This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] objection to RIPE policy proposal 2016-01
- Previous message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
- Next message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeffrey Race
jrace at post.harvard.edu
Fri Mar 4 17:00:49 CET 2016
Dear Lu, Your reasoning fails the logic test because you do not cognize the mismatch between the operation of "law to enforce things" and the spammer business model. The loss to no single victim rises above the threshold to initiate either criminal or civil proceedings. The spammers organize their business model in this way expecting most people to have your attitude. This is clearly explained in <http://www.jeffreyrace.com/nugget/spam_05.pdf> Kind regards, Dr. Jeffrey Race, President Cambridge Electronics Laboratories 20 Chester Street, Somerville MA 02144-3005 Tel +1 617 629-2805 Fax +1 617 623-1882 Avoid spinal damage from computer use! Read "Cripples by Thirty?" <http://www.camblab.com/nugget/nugget.htm> --Original Message Text--- From: Lu Heng Date: Fri, 4 Mar 2016 14:20:28 +1300 Hi there: I think the whole notion about we are managing the internet though the policy are not correct. We are not managing the internet, we are book keeping really. Denis, your argument standing on a group that if we do not manage the internet, the gov will step in and do it for us, but that is largely untrue. The Gov are managing it now as we speak, they have something called law to enforce things, they really don't need bother to go though policy here to block content they dislike, bust people they think are bad, find people are responsible, if there is a seriou crime going on, with or without abuse-c, gov will find them or not---abuse c does not change the outcome. Take China for example, A 500 m user can not access Facebook, tell me they go though any sort of APNIC policy to do that, same goes for some countries inA Middle East. So my last point is. If you like their gov job, you can apply one, don't try to push community here to do gov's job. On Friday 4 March 2016, denis <ripedenis at yahoo.co.uk> wrote: Hi Peter OK lets cut to the bottom line. Does anyone NOT agree with these points: -Internet abuse (in it's various forms) is considered both a nuisance and a danger by the publicA -Politicians will jump onto any band wagon that has popular public support and enhances their careers -Responsible internet resource management includes receiving and handling abuse complaints related to the networks you manage If we all supported these points, especially the last one, then in an ideal world all network managers would be happy to provide abuse contact details and would take action on complaints received. Unfortunately we don't live in that ideal world. The fact that so many experienced technical internet people are opposing this policy worries me. So many of you are fixating on this point about 'mandatory', 'enforcing', 'justifying'. If everyone agreed with point 3 above then you would all be willing to do this voluntarily anyway. So what difference does it make to those of you who do this anyway if it is mandatory? But we know some people simply can't be bothered to handle abuse complaints and we also know some people make money by providing services to the abusers. There is no point pretending this does not happen. If there is a lot of money to be made some people will want a slice of it. That is why this has to be mandatory. When abuse-c was first introduced it was made clear that this was the first step of a process. The intention was for all IP addresses within the RIPE region to have one common way of documenting an abuse contact that can be accessed programatically. It was also made clear that this first step had nothing to do with whether anyone responds to reports sent to that contact. Because it was and still is clear that some people don't want to publicise any abuse contact details it had to be and still has to be mandatory. If you enter data into the RIPE Database you are required to ensure it is correct. Dealing with whether anyone responds to the reports sent to this contact is a separate issue and should not cloud the discussion on the abuse-c information in the RIPE Database. Neither should the technical implementation of the abuse-c attribute. I know there are policies about policies for legacy resources. Personally I think that is crazy. All IP addresses are technically the same no matter how or when you acquired it. Abuse can come from any one of them. I don't know why we are making the policy side so complicated. The principle is simple. If you manage IP addresses in the public domain, from where abuse can be generated, responsible management requires you to provide abuse contact details!!! cheers denis On 03/03/2016 23:30, Peter Koch wrote: On Thu, Mar 03, 2016 at 11:46:45AM +0100, denis wrote: In these days of political interest in how the internet is 'managed' the RIRs need to do more than 'just maintain an accurate registry'. The indeed. The community should be careful to maintain and improve the credibility and legitimacy of its policy development process. ``Extra constitutional'' activity (imposing "abuse" handling procedures camouflaged as syntax changes to database objects) and retroactive changes to policy without an exceptional justification both aren't helpful. 2016-01 claims "Better data quality", which is not backed with arguments. 2016-01 claims "More accurate data for abuse contact", which is not A A A A A supported by arguments or evidence/precedent. internet is a crucial part of modern life. Abuse is considered to be a serious problem. What you are saying is that you don't give a dam about abuse and are not interested in being part of the management of abuse. The alleged correctness of data does not imply a "right to response" (cf ripe-563), and rightfully so.A Therefore the claims that refusal to add abuse-c would imply refusal to deal with abuse reports are pointless, since the sheer presence of the attribute does not imply anything, either. Also, I have not heard RA¬diger (or anyone else) claim they would not want to even add abuse-c - it's making this policy mandatory what is being contested.A ripe-639 re-establishes the 'special role' of legacy resources as exempt from policy changes: A A A A Any existing or future RIPE policy referring to resources shall not apply A A A A to legacy resources unless the policy explicitly includes legacy resources in its scope. Now, if that was simply a matter of a boilerplate in any future policy (xxx shall also apply to legacy resources), this clause would not make the slightest sense.A Consequently, a special consideration is needed. 2016-01 simply refers to inconsistency (obviously a simple consequence of ripe-639 and thus not exceptional) and "better data quality" - without justification.A No indication is given of any harm caused by legacy resources currently not subject to ripe-563.A ripe-563/ripe-639 do not preclude use of abuse-c for legacy resources, either. All in all, I understand the motivation behind 2016-01, but the reasoning is far too poor to justify proceeding with the proposal. -Peter -- -- Kind regards. Lu
- Previous message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
- Next message (by thread): [anti-abuse-wg] objection to RIPE policy proposal 2016-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]