[db-wg] Re: abuse-c: proposal

Hi Marco,



hehe.. this is apparently always a good subject to get some discussion!.. :)

>  >> I looked at the inetnum object CISBRD-CUST-ADSL-113, one of these
>  >> created by you for your broadband customers: it contains in
> the remarks
>  >> attributes a well visible notice about where complaints
> should be sent,
>  >> yet you say that you still get them at your personal email address.
>  >> Do you really think that users would understand better if they read
>  >> "abuse-mailbox: user at example.com" instead of that sentence in english
>  >> which explains what the allocation is for and who should be
> notified of
>  >> abuse?
>  >Of course not. But how many inetnum objects have these remarks?
> How is this relevant to what we are discussing?

It is very relevant for your argument, you say this remark-thing is easy to
understand, but if very few use it, then its not relevant if it's easy to
understand or not.

>  >Agreed. But the primary concern is the applications used to
> find an abuse
>  >address for a specific IP address, they have a hard time
> finding anything in
>  >a freetext format... We have to make sure these applications find the
>  >correct mail address, if they don't, we haven't solved anything.
> This is true, I agree that this must be a goal, but abuse-mailbox is not
> the only way to reach it. Maybe RIPE could provide a web page to query
> the DB for abuse desk addresses (which would report no other data), or
> maybe the port 43 server could be modified to always check for IRT
> objects for inetnum/inetnum6 queries and report the address in a comment
> at the top of the reply with big eye-catching ASCII art.
> So far only one tool writer contributed to this thread, and he reported
> that both abuse-mailbox and irt could be used by his tools.

Im glad we can agree on something. And you're right, abuse-mailbox entered
in each customer inetnum objects is not exactly the only way to do it.

Yes, it might be a good idea to just have an "Abuse-Whois", abuse.ripe.net,
enter an IP adresse and you get the corresponding abuse address and nothing
else!

I believe tool-writers can do anything which is not freetext.

>
>  >> I think that there is a consensus that there is the need for
> a method to
>  >> look up the abuse desk address for an IP address, and I
> believe that irt
>  >> objects (which have the big advantage of existing) are fit to this.
>  >>
>  >> Creating irt objects is not any harder than creating a new maintainer,
>  >> maybe the documentation should focus more on this and less on
> marketing
>  >> the TI concept (which apparently only NRENs care about).
>  >
>  >First problem with IRT is that in order for it to have any
> value every LIR
>  >has to actively modify ALL their inetnum objects......... Now
> that must mean
>  >that the intention has never been to make sure all LIRs implement it.
> No, you are getting it backward: this is the problem with abuse-mailbox
> or abuse-c.

Yes, but not with abuse in the maintainer.

>  >Next problem is the idea behind IRT, apparently it is to be used by
>  >companies who outsource handling of abuse - we don't. If I
> should use this
> It may support outsourcing, but I can't see why this would be a problem.
> I set up an IRT object for an ISP with an internal abuse desk and found
> it appropriate for my needs. Can you be more clear?
>
>  >object it should have a normal mnt-by attribute and the following fields
>  >either removed or made optional: address, signature, encryption, auth.
> I would not strongly oppose to this, but I can't see how it would make
> easier to deploy IRT objects.
> It's not like you do not already have an address or a PGP key...

Well, I believe it would be easier to deploy IRT if LIRs wouldn't have to
create encryptions, simply because it would be administrativly easier.

If it did not matter how many LIRs create the object then it wouldn't be a
problem with these mandatory attributes, but in this case we haven't
achieved anything unless almost all LIRs create it.



Med venlig hilsen/Best regards

Christian Rasmussen
Hosting manager, jay.net a/s

Smedeland 32, 2600 Glostrup, Denmark

Email: noc at jay.net
Personal email: chr at corp.jay.net
Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301

Produkter / Products:
http://hosting.jay.net