This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] WHOIS (AS204224)
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Wed Nov 4 18:17:10 CET 2015
Hi Sascha On 04/11/2015 15:32, Sascha Luck [ml] wrote: > On Wed, Nov 04, 2015 at 12:05:28AM +0000, ripedenis at yahoo.co.uk wrote: >> the sponsoring LIR should be restricted to an LIR in the same >> geographical/political/language area as the end user resource >> holder. Otherwise it could render the whole notion of an LIR >> validating their sponsored user's data pointless. > > IANAL, but I can't imagine that such a rule would even be legal > under EU legislation. Common Market, remember? Considering that the > Internet doesn't recognise any borders or > political blocs, this is one of the more outlandish suggestions > even for this forum. That may well be right, but if the sponsor cannot understand the language of the resource holder the validation may not be very effective. > >> Interesting point about the creation of this ORGANISATION >> object. It touches on an issue I have been trying to raise for a >> number of years. But I am almost universally shouted down by >> most of the vocal members of the RIPE community whenever I >> mention it. Even though many less vocal members have privately > > Ah, "the majority agrees with me in email" I never mentioned email or majority. 'Some' people I have talked to at RIPE Meetings have agreed with me. The majority will not even talk about it. > >> Sascha Caveat - “we are not the [xyz] police” .. in this >> case, “the document police” .. a fine old trope, that. > > I didn't actually write this, your quoting appears to be broken. My apologies it was in a reply 'to' you not from you. > >> Sander "I personally think that someone holding resources should >> at least be identifiable in the DB," >> >> I absolutely agree, but also anyone who partly manages any >> aspect of a resource should be identifiable. > > No. Just NO. I am, frankly, flabbergasted at this mindset: > > 1) All resource holders are presumed to be bad actors and all of > their data must be kept in a database, their correctness to be > strictly enforced. That seems to be the basis of this whole thread....not my assumption > > 2) It's no problem making this data available, for free, to every > Tom, Dick & Harry with an internet connection. I actually have some very strong views on making parts of the data in the RIPE Database private, but that is another proposal... > The very idea that > someone might use this data for nefarious purposes is obviously > farcical. You have a very negative and misguided view of what I am saying. > > There is a need to be able to reach a resource holder to notify > them of abuse coming from their network (the abuse-c) or > technical problems (the tech-c). There is NO need to have the > street address and phone number of every *person* "who partly > manages any aspect of a resource" in a public database, just to > satisfy the curiosity of some curtain-twitcher or give actual > criminals some data for ID theft purposes. First of all I never said anything about personal data. Maybe you have not heard of the concept of business data. Maybe also you have never had problems trying to contact people regarding resources in the RIPE Database. The 2007-01 policy to contact all resource holders took about 7 years to implement. I suspect many of them are uncontactable again by now. The complexity of this database schema allows for many ways to hide yourself. By manipulating the relationship between PERSON, ROLE, MNTNER, ORGANISATION objects and building complex references and chains of objects it can become very difficult to find who to contact. Do you realise you can make a business out of a MNTNER object? If you 'own' the MNTNER object you can provide a service to other people. You put the password of some anonymous person into your MNTNER and this anonymous person can then maintain resources. As the 'owner' of the MNTNER you can claim you have nothing to do with the resource. You are simply providing a service to your customers. By creating a new MNTNER for each customer only they (and you) can manage their data. You try contacting that resource holder!! The RIPE NCC and maybe the sponsoring LIR knows who it is, but no one else does. A proper implementation of personalised auth and dropping the MNTNER object would solve this issue of anonymity. Unfortunately the watered down version of my original plan being offered now does not go far enough. My main point was the chain of trust for resource holders and resource managers. Also being contactable does not mean personal contact data must be displayed to the public. There are many ways to be contactable. But few people are even willing to discuss possibilities when it comes to changing the data model. cheers denis > >> community and talks with the WG chairs. In the end, when the >> RIPE NCC thinks it has worked out the best way to achieve the >> policy, they present the final implementation plan with >> timelines to the mailing list. If and when consensus is reached >> on the implementation, the RIPE NCC will go ahead and do the >> work. > > For completeness' sake, if the policy leads to changes in the > members' contract or the Terms & Conditions, a membership vote at > the GM is also required for implementation. > > rgds, > Sascha Luck >
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]