[db-wg] Proposal: Abuse-C as a Reference

Ulrich Kiermayr wrote at 5/6/04 09:25:

> This abuse-c inherits all the features of irt as well ...

Except that crypto is optional. Fair enough.

> ... resulting in just one object for this area

I suggest we keep IRT for the purpose for which it was built,
and make no changes to it (so it will be different from the role
or person used we make available for abuse).

This might actually encourage the use of IRT objects, since it
reduces the risk that CSIRTs will get abuse reports they mostly
don't want.
And IRTs may then be useful, so I don't support removing them.

> Implementing abuse-c that way would give a 1:1 mapping between
> irt and role and therefore making irt obsolete (and the existing
> objects auto-convertable).

I think the 1-1 mapping is unnecessary; auto-copying is still
possible.

Can you confirm that the abuse-c: attribute can also refer to an
IRT object for people who want to do it that way?

> Add the missing features from irt: to the person and role objects:
> 
> person:        [mandatory]  [single]     [lookup key]
> address:       [mandatory]  [multiple]   [ ]
> phone:         [mandatory]  [multiple]   [ ]
> fax-no:        [optional]   [multiple]   [ ]
> e-mail:        [optional]   [multiple]   [lookup key]
> signature:     [optional]   [multiple]   [ ]                     <--
> encryption:    [optional]   [multiple]   [ ]                     <--
> nic-hdl:       [mandatory]  [single]     [primary/look-up key]
> remarks:       [optional]   [multiple]   [ ]
> notify:        [optional]   [multiple]   [inverse key]
> mnt-by:        [optional]   [multiple]   [inverse key]
> ref-nfy:       [optional]   [multiple]   [inverse key]           <--
> mnt-ref:       [optional]   [multiple]   [ ]                     <--
> changed:       [mandatory]  [multiple]   [ ]
> source:        [mandatory]  [single]     [ ]

Do we need a dedicated attribute in role and person?
abuse-mail:     [optional]   [multiple]   [ ]
(or the name could be 'abuse-mailbox' as in Ulrich's example)
Does the attribute need to be a lookup key like e-mail?
(again as in the example)
Should we make the abuse-mail attribute mandatory for the object
types concerned?
But that might force us to use a new object type :-(

> Query behaviour:
> 
> Return abuse-c by default as well

The thing to return is not the name of the abuse-c reference;
it's the abuse-mail attribute of the object referred to.
Perhaps that's what you meant anyway?

> Return abuse-c by default as well
> (or include default -c i.e. return abuse-c from the least specific
> inetnum containing the ip in question).

Not quite, surely. We want to provide one user population with
exactly one e-mail address and not too much else; so somehow we
have to walk the database for them and not put the burden on
them or their client software. I do not believe we can expect
tool writers (eg SpamCop, geektools) to do that for us; I do not
believe we can deploy a different whois client. We might get
away with publishing a different server location
(whois-for-the-masses.ripe.net? abuse.ripe.net?);
or with putting this behaviour on whois.ripe.net and moving
the present behaviour to a new address.

But don't we want to present the mail address derived from
the _most_ specific inetnum (rather than the least)?

> Change the -c flag to use abuse-c instead of mnt-irt.

No need to change that behaviour if we take the above approach.

Rodney Tillotson, JANET-CERT