[anti-abuse-wg] WHOIS (AS204224)

On Wed, Nov 04, 2015 at 06:17:10PM +0100, denis wrote:
>That may well be right, but if the sponsor cannot understand the
>language of the resource holder the validation may not be very
>effective.

The price you pay for a globalised society. I can see your point
but this isn't something you can prevent par ordre du mufti. 
Besides, what if the only one in the company who speaks English
leaves? 

>I never mentioned email or majority. 'Some' people I have talked
>to at RIPE Meetings have agreed with me. The majority will not
>even talk about it.

Well, they may agree privately but at the end of the day they
probably vote the interests of their employer. It happens.

>>1) All resource holders are presumed to be bad actors and all
>>of their data must be kept in a database, their correctness to
>>be strictly enforced.
>
>That seems to be the basis of this whole thread....not my
>assumption

Oh, no, I don't want to accuse you personally of this assumption!
This entire topic is being discussed on this assumption and
*that* is what I take issue with.

For the record, in my experience:
- The NCC is doing the job assigned to it by relevant policy
  fairly, justly and to the best of its abilities.

- The *vast* majority of its members are perfectly law-abiding
  LIRs who only want to go about their business.

- The procedures to deal with them are generally sufficient 

A few people or companies who act in bad faith do not change this
fact and there is no reason to put the entire membership under
general suspicion and waste its time and fees with elaborate data
collection / verification schemes.

In the absence of any hard evidence to the contrary (beyond one
or two suspicious cases) *that* is the basis on which this
discussion should be maintained.

>I actually have some very strong views on making parts of the
>data in the RIPE Database private, but that is another
>proposal...

Well. It is on-topic insofar as I could live with more data
collection *if* that data were properly protected.

>>The very idea that someone might use this data for nefarious
>>purposes is obviously farcical.
>
>You have a very negative and misguided view of what I am saying.

Again, not an attack on you but of the prevailing opinion that
the data in the ripedb is only used by "good" people for "good"
purposes...
If these show up in a reply to you it's only because it's a good
plce, dialectically.

>First of all I never said anything about personal data. Maybe
>you have not heard of the concept of business data. Maybe also

Many resource holders are persons. Many more people involved
somehow with the management of resources are persons.
Besides, even business data is somewhat sensitive. Where else
outside the LIR/RIR world do businesses have to maintain all
information about all of their business relationships in a public
database?

>you have never had problems trying to contact people regarding
>resources in the RIPE Database. The 2007-01 policy to contact
>all resource holders took about 7 years to implement. I suspect
>many of them are uncontactable again by now.

the sponsoring-org object is very helpful with that. Admittedly I
was against it but it has shown to be very useful now that it is
deployed.

>The complexity of this database schema allows for many ways to
>hide yourself. By manipulating the relationship between PERSON,
>ROLE, MNTNER, ORGANISATION objects and building complex
>references and chains of objects it can become very difficult to
>find who to contact.  Do you realise you can make a business out
>of a MNTNER object?

Yes. I do. I'm mntner or co-mntner on a few objects. 

> If you 'own' the MNTNER object you can
>provide a service to other people. You put the password of some
>anonymous person into your MNTNER and this anonymous person can
>then maintain resources. As the 'owner' of the MNTNER you can
>claim you have nothing to do with the resource. You are simply
>providing a service to your customers.

Yes. And what is wrong with that? All the mntner object does is
grant access to change a ripedb object. It says nothing about who
operates a resource or what they are doing with it.  The reason I
have mntner on a few objects is that the resource holder neither
want nor are able to deal with the ripedb and as backup so the
resource stays maintainable in the inevitable event of the other
mntners losing their password. This does not make me responsible
for what this resource holder or their customers do. 

> By creating a new MNTNER
>for each customer only they (and you) can manage their data

Er, isn't that the *point* of the mntner object? Who else should
be able to besides the NCC? (and they are)


> You try contacting that resource holder!!

tech c, admin-c, abuse-c...

>  The RIPE NCC and maybe the sponsoring LIR knows who it is, but
>  no one else does.

Nobody else NEEDS to know. If the NCC knows and the
sponsoring-org knows, it is contactable. If they won't talk to
you, get on to the NCC. If they don't talk to them either, they
are going to be deregistered anyway.

>implementation of personalised auth and dropping the MNTNER
>object would solve this issue of anonymity. Unfortunately the
>watered down version of my original plan being offered now does
>not go far enough.

This much anonymity is required. I have several customers, why is
there a need that,

a) they know of each other 
b) every other randomer on the Internet knows whom I work for?

And, yes, a different mntner for every object is a possibility
but it's unmanageable and really makes things much harder than
they need to be.

>My main point was the chain of trust for resource holders and
>resource managers. Also being contactable does not mean personal
>contact data must be displayed to the public. There are many
>ways to be contactable. But few people are even willing to
>discuss possibilities when it comes to changing the data model.

Maybe because it has served us reasonably well over the years,
it's a massive effort to completely change it and it's still a
damn sight better than most other RIRs' databases.

rgds,
Sascha Luck