This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Adding a "Security Information" contact?

Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Suresh Ramasubramanian ops.lists at gmail.com
Tue Jun 7 13:35:26 CEST 2022

This is correct but additionally, I don’t see how adding a separate security contact resolves the problem of outdated or misdirected (as in, not from your network) compromise incident reports.

You don’t have to break into your customers offices to patch their machines. You can just as well acl those IPs off till your customer has patched the vuln.  Might even deploy a walled garden like Comcast implemented over a decade back, if you’re a large SP.

--srs
________________________________
From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Steve Atkins <steve at blighty.com>
Sent: Tuesday, June 7, 2022 4:50:58 PM
To: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net>
Subject: Re: [anti-abuse-wg] Adding a "Security Information" contact?

> On 7 Jun 2022, at 12:14, Gert Doering <gert at space.net> wrote:
>
> Hi,
>
> On Tue, Jun 07, 2022 at 11:02:19AM +0000, Ángel González Berdasco via anti-abuse-wg wrote:
>> I don't think the problem would be to add a new attribute if needed.
>> The problem would be to *define* what should go there (and then get
>> everyone downstream to use that new attribute)
>
> This...  so, what would you suggest?

It would be nice, both for abuse contacts, and the potential security contact, to be able to advertise that you
accept machine readable reports, what formats and how to accept them. There’s an obvious advantage
for the abuse/security desk consuming reports for that, but it would also be an improvement in many ways
for generators of reports over the current system where abuse-c contains an email address, and that email
address is just an autoresponder saying that mail sent there isn’t read (but there’s this other channel over
here you can use).

I’ve a nasty feeling that any email address added as a security contact will be used as an additional
place to report spam coming from the network, which might not be what the people on the end of that
alias really need more of.

Cheers,
  Steve
--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20220607/5ff32f84/attachment.html>

Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]