This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] Registry Services Ticket Response Time
- Previous message (by thread): [members-discuss] Registry Services Ticket Response Time
- Next message (by thread): [members-discuss] Registry Services Ticket Response Time
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Elvis Daniel Velea
elvis at v4escrow.net
Tue Sep 21 01:55:46 CEST 2021
Hi Kurtis, On 9/19/21 11:44 PM, Kurtis Lindqvist wrote: > > > Elvis, > > >> On 20 Sep 2021, at 06:00, Elvis Daniel Velea <elvis at v4escrow.net> wrote: >> >>> >>> Wait times per member request are determined by a number of factors and >>> where additional checks are required, the request will take longer. And >>> while some requests take longer to process than others, our staff need >>> to apply all necessary due diligence measures rather than rely on >>> assertions from the member involved. This is how we maintain a robust >>> registry of member resources. >> >> Again, this is in line with your strategy change from 'we trust our members fully with the data they provide' to 'we suspect all our members are now committing fraud and we must protect their resources'. This change has been gradual but the level of the mistrust I see now is alarming. Maybe you should focus on passing the responsibility of keeping an SSO account secure to the LIRs and stop questioning the validity/legality of the information provided by the LIRs to the RIPE NCC. >> >> If someone provides illegal/falsified documentation you always have the option to revert the change you've made once a court has decided against your initial decision. You should not waste so much time of the RS department on manually verifying whether an ID is valid or whether a signature is similar to one you have on record. > > I just wanted to pick up on this as I don’t agree at all. For a number of resons such as RPKI and increased value of resources, the importance of ensuring correct ownership and identification of the ultimate holder has gone up over time. As we have seen in other regions using courts to settle disputes afterwards can come at high cost and risk and will simply shift the workload of the NCC staff but more importantly might well be pointless if for example criminal activity has been enabled under a validated prefix until rectified by the courts. > > OF course the processes needs to be streamlined and automated as far as possible but let’s not pretend that loose or no validation of prefixes as in the old days is an option today. It isn’t. That will drive complexity and cost and we should discuss how to make that less impactful instead of how to abolish it. Maybe I over-simplified what I said and it came out wrong. I am not pro abolishing the fraud investigations, all I am wondering is whether the NCC's approach to do all these checks was a good idea. What I meant to say was that all members should understand that what they hold in their accounts are numbers that have a high value and therefore they should do everything they can to secure their accounts because there are fraudsters out there trying to hack into their accounts to steal their prized assets. It should not be the RIPE NCC wasting time to make sure that they have received the information from the right contact, that the account holder (SSO) of the company X transferring IPv4 addresses has not been hacked or that the requester may be a fraudster. It should not be the NCC's job to police, for example, a weak password of an SSO holder or to verify that the document they have received from a trusted contact is signed by the same person that has signed the SSO years ago. They can't as they do not have the skills to do that, all they can do is delay every request and waste time that should be more usefully used to process all the requests within the SLA. How can someone be sure that an ink signature is not fake always amazes me, there are highly skilled individuals that authenticate autographs that have done this for a life and can still make mistakes.. Why has the NCC gone this route with 30+ people, none with the right skills or training to do this? - I applaud the attempted changes in automation the NCC is trying to make by using iDenfy in the future.. I am not sure this was needed, though, but I am not there to see all the fraud attempts the NCC deals with. The owners of the LIR accounts should be responsible for their own passwords/authentication methods and who they give access to the resources to. They should also be responsible for the documentation provided by their company to the RIPE NCC and acknowledge that the NCC may refer cases to LEAs/justice when they have reasons to believe this information/documentation is fake. So, to summarize, I don't believe the NCC should have gone the route of doubting the documentation received every time a request is sent but should have instead trusted in the documentation provided by the LIRs. In cases where LIRs or end-users provide fake documentation, it is not the NCC that can really judge that but a court. The NCC does not have the skills for this and should not continue to go this route. Elvis -- Kind regards, Elvis Daniel Velea Chief Executive Officer V4Escrow LLC www.v4escrow.com elvis at v4escrow.net +1-702-970-0921
- Previous message (by thread): [members-discuss] Registry Services Ticket Response Time
- Next message (by thread): [members-discuss] Registry Services Ticket Response Time
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]