Re: [anti-spam-wg] Proposed New Charter

  • To: brian.nisbet@localhost
  • From: Martin Neitzel neitzel@localhost
  • Date: Fri, 02 May 2008 13:14:49 +0200

Hello Brian,

I have difficulties to understand the proposed charter.  In particular:

> The full proposed charter is as follows:
>
> As the Internet has evolved, the scope and scale of network abuse
> have evolved in step.  While unsolicited bulk email (spam) was
> previously the most visible form of network abuse, it is often
> now merely a symptom of much deeper abuse such as viruses or
> botnets.  To reflect this changing Internet, it was proposed at
> RIPE 55 that the Anti-Spam Working Group widen its focus to
> include all relevant kinds of network level abuse.  It is important
> to note that areas such as cybersquatting or hosting illegal
> content are not seen to be part of the remit of the working group.

As a non-native English speaker, I am totally confused about the last
sentence in two respects:

(1)  Merriam-Webster offers me (among others) two interpretations for "remit":
	(a) to lay aside;  to desist from (an activity)
	(b) to submit or refer for consideration, judgment, decision, or
	    action
     Which one should I use?

(2)  "are not seen ...":  is this a status you want to have changed
     or a target of your proposal?

So, I'm doubly confused what the WG's scope is supposed to be.  I strongly
suggest to rework the wording.  A few simplifications may help, too:

s/are not seen to be part of/are not part of/
s/would aim to tackle/tackles/

Beyond these editorial issues, I'm still unclear myself wether I should
welcome the the broadening of the WG's scope or not.

At RIPE55 I voiced my opinion that the WG should continue to keep focussed
on email abuse as opposed to solve all the Internet's abuse problems.
Richard Cox explained to me afterwards that most spam cases can only
be addressed in cojunction with other (non-mail) forms of abuse and
he has certainly several orders of magnitude more experience than me,
so I'm open to reconsider.

What I want to avoid is duplication of efforts under too many hats.
My gut feeling is that network incidents such as password guessing
attempts and DDOS attacks need to be addressed outside of the "anti-spam"
scope.  Then again, I notice that RIPE as such doesn't have any working
group addressing this, either.

I must admit that I am totally unaware of the current status of the
various CERT/FIRST type groups, are these active in any other sense than
organizing confenrece and producing papers?  Do they have operational
impact?  Is it worthwhile for a small-scale ISP to, say, dunk 240$
or 1900$ yearly fees to affiliate with FIRST.org?

							Martin Neitzel