[anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Good evening!

I fully understand that why RIPE abuse policy is a subject of community
agreement. It dates back to the history of internet and back when it was
mainly academic with few services and dependencies to the functioning of
the society and state.

Every day we in CERT-EE send out a number of notifications on infected
devices that can on the best of days are used to attack other members of
our community. Yet, there is no requirement for a LIRs to do anything
other than receive our complaints. We know that quite a few LIRs simply
ignore such notifications!

This is just one example of how todays' approach is not really working.
And the community seems not to agree anything else. That is perfectly
understandable. When once there was just academia, now the community has
grown encompassing legitimate business but also abusers who have become
part of that community. We can always find reasons (justified or not) on
why not to do anything or change anything but we have to understand that
impact of not doing anything will continue to grow. At some point, once
another attack comes where we can show that for large number of bots
we've warned and nothing was done, our political masters will also
realise that the time of self-regulation should come to an end. Some
countries have already started advocating for stronger control and
perhaps not all for the same good reason.

Kind regards,

-- 
Tõnu Tammer
CERT-EE juht / Executive Director of CERT-EE
Riigi Infosüsteemi Amet / Estonian Information System Authority

Email: tonu at cert.ee
Mobile: +372 53 284 054
Web: https://cert.ee

PGP:0x77A8997 / 9477 6B86 6A1E 849B C456  46D6 9CA8 9E41 77A8 997B

On 16.01.2020 16:28, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>
> El 16/1/20 15:25, "anti-abuse-wg en nombre de Ronald F. Guilmette" <anti-abuse-wg-bounces at ripe.net en nombre de rfg at tristatelogic.com> escribió:
>
>     In message <FE63ED86-8823-4F7D-81BD-DD08AA130FA9 at consulintel.es>, 
>     JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote:
>     
>     >I'm sure that this is the same in every EU country. Can we agree on that?
>     
>     Quite certainly not!  Doing so would break ALL established precedent!
>  
>
> I used EU on purpose here. I didn't want to say every RIPE NCC country.
>
> I really think the electricity case I've described works that way in EU countries. Anyone believes not?
>
> Any lawyer in the list can provides hints why yes or why not?
>    
>     When was the last time this working group agreed on *anything*?
>     
>     
>     Regards,
>     rfg
>     
>     
>     P.S.  And anyway, as I myself have just been reminded, RIPE != EU.
>     
>     
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
>
>
-- 
Tõnu Tammer
CERT-EE juht / Executive Director of CERT-EE
Riigi Infosüsteemi Amet / Estonian Information System Authority

Email: tonu at cert.ee
Mobile: +372 53 284 054
Web: https://cert.ee

PGP:0x77A8997 / 9477 6B86 6A1E 849B C456  46D6 9CA8 9E41 77A8 997B