|
|
 |
Re: [db-wg] abuse-c
- Date: Mon, 12 Jan 2004 10:31:24 +0000
Menno Pieters (Stelvio) wrote:
To elaborate on that, the complications for creating an IRT object are:
- You need a maintainer for an IRT object (which is not required for an
extra attribute or a person/role object);
- Strong authentication from both the IRT and the LIR is required to
link an IRT object to the inet[6]num object.
The reasons to do it this way is to prevent that the IRT mentioned in
the IRT object gets complaints about abuse made form IP ranges that they
are not responsible for, simply because "Evil Company" put the e-mail
address of the IRT in its inet[6]num object (or as Daniel Karrenberg
suggested in on of the maintainer objects protecting the object).
So both the IRT and the LIR (even if they are in the same room or just
next door), must agree. In a small organisation it is possible that it's
the same (group of) person(s), using the same PGP key and the problem is
void, because the request needs to be signed only once.
I have never understood what this gives you. If "Evil Company" wants to
misdirect abuse reports (why?) they can circumvent this by making a fake
IRT object with IRT XYZ as the contact email address.
John Green
JANET-CERT
|
|
|
|
