<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"> </head> <body> <div dir="ltr"> <div dir="ltr">A good friend who is a former regulator told me exactly this. I’ll share that bottle with you, Serge :)</div> <div id="ms-outlook-mobile-signature"> <div> </div> <div style="direction:ltr">--srs</div> </div> </div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr">From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Thursday, November 30, 2023 3:20:29 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? <div> </div> </div> <div class="BodyFragment"> <div class="PlainText">As I said I disagree. Gmail says what you can do with their accounts, that doesn't make them a regulator. But it doesn't matter: At the end of the day it's excuses to not do anything about a growing problem. And what typically happens in such cases is that states get upset and start dictating the rules, i.e. the real regulators come out. At this point the community has pretty much lost the ability to shape the rules. I bet a good bottle of you favorite drink, that this is what will happen. Best Serge On 30.11.23 09:58, Matthias Merkel wrote: > Hi Serge, > > The difference is the scope of the rules. > > All organizations, including the RIPE NCC, enforce rules as part of > their own business, for example with customers, etc. > > What is being proposed here is imposing rules on unrelated things. Abuse > isn't inherently of the resources provided by RIPE, but rather of the > services addressed by them. It's like the postal service making rules on > what you can do at your house because it has an address assigned by them. > > This is the difference between regulator or not. The definition I cited > is from the dictionary. > > — > Maria Merkel > > This email was sent by [company]. Any statements contained in this email > are personal to the author and are not necessarily the statements of the > company unless specifically stated. > > Novecore and Staclar are collective trading names of Novecore Ltd., > registered in England and Wales under company number 11748197, Novecore > Licensing Ltd., registered in England and Wales under company number > 11544982, Staclar Carrier Ltd., registered in England and Wales under > company number 12219686, Staclar Financial Services Ltd., registered in > England and Wales under company number 13843292 (registered offices 54 > Portland Place, London, UK, W1B 1DY); Novecore Professional Services > Ltd., registered in England and Wales under company number 13965912 > (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); > Novecore (Estonia) OÜ, registered in Estonia under registry code > 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 > Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under > file number 6707907, Novecore Licensing (USA) LLC, registered in > Delaware under file number 4030866, and Staclar, Inc., registered in > Delaware under file number 7413401 (registered agents The Corporation > Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE > 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United > Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ > is registered for VAT in the European Union under VAT registration > number EE102518979. Novecore Professional Services Ltd. is a trust or > company service provider registered with and supervised by HM Revenue & > Customs under the Money Laundering, Terrorist Financing and Transfer of > Funds (Information on the Payer) Regulations 2017 (registration number > XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 > financial institution registered with and supervised by the Financial > Conduct Authority under the Money Laundering, Terrorist Financing and > Transfer of Funds (Information on the Payer) Regulations 2017 (firm > reference number 989521). Registration is not equivalent to > authorisation and is not an endorsement to do business with a firm. > Staclar Financial Services Ltd. is not an authorised person within the > meaning of the Financial Services and Markets Act 2000 and does not > review, approve, or endorse financial promotions for securities issues > it is involved in or provide any form of investment advice. > Sent from Front >> On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net >> <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>> wrote: >> >> I do not agree >> >> Every organization has rules it enforces. That doesn't make it a >> regulator. The public transport here, where I live enforces that you >> have a valid ticket. That doesn't make it the transport regulator. >> >> In fact RIPE NCC will probably enforce that you pay your fees. >> >> The issue here is, that we have two subgroups: >> >> One that thinks we should try go a bit further to ensure that people do >> what can be expected they should be doing, and another fractions that >> feels every little bit of additional load is too much and will not solve >> the problem 100%. It's like saying we give up on speed limits because it >> doesn't prevent speeding. >> >> And as long as this group cannot come up with a compromise nothing will >> change, in essence the anti-abuse wg is taken hostage by the nay sayers. >> These discussions have been going on for years. Nothing new has come out. >> >> We don't even try. We could, and then see if it makes a difference. If >> not we go back. But nope. >> >> Best >> Serge >> >> On 30.11.23 09:39, Matthias Merkel wrote: >>> >>> > Hi Leo, >>> > >>> > The definition of a regulator is an entity that sets and enforces >>> rules >>> > on the persons it supervises. >>> > >>> > If the RIPE NCC goes further than just providing numbers, and instead >>> > enforces rules on usage associated with them (note that this doesn't >>> > even concern the use of the numbers themselves, but rather services >>> > addressed by them), it will, by definition, be a regulator. >>> > >>> > I'm not sure that there will be consensus on wanting the NCC to >>> become a >>> > regulator. >>> > >>> > — >>> > Maria Merkel >>> > >>> > This email was sent by Staclar, Inc. Any statements contained in this >>> > email are personal to the author and are not necessarily the >>> statements >>> > of the company unless specifically stated. >>> > >>> > Novecore and Staclar are collective trading names of Novecore Ltd., >>> > registered in England and Wales under company number 11748197, >>> Novecore >>> > Licensing Ltd., registered in England and Wales under company number >>> > 11544982, Staclar Carrier Ltd., registered in England and Wales under >>> > company number 12219686, Staclar Financial Services Ltd., >>> registered in >>> > England and Wales under company number 13843292 (registered offices 54 >>> > Portland Place, London, UK, W1B 1DY); Novecore Professional Services >>> > Ltd., registered in England and Wales under company number 13965912 >>> > (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 >>> 6FA); >>> > Novecore (Estonia) OÜ, registered in Estonia under registry code >>> > 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, >>> 10117 >>> > Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under >>> > file number 6707907, Novecore Licensing (USA) LLC, registered in >>> > Delaware under file number 4030866, and Staclar, Inc., registered in >>> > Delaware under file number 7413401 (registered agents The Corporation >>> > Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE >>> > 19801, USA). Novecore Licensing Ltd. is registered for VAT in the >>> United >>> > Kingdom under VAT registration number 347 4545 80. Novecore >>> (Estonia) OÜ >>> > is registered for VAT in the European Union under VAT registration >>> > number EE102518979. Novecore Professional Services Ltd. is a trust or >>> > company service provider registered with and supervised by HM >>> Revenue & >>> > Customs under the Money Laundering, Terrorist Financing and >>> Transfer of >>> > Funds (Information on the Payer) Regulations 2017 (registration number >>> > XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 >>> > financial institution registered with and supervised by the Financial >>> > Conduct Authority under the Money Laundering, Terrorist Financing and >>> > Transfer of Funds (Information on the Payer) Regulations 2017 (firm >>> > reference number 989521). Registration is not equivalent to >>> > authorisation and is not an endorsement to do business with a firm. >>> > Staclar Financial Services Ltd. is not an authorised person within the >>> > meaning of the Financial Services and Markets Act 2000 and does not >>> > review, approve, or endorse financial promotions for securities issues >>> > it is involved in or provide any form of investment advice. >>> > Sent from Front >>> >> On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net >>> <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>> >>> >> <<a href=""></a>mailto:anti-abuse-wg@ripe.net <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>>> wrote: >>> >> >>> >> Hi Leo, >>> >> >>> >> I don’t see it as a regulator, I see it as one of the functions of a >>> >> RIR. Not just provide numbers, but also ensure that they are being >>> >> used fairly and according community agreed policies. Otherwise we >>> >> could also say that other reasons for recovery are invalid because we >>> >> become a regulator, right? >>> >> >>> >> Each RIR has measured the “level of adoption” as they progressed with >>> >> the initial verification (and this was presented at least a couple of >>> >> times in every RIR), so there are slides in each of them, showing the >>> >> progress. I can try to find them for you in the previous year's >>> events >>> >> if you can’t find them. Also my personal experience reporting over >>> >> 1.500 abuse cases, average per day, shows that I get more >>> >> “happy-ending” responses from those regions than before and keeps >>> >> going better and better, which is not the case from RIPE >>> unfortunately. >>> >> >>> >> Regards, >>> >> Jordi >>> >> >>> >> @jordipalet >>> >> >>> >>> >>> >>> > El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org >>> <<a href="mailto:leo@vegoda.org">mailto:leo@vegoda.org</a>> >>> >>> <<a href=""></a>mailto:leo@vegoda.org <<a href="mailto:leo@vegoda.org">mailto:leo@vegoda.org</a>>>> escribió: >>> >>> > >>> >>> > Hi Jordi, >>> >>> > >>> >>> > >>> >>> > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg >>> >>> <anti-abuse-wg@ripe.net <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>> >>> <<a href=""></a>mailto:anti-abuse-wg@ripe.net <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>>>> wrote: >>> >>> >> >>> >>> >> I agree that the carrot is better than the stick, but if the >>> >>> carrot doesn’t work, we need to use the stick. >>> >>> >> >>> >>> >> My original proposal was basically enforcing the NCC to reclaim >>> >>> the resources when there is a persistent violation of resolving >>> abuse >>> >>> cases. This can be progressive, such as not allowing to update >>> >>> objects in the database, etc. No need to go with “a single failure >>> >>> means you lose your resources”. >>> >>> > >>> >>> > How could we do this without the RIPE NCC becoming some kind of >>> >>> regulator? Or is the proposal to make the RIPE NCC a private sector >>> >>> regulator? >>> >>> > >>> >>> >> As said, this is working in other 2 regions, one more coming >>> >>> (pending of the AFRINIC board ratification). Why should not work in >>> >>> this region the same? Also the PoC in ARIN works in a similar way, >>> >>> and being non-responsive means you get some “members” rights >>> restricted. >>> >>> > >>> >>> > Who has been measuring the reduction is abuse? How tightly is that >>> >>> drop in abuse linked to this policy action rather than other factors? >>> >>> > >>> >>> > Kind regards, >>> >>> > >>> >>> > Leo >>> >>> > >>> >>> >>> >>> ********************************************** >>> >>> IPv4 is over >>> >>> Are you ready for the new Internet ? >>> >>> <a href="http://www.theipv6company.com">http://www.theipv6company.com</a> <<a href="http://www.theipv6company.com/">http://www.theipv6company.com/</a>> >>> <<a href=""></a>http://www.theipv6company.com/ <<a href="http://www.theipv6company.com/">http://www.theipv6company.com/</a>>> >>> >>> The IPv6 Company >>> >>> >>> >>> This electronic message contains information which may be privileged >>> >>> or confidential. The information is intended to be for the exclusive >>> >>> use of the individual(s) named above and further non-explicilty >>> >>> authorized disclosure, copying, distribution or use of the contents >>> >>> of this information, even if partially, including attached files, is >>> >>> strictly prohibited and will be considered a criminal offense. If >>> you >>> >>> are not the intended recipient be aware that any disclosure, >>> copying, >>> >>> distribution or use of the contents of this information, even if >>> >>> partially, including attached files, is strictly prohibited, will be >>> >>> considered a criminal offense, so you must reply to the original >>> >>> sender to inform about this communication and delete it. >>> >>> >>> >>> -- >>> >>> >>> >>> To unsubscribe from this mailing list, get a password reminder, or >>> >>> change your subscription options, please visit: >>> >>> <a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a> >>> <<a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a>> >>> >>> <<a href=""></a>https://mailman.ripe.net/ >>> <<a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a>>> >>> > >>> >>> -- >>> Dr. Serge Droz >>> Member, FIRST Board of Directors >>> <a href="https://www.first.org">https://www.first.org</a> <<a href="https://www.first.org/">https://www.first.org/</a>> >>> >>> -- >>> >>> To unsubscribe from this mailing list, get a password reminder, or >>> change your subscription options, please visit: >>> <a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a> >>> <<a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a>> > -- Dr. Serge Droz Member, FIRST Board of Directors <a href="https://www.first.org">https://www.first.org</a> -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/">https://mailman.ripe.net/</a> </div> </div> </body> </html>