[anti-abuse-wg] DRAFT WG Minutes - RIPE75

Hi,

Looking forward to version 2 of policy proposal :) 

Wanted to thank those that serve on @anti-abuse for their service, dedication 
and valuable time. 
I also want to generally thank everyone for everything I learned here in 2017.

I wish everyone an amazing 2018 

Thank you

Andre


On Thu, 7 Dec 2017 12:17:25 +0000
Brian Nisbet <brian.nisbet at heanet.ie> wrote:

> Colleagues,
> 
> The RIPE NCC staff have put together the draft minutes from RIPE75. I
> would appreciate if you could take a look and let me know of any
> errors, issues or required corrections.
> 
> RIPE 75 Anti-Abuse Working Group Minutes
> 
> Wednesday, 25 October 2017, 11:00 - 12:30
> WG Co-Chair: Brian Nisbet

> Scribe: Nathalie Trenaman, RIPE NCC
> 
Status: Draft
> 
> A. Administrative Matters
> 
> Brian Nisbet opened the meeting and welcomed the working group.
> 
> There was one addition to the agenda: Jan Žorž will do a brief
> presentation about the BCOP work. The minutes for the RIPE 74 meeting
> were approved.
> 
> B. Update
> B1. Recent list Discussion
> 
> Brian mentioned that there was nothing much to reference content-wise
> on the mailing list apart from the usual discussions.
> 
> The RIPE community Code of Conduct is extended and includes the
> mailing list.
> 
> There was positive feedback about this development.
> 
> C. Policies
> 
> C1. Policies: 2017-02 (Regular Abuse-C Validation) - Gregory Mounier
> and Hervé Clemens
> 
> The presentation is available at:
> https://ripe75.ripe.net/presentations/119-Policy-change-proposal-RIPE-75-Dubai-V4.pdf
> 
> Jan Žorž, ISOC, said he liked the idea of an auto-responder and wanted
> to give RIPE NCC the mandate to validate contacts, but he was not sure
> about the frequency of once-a-year for validation. Jan thinks that
> over 90% of the contacts are probably correct.
> 
> Ruediger Volk, Deutsche Telekom, stressed his point that he would like
> to see a guideline document for abuse-c contact information.
> 
> Brian Nisbet pointed out that this has been a discussion before and
> that more input was then requested and not received.
> 
> Ruediger Volk added that the RIPE NCC already has the mandate to keep
> the registry accurate and that there is no need for a separate policy
> to enforce that.
> A repercussion of closing an LIR from this policy violates the
> Standard Service Agreement (SSA).
> 
> Nigel Titley, RIPE NCC Executive Board, stated that if this becomes a
> policy, it becomes automatically part of the SSA.
> 
> Piotr Strzyžewski, Silesian University of Technology, Computer Centre,
> said he missed the financial impact slide in this presentation.
> 
> Gregory Mounier, Europe, explained that it would be in the impact
> analysis, produced by the RIPE NCC.
> 
> Piotr Strzyžewski said that in the General Meeting yesterday, it was
> discussed that there should not be an increase of more RIPE NCC staff
> members. He added that he feared robots and automation will be set up
> by members to deal with the process.
> 
> Andrew de la Haye, RIPE NCC, explained that there would be an impact
> analysis published in the next phase of the policy process. If the
> policy would reach consensus, they would not include the cost factor.
> The cost factor will be discussed in the General Meeting.
> 
> Erik Bais, A2B Internet, said that he thought the ARC (Assisted
> Registry Check) process was the right process for this and that the
> RIPE NCC had enough issues chasing members for ARCs. He added that he
> was strongly against the part of this policy proposal that mentions
> closing members.
> 
> Andrea Cima, RIPE NCC, commented that the RIPE NCC wouldn’t be able to
> contact all the members through ARCs on a yearly basis, but they can
> partially use ARCs to prioritise those members where they think the
> abuse-c information is incorrect. He added that they do not know the
> numbers yet, so ARCs may not be enough to fulfil. ARCs can help but
> it's not the full solution.
> 
> Peter Hessler, Hostserver GmbH, stated that he is very much against
> this policy. He said it was a waste of resources in all areas and he
> is extremely against the closure clause of this policy proposal.
> 
> Alexander Isavin, Internet Protection Society, said that what is sad
> about this policy proposal, was that is comes from law enforcement. He
> added that RIPE is not about helping law enforcement, but to support
> networks.
> 
> Brian Nisbet says that they should not forget that law enforcement is
> part of their community.
> 
> Gregory Mounier said that by monitoring an email address, law
> enforcement would not be able to investigate criminals and that this
> policy proposal is for the good of the community.
> 
> William Sylvester, Addrex, asked if this policy proposal excluded
> legacy space holders.
> 
> Brian replied that it did because they have no ability to impose
> policy on legacy address space.
> 
> William said he opposes policies that reclaim any space.
> 
> Brian added that this raised an interesting point because it's been
> said a couple of times and this is something for the community to
> consider, not specifically to this. If people don't support a policy
> which may lead potentially to the revocation of resources (speaking
> purely as himself here), it puts the community in a very interesting
> position in regards to what they may or may not be able to do in the
> future and the policies which currently exist which can lead to
> closure of members and revocation of resources. It is a very general
> comment, that is an interesting thing because it was referenced
> during the General Meeting last time as well.
> 
> Gregory commented that he would also like to include the legacy space,
> but he was told not to.
> 
> Jordi Palet Martinez, The IPv6 Company, said that he was in favour of
> this proposal because it improved contact information. He said that a
> form is not a good idea, because it is a waste of resources. An email
> should be answered in a certain amount of days.
> 
> Brian added that version two of this policy proposal would be sent to
> the mailing list soon.
> 
> D. Interactions
> D1. Working Groups - RIPE Database and Implementation of “abuse-c"
> 
> Brian encouraged everyone to look at the conversations on the Database
> mailing list and to attend the Database Working Group session if they
> wanted to discuss this topic. He said he was not going to go into it
> here because it was a piece of work on the database but it was worth
> referencing because it's about the abuse‑c.
> 
> E. Presentation
> E1. Netflow Based Botnet Detection - Alireza Vaziri
> 
The presentation is available
> at:
https://ripe75.ripe.net/presentations/89-Botnet-V3.pdf
> 
> There were no questions or comments.
> 
> E2. Pre-Transfer Clean-Up of Abused Prefixes - Erik Bais
> 
The presentation is available at:
> 
https://ripe75.ripe.net/wp-content/uploads/presentations/45-Prefix-Broker-presentation-RIPE75-AAWG.pdf
> 
> Brian asked how to make contact with the larger RBLs (Real-Time
> Blackhole Lists) and how to persuade them to update their information.
> 
> Erik said they had some experience with them because of GRUMbot, but
> the people from Shadowserver have very good contacts. Typically is
> wasn’t that hard to get them to update their information.
> Gregory Mounier asked if he knew how the bad guys got the IPs, was it
> hijacking.
> 
> Erik replied that the IP space was from a Dutch hosting provider that
> was a member of the RIPE NCC. So it was customers that were in this
> space that were using it for this type of activity and hiding their
> command and control servers.
> 
> X. AOB
> 
> Jan Žorž presented about a new idea from the BCOP (Best Current
> Operational Practice) Task Force. It is about IPv6 and mail servers;
> how to protect them, including DKIM, DMARC etc.
> 
> Jan asked if there were any volunteers in the WG to help write this
> document. Jan will send a mail to the mailing list as well.
> 
> Peter Koch, DENIC, asked about the scope of this best practice
> document and if there was a guideline for these operational best
> practices.
> 
> Jan Žorž replied that Franck Martin from LinkedIn wrote something
> already, but  he wants a BCOP document for a broader audience.
> 
> Z. Agenda for RIPE 76
> 
> Brian closed the meeting and reminded people to submit topics for the
> RIPE 76 agenda.
> 
>