This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] Fwd: [ripe-list] Network security and Brussels
- Next message (by thread): [anti-abuse-wg] 2017-02: what does it achieve?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mounier, Grégory
gregory.mounier at europol.europa.eu
Tue Sep 19 16:22:46 CEST 2017
Hi everyone, Thank you all very much for your comments, suggestions and constructive 'criticisms'. Hervé and I have carefully read and assessed your points and we would like to provide the following answers and clarifications. First of all, thanks to all those would spoke in support of the proposal to mandate RIPE NCC to validate abuse-c contact. We wanted to stress that this proposal is basically our contribution to help RIPE NCC to implement some of its 2017 priorities such "maintaining a strong, secure and accurate registry" and "playing an active role in enhancing RIR stability through good governance and accountability". We hope that every attempts to pursue these goals will be welcomed by the community. Now turning to some specific questions: Sergey and Erik asked how would RIPE NCC deal with uncooperative legacy holders. We need to clarify that RIPE NCC members and PI will be impacted by the proposal. When it comes to legacy holders, while drafting the proposal we thought that the improvement of trust and safety of the IP space is a priority for the community in general and for LRH particularly. We think that this proposal would not impose an unreasonable burden on operators (confirmed by Andre and Michele's input) and could therefore be easily implemented by everybody (or at least the vast majority). Overall, this would be an improvement - yet not perfect - for the community as a whole. Sascha asked how RIPE NCC would proceed such validations. As explained by Marco and Brian, the specific procedure would be addressed by RIPE NCC in their impact analysis (IA). Initially we wanted to briefly describe a procedure but refrained from doing so because we thought that it would be a step too far and that it was for those who would conduct the validation process to come up with the right procedure. Nick and Erik proposed to include abuse-c validation in the Assisted Registry Check (aka ARC). The RIPE NCC confirmed that ARC is a rather light-weight procedure which only includes questions as to know if contact information are still correct without any specific check. Furthermore, it would take many years before all RIPE NCC members are checked via ARC at the current rate. For those who are alarmed that resources would be deregistered right after it would be tagged as invalid, we anticipated your concerns and specifically wrote: "In cases where the abuse-mailbox: contact attribute is invalid, the RIPE NCC will follow up with the resource holder and attempt to correct the issue" (thanks Andreas). We felt that this would give ample room for RIPE NCC to implement a gradual approach, in a flexible manner, where dialogue with the resource holders would be a priority. Deregistration of resources would only come in last resort, in cases where obvious uncooperative behaviour would have been clearly documented by RIPE NCC and not because the abuse email would not work (confirmed by Marco/NCC in his email dated 8 September). That's not what we would call a "highly aggressive approach", on the contrary. Sascha underlined that abuse-c was likely to point at a NOC or support desk and he felt that this proposal put too much pressure on that role. The point is that admin-c is the legal contact and that the actions or inactions of a support/abuse desk shouldn't be responsible for attention from the NCC leading to possible deregistration. We don't believe this is a valid argument, but we think the NCC may need to give some clarity that in case there were no response to a mail to abuse-c, contacting admin-c would be part of the process. Thanks again for all your feedback and for the discussion. We're looking forward to receiving more comments and questions and we will try to provide answers (quicker). Greg and Hervé Thursday, September 7, 2017, 1:59:07 PM, you wrote: MS> Dear colleagues, MS> A new RIPE Policy proposal, 2017-02, "Regular abuse-c Validation", is now available for discussion. MS> The goal of this proposal is to give the RIPE NCC a mandate to MS> regularly validate "abuse-c:" information and to follow up in cases where contact information is found to be invalid. MS> You can find the full proposal at: MS> https://www.ripe.net/participate/policies/proposals/2017-02 MS> As per the RIPE Policy Development Process (PDP), the purpose of MS> this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. MS> At the end of the Discussion Phase, the proposer, with the agreement MS> of the RIPE Working Group Chairs, decides how to proceed with the proposal. MS> We encourage you to review this proposal and send your comments to MS> <anti-abuse-wg at ripe.net> before 6 October 2017. MS> Kind regards, MS> Marco Schmidt MS> Policy Development Officer MS> RIPE NCC MS> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. *******************
- Previous message (by thread): [anti-abuse-wg] Fwd: [ripe-list] Network security and Brussels
- Next message (by thread): [anti-abuse-wg] 2017-02: what does it achieve?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]