This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] WHOIS (AS204224)
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Nov 6 05:48:14 CET 2015
In message <563BF1E0.3090106 at yahoo.co.uk>, denis <ripedenis at yahoo.co.uk> wrote: >First of all I apologise if I have mixed up some of your views, some of >Sacha's views and some of my own views. If I have I did so with good >intentions. I was not trying to derail anything, but I disagree that >this is a simple discussion. Apology accepted. As regards to whether this topic is "simple" or not, certainly, what I propose is reasonably simple and straightforward. I'll grant that you may perhaps have a point that the subject matter may perhaps not be as straightforward as it either could be or should be, based on your point(s) below. >> ... Millions of businesses world-wide allow end >> users to create accounts on their corporate web sites, and the vast >> majority of those then COMFIRM and VALIDATE those account creations >> by sending the person who is alleged to have created the account a >> magic cookie (often embedded within a URL) and asking them to return >> that in some fashion... >> ... >> If these all constitute "over engineered >> processes" then I'm sure that news will come as shock to all those >> millions of businesses who have spent time and money to implement >> and deploy theses systems. > >On this point I believe you are wrong. "allow end users to create >accounts on their corporate web sites". This is not how the RIPE >Database works. The accountability for these 'accounts' is distributed. >The RIPE NCC has no relationship with many of the personal data sets >created in this database. I feel sure you will correct me if I'm wrong, but I suspect that what you most probably actually intended to say here is that RIPE has no _direct_ and/or _contractual_ relationship with some (many?) of the entities whose contact details appear in the RIPE data base. Would that not be a more precise formulation of what you had intended to convey? Quite obviously RIPE NCC has a "relationship"... in the broadest sense of the word... with all of the entities whose contact details appear in the data base. The relationship, at the very least, is that RIPE NCC is storing (and yes, distributing) contact details for these entities. It may seem like I am quibbling over a minor semantic point here, and perhaps I am, but I think that it is somewhat inaccurate to say that there's no relationship at all between RIPE / RIPE NCC and the entities whose data is in the data base. >So first of all any validation process must also be distributed. The conclusion does not follow from the premise. >Are you >suggesting the RIPE NCC should re-check what was entrusted to the >members to do? Bingo! >In the end most members do enter valid data that they have checked by >some means in good faith. In the end, most people do not steal my bicycle. I still lock it up at night, regardless. >> So let me see if I understand this... >> >> So on the one hand, performing even just some simple process to >> try to validate data fields that are already in the public data >> base is an "over engineered" solution, but YOU want to totally >> re-engineer the entire data base from the ground up. Is that >> about the size of it? Did I miss anything? > >Yes you did miss something. I never suggested we through out the baby >with the bathwater. I proposed a discussion on reviewing the data model. >That is not suggesting we through out everything we have now. It may >lead to re-arranging data, storing it more efficiently, or maybe storing >different data, or only allowing some of the data to be seen by groups >of people who need it. Any and all of that sounds like it might involve some really SERIOUS and hevy-weight re-engineering to me! That's not to say that any of what you're suggesting isn't useful, and perhaps even vitally needed. I am only reiterating my point that it seems rather bizzare to assert that a purely procedural change, i.e. to begin to validate the data that's already there, is an "over engineered" step to take when you are proposing some different (and, it seems, almost entirely unrelated) ideas about how to restructure... perhaps radically... the data base. >As I said above, validating data in a system with a distributed >accountability is not going to be simple. On this point I agree... UNLESS some single central entity undertakes that task on behalf of the entire community. Some single central entity like, um, RIPE NCC. >I think you have over complicated my point while over simplifying yours. Understood. I hold the exact same view, i.e. I think that you have over-complicated my point while over-simplifing your's. >My main point was that there are many issues with personal data, >including validation, and maybe we should take a step back and look at >them all. "Taking a step back" may or may not be the wisest course of action. http://report.president.msu.edu/360/_/img/assets/crew-view/jim-peck/jim-standing-near-edge-of-cliff.jpg Regards, rfg
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]