This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] [db-wg] objection to RIPE policy proposal 2016-01
- Previous message (by thread): [anti-abuse-wg] [db-wg] objection to RIPE policy proposal 2016-01
- Next message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Fri Mar 4 01:21:04 CET 2016
Hi Peter OK lets cut to the bottom line. Does anyone NOT agree with these points: -Internet abuse (in it's various forms) is considered both a nuisance and a danger by the public -Politicians will jump onto any band wagon that has popular public support and enhances their careers -Responsible internet resource management includes receiving and handling abuse complaints related to the networks you manage If we all supported these points, especially the last one, then in an ideal world all network managers would be happy to provide abuse contact details and would take action on complaints received. Unfortunately we don't live in that ideal world. The fact that so many experienced technical internet people are opposing this policy worries me. So many of you are fixating on this point about 'mandatory', 'enforcing', 'justifying'. If everyone agreed with point 3 above then you would all be willing to do this voluntarily anyway. So what difference does it make to those of you who do this anyway if it is mandatory? But we know some people simply can't be bothered to handle abuse complaints and we also know some people make money by providing services to the abusers. There is no point pretending this does not happen. If there is a lot of money to be made some people will want a slice of it. That is why this has to be mandatory. When abuse-c was first introduced it was made clear that this was the first step of a process. The intention was for all IP addresses within the RIPE region to have one common way of documenting an abuse contact that can be accessed programatically. It was also made clear that this first step had nothing to do with whether anyone responds to reports sent to that contact. Because it was and still is clear that some people don't want to publicise any abuse contact details it had to be and still has to be mandatory. If you enter data into the RIPE Database you are required to ensure it is correct. Dealing with whether anyone responds to the reports sent to this contact is a separate issue and should not cloud the discussion on the abuse-c information in the RIPE Database. Neither should the technical implementation of the abuse-c attribute. I know there are policies about policies for legacy resources. Personally I think that is crazy. All IP addresses are technically the same no matter how or when you acquired it. Abuse can come from any one of them. I don't know why we are making the policy side so complicated. The principle is simple. If you manage IP addresses in the public domain, from where abuse can be generated, responsible management requires you to provide abuse contact details!!! cheers denis On 03/03/2016 23:30, Peter Koch wrote: > On Thu, Mar 03, 2016 at 11:46:45AM +0100, denis wrote: > >> In these days of political interest in how the internet is 'managed' the >> RIRs need to do more than 'just maintain an accurate registry'. The > > indeed. The community should be careful to maintain and improve the > credibility and legitimacy of its policy development process. > ``Extra constitutional'' activity (imposing "abuse" handling procedures > camouflaged as syntax changes to database objects) and retroactive > changes to policy without an exceptional justification both aren't > helpful. > > 2016-01 claims "Better data quality", which is not backed with arguments. > 2016-01 claims "More accurate data for abuse contact", which is not > supported by arguments or evidence/precedent. > >> internet is a crucial part of modern life. Abuse is considered to be a >> serious problem. What you are saying is that you don't give a dam about >> abuse and are not interested in being part of the management of abuse. > > The alleged correctness of data does not imply a "right to response" (cf ripe-563), > and rightfully so. Therefore the claims that refusal to add abuse-c > would imply refusal to deal with abuse reports are pointless, since > the sheer presence of the attribute does not imply anything, either. > > Also, I have not heard Rüdiger (or anyone else) claim they would not > want to even add abuse-c - it's making this policy mandatory what is > being contested. ripe-639 re-establishes the 'special role' of > legacy resources as exempt from policy changes: > > Any existing or future RIPE policy referring to resources shall not apply > to legacy resources unless the policy explicitly includes legacy resources in its scope. > > Now, if that was simply a matter of a boilerplate in any future policy > (xxx shall also apply to legacy resources), this clause would not make > the slightest sense. Consequently, a special consideration is needed. > 2016-01 simply refers to inconsistency (obviously a simple consequence > of ripe-639 and thus not exceptional) and "better data quality" - without > justification. No indication is given of any harm caused by legacy > resources currently not subject to ripe-563. ripe-563/ripe-639 > do not preclude use of abuse-c for legacy resources, either. > > All in all, I understand the motivation behind 2016-01, but the reasoning > is far too poor to justify proceeding with the proposal. > > -Peter >
- Previous message (by thread): [anti-abuse-wg] [db-wg] objection to RIPE policy proposal 2016-01
- Next message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]