[members-discuss] Registry Services Ticket Response Time

	Hi Elvis!

> On 21 Sep 2021, at 00:55, Elvis Daniel Velea <elvis at v4escrow.net> wrote:
> 
> What I meant to say was that all members should understand that what they hold in their accounts are numbers that have a high value and therefore they should do everything they can to secure their accounts because there are fraudsters out there trying to hack into their accounts to steal their prized assets.
> 
> It should not be the RIPE NCC wasting time to make sure that they have received the information from the right contact, that the account holder (SSO) of the company X transferring IPv4 addresses has not been hacked or that the requester may be a fraudster.
> It should not be the NCC's job to police, for example, a weak password of an SSO holder or to verify that the document they have received from a trusted contact is signed by the same person that has signed the SSO years ago. They can't as they do not have the skills to do that, all they can do is delay every request and waste time that should be more usefully used to process all the requests within the SLA.
> 
> How can someone be sure that an ink signature is not fake always amazes me, there are highly skilled individuals that authenticate autographs that have done this for a life and can still make mistakes.. Why has the NCC gone this route with 30+ people, none with the right skills or training to do this?
> 
> - I applaud the attempted changes in automation the NCC is trying to make by using iDenfy in the future.. I am not sure this was needed, though, but I am not there to see all the fraud attempts the NCC deals with.
> 
> The owners of the LIR accounts should be responsible for their own passwords/authentication methods and who they give access to the resources to. They should also be responsible for the documentation provided by their company to the RIPE NCC and acknowledge that the NCC may refer cases to LEAs/justice when they have reasons to believe this information/documentation is fake.


You are making the assumption that there are no undisputed resources at the moment, that there is a clear ownership for every single resource, that “password hacking” is the only way to claim or steal resources etc. Neither of these are true.

There are plenty of disputed resources, many other ways to steal or claim resources. Disputes will arise as a result of company mergers, splits or defaults.

Miscreants can claim ROAs for resources with loose controls or ownership structures. As a community we should all want the NCC to ensure we are protected from this as these all put us at risk.

You seem to focus on the easy of the transfer market only but the that is not the NCCs goal, far from it. NCC has other, and in my view much more important objectives they need to fulfil to protect us all. To do this they need to uphold processes that might impact the speed of the transfer market, but I personally think that is a price worth paying for a robust system and community trust. That said, the checks should be streamlined and effective, but not compromise the integrity of the data.

- kurtis -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP
URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20210922/8bfabc0b/attachment.sig>