This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] 2022-02 New Policy Proposal (Remove mandatory IPv4 PA assignment registration in the RIPE Database)
- Previous message (by thread): [address-policy-wg] 2022-02 New Policy Proposal (Remove mandatory IPv4 PA assignment registration in the RIPE Database)
- Next message (by thread): [address-policy-wg] 2022-02 New Policy Proposal (Remove mandatory IPv4 PA assignment registration in the RIPE Database)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jan Ingvoldstad
frettled at gmail.com
Mon Oct 24 12:50:01 CEST 2022
On Thu, Oct 20, 2022 at 6:10 PM Leo Vegoda <leo at vegoda.org> wrote: > Hi Jan, > Hi Leo, > > On Wed, 19 Oct 2022 at 05:26, Jan Ingvoldstad <frettled at gmail.com> wrote: > > > > Contacting the LIR only vaguely makes sense, it's like contacting the > domain registrar because someone is sending phishing mail from gmail.com. > In other words, mostly completely useless. > > Can you please expand on this? People without your experience might > not understand the processes you are referring to. Can you explain the > problems that users need to resolve and the value that registration of > small assignments in the database brings? > Okay. Let's say that there is an ongoing phishing campaign. A CERT or abuse department investigates, finds that IP address A.B.C.D is hosting malicious content. Currently, abuse departments can then use a locally installed whois tool to query ARIN, RIPE etc. whois databases to find out what the presumed correct contact point is, both for the purpose of disabling the phishing campaign. However, if the contact point is a LIR, instead of the end user, this means that the LIR's abuse department gets all the complaints and police contacts, increasing workload and delaying action, if any is taken at all. In phishing and other kinds of IP-traceable abuse, time is of the essence, so accurate and direct contact information for the party responsible is vital. It is therefore better to have a database of contact points with some errors in it, than a database that, over time, is designed to become useless. > > Additionally, introducing this policy change without also doing > something about historical records, seems pointless. > > Can you expand on this, too? > If small assignments, for whatever value of "small", do not have value and are only causing extra work, the obvious thing to do is to purge the database of these records as well. However, there is no proposal to do so, and that means that this policy proposal only suggests making very modest changes in how the database is managed, with dubious benefits. -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/address-policy-wg/attachments/20221024/ebaa1ea5/attachment.html>
- Previous message (by thread): [address-policy-wg] 2022-02 New Policy Proposal (Remove mandatory IPv4 PA assignment registration in the RIPE Database)
- Next message (by thread): [address-policy-wg] 2022-02 New Policy Proposal (Remove mandatory IPv4 PA assignment registration in the RIPE Database)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]