[db-wg] Proposed changes for abuse
-
To: Database WG <>
-
From: Shane Kerr <>
-
Date: Wed, 16 Feb 2005 17:44:25 +0100
Dear Colleagues,
We've gone over the changes discussed and agreed on for improving the
ability to find abuse information in the RIPE database, and have come up
with the following modifications. Please have a look.
We will be making announcements once final agreement is done, and adding a
URL to the banner and dbupdate messages.
Two things did not make it into this proposal from our side. One is that we
find the name "IRT" somewhat confusing, but we have no specific proposal to
change it. The second is a proposal to change the order of objects in query
results, which will be sent as a separate proposal, since it is not very
related and might cause controversy.
--
Shane Kerr
Software Manager
RIPE NCC
Following discussions in the Database Working Group at RIPE 49, we have
prepared a proposal to make changes to the whois server software.
The changes we propose are:
o To hide attributes that contain e-mail addresses in the default
output of queries. We will also provide an option to disable this
feature,
o To add a new "abuse-mailbox:" attribute to PERSON, ROLE, IRT,
MNTNER, ORGANISATION, INETNUM, and INET6NUM objects,
o To provide an option to display only key attributes and abuse
contacts,
o To change the IRT object template so that the "signature:" and
"encryption:" attributes are no longer mandatory,
o To change the behaviour of the '-c' switch in whois queries.
We will announce the changes on our website. We will also contact any
third-party software developers who rely on the RIPE Database for
abuse contact information.
You can read the minutes from the Database Working Group discussion
at:
http://www.ripe.net/ripe/maillists/archives/db-wg/2004/msg00469.html
(1) Adding the "abuse-mailbox:" Attribute
We will add a new attribute to the following object types:
INETNUM
INET6NUM
PERSON
ROLE
IRT
ORGANISATION
MNTNER
This optional attribute will contain at least one e-mail address. It
will tell users where to send abuse complaints or queries.
(The proposed templates for the above objects are at the end of this
document.)
The description of the new attribute will be the same in all objects:
abuse-mailbox:
Specifies the e-mail address to which abuse complaints should be
sent.
An e-mail address as defined in RFC 2822.
There is currently a "trouble:" attribute in ROLE objects, which
contains free text. We will update ROLE objects, so that any ROLE
object that has a "trouble:" attribute that is an e-mail address as
defined in RFC 2822, will be copied to the "abuse-mailbox:" attribute.
Any other "trouble:" attributes will be converted to "remarks:".
As an example, see the following:
role: Example Role
address: Example Address
phone: +11 22 33445
fax-no: +11 22 33445
e-mail: info@localhost
admin-c: TEST1-RIPE
tech-c: TEST1-RIPE
trouble: Please contact
trouble: abuse@localhost
trouble: for abuse reports, not info@localhost
nic-hdl: TESTROLE1-RIPE
changed: info@localhost 20050101
source: RIPE
We will replace this with:
role: Example Role
address: Example Address
phone: +11 22 33445
fax-no: +11 22 33445
e-mail: info@localhost
admin-c: TEST1-RIPE
tech-c: TEST1-RIPE
remarks: "trouble:" converted on 2005mmdd
remarks: Please contact
abuse-mailbox: abuse@localhost
remarks: for abuse reports
nic-hdl: TESTROLE1-RIPE
changed: info@localhost 20050101
source: RIPE
(2) Hiding Attributes That Contain E-Mail Addresses
Finding the right e-mail address for abuse reports can be confusing.
There is currently no easy way to find this information in the RIPE
Database. Users often send mail to every e-mail address they see in a
query result. To avoid this, we will hide all attributes that contain
e-mail addresses from the default output of a whois query for an
address.
When a user looks up an address, the results may include the following
objects:
INETNUM
INET6NUM
ROUTE
ROUTE6
ORGANISATION
PERSON
ROLE
By default, MNTNER objects are not shown, but they are often also
queried to get contact information.
For each of the object types, the following attributes contain e-mail
addresses:
INETNUM: notify, changed
INET6NUM: notify, changed
ROUTE: notify, changed
ROUTE6: notify, changed
ORGANISATION: e-mail, notify, changed
PERSON: e-mail, notify, changed
ROLE: e-mail, trouble, notify, changed
For each address range returned, if there is at least one
"abuse-mailbox:" attribute in any of the returned objects, the
attributes mentioned above will be removed from the output.
If there is no "abuse-mailbox:" attribute, only "notify:" and
"changed:" attributes will be filtered out.
If an attribute of an object is changed, a comment will be added, to
avoid confusion.
Users can turn off this suppression. To make this possible, we will
implement a '-B' flag.
As an example:
$ whois 10.0.0.10
Might currently give the following result:
inetnum: 10.0.0.0 - 10.0.0.255
netname: HOME-NETWORK
descr: Home Network
country: ZZ
admin-c: ME1-RIPE
tech-c: ME1-RIPE
abuse-mailbox: ripe-dbm@localhost
status: ALLOCATED PI
mnt-by: I-MNT
changed: ripe-dbm@localhost 20050101
source: RIPE
person: Me Myself and I
address: Home Alone
phone: +11 22 33445
fax-no: +11 22 33445
e-mail: ripe-dbm@localhost
nic-hdl: ME1-RIPE
mnt-by: I-MNT
changed: ripe-dbm@localhost 20050101
source: RIPE
After the change, the result will be:
% Note: this output has been filtered.
inetnum: 10.0.0.0 - 10.0.0.255
netname: HOME-NETWORK
descr: Home Network
country: ZZ
admin-c: ME1-RIPE
tech-c: ME1-RIPE
abuse-mailbox: ripe-dbm@localhost
status: ALLOCATED PI
mnt-by: I-MNT
source: RIPE
person: Me Myself and I
address: Home Alone
phone: +11 22 33445
fax-no: +11 22 33445
nic-hdl: ME1-RIPE
mnt-by: I-MNT
source: RIPE
To see the unmodified result, users should type in:
$ whois -B 10.0.0.10
(3) Adding 'abuse output' Option
To help authors of tools or users who are only interested in the abuse
contacts for IP addresses, we will implement a brief output mode. If a
user types '-b' when querying the RIPE Database, they will only see
the key attributes of address ranges and the "abuse-mailbox:"
attribute. This switch will also imply '-c', which requests first
level less specific INETNUM or INET6NUM objects with the "mnt-irt:"
attribute. It will only work with address space related queries.
Here is an example:
$ whois 10.0.0.0
Returns:
inetnum: 10.0.0.0 - 10.0.0.255
netname: HOME-NETWORK
descr: Home Network
country: ZZ
admin-c: ME1-RIPE
tech-c: ME1-RIPE
abuse-mailbox: ripe-dbm@localhost
status: ALLOCATED PI
mnt-by: I-MNT
changed: ripe-dbm@localhost 20050101
source: RIPE
person: Me Myself and I
address: Home Alone
phone: +11 22 33445
fax-no: +11 22 33445
e-mail: ripe-dbm@localhost
nic-hdl: ME1-RIPE
mnt-by: I-MNT
changed: ripe-dbm@localhost 20050101
abuse-mailbox: ripe-dbm-person@localhost
source: RIPE
So:
$ whois -b 10.0.0.0
Will return:
% Note: this output has been filtered.
% Only primary keys and abuse contact will be visible.
inetnum: 10.0.0.0 - 10.0.0.255
abuse-mailbox: ripe-dbm@localhost
abuse-mailbox: ripe-dbm-person@localhost
This output will not generate valid objects, and there will be no
object separators.
If two ranges are returned after making a query, an object separator
will be inserted between groupings. Therefore, the output will look
like this:
inetnum: 10.0.0.0 - 10.0.0.255
abuse-mailbox: ripe-dbm@localhost
abuse-mailbox: ripe-dbm-person@localhost (*)
inetnum: 10.0.1.0 - 10.0.0.255
abuse-mailbox: ripe-dbm-person-2@localhost (*)
Attributes marked by (*) are taken from the person object retrieved by
a recursive lookup.
(4) Modifications on the IRT Object
We will change the template for the IRT object will be changed. You
will no longer need a KEY-CERT object to create an IRT object.
Currently, the template for the IRT object is:
irt: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
signature: [mandatory] [multiple] [ ]
encryption: [mandatory] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
auth: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
irt-nfy: [optional] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
"signature:" and "encryption:" attributes need existing key-cert
objects. The Anti-spam Working Group asked us to make these objects
optional. You can read an archive of this discussion at:
http://www.ripe.net/ripe/maillists/archives/db-wg/2004/msg00452.html
The template for irt objects will be:
irt: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
signature: [optional] [multiple] [ ]
encryption: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
auth: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
irt-nfy: [optional] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
Therefore, the object below would be valid:
irt: irt-someorg-zz
address: address for the irt
phone: +11 22 3344556
fax-no: +11 22 3344556
e-mail: contact@localhost
admin-c: CONTACT1-RIPE
tech-c: CONTACT1-RIPE
auth: CRYPT-PW XXXXXXXXXXXXX
mnt-by: mnt-someorg
changed: someone@localhost 20050505
source: RIPE
We will automate this process, so that help from the RIPE Database
Management will no longer be necessary create IRT objects.
(5) Changing the behaviour of '-c' option in whois queries
Currently, the -c option requests first level less specific INETNUM or
INET6NUM objects with the "mnt-irt:" attribute. It does not return any
related IRT objects. This will change, so that -c will treat IRT
objects as contacts and do recursive lookups on related IRT objects.
Here is an example:
$ whois -c 10.0.0.0
Returns:
inetnum: 10.0.0.0 - 10.0.0.255
netname: TEST-NET
descr: Test Net
country: ZZ
admin-c: TEST1-RIPE
tech-c: TEST1-RIPE
status: ASSIGNED PA
mnt-by: TEST-MNT
mnt-irt: IRT-TEST
changed: info@localhost 20050101
source: RIPE
person: TEST1-RIPE
.
.
After the change, the result will be:
inetnum: 10.0.0.0 - 10.0.0.255
netname: TEST-NET
descr: Test Net
country: ZZ
admin-c: TEST1-RIPE
tech-c: TEST1-RIPE
status: ASSIGNED PA
mnt-by: TEST-MNT
mnt-irt: IRT-TEST
changed: info@localhost 20050101
source: RIPE
person: TEST1-RIPE
.
.
irt: IRT-TEST
.
.
(6) Modified Templates
inetnum: [mandatory] [single] [primary/look-up key]
netname: [mandatory] [single] [lookup key]
descr: [mandatory] [multiple] [ ]
country: [mandatory] [multiple] [ ]
org: [optional] [single] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
abuse-mailbox: [optional] [multiple] [ ] **
rev-srv: [optional] [multiple] [inverse key]
status: [mandatory] [single] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
mnt-domains: [optional] [multiple] [inverse key]
mnt-routes: [optional] [multiple] [inverse key]
mnt-irt: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
inet6num: [mandatory] [single] [primary/look-up key]
netname: [mandatory] [single] [lookup key]
descr: [mandatory] [multiple] [ ]
country: [mandatory] [multiple] [ ]
org: [optional] [single] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
abuse-mailbox: [optional] [multiple] [ ] **
rev-srv: [optional] [multiple] [inverse key]
status: [mandatory] [single] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
mnt-routes: [optional] [multiple] [inverse key]
mnt-domains: [optional] [multiple] [inverse key]
mnt-irt: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
person: [mandatory] [single] [lookup key]
address: [mandatory] [multiple] [ ]
phone: [mandatory] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [optional] [multiple] [lookup key]
abuse-mailbox: [optional] [multiple] [ ] **
org: [optional] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/look-up key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
role: [mandatory] [single] [lookup key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
trouble: [optional] [multiple] [ ]
abuse-mailbox: [optional] [multiple] [ ] **
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/look-up key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
irt: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
abuse-mailbox: [optional] [multiple] [ ] **
signature: [mandatory] [multiple] [ ]
encryption: [mandatory] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
auth: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
irt-nfy: [optional] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
organisation: [mandatory] [single] [primary/look-up key]
org-name: [mandatory] [single] [lookup key]
org-type: [mandatory] [single] [ ]
descr: [optional] [multiple] [ ]
remarks: [optional] [multiple] [ ]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
abuse-mailbox: [optional] [multiple] [ ] **
org: [optional] [multiple] [inverse key]
admin-c: [optional] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
ref-nfy: [optional] [multiple] [inverse key]
mnt-ref: [mandatory] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
mntner: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
abuse-mailbox: [optional] [multiple] [ ] **
upd-to: [mandatory] [multiple] [inverse key]
mnt-nfy: [optional] [multiple] [inverse key]
auth: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
referral-by: [mandatory] [single] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
Rows that are marked with '**' are additions to the templates.
|
you are here: RIPE -> RIPE Maillists > Archives
