[anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database)

Hi,

> Please don't add yet more data and then start thinking about the 
> possibility of looking at data accuracy. Do it the other way around.

So what is accurate at the moment? Remarks? IRT? abuse-mailbox?

It does not make any sense looking at a "broken" structure and try to
figure out what we can get out of it. Cleaning up and look at the
cleaned structure makes much more sense.

We do not add more data. That is absolutely not true. We are
reorganizing the data in a way that there is no need for abuse contacts
in remark fields and the abuse-mailbox attribute is handled in a
different way. The only thing we add is a completely and easy to
understandable point of reference. But the data behind the abuse-c can
be the same data that is already there. It is just structured differently.

> There are already plenty of ways to publish abuse reporting data and
>  adding another is not going to improve it.

And that is the point we want to change. We do not want to have plenty
half baked ways. We want to have one good one.

> As sending reports to the wrong address is a wasted effort please 
> don't make things worse by introducing requirements for new data to 
> be published against the will of the people being forced to publish 
> it. That will only make the overall dataset less useful.

We are not doing what you are saying.
Today it would be good enough to add an abuse-mailbox attribute. Right?
That is exactly what you are saying. That is what is already existing
and we should stay with it. Right?

So what would be needed to do after this proposal would be in place. If
there is somebody with a role that does not contain an abuse-mailbox
attribute he would have to add an abuse-mailbox attribute and say lets
take this role as abuse-c. The only difference would be that the output
would tell everybody that it is an abuse-c and not any object somewhere
in the middle of "I do not know" that contains an abuse-mailbox attribute.

So where is the part with forcing people to add more data? In the very
end we are not even forcing members to do so. The only members that have
to add an abuse-c are the direct allocated ranges. Not even the sub
delegations. That means we are not forcing more people to add data, we
are at the end force less people to add data than we do today.


> Of course it will. The template will say that things are optional 
> while the business rules say they are not.

If you want to use the object as an abuse-c it has to have an
abuse-mailbox attribute, otherwise not.

Is that really making things more complicated than they are today?


>> The naive user should use the abuse finder tool which is already in
>> place and would run much easier than today
> 
> I disagree and I support the RIPE NCC's answer in its abuse FAQ:
> 
> http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming/should-i-just-ignore-spam

Let me rephrase it:
The naive user should use the abuse finder tool _if he wants_ and does
not agree to RIPE NCC's answer in the abuse FAQ.

Otherwise, if he agrees to RIPE NCC's answer in the abuse FAQ and does
not want to do anything, which is absolutely fine, he can be ignored,
because he will not be a user of this system and by that means this
proposal does not touch him in any way.


> By all means work on the abuse issue but please approach it from the
>  perspective of solving the abuse rather than adding a new, larger 
> and more polluted set of addresses for reporting abuse. At a
> minimum, the proposal should include a policy for maintaining data
> quality and migrating from the existing dataset.

As already mentioned, the community seems to want a solution to the data
accuracy problem. But I do not want to mix things up. We are talking
here about an abuse-c, which will be than 1 of 4 -c's in the whois
database (without counting the IRT). Data accuracy is a problem of all 4
(and the IRT object) of them. I will not try to fix a small part of the
problem now and start over again to fix the general problem.

The migration is mentioned but is not explained in detail because of the
lack of an impact analysis. On of the main parts of the this proposal is
cleaning up the existing situation. So I'm sure RIPE NCC will do
everything that can be done to clean up as much as possible.

2 last questions:

Do you agree that the data accuracy is a problem in the WHOIS DB?

Do you think the Task Force should take care of this issue as soon as
possible?



Thanks,

Tobias

-- 
abusix









-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20111201/66e2eac4/attachment.sig>