Re: [anti-spam-wg@localhost] Contacts
- Date: 21 Jan 2003 01:30:03 +0100
- Organization:
> > Basically RIPE administration is just doing the minimal amount to
> > collect their pensions. No leadership, no concern about fraud or
> > negligence in the database.
>
> Jeffrey, your document states many things which many people would like
> to see. However, your proposed role for registrars is completely
> unworkable in practice:
Maybe if you rely on manual procedures. Not necessarily so if you
automate the process.
>
> > Registrars shall ensure that contact data are active and that
> contact
> > addresses (e.g. Postmaster and RFC-recommended role accounts) are
> > properly operated by registrants. Failure to provide correct current
> > and complete contact data, failure to enable or to properly operate
> a
> > role account, shall be deemed a cause for Admonishment and, if
> default
> > continues, Enforcement per infra.
>
> Let's take a scenario which happened regularly during my time as lir
> manager: ISP registers contact X for company Y in RIPE database.
> Contact X leaves company without notifying ISP, and information in
> RIPE
> database becomes stale. Who's to blame for this? How can it be
> rectified?
I'd argue that what's to blame is a lack of procedures to verify that
the information kept up2date. One thing is that there should be a
requirement to use role-accounts/aliases for such purposes and not the
addresses of individuals, but that is irrelevant wrt verification of the
data. How hard is it given a list of e-mail addresses to send periodic
messages that require a response and automate the maintenance of these
records? If it should be done centrally for all contact-records or as a
distributed responsibility can be discussed, but I believe this is the
way to go. If a certain contact has not responded given X reminders
within a given period of time, and the next responsible up the chain has
not intervened, all related information should go no matter what it is.
Nobody deserves any allocation of a resource, or be allowed to keep it,
unless they're willing to participate in a minimum of maintenance.
(Assuming they have been informed about their responsibilities)
>
> As for dealing with the complexity of the problem, take the difficulty
> of dealing with an individual situation like this, multiply the
> situation across 10E{3,4,5}'s of records for each company, multiply by
> a
> suitable factor to take into account the difficulty of maintaining
> multiple contact databases per company (it happens and it's not going
> to
> change), and then multiply by the number of LIRs. It is a practically
> impossible task. As Barbie might say, "Information management is
> hard!".
>
> RIPE requires that members adheres to its policy documents, but
> policing
> these is an entirely different matter, and certainly something that
> RIPE
> could not do without very significant effort and investment of
> substantial resources on an ongoing basis. And if you're looking for a
> means of combating spam, the money required to provide this service
> would almost certainly be better spent elsewhere.
>
The value of updated information goes beyond the means of combating spam
and should be well worth the effort. It'll take some effort to establish
a procedure and produce a flowchart to guide the implementation so that
it matches various policies (notification of relevant parties etc).
Maybe policies even need to be adjusted (w/appropriate approval) along
the way. Automation of the verification process otoh should be fairly
simple.
// Per