This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

Previous message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
Next message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch pk at DENIC.DE
Tue Nov 17 22:18:35 CET 2015

Dear WG,

I have read the document and would like to thank the authors
for their work.  Some of my observations match and support
points already raised by Gilles:

On Tue, Nov 17, 2015 at 03:39:57PM +0200, Gilles Massen wrote:

> This is a very interesting document, and a very nice thing to have
> (although it is unclear to me if the information in it is not too
> volatile for a BCP).

The end of chapter 4 reads:

> This document is intended to be a request for input from the Internet community. As a next step we would like to define a standard API for abuse contact lookups.

This is consistent with the style and content of the paper but would
not suggest a status of "Best Current Practice".

Also, the document would benefit from some copy editing before publication.
Some of the terms in section 2 do not appear in the rest of the paper
or have been replaced - e.g., "registrant" is defined but "domain owner"
is used (where "owner" is a suboptimal phrase for both domains and IP addresses).
Also, while the example domain name is used, IP addresses should also
come from the dedicated assignment.

The intended audience section should be promoted to immediately follow
the abstract, then followed by the problem statement.
I'd like to see a clear distinction between "abuse" and "IT security
incident", where both terms appear to be used interchangeably.

> - under point 4 it says implicitly that name-based whois is quicker
> outdated than number-based whois. Is there any hard data to back that
> statement up?

I fail to see the relevance of this statement in the first place,
especially given that the catalog in chapter 6 does not refer to
any name based data repository - and rightfully so.

The structure in chapter 6's catalog looks good, some prose
elaborating the meaning of "first" or "second hand" sources
could be helpful.  What's the implication of either attribute?
Same for the up-to-date-ness: the availability of per-object-timestamps 
might be more helpful than a general assessment of the repository,
knowing that timestamps do not imply accuracy.
Speaking of which: perpetuating the out of area examples in this document
might turn out to be confusing.

I'd like to understand the emphasis on "national CERTs".

Regards,
  Peter

Previous message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
Next message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]