[anti-abuse-wg] New Abuse Regulations

Brian Nisbet wrote:
> Frank Gadegast wrote the following on 28/06/2013 08:47:
>>
>> For a start Im really interested how the current revoking
>> process at RIPE NCC actually looks like and examples
>> how this process was actually used in the past ...
>> I might have missed that, but maybe that was never
>> comunicated to the list in detail.
>
> I don't have direct references for past use, but the Closure &
> Deregistration document has been repeatedly communicated to this list.
>
> It is here in all its glory:
>
> http://www.ripe.net/ripe/docs/ripe-578

Looks like to me, that the NCC can only revoke
resources or terminate contracts, because the member
does not follow regulations like allocation size, db entries
or is insolvent or similar, rather formal
reasons.
Any LIR or customer or a LIR can probably
setup the contract and DB data in a way
it fits those needs, but still use
the resources for massive abuse.
These seems to be also true for the audit process.

The LIR can withdraw a customers resource, if
the current usage does not comply to its
initial order purpose, but the NCC cant
do the same.

Should it be not part of the audit process
to check the current usage of sponsored
resources against their initial purpose ?

Then the following could happen:
- the community askes the NCC to start
   an audit for a special resource/LIR
   because of constant abuse coming from
   that network
- the NCC askes the LIR for the initial
   purpose of the sponsored resources
- and ask him to check the current usage,
   because of massive abuse complaints

Now the LIR (lets trust him in the first
stage), can check and maybe revoke the
resources.

If the problems continue, NCC could start
to audit the LIR itself ...
At that stage, the NCC would need trustful
data to proove, that the resources are
massivly used for abuse and the big question
is, how to either collect them at the NCC
or how to get them from trusted third parties.



Kind regards, Frank
>
> Brian
>
>