<html theme="default-light" iconset="color"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body style="font-family: Calibri; font-size: 14px;"
text="#485663"><div style="font-size: 14px;font-family: Calibri;">Serge,<br><br>there's
been extensive debate on AAWG over the years about the principles
behind your additional suggestions below, but very little consensus. If
sanctioning is added to the charter of a new security-wg, this lack of
consensus is likely to continue, and the only outcome will be that the
WG will be distracted from other productive output. I understand why you
might want it in there, but punitive action is not within the remit of
the RIPE NCC. Similarly on point 2, advocacy is important, but
requirement / enforcement is out of scope for both the RIPE Community
and RIPE NCC.<br><br>Nick<br><br><span>Serge Droz via anti-abuse-wg
wrote on 10/05/2024 07:21:</span><br><blockquote type="cite"
cite="mid:4112d3f9-fe66-4dc7-8b2c-b70ad4beac9f@first.org"><meta
http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Hi Leo</p>
<p>It's more about sharpening the focus. I colored this red below. I
feel eventually the RIPE NCC must adapt stronger policies to
punish non-action or disregard of action. I think it would be
better if this WG comes up with such policies which the RIPE NCC
can then adopt (or not) rather than the RIPE NCC having to react
to external pressure, e.g. from policy makers, in particular the
EU. I'm sure one can formulate this much better. I firmly believe,
that there is no way around stronger regulation, and I'd much
rather see this coming from this community than form the outside.
The regulators i see and work with are increasingly irritated and
react with totally inadequate demands, which I wont reproduce
here.<br>
</p>
<ol>
<li>Identifying and analyzing emerging security threats and
vulnerabilities affecting Internet infrastructure.<br>
</li>
<li>Collaborating with stakeholders, <font color="#ff0004">in
particular the RIPE community</font>, to develop and advocate
<font color="#ff0004">and implement</font> best practices,
guidelines, and standards for securing Internet resources.</li>
<li>Facilitating information sharing and cooperation among network
operators, law enforcement, and relevant entities to mitigate
security risks.</li>
<li>Providing education, training, and outreach initiatives to
raise awareness of security issues and promote best practices
adoption.</li>
<li><font color="#ff0004">Develop policies recommendations to the
RIPE NCC that help enforcing good behavior and sanction
disregard for faccepted security standards. This includes the
definition of acceptable minimal standards. </font><br>
</li>
</ol>
<div class="moz-cite-prefix">Best regards</div>
<div class="moz-cite-prefix">Serge<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 09.05.24 21:39, Leo Vegoda wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPfiqja+XNtKLoYaKgTMYqCEGCJz4y2zOK==M4kpT9xrpMWieA@mail.gmail.com"><pre class="moz-quote-pre" wrap="">Hi Serge,
On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg
<a class="moz-txt-link-rfc2396E" href="mailto:anti-abuse-wg@ripe.net" moz-do-not-send="true"><anti-abuse-wg@ripe.net></a> wrote:
</pre>
<blockquote type="cite"><pre class="moz-quote-pre" wrap="">Hi Leo
We can only recommend the community, obviously.
</pre></blockquote>
<pre class="moz-quote-pre" wrap="">I agree.
</pre>
<blockquote type="cite"><pre class="moz-quote-pre" wrap="">So these aare the best
practices
We can recommend that RIPE NCC changes its rules and procedures to
address certain issues.
As a WG, if I'm correct we have no other power.
</pre></blockquote>
<pre class="moz-quote-pre" wrap="">Based on thisl, I don't understand what's missing from the draft text.
Maybe you could suggest some specific edits?
Kind regards,
Leo
</pre></blockquote>
<pre class="moz-signature" cols="72">--
Dr. Serge Droz
Member, FIRST Board of Directors
<a class="moz-txt-link-freetext" href="https://www.first.org" moz-do-not-send="true">https://www.first.org</a></pre>
<br><fieldset class="mimeAttachmentHeader"></fieldset><br></blockquote><br></div></body></html>