Re: [anti-spam-wg] Proposed New Charter


Martin,

Martin Neitzel wrote:

As a non-native English speaker, I am totally confused about the last
sentence in two respects:

(1)  Merriam-Webster offers me (among others) two interpretations for "remit":
	(a) to lay aside;  to desist from (an activity)
	(b) to submit or refer for consideration, judgment, decision, or
	    action
     Which one should I use?

der Mouse has already answered this one, I believe?

(2)  "are not seen ...":  is this a status you want to have changed
     or a target of your proposal?

This is the target, I was intending here to state that these areas
are not part of the scope/remit of the working group and should not
be considered/seen as such.

So, I'm doubly confused what the WG's scope is supposed to be.  I strongly
suggest to rework the wording.  A few simplifications may help, too:

s/are not seen to be part of/are not part of/
s/would aim to tackle/tackles/

Is this more clear at this point?

Beyond these editorial issues, I'm still unclear myself wether I should
welcome the the broadening of the WG's scope or not.

At RIPE55 I voiced my opinion that the WG should continue to keep focussed
on email abuse as opposed to solve all the Internet's abuse problems.
Richard Cox explained to me afterwards that most spam cases can only
be addressed in cojunction with other (non-mail) forms of abuse and
he has certainly several orders of magnitude more experience than me,
so I'm open to reconsider.

The point that Richard was making in Amsterdam is very central to
our feelings that an evolution of the working group may well be
required.

What I want to avoid is duplication of efforts under too many hats.
My gut feeling is that network incidents such as password guessing
attempts and DDOS attacks need to be addressed outside of the "anti-spam"
scope.  Then again, I notice that RIPE as such doesn't have any working
group addressing this, either.

And here, indeed, is one of the points we were trying to address.  There
is a lot out there, but I certainly do not think there is enough to have
a WG for every possible area of abuse.  The aim was to bring it together
in one WG as, in many cases, the advice to be given and best practices
to follow are very similar.

I must admit that I am totally unaware of the current status of the
various CERT/FIRST type groups, are these active in any other sense than
organizing confenrece and producing papers?  Do they have operational
impact?  Is it worthwhile for a small-scale ISP to, say, dunk 240$
or 1900$ yearly fees to affiliate with FIRST.org?

There are CERTs the world over who are very active and, indeed, those
who were at RIPE 54 in Estonia will have heard from the very active,
and very tired, member of CERT-EE who was working hard dealing with
the DDOS the country was suffering.

Regards,

Brian.