[anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database)

Hi,

> Yet, a _single_ point of contact (mail, fax, phone, you name it)
> should is provided. The way abuse-related information is processed
> internally (outbound abuse communication vs. information sharing
> between teams) in institutions cannot (and won't) be solved in
> whois.

We do not want to solve it within whois, but we want to give the
different teams the opportunity to publish their information.

Many huge ISPs have a cert and an abuse department, which are sometimes
located in different cities and do completely different work. A cert
does want to contact the other cert and not the abuse department. A
spamrun should be reported to the abuse department.

In my personal opinion every ISP should have an abuse department to
solve outbound abuse issues. And that is the abuse-c part and that why
this is mandatory. If an ISP can afford or need a cert, he can publish
this in whois as well.

>> And that is exactly what the IRT should be again, with all the 
>> security measures, that were mandatory at the very beginning and
>> got canceled over time.
> 
> I am surprised, you have any examples for IRT objects were these
> measures were dropped?

If you look at this really old document
http://www.ripe.net/data-tools/db/irt/ripe-irt-object-technical-how-to/#113
you will find under point 1.1.4 that signature, encryption and auth are
mandatory fields, which they are not any more today. At least one of
them is not mandatory anymore today. Couldn't find documentation at the
moment.

Thanks,

Tobias

-- 
abusix






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20111124/964971f9/attachment.sig>