This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Proposal: Publish effective users' abuse-c
- Previous message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
- Next message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Fri Jan 21 13:31:12 CET 2022
Hi Ángel, On Thu 20/Jan/2022 16:27:59 +0100 Ángel González Berdasco wrote: > Alessandro Vesely wrote: >> >> I propose that RIPE accepts abuse-c email addresses from verified effective >> users of a range of IP numbers, stores them in the database, and serves them in >> RDAP/ WHOIS queries besides the abuse-c addresses provided by the ISP. Various >> automated methods can be adopted to allow an effective user to be verified; for >> example publishing an HTTP URL or a DNS entry. Abuse contacts added that way >> can expire after a few months, forcing the effective user to renew them, so as >> to avoid stale entries. > > I think you should describe how this proposal differs from what is > available nowadays. Wouldn't they already be able to configure verified > effective users for the IP addresses (e.g. with an abuse-c of the > client and another of theirs) ? > > They may be unwilling to do so or consider it a hurdle, requiring them > to create new objects and so on, but what makes you believe they would > be willing to use that new system? Curiously, IME, they're keen on doing RFC 2317 delegations, but refrain from assigning abuse-c attributes. I don't know if those belong to different departments or if there's just a different policy. The concept that they are safer holding abuse-c for themselves was expressed on mailop recently. If I were an ISP, I'd set up different abuse-c addresses for each customer, something like abuse-customer at isp.example, with possible auto-forward to a customer supplied address. But I'm not. RDAP allows some leeway in responses, so that something could be set to indicate whether a vcard entry belongs to the ISP or to the final operator. I don't think ARIN or other RIRs are already featuring that kind of facility. Is it because nobody asked? Best Ale --
- Previous message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
- Next message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]