RIPE 74 minutes Anti-abuse 11 May, 11:00 – 12:30 Opening Brian Nisbet and Tobias Knecht opened the meeting and the Working Group agreed to the draft agenda. The minutes for the RIPE73 meeting were approved. B1. Recent list Discussion? A video record of Brian’s presentation is available at https://ripe74.ripe.net/archives/video/408 Brian gave a brief overview of what happened since the RIPE 73 meeting in Madrid and encouraged people to continue the good work. Brian mentioned that unfortunately some mailing list participants made a number of inappropriate personal comments and that after talking to this person, the persistence of this behaviour led to the decision to remove this person from the list. Brian stressed this was not and by no means an attempt to censor the discussion and this was only done because of the inappropriate ad-hominem attacks that violated the code-of-conduct. Brian also pointed out a recent post on a survey regarding hijacking and encouraged the community to participate. He further explained that there were relevant discussions going on in the Database WG regarding abuse-c. He clarified that the co-chairs decided to keep the discussion in the Database WG and encouraged to community to participate there. D1. Working Groups David’s presentation on DB and Implementation of "abuse-c" is available at https://ripe74.ripe.net/archives/video/132 David Hilario (co-chair RIPE Database Working Group) introduced the discussion regarding abuse-c currently taking place in their group. He briefly explained there were some concerns in the way abuse-c was currently implemented, especially when people required multiple abuse-c entries. He pointed out that the Database WG had a proposed solution and asked the anti-abuse community to comment on the proposal. Filiz Yilmaz (Akamai) asked if there would be an Impact Analysis, raising concerns about potential impact on the RIPE NCC. Brian answered that the current proposal was limited to the technical implementation of the current policy. D2. RIPE NCC LEA Interactions Update Richard’s presentation is available at https://ripe74.ripe.net/archives/video/133 Richard Leaning (RIPE NCC) presented about the current interactions between the RIPE NCC and the law enforcement community Maksym Tuliev (Netassist) asked what is the criteria are for RIPE NCC to disclose information. Richard answered most information is public, for non-public it has to be through a Dutch court. Brian asked if he could clarify how requests for non-public data are handled. Athina Fragkouli (RIPE NCC) said they explained the procedure as it is documented and advise them to contact the NL authorities. Brian thanked Richard and said he appreciated the openness on this subject. E1. Network and Information Security Directive The presentation by Nathalie Falot (NL NCSC ) is available at https://ripe74.ripe.net/archives/video/135 Cyrus Hall (Twitch), pointing to the fact citizens cannot influence the parameters, asked if that wasn’t anti-democratic. Nathalie answered that while V&J went for critical, each sectoral department had their own responsibility to choose their own classification. Malcolm Hutty (LINX) asked whether there was a separation in the requirements for being identified as an Essential Service Provider or if this would just apply to everyone. Nathalie answered that both criteria applied, meaning that as a service provider you need to be mentioned in annex 2 of the Directive and that you are above the threshold in terms of scale. Malcom further asked a clarification regarding point 5.2 and asked what service was referred to when they consider impact. Nathalie answered she didn’t know, but legal implementation of “service” would be any service you offer Mohsen Souisi (AFNIC) asked how gTLD operators would be determined to be in scope and if there would be multiple notification requirements if they would all apply simultaneously. Nathalie said the Directive spoke off “service offered in the member state” and that could therefor also apply to operators outside of the member state. Regarding the multiple notifications to different bodies, she mentioned that there are arrangements being worked on how to organise the process when multiple authorities are involved, including a one-stop-shop model, but that CSIRT should not be part of that. X. AOB There were no AOB. Brian closed the meeting and reminded people to submit topics for the RIPE 75 agenda.