[anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61

On Tue, Feb 1, 2011 at 10:32 PM, Sander Steffann <sander at steffann.nl> wrote:
> Exactly. I am sure that any RIPE working group would accept a policy
> proposal that defines a policy to prevent abuse while taking these dangers
> into account. Many people have asked for policy to prevent abuse, but none
> have come up with a workable proposal.

this is what I'm waiting for, among others

http://ripe.net/ripe/wg/ncc-services/r59-minutes.html

And nick hilliard's comment below was what I was remembering when I
talked about the "internet police" meme.

--srs

-----------------------

H. Recovering resources assigned to non-existing entities

http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering-resources.pdf
Uwe Manuel Rasmussen, Microsoft

Ruediger pointed out the importance of distinguishing between actual
criminal activity on the net and the ways to fight this from the
administrative procedures. It is not related to the RIPE
administration processes.

Uwe agreed with this, but mentioned that this didn't lead to the
entity with the real responsibility.

Ruediger stated again that the registration is not the point, and that
you must get to the "box" and that this may be a botnet. The
administrative data in the RIPE Database is irrelevant to this.

Uwe stated that there should be a check that organisations requesting
resources actually exist before assigning to them.

Nick Hilliard (INEX) pointed out that this check is already done by
the RIPE NCC. However, there is little the RIPE NCC can do if
documents are fake. The RIPE NCC is not the routing police.

Uwe agreed but would still like a way to be able to challenge an assignment.

Carsten Schiefner (DENIC) commented that there is a similarity with
TLDs. There is still no solution to guarantee WHOIS accuracy.

Uwe explained that he was not looking for WHOIS accuracy, but for a
solution to remove the people that don't exist.

John Curran (ARIN) explained how this is done in the ARIN region. He
said that ARIN does verification, but when a fraud is uncovered, ARIN
does act to revoke resources. This is not related directly to the
criminal activities, but due to a violation of the policy.

Uwe agreed that it is not the RIPE NCC's job to determine what is
legal or not, but pointed out that allowing somebody that obtained
resources to use these resources for illegal purposes leaves him
outside the law. He said that he will present propositions to the
mailing list to reformulate the text in RIPE Document ripe-452 to
revoke resources if an organisation if found not to actually exist.


-- 
Suresh Ramasubramanian (ops.lists at gmail.com)