Anti-Abuse Working Group Minutes RIPE 74

Thursday, 11 May, 11:00-12:30 
WG Co-Chairs: Brian Nisbet, Tobias Knecht 
Scribe: Marco Hogewoning 

A. Administrative Matters

Brian Nisbet and Tobias Knecht opened the meeting and the Working Group agreed to the draft agenda. The minutes for the RIPE 73 meeting were approved.

B. Updates

B1. Recent list Discussion?

The presentation is available at:
https://ripe74.ripe.net/archives/video/408

Brian gave a brief overview of what happened since the RIPE 73 meeting in Madrid and encouraged people to continue the good work.

Brian mentioned that unfortunately some mailing list participants made a number of inappropriate personal comments and that after talking to this person, the persistence of this behaviour led to the decision to remove this person from the list.

Brian stressed this was not and by no means an attempt to censor the discussion and this was only done because of the inappropriate ad-hominem attacks that violated the code-of-conduct.

Brian also pointed out a recent post on a survey regarding hijacking and encouraged the community to participate.

He further explained that there were relevant discussions going on in the Database WG regarding abuse-c. He clarified that the co-chairs decided to keep the discussion in the Database WG and encouraged to community to participate there.

D. Interactions

D1. Working Groups

The presentation is available at:
https://ripe74.ripe.net/archives/video/132

David Hilario (RIPE Database Working Group Co-Chair) introduced the discussion regarding abuse-c currently taking place in their group.

He briefly explained there were some concerns in the way abuse-c was currently implemented, especially when people required multiple abuse-c entries. He pointed out that the Database WG had a proposed solution and asked the anti-abuse community to comment on the proposal.

Filiz Yilmaz (Akamai) asked if there would be an Impact Analysis, raising concerns about potential impact on the RIPE NCC.

Brian answered that the current proposal was limited to the technical implementation of the current policy.

D2. RIPE NCC LEA Interactions Update - Richard Leaning, RIPE NCC

The presentation is available at:
https://ripe74.ripe.net/archives/video/133

Richard Leaning (RIPE NCC) presented about the current interactions between the RIPE NCC and the law enforcement community

Maksym Tuliev (Netassist) asked what is the criteria are for RIPE NCC to disclose information.

Richard answered most information is public, for non-public it has to be through a Dutch court.

Brian asked if he could clarify how requests for non-public data are handled.

Athina Fragkouli (RIPE NCC) said they explained the procedure as it is documented and advise them to contact the Dutch authorities.

Brian thanked Richard and said he appreciated the openness on this subject.

E1. Network and Information Security Directive - Nathalie Falot, NL NCSC

The presentation is available at:;
https://ripe74.ripe.net/archives/video/135

Cyrus Hall (Twitch), pointing to the fact citizens cannot influence the parametres, asked if that wasn’t anti-democratic.

Nathalie answered that while V&J went for critical, each sectoral department had their own responsibility to choose their own classification.

Malcolm Hutty (LINX) asked whether there was a separation in the requirements for being identified as an Essential Service Provider or if this would just apply to everyone.

Nathalie answered that both criteria applied, meaning that as a service provider you need to be mentioned in annex 2 of the Directive and that you are above the threshold in terms of scale.

Malcom further asked a clarification regarding point 5.2 and asked what service was referred to when they consider impact.

Nathalie answered she didn’t know, but legal implementation of “service” would be any service you offer.

Mohsen Souisi (AFNIC) asked how gTLD operators would be determined to be in scope and if there would be multiple notification requirements if they would all apply simultaneously.

Nathalie said the Directive spoke off “service offered in the member state” and that could therefor also apply to operators outside of the member state.

Regarding the multiple notifications to different bodies, she mentioned that there are arrangements being worked on how to organise the process when multiple authorities are involved, including a one-stop-shop model, but that CSIRT should not be part of that.

X. AOB

There were no AOBs.

Brian closed the meeting and reminded people to submit topics for the RIPE 75 agenda.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum