[anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)

For the avoidance of any doubt, the WG Co-Chairs agree that this 
proposal will move forward to Review Phase and there will be a new 
version of the proposal and, subsequent to that, the NCC will work on 
their Impact Analysis.

Thanks,

Brian
Co-Chair, RIPE AA-WG

Brian Nisbet
Network Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nisbet at heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270

Mounier, Grégory wrote on 10/10/2017 15:49:
> Hi everyone,
>
>
>
> Thanks for your questions and comments. In light of those, Hervé and I
> will prepare a slightly amended version of the proposal to specify some
> languages, in particular when it comes to the role of RIPE NCC’s impact
> analysis in providing more details about the concrete implementation of
> this policy change proposal.
>
>
>
> Andre rightly asked what was the goal of the proposal. Ultimately, the
> goal of the proposal is to reduce the likelihood of getting no response
> when someone (anyone) need to urgently contact a LIR via the abuse-c
> contact. To achieve this goal we believe that RIPE NCC should be
> mandated to regularly validate the abuse-c contact point. We think that
> the main criteria to decide whether to move the proposal to the review
> phase or not, should be whether there is a majority of AAWG members who
> thinks that having a valid and functioning abuse-c contact points is a
> valid goal.
>
>
>
> Most questions raised were about the actual implementation of the
> proposal. As explained by Marco/RIPE NCC, the practical details of how
> the validation procedure will be implemented should not be laid down in
> the policy change proposal at this stage but rather by the impact
> analysis that RIPE NCC will conduct. RIPE NCC is the best placed to
> propose a working procedure (whether it should be done in the framework
> of ARC, what will be the criteria to consider a contact point invalid,
> how to address auto-answer, how often the validation process should be
> carried out etc.) because they are the ones who can best assess the
> financial and human resources to conduct these checks in the most
> efficient manner.
>
>
>
> Lastly, it seems that some members assume that this proposal is driven
> by law enforcement (LE) needs only. It is not. All network
> operators/LIRs have at some points been in the frustrating situation of
> not being able to find a valid contact point, this is why Hervé/Orange
> is co-authoring the proposal. There is not so many ways of ensuring that
> you get an answer: the community needs to agree that at least one
> contact point will be validated by RIPE NCC. In parallel, law
> enforcement is indeed working with NCC and some RIPE members to develop
> our knowledge and possibly a tool to visualize BGP routing tables. But
> improving the way LE can identify and investigate malicious IPs is not
> the goal of this policy change proposal.
>
>
>
> In conclusion, we think that so far, except for one or two members who
> explicitly opposed the goal of the proposal, a majority of members who
> expressed themselves on the AAWG mailing list during the discussion
> phase, agrees with the general objective of the proposal – that is to
> mandate RIPE NCC to regularly validate abuse-c contact in order to
> reduce the likelihood of not getting an answer when someone needs to
> urgently contact a LIR.
>
>
>
> Therefore, in agreement with the AAWG chair, we would like to move this
> proposal to the review phase.
>
>
>
> Thanks
>
>
>
> Greg and Hervé
>
>
>
>
>
>
>
>
>
> *From:*anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] *On Behalf
> Of *herve.clement at orange.com
> *Sent:* 09 October 2017 15:01
> *To:* Nick Hilliard; Michele Neylon - Blacknight
> *Cc:* ox; Gert Doering; anti-abuse-wg at ripe.net
> *Subject:* Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular
> abuse-c Validation)
>
>
>
> Hello Nick,
>
>
>
> We have already talked with the RIPE NCC about ARC.
>
> If the ARC would include actual contact validation, a same LIR would be
> contacted less frequently for a global audit.
>
> Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis
> will answer the question of extra work evaluation.
>
>
>
> Hervé
>
>
>
>
>
> -----Message d'origine-----
> De : anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] De la part de
> Nick Hilliard
> Envoyé : lundi 9 octobre 2017 13:01
> À : Michele Neylon - Blacknight
> Cc : ox; Gert Doering; anti-abuse-wg at ripe.net
> <mailto:anti-abuse-wg at ripe.net>
> Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c
> Validation)
>
>
>
> Michele Neylon - Blacknight wrote:
>
>> The current situation is that abuse-c can be populated with rubbish.
>
>> The email addresses can be completely non-functioning.
>
>> That is the real and current issue.
>
>
>
> the real issue is that this is a complex layer 9 problem inside each
> organisation, and although creating technological tickbox policies will
> provide a veneer of doing something, that veneer is very thin.
>
>
>
> The RIPE NCC already has a mechanism for information consistency audits,
> namely the Assisted Registry Check.
>
>
>
> Has anyone talked to the RIPE NCC about including abuse contacts in the
> ARC, and been given credible reasons as to why this wouldn't be a
> simpler, better and more effective way of dealing with issue of stale /
> inaccurate details?
>
>
>
> Nick
>
>
>
> _________________________________________________________________________________________________________________________
>
>
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc
>
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez
> recu ce message par erreur, veuillez le signaler
>
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration,
>
> Orange decline toute responsabilite si ce message a ete altere, deforme
> ou falsifie. Merci.
>
>
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law;
>
> they should not be distributed, used or copied without authorisation.
>
> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
>
> As emails may be altered, Orange is not liable for messages that have
> been modified, changed or falsified.
>
> Thank you.
>
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for
> the named recipient. If you receive this message by mistake, you may not
> use, copy, distribute or forward this message, or any part of its
> contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant
> e-mails from any computer. This message does not constitute a commitment
> by Europol unless otherwise indicated.
>
> *******************