This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] ORG record vetting ?
- Previous message (by thread): [db-wg] ORG record vetting ?
- Next message (by thread): [db-wg] ORG record vetting ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jacob Slater
jacob at rezero.org
Mon Jul 29 07:25:44 CEST 2019
In this context, RIPE's published guidelines on due diligence ( https://www.ripe.net/publications/docs/ripe-700) cover what exactly is checked. From my experience, the guidelines are always enforced as written. As you mention, due to a variety of factors (based primarily on differences in jurisdiction), this process isn't always perfect. I'm sure the NCC deals with at least some of fraudulent activity as a result of the flaws you mention. Unfortunately, short of drastic measures (such as prohibiting certain jurisdictions from requesting resources), I can't see an easy way to improve the current situation. Do you have a suggestion for how the process could be improved? Jacob Slater On Sun, Jul 28, 2019 at 6:59 PM Ronald F. Guilmette via db-wg < db-wg at ripe.net> wrote: > In message < > CAFV686eMtz+rYPwbNZ90N-WhK-Q9auHTkN5AKTXBXvhj_HyQ1w at mail.gmail.com> > Jacob Slater <jacob at rezero.org> wrote: > > >Prior to an ASN or PI space being assigned by the NCC, the NCC goes > through > >and checks the organization info. > > Right. Got it. For some value of "checks". > > What would be the best way for a mere mortal, such as myself, to obtain > some elaboration on the meaning of the word "checks" in this context? > > Not to digress too much from that one question, but to be frank, this > whole notion of RIRs "checking" the organizations that they register > has puzzled me for some time. Let me explain. > > In every one of the five regions there are national or local jurisdictions > that are well known as corporate "secrecy" jurisdictions. I could easily > rattle off the names of several of these for each of the five regions, > but I'll spare you all and just assume you are all familiar with their > names also. > > In each of the five regions, there are jurisdictions that allow for > so-called > "nominee" officers, i.e. people whose names get attached to the corporate > registrations but who have neither any ownership of nor any day-to-day > control over the operations of the company. > > In each of the five regions, there are jurisdictions that will not reveal > the names of the actual "beneficial owners" of any given corporate entity > registered in that jurisdiction, i.e. in the absence of a lawsuit and/or > a court order to do so. > > In each of the five regions, there are jurisdictions that do not even > -collect- information about the names of the actual "beneficial owners" > of any given corporate entity registered in that jurisdiction. > > In each of the five regions, there are jurisdictions that DO collect > information about the names of the (alleged) "beneficial owners" of each > corporate entity registered within that jurisdiction, but where it is > well and widely known that nobody ever checks any of this information > due to an alleged lack of funding to do so (e.g. UK). > > In each of the five regions, there are jurisdictions that do not and will > not reveal any information about -either- "beneficial owners" or even > nominee officers in the absence of a lawsuit and/or a court order to do so. > > In each of the five regions, there are jurisdictions that do not operate > -any- publicly accessible registry list of the corporate entities that > -are- in fact legally incorporated in that jurisdiction. > > In each of the five regions, there are jurisdictions that do not, as a > matter of either law or policy, divulge even the nanes of the corporate > entities that are duly registered as legal entities within that > jurisdiction, > let alone any other or additional information about corporate entities, > and these jurisdictions will not release even this minimal kind of yes/no, > exists / doesn't exist kind of information on cororate entities in the > absence of of a lawsuit and/or a court order to do so. > > In each of the five regions, there are jurisdictions that respect only > their > own local court rulings while utterly ignoring everyone else's (e.g. > Nevis), > and some of these jurisdictions go one step further and also make it both > exceptrionally difficult and exceptionally expensive for outsiders to avail > themselves of whatever passes for "justice" in these jurisdictions. > > In light of the final two paragraphs above, I am, have been, and remain > in a state of ceaseless wonderment when it comes to this notion of RIRs > vetting "all" entities that are resource holders in the various regions. > The plain facts of the case would logically seem to render even the most > minimal kind of *independent* vetting inherently and provably impossible, > even in the best of conditions, at least with respect to those corpprate > entities that have been formed within one of these maximally discreet > corporate secrecy jurisdictions that litter the globe in every region. > > Am I wrong? Or should I just accept this self-evident logical quandary > as yet another one of the eternal, mystical, and insoluable mysteries of > the Universe, like what happened before the Big Bang and where single > socks go when they somehow escape, apparently of their own volition, from > the dryer, never to be seen or heard from again? > > > Regards, > rfg > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20190728/aa7ac98f/attachment.html>
- Previous message (by thread): [db-wg] ORG record vetting ?
- Next message (by thread): [db-wg] ORG record vetting ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]