[db-wg] Action item 47.2: Proposal for Adding Abuse Contact

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08/04/2004 13:14 +0100, Jeroen Massar wrote:

>  Clueless users ...
>> ... buy some shrink-wrapped software to run on their WinXX box,
>> which has a clue-free default configuration which they never 
>> review.

> Which makes every proposal useless as in that case you are assuming
> the current toolwriters don't know about IRT objects. Then for sure
> they are not going to accept implementing the suddenly new
> abuse-mailbox and a separate spam-mailbox etc on every object too.

The IRT route has an extra step.
Instead of
inet[6]num -> e-mail address[es]
they have to do
inet[6]num -> IRT(if present) -> e-mail address[es]
and tool-writers have to add extra code. They will understand that.

There's a deadly embrace.
Toolwriters will write the extra code (for IRT or multiple reporting
addresses) if it gets them a working address nearly every time; and not
if it doesn't.
LIRs and ISPs will bother to deploy IRTs if almost everybody uses the
e-mail address they publish; and not otherwise.

The challenge for the WG is to come up with something in which the
benefits exceed the costs for all the players involved, in a fairly
short time.
Of the ideas so far, the following combinations come somewhere close:

1. Encourage widespread deployment of IRT objects, and change the
default behaviour of the whois _servers_ (in consultation with
toolwriters and other RIRs) to follow through and show the right
e-mail address and no wrong ones for a single _client_ request;

2. Like 1, but invent a separate AbuseHandler object that works like
IRT; and make similar changes to default server behaviour;

3. Encourage LIRs and ISPs to add an abuse-mail atribute to
inet[6]nums, and again change the default server behaviour.

4. Do any of the above without changing default server behaviour, and
run a project to help all important toolwriters update their products.

(other really different ideas, anyone?)

(4) does not help the truly clueless (back to Jeroen's original point),
as it needs changes to the installed base of dedicated tools and of
plain whois clients. It will take several years.

(3) looks a bad choice for any LIR or ISP who needs to change the
destination e-mail address in all their inet[6]nums. That need not
happen often; but if it does, the timing is sure to be inconvenient.

(1) and (2) are technically identical; the choice between them depends
on whether you think e-mail abuse is sometimes, always or never a
suitable task for an Incident Response team. I do not know a rational
way to make that choice.

Rodney Tillotson, JANET-CERT
+44 1235 822 255.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBQHVhPMxy/J7PAuvpEQLEyQCdFTPgAkHYwHujQwn+oTKRqzr9aacAn3Vp
sOjYu0HNwF1m3PeCSyTCBH4D
=3BEE
-----END PGP SIGNATURE-----