<!--[if (gte mso 9)|(IE)]><style type="text/css">.main-style-4e9000d604178cbe205e { font-family: sans-serif; font-size: 11pt; /* inherit */ }</style><![endif]-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div style="/* inherit */" class="main-style-4e9000d604178cbe205e">
<div>That would not make them regulators because those are rules on the addresses themselves, which are services provided by the RIR. </div>
<div><br>
</div>
<div>Enforcing a certain type of abuse handling or prevention would be rules on the services addressed by the addresses, which are not part of the services provided by the RIR. </div>
<div><br>
</div>
<div>Arguably a proposal to simply require verification of the abuse mailbox does not make the NCC a regulator (and, in fact, I think the NCC already does this with ASNs), but I do not see how this would be an effective measure. </div>
<div><br>
</div>
<div>Making further requirements would make the NCC a regulator, and this may be dangerous precedent. Once this happens, there may be calls for additional regulation by the NCC, both from the community and governments, but also from third parties, and the NCC
is frankly not equipped to deal with this, nor is this desirable in my opinion. There could even be calls for the NCC to become responsible for enforcing certain EU regulations.</div>
<div><br>
</div>
<div>Regulation through supervision makes it much harder to enter an industry, and it is expensive for both the supervisor and the supervised. Our group is regulated by several governments for various functions in financial and professional services, as well
as for network operations - which, in some countries, require government supervision, and by ICANN (which, among other things, is an industry regulator) as a domain registrar, and I can tell you that the effort in dealing with supervisors alone is significant. </div>
<div></div>
<br>
<div class="front-signature">
<div>�</div>
<div>Maria Merkel</div>
<div><img style="width: 118px; height: 14.75px;" src="https://cdn.staclar.com/logos/novecore/newlogo.png"></div>
<div><br>
</div>
<div><span style="font-size: 10px;">This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.</span></div>
<div><span style="font-size: 10px;"><br>
</span></div>
<div><span style="font-size: 10px;">Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar
Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services
Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) O�, registered in Estonia under registry code 16543205 (local contact Baltic Business Services O�,
Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401
(registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) O� is registered
for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer
of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist
Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised
person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.</span></div>
</div>
</div>
<img alt="Sent from Front" aria-hidden="true" style="width: 1px; height: 1px" src="https://app.frontapp.com/api/1/noauth/companies/2fa1142cccd8fdcdb954/seen/msg_123r7j9m/0/accfe0bd.gif"><br>
<blockquote type="cite" class="front-blockquote">On November 30, 2023 at 10:07 AM GMT+1
<a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noopener noreferrer">
anti-abuse-wg@ripe.net</a> wrote:<br>
<br>
<div id="fae_123r7j9m-mtq6eb">
<div>
<div></div>
<div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="fafxdvc0 front-email-body">
In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses (unless for �connected customers�) is not allowed.
<div><br>
</div>
<div>If you do so, and the staff realize it, or somebody reports it to the staff, then you will get a warning, or a few of them across a certain period of time, you will get probably other policy-compliance reviewed, and then if you still not correct the situation,
there will be a reclamation process.</div>
<div><br>
</div>
<div>So are the other RIRs regulators, and not RIPE NCC? I don�t think so, and I really don�t care if we call it regulator or not, it is a matter of ensuring that the resources are provided under certain rules and in the end, we enforce them.</div>
<div><br id="lineBreakAtBeginningOfMessage">
<div>
<div>Regards,<br>
Jordi<br>
<br>
@jordipalet<br>
<br>
</div>
</div>
<div><br>
<blockquote type="cite" class="front-blockquote">
<div>El 30 nov 2023, a las 9:58, Matthias Merkel <<a href="mailto:matthias.merkel@staclar.com" target="_blank" rel="noopener noreferrer">matthias.merkel@staclar.com</a>> escribi�:</div>
<br class="fabup5w">
<div>
<div>
<div style="/* inherit */" class="fa3xeuse">
<div>Hi Serge,</div>
<div><br>
</div>
<div>The difference is the scope of the rules.</div>
<div><br>
</div>
<div>All organizations, including the RIPE NCC, enforce rules as part of their own business, for example with customers, etc.</div>
<div><br>
</div>
<div>What is being proposed here is imposing rules on unrelated things. Abuse isn't inherently of the resources provided by RIPE, but rather of the services addressed by them. It's like the postal service making rules on what you can do at your house because
it has an address assigned by them.</div>
<div><br>
</div>
<div>This is the difference between regulator or not. The definition I cited is from the dictionary.</div>
<br>
<div class="front-signature">
<div>�</div>
<div>Maria Merkel</div>
<div><img style="width: 118px; height: 14.75px;" src="https://cdn.staclar.com/logos/novecore/newlogo.png"></div>
<div><br>
</div>
<div><span style="font-size: 10px;">This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.</span></div>
<div><br>
</div>
<div><span style="font-size: 10px;">Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar
Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services
Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) O�, registered in Estonia under registry code 16543205 (local contact Baltic Business Services O�,
Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401
(registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) O� is registered
for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer
of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist
Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised
person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.</span></div>
</div>
</div>
<img alt="Sent from Front" style="width: 1px; height: 1px" src="https://app.frontapp.com/api/1/noauth/companies/2fa1142cccd8fdcdb954/seen/msg_123qy2kq/0/b45e087d.gif"><br>
<blockquote type="cite" class="front-blockquote">On November 30, 2023 at 9:54 AM GMT+1
<a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noopener noreferrer">
anti-abuse-wg@ripe.net</a> wrote:<br>
<br>
<div id="fae_123r7j9ma2kcbw">I do not agree<br>
<br>
Every organization has rules it enforces. That doesn't make it a <br>
regulator. The public transport here, where I live enforces that you <br>
have a valid ticket. That doesn't make it the transport regulator.<br>
<br>
In fact RIPE NCC will probably enforce that you pay your fees.<br>
<br>
The issue here is, that we have two subgroups:<br>
<br>
One that thinks we should try go a bit further to ensure that people do <br>
what can be expected they should be doing, and another fractions that <br>
feels every little bit of additional load is too much and will not solve <br>
the problem 100%. It's like saying we give up on speed limits because it <br>
doesn't prevent speeding.<br>
<br>
And as long as this group cannot come up with a compromise nothing will <br>
change, in essence the anti-abuse wg is taken hostage by the nay sayers.<br>
These discussions have been going on for years. Nothing new has come out.<br>
<br>
We don't even try. We could, and then see if it makes a difference. If <br>
not we go back. But nope.<br>
<br>
Best<br>
Serge<br>
<br>
On 30.11.23 09:39, Matthias Merkel wrote:
<blockquote type="cite" class="front-blockquote"><br>
> Hi Leo,<br>
> <br>
> The definition of a regulator is an entity that sets and enforces rules <br>
> on the persons it supervises.<br>
> <br>
> If the RIPE NCC goes further than just providing numbers, and instead <br>
> enforces rules on usage associated with them (note that this doesn't <br>
> even concern the use of the numbers themselves, but rather services <br>
> addressed by them), it will, by definition, be a regulator.<br>
> <br>
> I'm not sure that there will be consensus on wanting the NCC to become a <br>
> regulator.<br>
> <br>
> �<br>
> Maria Merkel<br>
> <br>
> This email was sent by Staclar, Inc. Any statements contained in this <br>
> email are personal to the author and are not necessarily the statements <br>
> of the company unless specifically stated.<br>
> <br>
> Novecore and Staclar are collective trading names of Novecore Ltd., <br>
> registered in England and Wales under company number 11748197, Novecore <br>
> Licensing Ltd., registered in England and Wales under company number <br>
> 11544982, Staclar Carrier Ltd., registered in England and Wales under <br>
> company number 12219686, Staclar Financial Services Ltd., registered in <br>
> England and Wales under company number 13843292 (registered offices 54 <br>
> Portland Place, London, UK, W1B 1DY); Novecore Professional Services <br>
> Ltd., registered in England and Wales under company number 13965912 <br>
> (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); <br>
> Novecore (Estonia) O�, registered in Estonia under registry code <br>
> 16543205 (local contact Baltic Business Services O�, Narva mnt 5, 10117 <br>
> Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under <br>
> file number 6707907, Novecore Licensing (USA) LLC, registered in <br>
> Delaware under file number 4030866, and Staclar, Inc., registered in <br>
> Delaware under file number 7413401 (registered agents The Corporation <br>
> Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE <br>
> 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United <br>
> Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) O� <br>
> is registered for VAT in the European Union under VAT registration <br>
> number EE102518979. Novecore Professional Services Ltd. is a trust or <br>
> company service provider registered with and supervised by HM Revenue & <br>
> Customs under the Money Laundering, Terrorist Financing and Transfer of <br>
> Funds (Information on the Payer) Regulations 2017 (registration number <br>
> XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 <br>
> financial institution registered with and supervised by the Financial <br>
> Conduct Authority under the Money Laundering, Terrorist Financing and <br>
> Transfer of Funds (Information on the Payer) Regulations 2017 (firm <br>
> reference number 989521). Registration is not equivalent to <br>
> authorisation and is not an endorsement to do business with a firm. <br>
> Staclar Financial Services Ltd. is not an authorised person within the <br>
> meaning of the Financial Services and Markets Act 2000 and does not <br>
> review, approve, or endorse financial promotions for securities issues <br>
> it is involved in or provide any form of investment advice.<br>
> Sent from Front<br>
>> On November 30, 2023 at 9:36 AM GMT+1 <a rel="noopener noreferrer" href="mailto:anti-abuse-wg@ripe.net" target="_blank">
anti-abuse-wg@ripe.net</a> <br>
>> <<a rel="noopener noreferrer" href="mailto:anti-abuse-wg@ripe.net" target="_blank">mailto:anti-abuse-wg@ripe.net</a>> wrote:<br>
>><br>
>> Hi Leo,<br>
>><br>
>> I don�t see it as a regulator, I see it as one of the functions of a <br>
>> RIR. Not just provide numbers, but also ensure that they are being <br>
>> used fairly and according community agreed policies. Otherwise we <br>
>> could also say that other reasons for recovery are invalid because we <br>
>> become a regulator, right?<br>
>><br>
>> Each RIR has measured the �level of adoption� as they progressed with <br>
>> the initial verification (and this was presented at least a couple of <br>
>> times in every RIR), so there are slides in each of them, showing the <br>
>> progress. I can try to find them for you in the previous year's events <br>
>> if you can�t find them. Also my personal experience reporting over <br>
>> 1.500 abuse cases, average per day, shows that I get more <br>
>> �happy-ending� responses from those regions than before and keeps <br>
>> going better and better, which is not the case from RIPE unfortunately.<br>
>><br>
>> Regards,<br>
>> Jordi<br>
>><br>
>> @jordipalet<br>
>><br>
>>><br>
>>> > El 29 nov 2023, a las 16:09, Leo Vegoda <<a rel="noopener noreferrer" href="mailto:leo@vegoda.org" target="_blank">leo@vegoda.org</a>
<br>
>>> <<a rel="noopener noreferrer" href="mailto:leo@vegoda.org" target="_blank">mailto:leo@vegoda.org</a>>> escribi�:<br>
>>> ><br>
>>> > Hi Jordi,<br>
>>> ><br>
>>> ><br>
>>> > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <br>
>>> <<a rel="noopener noreferrer" href="mailto:anti-abuse-wg@ripe.net" target="_blank">anti-abuse-wg@ripe.net</a> <<a rel="noopener noreferrer" href="mailto:anti-abuse-wg@ripe.net" target="_blank">mailto:anti-abuse-wg@ripe.net</a>>> wrote:<br>
>>> >><br>
>>> >> I agree that the carrot is better than the stick, but if the <br>
>>> carrot doesn�t work, we need to use the stick.<br>
>>> >><br>
>>> >> My original proposal was basically enforcing the NCC to reclaim <br>
>>> the resources when there is a persistent violation of resolving abuse <br>
>>> cases. This can be progressive, such as not allowing to update <br>
>>> objects in the database, etc. No need to go with �a single failure <br>
>>> means you lose your resources�.<br>
>>> ><br>
>>> > How could we do this without the RIPE NCC becoming some kind of <br>
>>> regulator? Or is the proposal to make the RIPE NCC a private sector <br>
>>> regulator?<br>
>>> ><br>
>>> >> As said, this is working in other 2 regions, one more coming <br>
>>> (pending of the AFRINIC board ratification). Why should not work in <br>
>>> this region the same? Also the PoC in ARIN works in a similar way, <br>
>>> and being non-responsive means you get some �members� rights restricted.<br>
>>> ><br>
>>> > Who has been measuring the reduction is abuse? How tightly is that <br>
>>> drop in abuse linked to this policy action rather than other factors?<br>
>>> ><br>
>>> > Kind regards,<br>
>>> ><br>
>>> > Leo<br>
>>> ><br>
>>><br>
>>> **********************************************<br>
>>> IPv4 is over<br>
>>> Are you ready for the new Internet ?<br>
>>> <a rel="noopener noreferrer" href="http://www.theipv6company.com/" target="_blank">
http://www.theipv6company.com</a> <<a rel="noopener noreferrer" href="http://www.theipv6company.com/" target="_blank">http://www.theipv6company.com/</a>><br>
>>> The IPv6 Company<br>
>>><br>
>>> This electronic message contains information which may be privileged <br>
>>> or confidential. The information is intended to be for the exclusive <br>
>>> use of the individual(s) named above and further non-explicilty <br>
>>> authorized disclosure, copying, distribution or use of the contents <br>
>>> of this information, even if partially, including attached files, is <br>
>>> strictly prohibited and will be considered a criminal offense. If you <br>
>>> are not the intended recipient be aware that any disclosure, copying, <br>
>>> distribution or use of the contents of this information, even if <br>
>>> partially, including attached files, is strictly prohibited, will be <br>
>>> considered a criminal offense, so you must reply to the original <br>
>>> sender to inform about this communication and delete it.<br>
>>><br>
>>> -- <br>
>>><br>
>>> To unsubscribe from this mailing list, get a password reminder, or <br>
>>> change your subscription options, please visit: <br>
>>> <a rel="noopener noreferrer" href="https://mailman.ripe.net/" target="_blank">
https://mailman.ripe.net/</a> <br>
>>> <<a rel="noopener noreferrer" href="https://mailman.ripe.net/" target="_blank">https://mailman.ripe.net/</a>><br>
> <br>
<br>
-- <br>
Dr. Serge Droz<br>
Member, FIRST Board of Directors<br>
<a rel="noopener noreferrer" href="https://www.first.org/" target="_blank">https://www.first.org</a><br>
<br>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit:
<a rel="noopener noreferrer" href="https://mailman.ripe.net/" target="_blank">
https://mailman.ripe.net/</a><br>
</blockquote>
</div>
</blockquote>
</div>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit:
<a href="https://mailman.ripe.net/" target="_blank" rel="noopener noreferrer">
https://mailman.ripe.net/</a><br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com/" target="_blank" rel="noopener noreferrer">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of
the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents
of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
</div>
</div>
</div>
</blockquote>
</body>
</html>