This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Nisbet
brian.nisbet at heanet.ie
Wed Oct 11 16:06:59 CEST 2017
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Network Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet at heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 Mounier, Grégory wrote on 10/10/2017 15:49: > Hi everyone, > > > > Thanks for your questions and comments. In light of those, Hervé and I > will prepare a slightly amended version of the proposal to specify some > languages, in particular when it comes to the role of RIPE NCC’s impact > analysis in providing more details about the concrete implementation of > this policy change proposal. > > > > Andre rightly asked what was the goal of the proposal. Ultimately, the > goal of the proposal is to reduce the likelihood of getting no response > when someone (anyone) need to urgently contact a LIR via the abuse-c > contact. To achieve this goal we believe that RIPE NCC should be > mandated to regularly validate the abuse-c contact point. We think that > the main criteria to decide whether to move the proposal to the review > phase or not, should be whether there is a majority of AAWG members who > thinks that having a valid and functioning abuse-c contact points is a > valid goal. > > > > Most questions raised were about the actual implementation of the > proposal. As explained by Marco/RIPE NCC, the practical details of how > the validation procedure will be implemented should not be laid down in > the policy change proposal at this stage but rather by the impact > analysis that RIPE NCC will conduct. RIPE NCC is the best placed to > propose a working procedure (whether it should be done in the framework > of ARC, what will be the criteria to consider a contact point invalid, > how to address auto-answer, how often the validation process should be > carried out etc.) because they are the ones who can best assess the > financial and human resources to conduct these checks in the most > efficient manner. > > > > Lastly, it seems that some members assume that this proposal is driven > by law enforcement (LE) needs only. It is not. All network > operators/LIRs have at some points been in the frustrating situation of > not being able to find a valid contact point, this is why Hervé/Orange > is co-authoring the proposal. There is not so many ways of ensuring that > you get an answer: the community needs to agree that at least one > contact point will be validated by RIPE NCC. In parallel, law > enforcement is indeed working with NCC and some RIPE members to develop > our knowledge and possibly a tool to visualize BGP routing tables. But > improving the way LE can identify and investigate malicious IPs is not > the goal of this policy change proposal. > > > > In conclusion, we think that so far, except for one or two members who > explicitly opposed the goal of the proposal, a majority of members who > expressed themselves on the AAWG mailing list during the discussion > phase, agrees with the general objective of the proposal – that is to > mandate RIPE NCC to regularly validate abuse-c contact in order to > reduce the likelihood of not getting an answer when someone needs to > urgently contact a LIR. > > > > Therefore, in agreement with the AAWG chair, we would like to move this > proposal to the review phase. > > > > Thanks > > > > Greg and Hervé > > > > > > > > > > *From:*anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] *On Behalf > Of *herve.clement at orange.com > *Sent:* 09 October 2017 15:01 > *To:* Nick Hilliard; Michele Neylon - Blacknight > *Cc:* ox; Gert Doering; anti-abuse-wg at ripe.net > *Subject:* Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular > abuse-c Validation) > > > > Hello Nick, > > > > We have already talked with the RIPE NCC about ARC. > > If the ARC would include actual contact validation, a same LIR would be > contacted less frequently for a global audit. > > Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis > will answer the question of extra work evaluation. > > > > Hervé > > > > > > -----Message d'origine----- > De : anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] De la part de > Nick Hilliard > Envoyé : lundi 9 octobre 2017 13:01 > À : Michele Neylon - Blacknight > Cc : ox; Gert Doering; anti-abuse-wg at ripe.net > <mailto:anti-abuse-wg at ripe.net> > Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c > Validation) > > > > Michele Neylon - Blacknight wrote: > >> The current situation is that abuse-c can be populated with rubbish. > >> The email addresses can be completely non-functioning. > >> That is the real and current issue. > > > > the real issue is that this is a complex layer 9 problem inside each > organisation, and although creating technological tickbox policies will > provide a veneer of doing something, that veneer is very thin. > > > > The RIPE NCC already has a mechanism for information consistency audits, > namely the Assisted Registry Check. > > > > Has anyone talked to the RIPE NCC about including abuse contacts in the > ARC, and been given credible reasons as to why this wouldn't be a > simpler, better and more effective way of dealing with issue of stale / > inaccurate details? > > > > Nick > > > > _________________________________________________________________________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme > ou falsifie. Merci. > > > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and > delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have > been modified, changed or falsified. > > Thank you. > > ******************* > > DISCLAIMER : This message is sent in confidence and is only intended for > the named recipient. If you receive this message by mistake, you may not > use, copy, distribute or forward this message, or any part of its > contents or rely upon the information contained in it. > Please notify the sender immediately by e-mail and delete the relevant > e-mails from any computer. This message does not constitute a commitment > by Europol unless otherwise indicated. > > *******************
- Previous message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]