to have ‑‑ we can scale and automate and make things work and you do the same thing if you are scaling an operation like Gmail but in that process you will have to make things the same which are necessarily not the same sooner or later. Think about user support, you will try to make the users the same so you can better support them and deliver a consistent product, it might not be exactly the product I need but I am making them sufficiently the same as a product they will buy.
But this is actually a picture of a hypergiant, these hypergiants tend to burn really fast and I would claim and this is proposition 5 we have to be prepared for these hypergiants going, Lehman Brothers was too big to fail and then it did. What would we do if Google disappeared? Who is running a system using Google fonts? Who is running a system that is ‑‑ I see just one hand about the Google fonts but I doubt that is actually true. So, I usually spend an awful lot of time cutting Google fonts out of self hosted tools, you would be surprised even though who use system administration daily are putting in Google fonts for whatever reason. So we have a lot of dependencies there and if those things go Supernova we will have a problem.
Which brings us to the world that is coming, the world we have probably burnt down. And I claim that in this world that has burned down small communities caring for local and distributed infrastructures will be the future. So think about a world which is not globalised where you cannot quickly jet to Belgrade to have a really nice meeting but a community where this global system which, well, we are currently dealing with, succumbed to climate change, well, in that world it will be local engineers running local systems. Think about a little bit of IoT automation for your local water supply or power supply with solar panels and in that world it will also be the case that functionality is more important than security, while it remains trumped by safety. That means that it will be more important to have that local water supply running than to make sure that maybe everyone in the community technically would be able to well get access to the system in an unauthorised manner but it will become important as soon as external parties could get in and disrupt the power supply or the water supply to do harm to the village. So, safety, people not dying, will be more important than technical IT security and in the end, the most important thing will be that things work.
Which brings us to complexity, and this is really a bone I like to pick so I have a huge grievance with well all these obstruction layers we are putting in. I always feel a bit funny when I go through some funny self hosting forum where people are deploying next Cloud and they have no idea how to debug the engine X that comes with the container, which is fine, not everyone has to have technical knowledge but what I am seeing on a grander scheme of things is that we are lacking or starting to lack and we are losing the knowledge to build systems up from scratch, we are going very much in the spirit of this cattle approach to systems into a path where we just reboot, redeploy the container if something broke hoping that it will fix it and if it didn't and it reoccurs maybe monitoring starts to ‑‑ the container every 24 hours and the problem is technically gone but we don't know what the problem S the question is could we actually rebuild things with this limited knowledge? So we claim that if our world burnt down the technology we build must be so simple that a single person can understand it, also in the context of can you communicate to your successor? How to operate such a system? Because engineers won't be such important in such a world.
Which leads us to the path we will be taking. And you might have noticed I am a big fan of decentralisation, of not having so many clouds and more diverse participants on the Internet and I mean, the big topic always is the role of legacy Internet in comparison to IP or IPv6, how people who prefer the legacy Internet often call T the thing is the slow adoption of IPv6 is hindering a decentralisation of the Internet simply because before it's kind of pricey so we are looking currently at around 57, it went a little bit down the past couple of months so this chart is a little bit older from August we are looking at 15,000 dollars for a /24 give, give or take. That is if you want to set up like a local hosting community thingy for small group of people like a village, start an ISP for a small region like dig some trenches and put fibre in and get your couple of villages in some under‑developed region of Europe where you don't have Internet, Germany, for example, connect it to the Internet, well, it's prohibitively expensive for such a small community effort. On the other hand, if you are, let's say Amazon, you can just go around and show for /8 or actually a /9 and /10 and /11, it is millions of euros but you can just buy it and you also see that with many greater hosters, they can just go around and buy networks often the size of /16s because for them it's not on the scale of their operation, it's not pro Hibtively expensive amount of money. So, if we would just all move towards IPv6, we wouldn't have this like address‑gathering issue and what you also have to keep in mind is there is a big equity problem in there; I mean, we are somewhat lucky, we have the RIPE community, we are place 2 when it comes to the historic allocation of IPv4 addresses, ARIN of course being number one, but then there comes APNIC and AFRINIC and LACNIC, those didn't really get a big part of the cake so migrating to IPv6, in my opinion, is also a matter of global equity and equitable access to the Internet.
And when we build systems for our world we should always keep in mind that the systems we build as engineers, well, enable a better tomorrow instead of burning the world even further. My favourite example here is actually anything Blockchain because let's be honest, just churning through energy there's more useful things to do with that energy. I think there is hardly anything to say more about log chain technology. If there's any people here in fans of the funny proposals to move BGP on the Blockchain we can take that off‑line and I will be happy to ignore your arguments during the break.
Which brings us to proposition 11, the famous technology, and in here we are all one form or another of engineers and as engineers we have this tendency of finding technical solutions to problems we see because that's our job, right? We build technology to solve things. The thing; many problems are actually quite social or societal in nature, and if you try to solve social or societal problem with technology you will usually end up in big trouble because that usually just amplifies the underlying social problem, it will lead to people trying to circumvent the technology you build, to actually still gain what they have because you didn't solve the underlying social or societal problem and sometimes your technical solution might cause additional harm by causing a surveillance infrastructure which might be used for automated purpose.
Which brings us to a very nice technical solution. So, on the 24th February this year, Russia invaded Ukraine. The Internet community of course wanted to do something, right, and if engineers want to do something they usually come up with a technical solution and in this case it was coming up with the idea of executing bottom‑up Internet sections for blackholing. This has multiple problem and one is the tieredness of the Internet, you might notice it is for some reason mostly Africa and Europe that are kind of unable to reach that site, and that is again the tieredness of the Internet. If your tier 1 is participating with volumety sanctions well, you are as well, you of course can be multi‑homed with multiple Tier1s then it basically boils down to if both of them are participating you will be participating there as well.
And also, carries over to Africa, I think most parts of Africa are still up linked via Orange for the phone line, French innovated countries, or Telefonica for Spanish invaded countries so they basically have their Tier1s participating in the sanctions. And the other problem with this is that over the past decades we told policymakers, listening, we get you down ‑‑ understand how the Internet works, but trust us you cannot send the Internet, the best thing you can do is DNS but there isn't circumventable, this Internet censorship doesn't work, you can't do that. And we came up and we are like hey, we know we told you you can't do that, we just built what you wanted to have all along, the thing to block specific websites, and it actually works. And trust me, policy makers will remember. And recall, everyone is a hero of their own life story, what is blockable in one country might not be blockable in another. In Germany there is an a very strict idea of trying to block gambling websites, same for US, in Germany it was illegal up until very recently to inform about abortion opportunities, right? About doctors performing abortions. If you tell that to a Dutch person they are like yeah, but it's like a human right, it's a medical procedure. The same things with Texas, and all of a sudden you have different jurisdictions who all try to apply their own local policy and perspective on the world and when Germany starts to block Dutch or American gambling websites the Americans will be like yeah, but that is kind of like economic sanctions because it's like a legitimate business interest, and all of a sudden you get into this dynamic where the Internet starts to fall apart.
We basically made that happen with our proposal of bottom‑up Internet sanctions, we showed them they can do it. I mean, there was recently a publication about Iran building their own Internet, China has been doing it for quite some time, Russia also made attempts. So the ideas were generally there but it didn't really click.
Which brings us to the general issue of digital sovereignty. So, we talked about the Internet falling apart, and that is often in the idea of well, doing the right thing basically, so if you talk about European policy makers, if you talk to them, they will tell you like hey, we are building this European freedom information which ensures that every website reachable is GDPR compliant and conforms to our local policy which is like the general understanding of digital sovereignty, and I'm pretty sure that the people sense erring stuff in China will have similarly reasonable sounding arguments. The problem with every one of those is actually, well, not seeing, is that we also have to be able to rebuild, so which parts of the Internet could we maintain, not even are build, in the absence of a global supply chain issue? Could you fix a bug in the Juniper rights in ‑‑ do you have access to the source code? Do you have the knowledge to fix those bugs? How does it look with more technical equipment? CWDN, right, I am pretty sure there's some controllers in there, fridges, IoT fridges, IoT heating, all those systems, we basically rely on the continued existence of the company who produced it to be able to either maintain or replace it. If we are all of a sudden stuck with the technology possibly for decades, we are lacking the ability to maintain it and we have to change that; otherwise, if the vendor becomes unavailable, we will have an issue.
So, most of what I said right now is really, really dim and people are always like, could you maybe like instead of just pointing out problems, try something else like solutions, solutions would be nice? And I don't know how to say this but, no, the future won't be bright. And the more problematic thing for us in this room is we are engineers and as engineers, it's our job to make the future brighter, no matter what world we are actually tasked with making brighter. As engineers, it's our job to make the world a better place for everyone. And no matter who turns ‑‑ tears down the world, who breaks the world, who breaks infrastructure, it will be a colleague of yours, it will be another engineer fixing it no matter on which side you stand and it might even be you who has to fix the infrastructure which was blindlessly torn down by whatever aggressor currently perpetuates the burning down of our world.
To conclude this and go into question being an engineer means taking responsibility for all engineers. Only you can make the world burn a little bit less. Thank you, and if you have questions, please.
FRANZISKA LICHTBLAU: Thank you, Tobias. Do we have ‑‑ do we have questions in the room? If not, we will start with the first one from the chat.
JAN ZORZ: We don't have any questions. There is a just a note from Kurt: What is wrong with Google fonts, they are supposed to be freely usable?
TOBIAS FIEBIG: The thing with Google fonts, the initial idea is you can have caching benefits. The problem with the caching benefit is that that opened side channels with which you could track users, so you now don't have this cross‑domain caching anymore which, in the end, means that the benefits of having Google fonts is kind of gone. So, yeah, just deliver it with the other assets of your site instead of including it from the Google CDN.
SPEAKER: I am going analogue. My name is ‑ a network engineer, an activist, a feminist, a queer, so thank you hearing here in infrastructure is really a bridge because this is what many of us in every part of the world, I am talking Europe are saying infrastructure is about care and infrastructure is also about people in relationship, and also engineers are very different in themselves. So for me, it's a bless to hear this and I hope that the engineers can work with non‑engineers to see that the technology is not an ‑‑ we are one planet and violence is inherent and it's not about taking out violence but it's about how we go after. So I just wanted to say thanks and if you can elaborate more of care in any of the section of the proposition, it would be amazing.
TOBIAS FIEBIG: Catch up off‑line.
VESNA MANOJLOVIC: My question was partially already answered by Vala, I also wanted to thank you for this presentation and I wanted to ask you about the other comments and questions that you have received in the APNIC region or at another conference where you presented this, what did you expect, what were the differences between audiences and similarities, something of that? Thank you.
TOBIAS FIEBIG: So talking about differences, so talking at the APNIC region, the APNIC region is of course most effective, for example, in terms of climate change but also in terms of IPv4, unfairness. Something that stuck with me from the APNIC region was a person from one of the island states telling me, well, you in the west are always about preserving resources to counter climate change but we didn't develop, it's our turn now so why should we limit ourselves to that? And my response to that was basically, honestly, you should just pressure for reparations now while the west still has money to pay those because here things will also go to shit and then we can't even pay our reparations any more.
FRANZISKA LICHTBLAU: I think Erik was the next one and please remember to state your name and affiliation when you speak on the microphone.
JAN ZORZ: We don't have the microphone queue here, we can't see it as Chairs so rising the hand doesn't matter much.
FRANZISKA LICHTBLAU: I think we will cut the queue after Stefan.
ERIK BAIS: You stated the sanctions that currently are applied by the EU specifically against the Russian media that all European ISPs actually have to block. There is a court case running in that, I am actually one of the participants in that, where a couple of Dutch ISPs have said well, this is not about the actual content that's being blocked that we disagree with, or agree with, but the fact that the EU is actually trying to impose these sanctions because if we are taking the high ground and saying to some countries you cannot block China or other countries and, in fact, the EU is now doing the same thing. So there is some legal action being taken to this and I have heard in that same case that some countries actually have stated to the EU as well to the council, that this is under investigation and needs to be checked by a third parties because this was actually dictated by the council itself without actually going back to the countries to actually have a vote on it or have a say in it. So that's it.
SPEAKER: Thank you for your presentation. I don't have any question but since I am the only Iranian representing the Iranian community, I might have some answers, at breaks or other times, thank you.
FRANZISKA LICHTBLAU: Probably you should talk.
TOBIAS FIEBIG: Maybe.
SPEAKER: I am Stefan Wahl, also Internet engineer in a way. I think it's not easy taking responsibility in big companies as an engineer, in general. Is there any way or any idea you have to encourage people taking responsibility?
TOBIAS FIEBIG: So in general, as an engineer, you build it, you own it, you have to decide what contribution you make in building something that's unethical, and something to mention here, what is ethical is not necessarily legal, and what is legal is not necessarily ethical. But to protect people, the question is from what? We as a community can certainly not protect people from getting killed, which, depending on against whom you take your responsibility as an engineer, is pretty much a viable option. But we can definitely as a community protect people that are facing more tradition western repercussions like, for example, being fired, so by communicating openly within our community about the state of ethics in the communities we work for, may help people to not work for companies that are doing unethical things, and B, we can help those that have left or have been left from those companies to find further employment, and let's be honest, we as engineers are in a very, very privileged position, we will most likely always find a job that keeps us sustained. As a community being more talkative about that, being more sharing and caring about that, and aiding our colleagues who took a stand fob their profession and for what is right, so I think the best we can do.
JAN ZORZ: We have one comment here from Markus Zellinger from Austria and he says: I fully agree with many/most of your points. I can hardly understand so many people don't understand that the technology and especially the Internet is moving into the wrong direction in many aspects. In your opinion, what can we do to get decentralisation back and to limit the influence of hypergiants doubt there?
TOBIAS FIEBIG: Well, execute care towards infrastructures, implement BCP 38, shut down those amplifiers in your networks so people can start hosting their own stuff again and deploy IPv6 and help local communities to set up local systems.
JAN ZORZ: Thank you.
FRANZISKA LICHTBLAU: Thank you.
JAN ZORZ: Thank you, Tobias, for this great lead‑out because it is leading us to Andrei Robachevsky's talk with MANRS.
ANDREI ROBACHEVSKY: Hi, everyone. In this talk, I will be talking about something that is also about communities and about responsibility and about commitment. I will be talking about MANRS, which is mutually for ought number security initiative that was launched eight years ago and some of you were part of this experience and I would like to reflect, look back and look in the future and discuss some of the successes and challenges that we experienced.
First, what is MANRS? It's an industry initiative, it was created by the network operators for network operators. It is also collaborative effort, it's based on, it leverages consensus and peer pressure to move as forward and motivate to do right things, and MANRS, as it it's defined, it's sets new norm for routing operations, sort of making mistakes, some of the mistakes that damage the routing system unacceptable.
Now, MANRS is just eight years but in fact we are struggling with this problem of routing security for 25 years which is a long time on Internet scale so why is that? Why is routing so hard? Well in fact it's not routing per se, it's also other security problems so we distributed system and decentralised system as the Internet is. But the short answer is, economics, and while the overall business case and ‑‑ for the Internet is significant, for individual network operators it's not, often, because in a very security of your own network is in the hands of other operators so your business case is limited, somehow.
And this is what called collective action problem where everyone understands we are better off if we do this action but it requires this action and it should be sort of relatively small number of free routers which is very difficult to achieve.
In some cases regulation helps and there was some calls for regulation in routing space, unfortunately not in this case because routing is truly global and if you sort of mandate certain controls in ‑‑ for network operators in your country, some other network in other country can create havoc and make this mistake damaging. So, another approach that was sort of part of MANRS is setting the norm and the norm is something that is widely acceptable by the community which is not very high, it's not past practice but something that makes a difference still, and it should be visible and measurable because you need to know who is sort of adhering to those norms and who doesn't.
So MANRS really builds on those two pillars, it first creates a norm, a baseline, security, and I have to say, it's a minimum security baseline; it's relatively easy to enter MANRS and entering MANRS already makes a difference and also it builds a visible community that exercises peer pressure and therefore enforces those norms.
Well, it was launched in 2014 by network operators and that was the first sort of audience for the MANRS, it defined security controls that network operators need to implement to minimise or mitigate routing security incidents. But when MANRS was launched it was launched by nine operators, at that time there were about 60,000 networks operating on the Internet, it's a big gap to bridge so how do you go about that? We were looking how can we scale, and scaling was to get another actors in the game that have their own communities and the first one was the IXPs, they have local communities with common operational objective which is exactly what we need to scale. So four years later, three years later if you look at the timeline, we launched the IXP Internet exchange programme which define their own actions, how they can contribute to routing security in the most effective way.
Next was CDNs and Cloud providers and though they look like networks, they are very networks, some statistics showed that 50% of traffic is carried by CDNs. First of all, they have a lot of peering power because many want to peer with them and secondly, mistakes at CDN level they can have very damage consequences. And finally, two years ago, we launched the programme involving network equipment vendors because of course if equipment doesn't support necessary controls it's very difficult to implement MANRS using that equipment.
Each of the programme has their own controls and their own, what we call actions, right? But they all sort of rotate, this is sort of a union of those actions and one of the most important one is filtering and that means you do not ‑‑ you don't propagate incorrect routing announcements on the Internet and you prevent routing incidents from happening. BCP 38 was mentioned already, that's another action you present, prevent spoof traffic in the Internet which is a root cause of reflection amplification attacks. Coordination is very important because you need to be able to reach across multiple networks to another part of the globe to mitigate a particular incident and because routing depends on external sources what we call routing information basis such as Internet routing registry or RPKI system, it's very important that we keep this information up to date and complete, and that's another action that is asked from the participants of MANRS.
And the last action I wanted to mention as well is promotion, it's not technical action but that's the way you scale up. If you have your customers, if you have your network, please motivate them to join MANRS well to implement those controls, right? If you are a CDN, do the same with your peers so promotion of MANRS is very important and part of the actions in almost every programme there.
Well, I mentioned MANRS is a collaborative effort and it, a few examples of this, it's really run by the community. I have to say, Internet Society, it plays a secretarial role and I work for the Internet Society, we support MANRS but really it's more and more decisions and strategies defined by the community. A few examples. One example is tooling and we have GitHub, with some contributors, they sell small Open Source projects that are related to conformance test, helping with some routing tools, so that's one of the things that sort of indicates the collaborative effort. Steering committee, more and more decisions are made by the steering committee which consists of nine members which are elected by the MANRS participants, manner community and they are sort of charter their mandate sort of ranges from reviewing the actions and conformance criteria do advising on certain audit cases, well I should have mentioned that, MANRS is not just self‑declaration, you need to demonstrate to the auditors that you implemented those controls and it will also do some checks and balances, some tools are used to check the level of conformance but I will talk about this a little bit later.
By the way, to mention, if you are a MANRS participant, there are three seats open in November 2022 election so please stay tuned to that.
Now, when I was talking about norms, I mentioned that norms, it's very important that they are transferrable and measurable so others can see to what extent you follow those norms. So measuring MANRS is very important and to understand what kind of impact MANRS does or makes on the Internet routing security. So, very soon after he we launched MANRS we created a tool and start working on the tool and launched it which we call MANRS observatory, it uses passive MANRS, not only MANRS participants but all networks on the Internet and we don't require a lot of cooperation from the other side, we can just measure them. Well, they are transparent, we are using publicly accessible data sources and projects and it's evolving, if we add more actions and make them more stringent we can change this framework accordingly. This is the landing page of the MANRS observatory and it shows you, from public view you can look at country on country level and regional level and see MANRS readiness, how well they implement it in the region or in country, for MANRS participants they are able to see all other networks all there ‑‑ all their peers, how well they are behaving and that is supposed to improper on peer pressure and expose those who are not doing very well.
At the moment, if you go to the public website of MANRS, you will see tick marks and that looks like self‑assessment but we are working together with the community to making those actually public so when you go to the MANRS website you will see how those networks actually score compared to what they declared, so if you do filtering but you are not scoring very well that probably means you are not doing filtering as you declared.
So, MANRS grew right from 2014 when we launched with nine operators to now, when we have more than 800 participants, the numbers are slightly outdated because we are adding new participants every day but that just shows the curve.
So I tried to answer the question what kind of impact MANRS has, and of course, causality is speculative, I admit that, but I put several graphs on this chart,, implicated in routing incident and this red line you see it, it's constantly declining. The blue line is number of MANRS participants, the causality, you may question that it, we would like to think they are related at the moment as participants. You can also see improvements in, for instance, quality of routing data in the Internet routing registries and RPKI, that's steadily growing, which is a very, very good sign.
Now, important to say MANRS is not the solution, I doubt there is the solution in the routing space, or in the Internet as such, right? But it's a stepping‑stone, it's an important step forward and such demonstrating we can as industry get together, take responsibility and try to solve some of those problems, right? Which are of global nature and whether no one government or regulator can solve for us. It's a minimum that operators should consider, it's not a sort of shooting for the sky, it's not best current practice but it's important step.
Okay. So, why joining MANRS? That's the question? And there are a few answers that we usually say when people approach and ask why should I do that, well, first of all, having those controls is important, there is some business case for that, you don't want your customer becoming your transit provider, for instance, and therefore create an outage for you and for themselves. More and more awareness of necessity of those controls makes being MANRS, meeting the expectations of the operational community. And the last that we sort of think, and I will talk to you about this in a moment, is use MANRS as a competitive differentiator, if you are a MANRS member that means something, use this meaning as a high reputation, for instance, in your relationship with other networks.
But while that brings me to the question about the value proposition of MANRS, because while using differentiator, that's great, but what is the actual value MANRS brings to its participants? And if we look at the past and say well, does it work? I think we can say that MANRS' approach works. It is community‑based, it leverages peer pressure, we see more and more MANRS discussions that say what is acceptable, what's not, and it does provide reputational value because people would like to join MANRS and sort of show themselves as good ‑‑ but at the same time, the business case is still weak so the value propositions of good reputation that's fine, but really leveraging this in business relationship is problematic, for many reasons, part of it is that maybe the audit is not stringent enough, the level of assurance is not high you have, but we see reflection of this somewhat weaker business case in lack of commitment so some of the networks it's very difficult to reach out to them to reach engagements once they join MANRS. We are working on and improving data quality and that requires some cooperation so the more cooperation we require from the network, the more difficult it gets.
So, there are some challenges. If we want to move MANRS to the next level we need to overcome that.
The idea we are working now on is what is called MANRS+, and the idea is to try to overcome those challenges by creating a next tier, it doesn't mean that we are negating MANRS, MANRS is a great sort of community platform and still has reputational value and still has very good sort of vibes in how you implement and why should you implement those controls but the second elevated tier can create a high assurance quality mark that you can really use in your business relationship. Now, if your customers or potential business partners recognise the value of this mark and trust this mark you can use this and it brings value, it makes sense, makes business sense, you can talk to your business people and say hey, we need to join MANRS because it will allow us to maybe get a better contract or have better conditions on interconnection with another partner. There is a need ‑‑ there is a challenge. We need to bring operators and their potential customers together to develop this mark and that's what we have started doing.
Now, first question that we ask ourselves is, what is the scope of requirements? MANRS was, by design, very tightly scoped, it was only about routing security and only about some controls; it didn't go all over the place, there was some picked up controls that were considered very important and relatively easy to implement. But if we look at MANRS+, if we think about what can bring value, we need to look at the customers, the consumers of this quality mark, what is important for them when they connect to be connectivity provider, what are their expectations?
A few years ago, we asked a company for research to do this kind of research to look at enterprise market and see what enterprise is expecting from their connectivity providers, what are their main concerns. You can see this graph, and some of them is aligned with MANRS such as address spoofing, traffic hijacking but some of them like denial of service or availability or black‑listing or some other things are known. So what we are trying to do now is, well, is to get the ‑‑ those requirements from the consumers. One of the challenges here, though, is that in the industries outside our industry, and networking industry, level of awareness of this kind of external threats is very low, so enterprise security is mostly inwards, it looks at things like how you protect your own assets, not how you protect your value chain, in a way. So ‑‑ but that's a very important step. So aligning MANRS+ controls requirements with the requirements of the customers, is key to success.
Another thing is conformance test, and as I mentioned, we do some tests, for instance, we see if a network is implicated in routing incident, but that shows non‑compliance; it doesn't guarantee compliance with filtering so more transparent and more thorough audit tests are needed and at the same time we cannot do it sort of ‑‑ overdo this it, it should match the value proposition. Maybe on site physical tests with prohibitive here so we need to find the right balance, that it will increase the value but still correspond to the value the MANRS+ brings.
So, what's next?
Well, I mean, of course if you haven't joined MANRS please consider and join MANRS. MANRS still remains the platform and MANRS+ is the next step but first step is joining MANRS. Help us raise awareness about routing security. Well get involved in the elections, of course. And if you are interested in this developing quality mark, please approach us, it's open for everyone, it's not just for MANRS participants, everyone can participate and is welcome, and well, ask your peers, particularly if you are an enterprise, then ask your providers what kind of security controls they do, whether they are MANRS‑compliant, and if not, what kind of security controls they implement.
I think that brings me to the end of my presentation and thank you very much.
JAN ZORZ: Okay. There are no questions. We have some questions in Q&A. Michael Richardson, you are here, right, why you don't ask your own questions or you want me to read your text?
MICHAEL RICHARDSON: Because I am afraid I am going to trip all over these fine people and bloody and stuff. My question is: I have two‑part questions, really: One was are you measuring ‑‑ when you talk about the statistics you had about culprits and incidents, I am wondering if you have a ratio of incidents per culprit? So, more specifically, I'm wondering if when there's an incident are the culprits learning and/or are they repeating the same mistakes over and over or maybe they are learning to be worse, they could be maybe more efficient at doing incidents, as your point, yeah.
And do you want me to ask my second question, which is unrelated? My other question is: Are companies, big companies buying cyber insurance for this point, big ISPs? And if they are, are those insurance companies aware of MANRS at this point?
ANDREI ROBACHEVSKY: So, to answer your last question, I don't know, but that's a good point; I think we should approach those insurance companies and raise awareness there. So, especially in the context of MANRS+ because, for insurance, you need higher level of assurance of certain standards so it might be very relevant in this case, thank you for that.
MICHAEL RICHARDSON: Actually it might actually be more relevant for their customers who are not ISPs, who then have ‑‑ who are then told by an insurance company: Your ISP had better be MANRS or otherwise your network is going to be, you know, attacked and we won't insure you for that, right?
ANDREI ROBACHEVSKY: Exactly. If you have pointers, any sort of references to those ‑‑
MICHAEL RICHARDSON: No.
ANDREI ROBACHEVSKY: Thank you for the idea. To answer your question about culprits, we have those data, I don't have that analysis, we haven't done that, I think that would be interesting analysis. This data you have to take with a grain of salt, that's one of the problems, this data is taken from observation of the changes in the routing system and sort of inferring if that's a suspicious event, it's not ‑‑ it's analysing BGP changes without knowing the intent. This approach is known for sort of, you know, relatively high rate of false positives, that's one thing. We have this data so we have two sources, one is BGP stream which is a sort of ‑ of BGP MON, and another one is GRIP, it's a new tool, at Georgia tech, so we are combining those sources, that's where got this data but this analysis is possible, we have this data, it's probably to do and probably interesting question to answer.
MICHAEL RICHARDSON: Okay, thank you.
SPEAKER: I am now working at RIPE NCC but before that I was PhD student and I did experiment and for BCP 38 particularly and I used MANRS data happily so thank you, first of all, for providing the platform. What I found, I did last part of my PhD was experiment to send out notification and I used MANRS guideline for operators we found are not compliant and unfortunately, most people did not get compliant after notifications. My question was: Are you also looking at non‑compliant providers and are sending any notifications? And second part, I got some feedback on MANRS documentation, one was like it needs to be in other languages other than English and second was people asked for support for routers that are not mainstream, so I know that Juniper and Cisco guidelines are there, so that's just a comment on the side.
ANDREI ROBACHEVSKY: Yeah. So, to your question about whether we are following up on non‑compliance, we just started and we are actually hitting two birds with one stone, so we started sending notification if a network is implicated in incidents and in the observatory we provide a facility that people can provide feedback that there is some false positives, they can explain if it wasn't the incident, it was just legitimate change or it was a customer change, was behind the scenes, sort of, that helps us first raise awareness that there might have been incidents and you are not compliant, and second, to improve data because this was sent back to folks and they can change their filters and rules and make changes, because our actual goal, which we hope to achieve next year, is to publish those scores, so you will be pressured by bad publicity, and maybe good publicity as well, looking at those red and green figures. And remind me the last question was?
SPEAKER: Like, a language and support for other routers other than Cisco
ANDREI ROBACHEVSKY: Right now we create all our documentation, we moved it to GitHub so that allows also contributions to make easier and I think translation is one of those ways. We had a very good example from Brazil, they took implementation guy and they translated this in Portuguese so I think this community effort is very much welcome.
AUDIENCE SPEAKER: We collaborated and published so there's a published paper.
ANDREI ROBACHEVSKY: To your last question, by the way, about this different vendor supported or implementation guide supported by different vendors, we have this vendor programme which now has six vendors so we are thinking of incorporating, if you look at the vendor programme and their compliance reports you will see snippets that should be in the implementation guides so there might be some way of including more.
AUDIENCE SPEAKER: Thank you so much, I appreciate it.
FRANZISKA LICHTBLAU: We have one minute left and some questions in the Q&A panel.
JAN ZORZ: Tonnes of text. Don't write Q&As here because then we have to read them.
FRANZISKA LICHTBLAU: Or send us novels.
JAN ZORZ: Antoin Verschuren writes: I gave a presentation on benefits of network security and MANRS last week for larger ISPs sales and cc E O audience. The economic benefits are there, actually reduces the amount of garbage traffic on your network thus increasing your capacity for legitimate traffic. This reduces cost for both your network and transit cost for your customers. Implementing RPKI is not only protecting against illegal activity only from your own engineers or customers from making unintentional mistakes. Less errors means more stable network and so MANRS has economic benefits. We just need to translate in the right words for sales and marketing to understand.
ANDREI ROBACHEVSKY: Is this person in the room?
JAN ZORZ: Is this person in the room?
ANDREI ROBACHEVSKY: No. Reach us, fully appreciate there's a benefit, we need to make it more explicit and reach high assurance that those controls are implemented.
FRANZISKA LICHTBLAU: I think the answer is yes.
JAN ZORZ: Yes. There is a second question from the same person: I signed up for the MANRS+ Working Group some weeks ago. I haven't heard anything since. What is the status of setting up this Working Group?
ANDREI ROBACHEVSKY: Well, then, things fell between the cracks, apparently, because there was first Working Group meeting already, the Working Group is formed and we are moving along so again please reach out to us, I mean, maybe you can give us the contact and we will get back to you and make sure you are part of this Working Group.
JAN ZORZ: Okay. We have a lost one, Andrew Campling: Surely MANRS' involvement will only provide reputational value if it's own by other stakeholder groups. Otherwise it gives bragging rights between peers.
ANDREI ROBACHEVSKY: That's exactly the point of MANRS+, to make this mark more visible and understood.
AUDIENCE SPEAKER: You butchered the name a little bit, it is Antoin Verschuren from Liberty Global; that should be a good pointer for you.
FRANZISKA LICHTBLAU: There is a quick announcement from the Code of Conduct Task Force. They have a drop‑in session in the room, for everyone who is interested to join them, work with them and get to know more about them, if you are interested to be part of the Task Force just join them there, we will see you back at 4:00.
JAN ZORZ: And rate the presentations.
FRANZISKA LICHTBLAU: Yes, and rate the presentations.
LIVE CAPTIONING BY AOIFE DOWNES, RPR