This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at foobar.org
Fri Jan 19 18:26:47 CET 2018
Brian Nisbet wrote: > Given the NCC have repeatedly said that the ARC is not a suitable way to > validate the abuse contact and have proposed an alternative method, > supported by the ARC process, do you have any comment on the actually > proposed process? Honestly, it's hard to tell. After looking at the text from the "Validation method" section of the proposal, it looks like the RIPE NCC may be suggesting doing something like issuing an SMTP RCPT command to see if the mail server rejects the email address. If this is the case, it is likely to provide plenty of false positives albeit no false negatives. I.e. if it fails this test, then the email address is categorically not working, but if it passes this test, then there is no guarantee that the email address is working, for a very limited definition of the word. Because of a lack of details, is not possible to tell if this is the actual method being suggested, but it is not incompatible with what is being proposed in the PP document. What's absent from this process is any mechanism to link the email address to the sorts of metrics and expected results described in presentations given by the authors, e.g. the presentation given in the RIPE75 AAWG session. What's also absent is a clear statement that the email address which has been "validated" isn't necessarily connected to anyone in the organisation handling abuse or that it may not actual function at all in any meaningful way. This isn't intended to rubbish what the RIPE NCC are proposing: they've been asked to do something which is fundamentally almost impossible to do in a meaningful way, and have suggested that by redefining the problem into something which can largely automated, that a practically impossible task can be turned into something feasible. The problem is that there is now a substantial mismatch between the stated aims of the policy proposal and the proposed validation method. I'm going to object to this version of the policy proposal too. Partly on these grounds, and partly due to the observation that few, if any, of the substantial objections made by numerous people to version 1.0 have been resolved either. If the latter needs fleshing out for the purposes of ensuring that these remain registered as formal unresolved objections, it would be helpful to know, because a bunch of these problems really haven't been addressed at all. Nick
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]