This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Revised Minutes, RIPE 68
- Previous message (by thread): [anti-abuse-wg] Revised Minutes, RIPE 68
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Wed Nov 5 18:02:34 CET 2014
So, curious. How many colleagues from ripe aa wg were at MAAWG brussels or the subsequent Boston meeting last month? Were you able to talk to spamhaus there? On Wed, 5 Nov 2014 at 21:46 Brian Nisbet <brian.nisbet at heanet.ie> wrote: > Colleagues, > > It was pointed out in the meeting today that there were mistakes with > the previous minutes and we've discovered that an important section or > two were missing. Below I have pasted the new version of the RIPE 68 > minutes, including the conversation about LEA attendance at RIPE related > meetings (Section D.3). If you could take a look at these that would be > great. > > Also, if I could ask the NCC to look at the possibilities around the > action that was assigned to them in that section. > > Thanks, > > Brian > > *********************************** > > === > > A. Administrative Matters > > Brian welcomed the participants to the Working Group session and > introduced himself and Tobias as co-chairs. and thanked the RIPE NCC for > providing support in the form of chat monitor, scribe and > stenographers. The minutes from RIPE 67 and RIPE 66 were approved and > there were no additions to the agenda. > > B. Update > > Brian asked the room if there was anything pertaining "abuse-c:" that > needed to be raised. As nobody spoke up, Brian stated that it could be > covered later on if needed. Brian mentioned that he had circulated some > text for the working group charter. He noted that there had been some > discussion but was happy to keep any discussion on the list. He invited > the room to make any comments there and then if needed. There were no > comments. Brian urged the participants to read the charter on the > mailing list. > > C. Policies > > Brian stated that there were no open policies at the moment. > > D1. Interactions With Other Working Groups > > Regarding interactions with other working groups on policy, Brian noted > that he and Tobias had agreed with Nigel Titley and Wilfried Wober, the > Database Working Group Chairs, that he and Tobias would work on the data > verification policy. He mentioned that he and Tobias would not have time > for this soon, and therefore urged participants that, should they want > to take on the task, they were welcome. > > D2. Proof of identity discussions – RIPE Policy Proposal 2007-01 > > There was some discussion about the level of proof of identity that the > RIPE NCC should expect. Athina Fragkouli, RIPE NCC, stated that this > was also discussed in the Address Policy Working Group and there were > not many concerns about how the RIPE NCC handles proof of identity. She > added that the RIPE NCC is always open to changing procedures. Brian > asked the room whether the RIPE NCC are doing enough, too little, or to > much regarding proof of identity. He asked if there should be more > trust. Jim Reid, unaffiliated, felt that things should be left as they > are. He expressed that he thought it was bad to collect personal data > unless there is a strong need for the data. However, he can appreciate > the RIPE NCC's point and can see how it's useful in some cases, such as > for law enforcement and other aspects of anti-abuse. > Brian agreed that it's okay for the RIPE NCC to continue as it is. > > D3. RIPE NCC Government/LEA Interactions Update > -Marco Hogewoning, RIPE NCC > > The presentation is available online: > https://ripe68.ripe.net/presentations/387-AA-LEA-Update-MH1_AG.pdf > > Alexander Isavnin, NetLine, asked if it was possible for a Dutch > membership organisation to join closed meetings and not reveal what was > discussed. > > Marco responded that he thought it was possible. > > Alexander stated that the community wants to know what happens at these > meetings and urged for no secrecy. He wanted to know the name, rank, and > position of those attending these meetings with law enforcement. > > Marco stressed that these meetings are with law enforcement agencies > (LEAs), not with the intelligence community. > > Alexander responded that name, rank and position will support that the > attendees are not from the intelligence community. > > Marco responded that the RIPE NCC is looking at a way to improve the > reporting but needs to work with LEAs about the information that can be > published. He added that it may be possible to publish attendee lists > and or give more information about the attendees, however, it's > important that the trust level is maintained between the LEAs and the > RIPE NCC. > > Alexander responded that he wants European interaction to be more clear. > > Jochem De Ruig, RIPE NCC, stated that Brian Nisbet is invited to these > meetings so that he can provide input from the community's perspective. > > Brian added that he has been asked by someone from the National Crime > Agency (NCA) to remove their name from a public agenda as their friends > and family did not know with whom they were employed. Brian felt that > there would not be much cooperation if a full list of attendees was to > be published. > > Malcolm Hutty, LINX, added that it's about balance and satisfying all > parties reasonably. With some advance planning, he feels that basic > information could be disclosed and some transparency added. He added > that it would be best to avoid mentioning whether anything operational > was discussed (or not). He also noted that some individuals would > probably need their names kept secret and off lists, and therefore it > may make sense to ask them if the name of their organisation could be > published. > > Brian agreed that he fully advocates transparency and agreed with the > need for balance. > > Jim Reid agreed with Malcolm, and urged for more forward planning. He > also added that he felt it would be wrong to disclose the name, rank and > identity of everybody attending a meeting because that, in itself, could > disclose operational details. > > Marco concluded that that he will take this back to law enforcement and > work with them on future events to achieve better reporting. > > E1. "Anti-Abuse: The View from the Messaging World" > -Jerome Cudelou, M3AAWG > > The presentation is available > online: https://ripe68.ripe.net/presentations/373-M3AAWG.pdf Brian > asked whether there are any more areas of mutual engagement that could > be touched upon. Jerome responded that it would be best to become > members of M3AAWG. Brian asked whether non-members of M3AAWG could > contribute to M3AAWG’s documentation. Jerome responded that he didn’t > think it was easy to do and that it is better to become a > member. Rüdiger Volk, Deutsche Telekom, asked if there were documents > that would explain what is expected of an abuse contact. Jerome > responded that the document is under discussion. Vincent Schonau, > abuseix and co-chair of the Training Committee at M3AAWG, further > clarified that there is the Abuse Desk Best Practises document that is > now a few years old. He added that the Abuse Desk Special Interest > Group has revived the document and would work on it in upcoming > meetings. Alex de Joode, LeaseWeb, stated that LeaseWeb is not a member > of M3AAWG but are participating in the Hosting Special Interest Group > (SIG) and the Abuse SIG so participation is possible without becoming a > member. Brian asked Alex what the procedure was for > participation. Alex responded that he had sent a message to Gerry Upton > and received a free invitation. Samaneh Tajalizadehkhoob, Delft > University of Technology, asked if M3AAWG cooperate with research > institutions. She mentioned that Delft University of Technology are > working on banking malware and mobile malware, and asked if M3AAWG share > data with them. Jerome responded that they do share data with research > institutions. Vincent noted that M3AAWG has a very open policy about > inviting people to come to the European meetings and the emerging groups > such as the Hosting SIG. He directed interested parties to Gerry, Jerome > or himself for an invitation. Brian asked an open question to RIPE NCC > members in the room whether there had been any interaction with M3AAWG > since RIPE 45 in Barcelona. Jochem de Ruig, RIPE NCC, responded that > the RIPE NCC would try to come to Brussels and that the RIPE NCC did > find the meeting useful for engagement with the community. > > E2: Impact of abuse-c > > -Bengt Gördén, Resilans The presentation is available > online: https://ripe68.ripe.net/presentations/383-impact_abuse-c.pdf > Ruediger > asked whether the message to the abuse-c at Spamhaus was > successful. Bengt replied that it was not, and asked if there were > questions about that. Ruediger continued, adding that Spamhaus is > bullying people on the Internet and that a joke he had heard is that it > may be possible to send a claim of copyright or trademark infringement > with the name Spamhaus and send it to .org. Bengt added that it would > work. Ruediger added that the Internet community needs to make sure > that things are balanced out, thanking Bengt for his presentation. Erik > Bais, ATB Internet, added that they had been in the same situation with > Spamhaus and it had been well-documented. Bengt responded that he had > read about it. Erik continued that they had disclosed fully about their > interactions with Spamhaus, who had behaved brazenly in return, finding > the situation amusing and even blogging about it on their website. Erik > added that Spamhaus do not care and that they have been invited to the > RIPE Anti-Abuse Working Group sessions, to have a panel and discuss the > proper policies, but had refused the invitation. Brian added that that > the relations between the Working Group and Spamhaus were not as good as > they would like, and redirected the discussion back to “abuse-c:”. Erik > stated that they transferred some of their address blocks and even after > six months they still receive emails to their abuse mailbox regarding > blocks that they don’t own anymore. He called for people to use the RIPE > Database and asked how it is possible to make people update their > information. Bengt replied that he feels the community needs to work on > this issue collectively, but not necessarily in a way that results in > any legislation or policy. Erik added that it’s good to remember that > Spamhaus does not block mail and there is always a need for well-managed > block lists. Peter Koch, DENIC, asked Bengt about his slides as they > seemed somewhat contradictory to him, as they looked more like a > “suffering story” rather than a success story and he did not understand > why it was being used as an example, as Bengt’s “I told you so.” Bengt > responded that maybe it is time that they give up on optimising the > “abuse-c:” for an audience that cannot be educated. Brian invited > Tobias Knecht, his fellow chair of the Anti-Abuse Working Group to > comment on similar policies in other regions. Tobias stated that the > policy about “abuse-c:” was brought into APNIC in a different way, as > well as at AFRINIC. While the implementations were different, the end > result was the same - that there is an abuse contact in the Whois > Database, a single space. Bengt noted that he had tried to get an abuse > contact for Spamhaus and it hadn’t worked. Alex Le Heux, Kobo Inc, > added that they had similar experiences with many of those blacklists. > He stated that Spamhaus regularly attends M3AAWG and advised those who > wanted to meet with them, to go to the Brussels meeting. He invited > those with similar experiences to come to the meeting so that some sort > of best practises for blacklists can be set up. Brian confirmed that a > best practises document that has come out of M3AAWG already exists. > > E3: Abuse-c: Next Steps for “abuse-c:” > -Denis Walker and Christian Teuschel, RIPE NCC The presentation is > available > online: https://ripe68.ripe.net/presentations/162-aa_wg.pdf Brian noted > that time was running short, and some discussion may need to be directed > to the mailing list. Ruediger asked if it was explained anywhere how > ORGANISATION objects should be used. Denis responded that it was one of > the big problems with the RIPE Database. Ruediger noted that there is > no documentation and explanation of the data model that the RIPE NCC > says that the community should be following. Denis replied, saying that > no business rules were built into the software to enforce any of this, > and agreeing that there are no guidelines. Ruediger argued that, if > there is a data architecture that should be followed, it should be > documented and agreed upon. He called for a document that explains what > the architecture is. Brian asked whether this discussion would be > something better suited to the Database Working Group. Peter thanked > Denis and Christian for their hard work. He noted that the RIPE Policy > Development Process allows early and often objections and he believes > that they are at risk of going completely overboard in a variety of > aspects. He stated that he thinks that the model is in the wrong > direction, and he is opposed to “salami tactics”. His interpretation of > one of the slides is that there is an ORG object and the addresses hang > off it, and he cannot find any document that describes it that way. The > database model with which he is familiar is one built around the objects > you ask for, and the information attached to the objects, in other > objects. He called for changes to the model. He added that if this were > moved to the Database Working Group, that would only partly help as the > changes proposed from the Anti-Abuse Working Group may not be compatible > with the Database Working Group point of view. Brian clarified that, if > there were issues with the architecture and business rules and > documentation, then it would be more appropriate for the Database > Working Group to work with the RIPE NCC to get that written. Peter > stated that it may be time to reconfirm the mission of the RIPE > Database, adding that it should not become a “compliance stick” for > Local Internet Registries or resource holders. Christian asked Peter > what he had meant by “salami tactic” regarding the validation. Peter > clarified that having a mailbox does not mean that mail is delivered or > read. The next slice of salami is to validate, so that mail can be > expected to be deliverable. He envisioned that, three months later, it > won’t only be deliverable, but there would be a reply. Christian > replied that this is what they had proposed, improving the data > quality. Peter added that caution would need to be taken when regarding > data quality as it is a topic for the admin-c and the resource holder. > He believes that the data should be correct because that is the core > mission. Via remote participation, Gilles Massen asked if, as the > existing IRT objects are becoming more invisible, would it be possible > to reference an IRT from the “abuse-c:” or at least add the useful IRT > features like BGP keys to the “abuse-c:”. He stated that he would like > to see relaxed constraints like a copyright-abuse-mailbox: NULL for > signalling that one should not expect a reply to those sorts of > messages. He also asked that IRT objects not be touched without prior > discussion in the Working Group. Denis responded that the RIPE NCC > understands that the IRT object is not very popular and that they have > been asked to propose to the community as to how the IRT could be made > more useful. He will provide feedback to the Working Group for further > review. Piotr Strzyżewski, Silesian University of Technology, referred > to Bengt's presentation, noting that some of these corporations don't > care about the "abuse-c:" and therefore it wouldn't be useful to > establish another point of contact for them. He sarcastically added that > he “loves" the idea of national responsibility (with the opposite being > his true feelings on the matter). However, he does feel that there > should be some policy regarding validation. Christian responded that he > thinks validation and extending the ROLE object should go through the > RIPE Policy Development Process. Brian stated that he thinks it must go > through that process. Christian continued, stating that extending the > ROLE object is something that has come from the community. While he > acknowledges that some countries have more than one national CSIRT, the > implementation needs to be clear and the list of contact details for all > of them should be provided. He added that the RIPE NCC is trying to work > with them, in the case that the “abuse-c:” fails. Brian asked about the > origin of the request from the community. Christian replied that it > hadn’t come from the mailing list, and had come from a meeting of the > computer security community. Kaveh Ranjbar, RIPE NCC, added that the > provision of a proper abuse contact was a recurring point in the RIPE > NCC Survey 2013’s results and therefore the RIPE NCC had started to > attend security conferences. Ruediger asked Christian if the CSIRTS > were happy about getting the reports, or if they were > unhappy. Christian replied that they were happy. Ruediger expressed > doubt and surprise that they would be happy to be “flooded” by copyright > abuse reports. He called for guidelines and information as to what kind > of report people should be sending to abuse contact, and how people > should be responding to these reports. Denis added that, if Ruediger > wants the RIPE NCC to provide these guidelines, then the community > should provide the text. Ruediger agreed with Denis that this is a task > for the Working Group. Brian added that he was surprised that the > CSIRTS were happy, and noted that many countries don’t have a CSIRT. He > added that he would put out a call for volunteers to help work on the > guidelines. Ruediger added that, without guidelines, doing validation > beyond mechanics is meaningless. > > E4: Introduction to Contact Databases for Abuse Handling > -Aaron Kaplan, nic.at > > Aaron explained how they do contact lookups at csirt.at, a national > CSIRT for Austria. He noted that a national CSIRT is usually just a > router for abuse contact information and that there are different > approaches in different countries. Aaron asked those involved with the > RIPE Database to have IRT objects, “abuse-c”, etc. as specific and > up-to-date as possible as it will help those sending information to > national CSIRTS for lookups. Brian asked where the information about > Aaron’s presentation would be available and if he could publish it to > the list. Aaron added that it is a document on Github. Brian asked if > he could email the list with the URL. Aaron replied that it is part of > a document that Christian Teuschel and Mirjam Keuhne, RIPE NCC, and > Wilfried Woeber started. It is connected to a GitHub project called > GitHub.com/CERTtools that is a contact cache/contact database for > national CSIRTs so that they can build on the process. Brian added that > it might be good to discuss this in more depth at a future RIPE > Meeting. Aaron stated again that the CSIRT is just acting as a router, > passing copyrights through, and the copyrights end up with network > owners under their policies. However, he noted that the routing process > can be optimised. There were no further questions or comments. Brian > thanked Aaron for his presentation and invited the room to contribute > agenda items for RIPE 69 in London. He thanked the scribe, speakers, > stenographers and participants before closing the session. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20141105/9c41a39f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Revised Minutes, RIPE 68
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]