From brian.nisbet at heanet.ie Thu Jan 12 10:56:54 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 12 Jan 2012 09:56:54 +0000 Subject: [anti-abuse-wg] Status of 2011-06 Message-ID: <4F0EAE66.1030705@heanet.ie> Colleagues, I just wanted to update you all on the current status of 2011-06, as those of you paying close attention to timings may have realised that there should have been some update over the recent Christmas period. Obviously there has been a lot of conversation about the proposal, some positive, some negative and many excellent points have been raised. I've been speaking to the NCC and Tobias about all of this and a course of action has been decided. It is our intent, as WG Chair and proposer, to sit down with the good folks from the NCC in early February and discuss a number of the topics and questions that have been raised by the WG. Out of this discussion will, I suspect and hope, come some revisions to the proposal and answers to some of the queries that have been raised. We hope that any updates to 2011-06 and any responses from the NCC should be with the WG during February. Thanks and a Happy New Year to you all, Brian. Co-Chair, RIPE AA-WG From fweimer at bfk.de Thu Jan 12 11:05:05 2012 From: fweimer at bfk.de (Florian Weimer) Date: Thu, 12 Jan 2012 10:05:05 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0EAE66.1030705@heanet.ie> (Brian Nisbet's message of "Thu, 12 Jan 2012 09:56:54 +0000") References: <4F0EAE66.1030705@heanet.ie> Message-ID: <821ur5utgu.fsf@mid.bfk.de> * Brian Nisbet: > I just wanted to update you all on the current status of 2011-06, as > those of you paying close attention to timings may have realised that > there should have been some update over the recent Christmas > period. Obviously there has been a lot of conversation about the > proposal, some positive, some negative and many excellent points have > been raised. I've been speaking to the NCC and Tobias about all of > this and a course of action has been decided. Is 2011-06 the result of the task force? As far as I know, it hasn't been labeled as such on the mailing list, and the wording in the proposal itself is ambiguous. I'm wondering if it made sense to pick up other issues discussed prior to the task force formation which aren't addressed in 2011-06 at all. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From chrish at consol.net Thu Jan 12 11:13:28 2012 From: chrish at consol.net (chrish at consol.net) Date: Thu, 12 Jan 2012 11:13:28 +0100 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0EAE66.1030705@heanet.ie> References: <4F0EAE66.1030705@heanet.ie> Message-ID: <4F0EB248.8080106@consol.net> Hi! On 01/12/2012 10:56 AM, Brian Nisbet wrote: > We hope that any updates to 2011-06 and any responses from the NCC should be with the WG during February. I already stated my thoughts on that, but what just strikes me is that 2.0 b) is still "Arguments opposing the proposal: None."... Regards, Chris From brian.nisbet at heanet.ie Thu Jan 12 11:15:35 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 12 Jan 2012 10:15:35 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <821ur5utgu.fsf@mid.bfk.de> References: <4F0EAE66.1030705@heanet.ie> <821ur5utgu.fsf@mid.bfk.de> Message-ID: <4F0EB2C7.8000706@heanet.ie> Florian, "Florian Weimer" wrote the following on 12/01/2012 10:05: > * Brian Nisbet: > >> I just wanted to update you all on the current status of 2011-06, as >> those of you paying close attention to timings may have realised that >> there should have been some update over the recent Christmas >> period. Obviously there has been a lot of conversation about the >> proposal, some positive, some negative and many excellent points have >> been raised. I've been speaking to the NCC and Tobias about all of >> this and a course of action has been decided. > > Is 2011-06 the result of the task force? As far as I know, it hasn't > been labeled as such on the mailing list, and the wording in the > proposal itself is ambiguous. Yes, 2011-06 came out of the work of the ACM-TF, but for various administrative and practical reasons Tobias is formally acknowledged as the proposer. > I'm wondering if it made sense to pick up other issues discussed prior > to the task force formation which aren't addressed in 2011-06 at all. The current feeling between the people looking at this proposal (the proposer, the NCC and myself as WG Chair) is that there are a number of very wide ranging issues that were raised, but that the best course of action is not to try to put them all together into one big proposal. It is likely that some of the issues, such as the NCC's point of view on data accuracy, will come up, but the main focus will be the content of 2011-06. Brian. From brian.nisbet at heanet.ie Thu Jan 12 11:19:48 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 12 Jan 2012 10:19:48 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0EB248.8080106@consol.net> References: <4F0EAE66.1030705@heanet.ie> <4F0EB248.8080106@consol.net> Message-ID: <4F0EB3C4.1080901@heanet.ie> Chris, "chrish at consol.net" wrote the following on 12/01/2012 10:13: > Hi! > > On 01/12/2012 10:56 AM, Brian Nisbet wrote: >> We hope that any updates to 2011-06 and any responses from the NCC should be with the WG during February. > > I already stated my thoughts on that, but what just strikes me is that 2.0 b) is still "Arguments opposing the proposal: None."... From the point of view of the PDP 2011-06 is still in version 1.0, so section b) of the Rationale may or may not be changed in any new versions. (Yes, I'm being ambiguous here, because I'm not the proposer, but I want to make it clear that no changes have been made to the document since it was put to the WG in November.) Brian. From russ at consumer.net Thu Jan 12 12:57:32 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 12 Jan 2012 06:57:32 -0500 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0EAE66.1030705@heanet.ie> References: <4F0EAE66.1030705@heanet.ie> Message-ID: <4F0ECAAC.9070207@consumer.net> *2011-06: * *Rationale* *a. Arguments supporting the proposal* It provides a more efficient way for maintainers to organize their provided information and helps to increase accuracy and efficiency in routing abuse reports to the correct network contact. In addition to that, it helps all kinds of institutions to find the correct abuse contact information more easily. *b. Arguments opposing the proposal* None. --- At the same time RIPE is blocking access to abuse contacts claiming they need to protect the data. What exactly is this working group trying to do? Is it to make it easier to route complaints or protect the abuse contacts from spammers? I would also suggest that links be placed to pending proposals on the group's web page at https://www.ripe.net/ripe/groups/wg/anti-abuse. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From ripe-anti-spam-wg at powerweb.de Thu Jan 12 13:54:26 2012 From: ripe-anti-spam-wg at powerweb.de (Frank Gadegast) Date: Thu, 12 Jan 2012 13:54:26 +0100 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0ECAAC.9070207@consumer.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> Message-ID: <4F0ED802.2020608@powerweb.de> russ at consumer.net wrote: > *2011-06: > * Russ, > At the same time RIPE is blocking access to abuse contacts claiming they Sure, abuse contacts are currently mixed with personal contacts, there is currently no way to sperate public abuse contacts from personal contacts. And thats what the proposal tries to change. You will have no access restrictions for the abuse contact anymore and the new abuse-c will be filled in a very short period because it will be mandatory. > need to protect the data. What exactly is this working group trying to > do? Is it to make it easier to route complaints or protect the abuse > contacts from spammers? There will be no restrictions on the abuse-c, this is an argument against the proposal, because abuse contacts will maybe be flodded a bit more with spam, specially because the spammers will find these "new" email addresses quite attractiv. But maybe they will not find them attractiv at all, because they know, that they will only reach professionals there, that can easily seperated spam from good mail and that are trained not to click every link in an email ;o) I would like to know, how much spam is really arriving at the abuse-mailbox addresses that currently exist. We are a small RIPE member and we receive only about 10 spams per month on our abuse-mailbox address (and our address is easily guessable anyway, so its likely, that spammers harvested it on a different way than looking it up via whois). So, how much spam is really arriving on abuse-mailbox address ? Maybe some on this list could check their maillogs and give an overview ? But anyway: it will be possible to protect personal contacts much better in the future, if the proposal gets through, because access restrictions could be raised here and thats a big point FOR the\ proposal. > I would also suggest that links be placed to pending proposals on the > group's web page at https://www.ripe.net/ripe/groups/wg/anti-abuse. > > Thank You Kind regards, Frank -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== From chrish at consol.net Thu Jan 12 14:40:51 2012 From: chrish at consol.net (chrish at consol.net) Date: Thu, 12 Jan 2012 14:40:51 +0100 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0ED802.2020608@powerweb.de> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> Message-ID: <4F0EE2E3.2070409@consol.net> Hi! On 01/12/2012 01:54 PM, Frank Gadegast wrote: > You will have no access restrictions for the abuse contact anymore > and the new abuse-c will be filled in a very short period because > it will be mandatory. The addresses entered into our ripe objects are not private data. They are public addresses for the purpose of ripe-stuff. Following your idea abuse-cs would always be copies of the admin-c. A reasonable approach towards what seems to be your communicated aim would be: Drop all *-c in favour of a single contact, which is meant as contact for ripe-stuff. This is of course public as it's meant that way. In case you actually wish for the possibility of multiple, specific contacts, the straightforward and all-compatible solution would be to add optional further specific contact data - that may be used by people who wish to direct mail to different specific addresses. Translated into the current state that would be: use an optional abuse-mailbox attribute (if this were mandatory, our objects would always just hold a copy of the e-mail attribute). > But maybe they will not find them attractiv at all, because they > know, that they will only reach professionals there, that can easily > seperated spam from good mail and that are trained not to click > every link in an email ;o) Yeah, that will certainly teach them. > But anyway: it will be possible to protect personal contacts much > better in the future, if the proposal gets through, because access Sorry, but it's just a stupid idea to put private data into public databases. Regards, Chris From ripe-anti-spam-wg at powerweb.de Thu Jan 12 15:20:10 2012 From: ripe-anti-spam-wg at powerweb.de (Frank Gadegast) Date: Thu, 12 Jan 2012 15:20:10 +0100 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0EE2E3.2070409@consol.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0EE2E3.2070409@consol.net> Message-ID: <4F0EEC1A.9050206@powerweb.de> chrish at consol.net wrote: > Hi! Hi, > On 01/12/2012 01:54 PM, Frank Gadegast wrote: >> You will have no access restrictions for the abuse contact anymore >> and the new abuse-c will be filled in a very short period because >> it will be mandatory. > > The addresses entered into our ripe objects are not private data. You are right, they are available for the public, but I meant the definition of public and privat data according to law (well, can only really speak for German law, but other countries see that the same way). So, they are public available, but they are no public data, they are private data, specially the email address. Its the same with e.g. domainowners, at least in Germany. The data of the resource/domain owner is private and has to be banned from automatic harvesting, thats why you need a captcha code to reveal it at denic.de Its the same with the admin-c in RIPEs resources. They should be private, but they are still available for automatic harvesting. This should be changed in a different approach. tech-c should stay public for routing issues. And the new abuse-c has to be public too for automatic reporting. Currently there is only some whois access restriction on some parts of some objects, but thats wrong and should be changed later. Some objects should be defined public including ALL their fields and some should be restricted completely. > They are public addresses for the purpose of ripe-stuff. Following your idea abuse-cs would always be copies of the admin-c. Not at all, the owner of a resource is something different than the abuse team or the routing team. > A reasonable approach towards what seems to be your communicated aim would be: > Drop all *-c in favour of a single contact Nope. "ripe-stuff" could be a lot of different things, and the plained three contacts seem to be the best way to always address the right contact for whatever purpose. > , which is meant as contact for ripe-stuff. This is of course public as it's meant that way. In case you actually wish for the possibility of multiple, specific contacts, the straightforward and all-compatible solution would be to add optional further specific contact data - that may be used by people who wish to direct mail to different specific addresses. Translated into the current state that would be: use an optional abuse-mailbox attribute (if this were mandatory, our objects would always just hold a copy of the e-mail attribute). > >> But maybe they will not find them attractiv at all, because they >> know, that they will only reach professionals there, that can easily >> seperated spam from good mail and that are trained not to click >> every link in an email ;o) > > Yeah, that will certainly teach them. We do not know until we have some numbers ... >> But anyway: it will be possible to protect personal contacts much >> better in the future, if the proposal gets through, because access > > Sorry, but it's just a stupid idea to put private data into public databases. Surely right. But what do you do, if the email address of the company owner needs to be entered ? Do you define and publish one, thats not read anyway ? Do you enter one that does not exist ? Or do you do it right and put the privat email address of the owner in ? There should be a way to seperate public and private data and thats whats the proposal plans. And if private data can be protected much better, everybody could decide to put in, whatever he likes, even the right thing ;o) Kind regards, Frank > > Regards, > > Chris -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== From russ at consumer.net Thu Jan 12 17:13:46 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 12 Jan 2012 11:13:46 -0500 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0ED802.2020608@powerweb.de> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> Message-ID: <4F0F06BA.1030305@consumer.net> >Sure, abuse contacts are currently mixed with personal contacts, As I understand it all the contacts in the database are a situation where the person agreed to list their information in the public database. Every privacy law I have ever seen exempts such information from the protection schemes. What RIPE and others on this list do is make some vague reference to some privacy law somewhere and some unnamed legal adviser put forth some kind of opinion that does not seem to be written down anywhere. The real story, as i see it, is that people want certain types of contacts. If they get a message about their ip address block then they want the message. If it is spam then they don't want it. They don't want to accept the fact that you can't have it both ways. If your contact information is publicly available for whatever reason then the spammers are going to get it. In any case I have contacted the Dutch Data Protection Authority and I have asked them to review the situation and provide a ruling. These offices are usually full of red tape so if someone locally can follow up maybe we can get a ruling. Thank You From russ at consumer.net Fri Jan 13 16:47:07 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 13 Jan 2012 10:47:07 -0500 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F0F06BA.1030305@consumer.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> Message-ID: <4F1051FB.3070601@consumer.net> >In any case I have contacted the Dutch Data Protection Authority and I have asked them to review the situation and provide a ruling. I got another answer from RIPE. They won't even acknowledge getting a ruling from the Dutch Data Protection Authority. They just repeat their same "party line" without addressing any of the substantive issues. It seems to me they don't want a legitimate review. Maybe they don't want to be exposed for misleading the RIPE community? In any case you will never have "community consensus" if the community is uniformed, or worse, intentionally misinformed by the authority. From brian.nisbet at heanet.ie Fri Jan 13 18:02:38 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Fri, 13 Jan 2012 17:02:38 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F1051FB.3070601@consumer.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> <4F1051FB.3070601@consumer.net> Message-ID: <4F1063AE.7060306@heanet.ie> Russ, "russ at consumer.net" wrote the following on 13/01/2012 15:47: > >In any case I have contacted the Dutch Data Protection Authority and I > have asked them to review the situation and provide a ruling. > > I got another answer from RIPE. They won't even acknowledge getting a > ruling from the Dutch Data Protection Authority. They just > repeat their same "party line" without addressing any of the substantive > issues. It seems to me they don't want a legitimate review. > Maybe they don't want to be exposed for misleading the RIPE community? > In any case you will never have "community consensus" if > the community is uniformed, or worse, intentionally misinformed by the > authority. Without expressing on my behalf any opinion on what you're saying above, if you are going to make accusations regarding NCC behaviour on the mailing list, could you please do so with proof? I'm sure the NCC would be happy (after you've checked with them) for you to copy any correspondence you've had on this matter to the mailing list. I'm sure we'd all also love to see anything official from the Dutch Data Protection Authority. Thanks, Brian, Co-Chair, RIPE AA-WG From security at mutluit.com Fri Jan 13 18:30:24 2012 From: security at mutluit.com (U.Mutlu) Date: Fri, 13 Jan 2012 18:30:24 +0100 Subject: [anti-abuse-wg] Mandate from the RIPE community In-Reply-To: <201201041338.q04DcVfi011346@dog.ripe.net> References: <201201041338.q04DcVfi011346@dog.ripe.net> Message-ID: <4F106A30.8060402@mutluit.com> Hi everbody, what do you say to the answer below I got from RIPE? Doesn't RIPE already have a mandate for keeping the whois database uptodate with all the vital public data like contact email address for abuse reporting etc? Normally its just a simple database scan to find the records with such missing vital data, ie. one can even automate this job to periodically request from the owners the missing data. BTW, is the RIPE community somehow organized? Any speaker/contact person etc.? U.Mutlu mutluit.com -------- Original Message -------- Subject: Re: NCC#2012010449 Missing contact data for Abuse Reporting for IP 84.240.196.128 and 84.240.197.0 Date: Wed, 04 Jan 2012 14:38:31 +0100 From: RIPE NCC Reply-To: RIPE NCC To: U.Mutlu Dear Mr. Mutlu, Thank you for your email. Indeed there is no email contact but there are some phone contact details that you can find on our DB query page. There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity. If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Anti Abuse Working Group or Address Policy Working Group mailing lists. You can find information about the mailing lists here http://www.ripe.net/ripe/groups/wg These are open working groups and views are welcomed from anyone who wishes to discuss relevant issues. Best regards, Natasa Mojsilovic ------------------ Customer Services RIPE NCC ============================================================ Visit www.IPv6ActNow.org, the one-stop website that explains everything you need to know about IPv6. ============================================================ On Wed, 04 Jan 2012 12:56:43 +0100, U.Mutlu wrote: > I want to point you to some missing data in the RIPE DB: > > Your webpage below says about RIPE queries: 'Please do not use the email address in the ???changed??? line.' > ( https://www.ripe.net/data-tools/db/faq/faq-hacking-spamming/what-can-i-do-about-spam-hacking ) > > But the following IP's have no other email contact specified > except those marked as "changed" and "upd-to" (yes I used the "-B" switch): > 84.240.196.128 > 84.240.197.0 > > And also the Abuse Finder page at https://apps.db.ripe.net/search/abuse-finder.html > doesn't find any abuse contact for these IPs. > > Regards, > > U.Mutlu > SysAdm mutluit.com From russ at consumer.net Fri Jan 13 19:03:10 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 13 Jan 2012 13:03:10 -0500 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F1063AE.7060306@heanet.ie> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> <4F1051FB.3070601@consumer.net> <4F1063AE.7060306@heanet.ie> Message-ID: <4F1071DE.9040500@consumer.net> >Without expressing on my behalf any opinion on what you're saying above, >if you are going to make accusations regarding NCC behaviour on the mailing Why don't you just them to respond to the list and address the issues? They just point me to the AUP and won't address that the requests are not coming from me. They say to use -r in my requests but won't address the the fact the requests would not give abuse contacts or that requests would then have be different to RIPE than the other RIR's. They won't address the issue that the abuse contacts involve all regions and not just RIPE. They won't name the legal advisor or point to any written opinion. There is no way to tell anything that happened or why they did it. Here is the information that is available to the "community" http://meetings.ripe.net/ripe-57/presentations/De_Ruig-Update_from_Data_Protection_Task_Force.nctn.pdf http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-task-force If they had a legitimate process a report would contain references, discussions of the issues being raised, the identity of the legal adviser, etc. The presentation is so full of acronyms that most people would have no idea what is discussed. The report is so vague that you really can't determine, for the most part, what was done or why. Common sense issues like whether the contacts agreed to have their information posted in a public database is not even mentioned. These decisions affect millions of people around the word and not just a few insiders on this list or in these groups that have all these meetings that most people cannot attend (even if they did attend they would be driven out by the insiders in short order). You show me where the general Internet community can make heads or tails of any of this. A few comments I got from visitors to my web site this week: "On the link for RIPE .. and I still wonder what drives them to block you guys ..." "Does the EU even begin to comprehend the effect of this as related to e-crime?" "Seems the EU is good for some things, maybe .. but is going a bit overboard on this one. Keep us posted. " It seems this community consensus thing isn't getting across to the users being affected. > I'm sure we'd all also love to see anything official from the Dutch > Data Protection Authority. We'll see. So far not even an acknowledgement. Thank You From russ at consumer.net Sat Jan 14 00:42:30 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 13 Jan 2012 18:42:30 -0500 Subject: [anti-abuse-wg] Mandate from the RIPE community In-Reply-To: <4F106A30.8060402@mutluit.com> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> Message-ID: <4F10C166.5060308@consumer.net> >There may be options we could pursue to check the validity of the contact >data in the objects in the RIPE Database. Where we have a direct relationship >with the owners of these objects we could request that they >update this information. But we do not have a mandate from the RIPE >community to allocate any resources to this activity. RIPE has a contract with IANA (the RIR MOU) which is where the mandate comes from. IANA, in turn, has a contract with the US Government to ensure the accuracy of the data. When contacting RIPE about this they just keep ignoring this issue just keep saying "mandate from RIPE community" over and over again. RIPE is manipulating the community by not providing complete information or addressing obvious issues. All they do is repeat stuff over and over again without addressing the substantive issues. Thank You From jorgen at hovland.cx Sat Jan 14 10:26:28 2012 From: jorgen at hovland.cx (=?UTF-8?B?SsO4cmdlbiBIb3ZsYW5k?=) Date: Sat, 14 Jan 2012 10:26:28 +0100 Subject: [anti-abuse-wg] Mandate from the RIPE community In-Reply-To: <4F106A30.8060402@mutluit.com> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> Message-ID: <4F114A44.7050503@hovland.cx> Den 1/13/12 6:30 PM, skrev U.Mutlu: > Hi everbody, > > what do you say to the answer below I got from RIPE? > > Doesn't RIPE already have a mandate for keeping the > whois database uptodate with all the vital public data > like contact email address for abuse reporting etc? > Generally, everyone could/should help with this. If you find incorrect information, tell the owner of the incorrect information about it and they will update it. > Normally its just a simple database scan to find the records > with such missing vital data, ie. one can even automate this job > to periodically request from the owners the missing data. > There is no email address requirement, so nothing is missing. You can however use the other contact information listed. From security at mutluit.com Sat Jan 14 14:19:55 2012 From: security at mutluit.com (U.Mutlu) Date: Sat, 14 Jan 2012 14:19:55 +0100 Subject: [anti-abuse-wg] What to do if ISP rejects Abuse Reports? Message-ID: <4F1180FB.3040303@mutluit.com> Hello, my systems get attacked from several IPs from Georgia (Countrycode=GE, RIR=RIPE). My Abuse Reports to the abuse address (ib at caucasus.net) of the responsible ISP for the attacker IPs (caucasus.net) just bounce: #ID: #Mail From: #Rcpt To: #Server: [62.168.168.131] # #[<02>] The reason of the delivery failure was: # #550 5.7.1 : Sender address rejected: Blocked by postmaster What to do in this case? From vesely at tana.it Sat Jan 14 20:13:41 2012 From: vesely at tana.it (Alessandro Vesely) Date: Sat, 14 Jan 2012 20:13:41 +0100 Subject: [anti-abuse-wg] What to do if ISP rejects Abuse Reports? In-Reply-To: <4F1180FB.3040303@mutluit.com> References: <4F1180FB.3040303@mutluit.com> Message-ID: <4F11D3E5.9090907@tana.it> On 14/Jan/12 14:19, U.Mutlu wrote: > my systems get attacked from several IPs from Georgia (Countrycode=GE, RIR=RIPE). > My Abuse Reports to the abuse address (ib at caucasus.net) of the > responsible ISP for the attacker IPs (caucasus.net) just bounce: > > #ID: > #Mail From: > #Rcpt To: > #Server: [62.168.168.131] Only found it on http://www.backscatterer.org/?ip=62.168.168.131 > #[<02>] The reason of the delivery failure was: > # > #550 5.7.1 : Sender address rejected: Blocked by postmaster > > What to do in this case? What I do is to ban the offending IP address for some months, using a firewall filter. I try to notify that I do so to at that address if it listens on port 25, or to any *-c of that network. Is this the recommended procedure? From michele at blacknight.ie Sun Jan 15 19:53:07 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Sun, 15 Jan 2012 18:53:07 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F1071DE.9040500@consumer.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> <4F1051FB.3070601@consumer.net> <4F1063AE.7060306@heanet.ie> <4F1071DE.9040500@consumer.net> Message-ID: On 13 Jan 2012, at 18:03, russ at consumer.net wrote: > >Without expressing on my behalf any opinion on what you're saying above, > >if you are going to make accusations regarding NCC behaviour on the mailing > > Why don't you just them to respond to the list and address the issues? Read the list archives. RIPE NCC staff will reply to the list when they feel that they need to > They just point me > to the AUP and won't address that the requests are not coming from me. They say to use -r > in my requests So they're telling you what to do, but since you don't like it you come onto this list to whinge and whine? > but won't address the the fact the requests would not give abuse contacts or > that requests would then have be different to RIPE than the other RIR's. Each RIR has its own database. If you can't handle the different formats then that's your problem, not RIPE's > They won't address > the issue that the abuse contacts involve all regions and not just RIPE. That doesn't even make any sense > They won't name the > legal advisor or point to any written opinion. There is no way to tell anything that happened > or why they did it. Here is the information that is available to the "community" > > http://meetings.ripe.net/ripe-57/presentations/De_Ruig-Update_from_Data_Protection_Task_Force.nctn.pdf > > http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-task-force > > If they had a legitimate process a report would contain references, discussions of the issues being raised, > the identity of the legal adviser, etc. If you're not happy with the processes then why don't you address this directly during a RIPE meeting? That's where most other people do it when they're not happy. > The presentation is so full of acronyms that most people would have no > idea what is discussed. RIPE is by its nature a technical organization. Like any technical organization it will have its own jargon and acronyms. Most people aren't that interested in what RIPE does and those that are take the time to learn what the acronyms mean. > The report is so vague that you really can't determine, for the most part, what was done > or why. Common sense issues like whether the contacts agreed to have their information posted in a public > database is not even mentioned. > > These decisions affect millions of people around the word and not just a few insiders on this list or in these groups > that have all these meetings that most people cannot attend Huh? RIPE meetings are public. Anyone can attend. If you want to make attacks on RIPE at least make an effort to get basic facts right. > (even if they did attend they would be driven > out by the insiders in short order). You show me where the general Internet community can make heads or tails > of any of this. You'd need to define "the general internet community" before anyone could even try to address that query. Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From brian.nisbet at heanet.ie Mon Jan 16 10:20:12 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 16 Jan 2012 09:20:12 +0000 Subject: [anti-abuse-wg] Mandate from the RIPE community In-Reply-To: <4F106A30.8060402@mutluit.com> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> Message-ID: <4F13EBCC.2060703@heanet.ie> Hi, The RIPE NCC has no mandate from the community to perform regular checks on the contact data provided by a member. This has been much discussed in recent times. Right now there is no proposal formally asking the NCC to do this, nor is the Abuse Contact Management Task Force looking at this, however I suspect it will not be long before the matter is raised here or in another RIPE WG formally again. As to whether the RIPE community is organised, there is substantial information on this matter on this matter here: http://www.ripe.net/ripe The community acts through the working group mailing lists and twice a year it comes together at a full RIPE meeting. There are also regional meetings, but ultimately policy is discussed and decided on the mailing list. If you have any specific questions you can contact the Co-Chairs of this working group at aa-wg-chairs at ripe.net Brian, Co-Chair, Anti-Abuse WG "U.Mutlu" wrote the following on 13/01/2012 17:30: > Hi everbody, > > what do you say to the answer below I got from RIPE? > > Doesn't RIPE already have a mandate for keeping the > whois database uptodate with all the vital public data > like contact email address for abuse reporting etc? > > Normally its just a simple database scan to find the records > with such missing vital data, ie. one can even automate this job > to periodically request from the owners the missing data. > > BTW, is the RIPE community somehow organized? Any speaker/contact person > etc.? > > U.Mutlu > mutluit.com > > > -------- Original Message -------- > Subject: Re: NCC#2012010449 Missing contact data for Abuse Reporting for > IP 84.240.196.128 and 84.240.197.0 > Date: Wed, 04 Jan 2012 14:38:31 +0100 > From: RIPE NCC > Reply-To: RIPE NCC > To: U.Mutlu > > Dear Mr. Mutlu, > > Thank you for your email. > Indeed there is no email contact but there are some phone contact > details that you can find on our DB query page. > > There may be options we could pursue to check the validity of the contact > data in the objects in the RIPE Database. Where we have a direct > relationship with the owners of these objects we could request that they > update this information. But we do not have a mandate from the RIPE > community to allocate any resources to this activity. If you feel this > should have a higher priority then you may raise the issue on the Database > Working Group or Anti Abuse Working Group or Address Policy Working Group > mailing lists. You can find information about the mailing lists here > > http://www.ripe.net/ripe/groups/wg > > These are open working groups and views are welcomed from anyone who > wishes to discuss relevant issues. > > > Best regards, > > Natasa Mojsilovic > ------------------ > Customer Services > RIPE NCC > > ============================================================ > > Visit www.IPv6ActNow.org, the one-stop website that > explains everything you need to know about IPv6. > > ============================================================ > > > On Wed, 04 Jan 2012 12:56:43 +0100, U.Mutlu wrote: >> I want to point you to some missing data in the RIPE DB: >> >> Your webpage below says about RIPE queries: 'Please do not use the >> email address in the ???changed??? line.' >> ( >> https://www.ripe.net/data-tools/db/faq/faq-hacking-spamming/what-can-i-do-about-spam-hacking >> ) >> >> But the following IP's have no other email contact specified >> except those marked as "changed" and "upd-to" (yes I used the "-B" >> switch): >> 84.240.196.128 >> 84.240.197.0 >> >> And also the Abuse Finder page at >> https://apps.db.ripe.net/search/abuse-finder.html >> doesn't find any abuse contact for these IPs. >> >> Regards, >> >> U.Mutlu >> SysAdm mutluit.com > > From brian.nisbet at heanet.ie Mon Jan 16 10:33:17 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 16 Jan 2012 09:33:17 +0000 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F1071DE.9040500@consumer.net> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> <4F1051FB.3070601@consumer.net> <4F1063AE.7060306@heanet.ie> <4F1071DE.9040500@consumer.net> Message-ID: <4F13EEDD.6090706@heanet.ie> Russ, "russ at consumer.net" wrote the following on 13/01/2012 18:03: > >Without expressing on my behalf any opinion on what you're saying above, > >if you are going to make accusations regarding NCC behaviour on the > mailing > > Why don't you just them to respond to the list and address the issues? > They just point me > to the AUP and won't address that the requests are not coming from me. I don't feel it is up to the NCC or anyone else to reply on this mailing list to accusations that, right now, have no back up. If you wish to discuss this privately you're more than welcome to mail Tobias and I at aa-wg-chairs at ripe.net and we can discuss the matter with the NCC with an eye to a public and transparent resolution to this. > They say to use -r > in my requests but won't address the the fact the requests would not > give abuse contacts or > that requests would then have be different to RIPE than the other RIR's. > They won't address > the issue that the abuse contacts involve all regions and not just RIPE. There is, right now, no formal requirement for members to supply abuse contact information. And the regional DBs are not linked. I don't think there's any question that abuse is a global problem and I don't feel the NCC are ignoring this, but without specific details it's hard to say. > They won't name the > legal advisor or point to any written opinion. There is no way to tell > anything that happened > or why they did it. Here is the information that is available to the > "community" > > http://meetings.ripe.net/ripe-57/presentations/De_Ruig-Update_from_Data_Protection_Task_Force.nctn.pdf > > http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-task-force And remember, the DP-TF was a community effort. If this is something the community feels needs to be revisited and there is legitimate reason to do so, then it should be revisited. > These decisions affect millions of people around the word and not just a > few insiders on this list or in these groups > that have all these meetings that most people cannot attend (even if > they did attend they would be driven > out by the insiders in short order). You show me where the general > Internet community can make heads or tails > of any of this. An awful lot of work has been done over the years to make the RIPE community as open as possible. We have all of our discussions on these mailing lists, the meetings are streamed live with an option for public participation and while I realise people may dismiss my words on this matter with the accusation of be being some sort of "insider" the recent feedback we've got is that new attendees at meetings *don't* feel that way. However things can always be improved and the Working Group Chairs Collective is always open to suggestions and the like. Brian. From russ at consumer.net Mon Jan 16 16:38:59 2012 From: russ at consumer.net (russ at consumer.net) Date: Mon, 16 Jan 2012 10:38:59 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F10C166.5060308@consumer.net> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> Message-ID: <4F144493.6080902@consumer.net> RIPE is now claiming the IP addresses they are collecting on their blacklist are not "personal information." I thought business contacts are considered "personal information" under the EU privacy directives? IP addresses allocated to businesses are in various whois databases. Reverse lookups identify domains which also lead to businesses. It seems to me that the blacklisting done by RIPE falls into this category when it is used to specifically blacklist a business. How is is that the contacts in the RIPE database are "personal information" yet the IP addresses associated with those contacts are not? Aren't they associated by doing a whois lookup that anyone can do? RIPE won't explain or acknowledge my request to have the matter reviewed by the Dutch Data Protection office. All I got was the vague response shown below. Thank You >On 1/16/2012 10:22 AM, RIPE Database Manager wrote: >Dear Russ, >Please note that we do not collect any personal informations. >The access block to the RIPE Database is based only on the IP address. >I hope to have informed you sufficiently. From thor.kottelin at turvasana.com Mon Jan 16 16:47:11 2012 From: thor.kottelin at turvasana.com (Thor Kottelin) Date: Mon, 16 Jan 2012 17:47:11 +0200 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F144493.6080902@consumer.net> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> Message-ID: > -----Original Message----- > From: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg- > bounces at ripe.net] On Behalf Of russ at consumer.net > Sent: Monday, January 16, 2012 5:39 PM > To: anti-abuse-wg at ripe.net > RIPE is now claiming the IP addresses they are collecting on their > blacklist are not "personal information." > RIPE won't explain or acknowledge my request to have the matter > reviewed > by the Dutch Data Protection office. Although I am not familiar with Dutch procedural law, the filing of a complaint is often incumbent on the complainant. The contact information of the Dutch Data Protection Authority appears to be available at http://www.dutchdpa.nl/Pages/en_ind_contact.aspx. -- Thor Kottelin http://www.anta.net/ From russ at consumer.net Mon Jan 16 17:44:37 2012 From: russ at consumer.net (russ at consumer.net) Date: Mon, 16 Jan 2012 11:44:37 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> Message-ID: <4F1453F5.3070602@consumer.net> >Although I am not familiar with Dutch procedural law, the filing of a complaint is often incumbent on the complainant. The contact information of the Dutch Data Protection Authority appears >to be available at http://www.dutchdpa.nl/Pages/en_ind_contact.aspx. I probably don't standing to file a complaint since I am outside the EU. I had contacted them for more information but i have not yet received an acknowledgement. From security at mutluit.com Mon Jan 16 17:54:03 2012 From: security at mutluit.com (U.Mutlu) Date: Mon, 16 Jan 2012 17:54:03 +0100 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F144493.6080902@consumer.net> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> Message-ID: <4F14562B.8020704@mutluit.com> russ at consumer.net wrote, On 2012-01-16 16:38: > RIPE is now claiming the IP addresses they are collecting on their blacklist are not "personal information." I thought business contacts are considered "personal information" under the EU privacy directives? IP addresses allocated to businesses are in various whois databases. Reverse lookups identify domains which also lead to businesses. It seems to me that the blacklisting done by RIPE falls into this category when it is used to specifically blacklist a business. How is is that the contacts in the RIPE database are "personal information" yet the IP addresses associated with those contacts are not? Aren't they associated by doing a whois lookup that anyone can do? > > RIPE won't explain or acknowledge my request to have the matter reviewed by the Dutch Data Protection office. All I got was the vague response shown below. > > Thank You > > > >On 1/16/2012 10:22 AM, RIPE Database Manager wrote: > >Dear Russ, > > >Please note that we do not collect any personal informations. > >The access block to the RIPE Database is based only on the IP address. > >I hope to have informed you sufficiently. The RIPE AUP has some more info on this issue: http://www.ripe.net/db/support/db-aup.pdf I think RIPE just wants to prevent abuse done by some egoistic people who endlessly query the database and/or misuse the service for commercial purpose. Ie. that's similar to protecting against "Denial of Service" attacks. IMHO it's legitimate to protect the system, I personally wouldn't do any different. But I would unblock the culprits automatically after a predefined period (x hours or days). And: not sure it there exists any ready-to-use caching whois servers (like it is the case with DNS servers), but if you are a programmer then you could also add a local whois lookup cache into your application, or to one of your systems, and do all queries via that cache... to reduce the number of physical connections to RIPE... Makes sense of course only if the same records are queried over and over again... From russ at consumer.net Mon Jan 16 18:29:56 2012 From: russ at consumer.net (russ at consumer.net) Date: Mon, 16 Jan 2012 12:29:56 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F14562B.8020704@mutluit.com> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> <4F14562B.8020704@mutluit.com> Message-ID: <4F145E94.4060806@consumer.net> >I think RIPE just wants to prevent abuse done by some egoistic people >who endlessly query the database and/or misuse the service for commercial purpose. I have already explained that RIPE says this is not the issue and there is no problem with the queries if the "-r" is used. The issue is the "personal information" in the database and the WU and Dutch privacy laws. From P.Vissers at opta.nl Tue Jan 17 09:41:24 2012 From: P.Vissers at opta.nl (Vissers, Pepijn) Date: Tue, 17 Jan 2012 08:41:24 +0000 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F145E94.4060806@consumer.net> References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> <4F14562B.8020704@mutluit.com> <4F145E94.4060806@consumer.net> Message-ID: Under Dutch (and European) privacy directives, any information that can uniquely distinguish a natural person (ie. NOT 'a business'...) is to be considered 'personal information'. So, an IP address CAN be personal information, if the data collector can link it to a person without too much hassle. Think webshops who log your IP at logon, they can connect that to your account data, so in *that* case an IP address is logged by the shop is indeed considered 'personal information' and must be protected by the shop accordingly. In your case with RIPE, your IP address is probably not considered 'personal information'. IANAL. Check out http://en.wikipedia.org/wiki/Data_Protection_Directive. > -----Oorspronkelijk bericht----- > Van: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg-bounces at ripe.net] > Namens russ at consumer.net > Verzonden: maandag 16 januari 2012 18:30 > Aan: anti-abuse-wg at ripe.net > Onderwerp: Re: [anti-abuse-wg] What is Personal information? > > >I think RIPE just wants to prevent abuse done by some egoistic people >who > endlessly query the database and/or misuse the service for commercial purpose. > > I have already explained that RIPE says this is not the issue and there is no > problem with the queries if the "-r" is used. The issue is the "personal > information" in the database and the WU and Dutch privacy laws. > > +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail at opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. From ops.lists at gmail.com Tue Jan 17 10:18:05 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 17 Jan 2012 14:48:05 +0530 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> <4F14562B.8020704@mutluit.com> <4F145E94.4060806@consumer.net> Message-ID: In other words, Russ could probably approach the Dutch privacy regulator with a query, cc RIPE NCC legal, and then accept whatever ruling applies? I seriously doubt if anybody on this list other than the three parties above is qualified to comment definitely on this issue. So - Russ, please take it offlist, and do come back to let us know what ruling you get. I personally would be interested in what you learn. thanks --srs On Tue, Jan 17, 2012 at 2:11 PM, Vissers, Pepijn wrote: > Under Dutch (and European) privacy directives, any information that can uniquely distinguish a natural person (ie. NOT 'a business'...) is to be considered 'personal information'. > > So, an IP address CAN be personal information, if the data collector can link it to a person without too much hassle. Think webshops who log your IP at logon, they can connect that to your account data, so in *that* case an IP address is logged by the shop is indeed considered 'personal information' and must be protected by the shop accordingly. In your case with RIPE, your IP address is probably not considered 'personal information'. IANAL. > > Check out http://en.wikipedia.org/wiki/Data_Protection_Directive. > > >> -----Oorspronkelijk bericht----- >> Van: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg-bounces at ripe.net] >> Namens russ at consumer.net >> Verzonden: maandag 16 januari 2012 18:30 >> Aan: anti-abuse-wg at ripe.net >> Onderwerp: Re: [anti-abuse-wg] What is Personal information? >> >> ?>I think RIPE just wants to prevent abuse done by some egoistic people ?>who >> endlessly query the database and/or misuse the service for commercial purpose. >> >> I have already explained that RIPE says this is not the issue and there is no >> problem with the queries if the "-r" is used. ?The issue is the "personal >> information" in the database and the WU and Dutch privacy laws. >> >> > > +++++++++++++++++++++++++++++++++++++++++++++ > Disclaimer > Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. > Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging > of ander gebruik ervan niet is toegestaan. > Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan > direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. > Dit e-mailbericht is uitsluitend gecontroleerd op virussen. > OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen > geen rechten aan worden ontleend. > > > This e-mail message may contain confidential information or information protected by professional privilege. > If it is not intended for you, you should be aware that any distribution, copying or other form of use of > this message is not permitted. > If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 > or e-mail mailto:mail at opta.nl and destroy the message immediately. > This e-mail message has only been checked for viruses. > The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. > OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. > No rights can be derived from this message. -- Suresh Ramasubramanian (ops.lists at gmail.com) From russ at consumer.net Tue Jan 17 14:20:06 2012 From: russ at consumer.net (russ at consumer.net) Date: Tue, 17 Jan 2012 08:20:06 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: References: <201201041338.q04DcVfi011346@dog.ripe.net> <4F106A30.8060402@mutluit.com> <4F10C166.5060308@consumer.net> <4F144493.6080902@consumer.net> <4F14562B.8020704@mutluit.com> <4F145E94.4060806@consumer.net> Message-ID: <4F157586.5030108@consumer.net> >In other words, Russ could probably approach the Dutch privacy regulator with a query, cc RIPE NCC legal, and then accept whatever ruling applies? I seriously doubt if anybody on this list >other than the three parties above is qualified to comment definitely on this issue. So - Russ, please take it offlist, and do come back to let us know what ruling you get. I personally would be >interested in what you learn. >Under Dutch (and European) privacy directives, any information that can uniquely distinguish a natural person (ie. NOT 'a business'...) is to be considered 'personal information'. So, an IP >address CAN be personal information, if the data collector can link it to a person without too much hassle. Think webshops who log your IP at logon, they can connect that to your account >data, so in *that* case an IP address is logged by the shop is indeed considered 'personal information' and must be protected by the shop accordingly. In your case with RIPE, your IP address is >probably not considered 'personal information'. IANAL. Check out http://en.wikipedia.org/wiki/Data_Protection_Directive. The same reasoning that says RIPE database information is "personal information" can be applied to IP addresses (in some cases). If the IP is registered you would get those contacts by running a whois (or doing a reverse lookup would identify a domain which can bee looked up). It seems to me if the RIPE database entries are "personal information" then so it the IP address associated with that record. Even if is is personal information the issue is then whether they gave permission to have it posted in a public database. If the RIPE NCC legal department had an answer it would have been put on the public reports and/or they would answer the inquiries put forth my me and others. I have sent an inquiry to the Dutch privacy office but, while these offices sound good in theory, they are usually a bureaucratic nightmare. Since I dot live within the region I think it is unlikely I would get an answer. If the process is legitimate I would have thought RIPE would have gone to the office for a ruling before they changed the access policy. the fact is RIPE won't supply their legal department's analysis and they won't respond to my request to have the Dutch privacy office review the matter. There would be a much better chance of getting a ruling if RIPE would ask them ... but they don't seem to want to do that so I can only speculate why they would not want to do the obvious thing. Thank You From jorgen at hovland.cx Tue Jan 17 22:31:47 2012 From: jorgen at hovland.cx (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Tue, 17 Jan 2012 22:31:47 +0100 Subject: [anti-abuse-wg] Status of 2011-06 In-Reply-To: <4F13EEDD.6090706@heanet.ie> References: <4F0EAE66.1030705@heanet.ie> <4F0ECAAC.9070207@consumer.net> <4F0ED802.2020608@powerweb.de> <4F0F06BA.1030305@consumer.net> <4F1051FB.3070601@consumer.net> <4F1063AE.7060306@heanet.ie> <4F1071DE.9040500@consumer.net> <4F13EEDD.6090706@heanet.ie> Message-ID: <4F15E8C3.7090007@hovland.cx> Something to think about regarding 2011-06. I recently complained to ARIN that the email contact information for an assignment was incorrect and autoreplied with that the email will not be read. The reply I received was that there is no policy against this. As far as I can see, there is nothing in the 2011-06 proposal that prevents the same thing from happening. Any proposal suggesting that an email address is mandatory should also require that the email is being read and responded to by a human person if it cannot be processed by a robot. I don't want to receive email autoreplies with "please go to this URL, register with your complete details, receive PIN-code on your mobile, type in the CAPTCHA words, verify with link in email, login and fill out this 26-field abuse form" in order to complain. In cases like these, the remark:-field in the ripe db would be much more suitable than an abuse-c:-handle for abuse contact information because it would save me time reading how to complain. From arin: --- Hello, Contact information that is functional (meaning email sent to the listed email address is received) is considered to be valid. The community of network operators in the ARIN region has never indicated to ARIN that any specific response should be expected other than successful receipt of email. If there's a consensus some other definition of "valid" should be used, that change needs to be proposed by someone either via ARIN's Policy Development Process or ARIN's Consultation and Suggestion Process: https://www.arin.net/policy/pdp.html https://www.arin.net/participate/acsp/index.html --- From nikos at ichost.ru Wed Jan 18 08:23:42 2012 From: nikos at ichost.ru (=?koi8-r?B?4dPU0s/XIO7Jy8/Mwco=?=) Date: Wed, 18 Jan 2012 11:23:42 +0400 Subject: [anti-abuse-wg] Wrong AS-SET by LIR Message-ID: <228081326871422@web136.yandex.ru> Wrong AS-SET by LIR (inscribed clients long ushedshie from this ISP). Lir not responding to any requests (effectively bankrupt). Where to write for correct? (Not built right routes from some providers - delays and losses). On export / import this AS records should not be in the AS-SET of LIR. From maildanrl at googlemail.com Wed Jan 18 08:39:30 2012 From: maildanrl at googlemail.com (Dan Luedtke) Date: Wed, 18 Jan 2012 08:39:30 +0100 Subject: [anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database) In-Reply-To: <4ED3F845.6080708@abusix.com> References: <201111231347.pANDlH64028370@pechora5.dc.icann.org> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A3EB9@EXVPMBX100-1.exc.icann.org> <4ECE4C4A.5090106@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A411A@EXVPMBX100-1.exc.icann.org> <4ED3F845.6080708@abusix.com> Message-ID: Hallo everyone, On Mon, Nov 28, 2011 at 10:08 PM, Tobias Knecht wrote: > The abuse-c will reference a person, role or > organization object. I followed the discussion and looked at some RIPE Database entries to get an idea what the problem was. With the reference to roles and/or organizations, for most space holders it will be easy to comply with the proposed policy. I support this proposal, even if the wording might not be the best at the moment (I guess it will change during the process, I saw that on other policies already). regards, danrl -- Dan Luedtke http://www.danrl.de From denatrisconsult at hotmail.nl Wed Jan 18 12:21:52 2012 From: denatrisconsult at hotmail.nl (Wout de Natris) Date: Wed, 18 Jan 2012 12:21:52 +0100 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 7 Re: What is Personal information? In-Reply-To: References: Message-ID: All, The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed. This is how the policy was explained to me last year by the DPA. So even if RIPE NCC wants to have a ruling this way, she will not get one. So it's of no use to keep discussing this part here. The DPA may look into complaints though. In this it should not matter where a complaint comes from. Whether or not she does, is at her discretion. So if you've filed a complaint, you need to go through that channel and follow it up with a call, e.g. There's nothing that this WG could do to alter this. Regards, Wout de Natris - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - De Natris Consult Raaphorst 33 Tel: +31 648388813 2352 KJ Leiderdorp Skype: wout.de.natris denatrisconsult at hotmail.nl http://www.denatrisconsult.nl Blog http://woutdenatris.wordpress.com > Message: 1 > Date: Tue, 17 Jan 2012 08:20:06 -0500 > From: "russ at consumer.net" > Subject: Re: [anti-abuse-wg] What is Personal information? > To: "anti-abuse-wg at ripe.net" > Message-ID: <4F157586.5030108 at consumer.net> > Content-Type: text/plain; charset=UTF-8; format=flowed > > >In other words, Russ could probably approach the Dutch privacy > regulator with a query, cc RIPE NCC legal, and then accept whatever > ruling applies? I seriously doubt if anybody on this list >other than > the three parties above is qualified to comment definitely on this > issue. So - Russ, please take it offlist, and do come back to let us > know what ruling you get. I personally would be >interested in what you > learn. > > > >Under Dutch (and European) privacy directives, any information that > can uniquely distinguish a natural person (ie. NOT 'a business'...) is > to be considered 'personal information'. So, an IP >address CAN be > personal information, if the data collector can link it to a person > without too much hassle. Think webshops who log your IP at logon, they > can connect that to your account >data, so in *that* case an IP address > is logged by the shop is indeed considered 'personal information' and > must be protected by the shop accordingly. In your case with RIPE, your > IP address is >probably not considered 'personal information'. IANAL. > Check out http://en.wikipedia.org/wiki/Data_Protection_Directive. > > > The same reasoning that says RIPE database information is "personal > information" can be applied to IP addresses (in some cases). > If the IP is registered you would get those contacts by running a whois > (or doing a reverse lookup would identify a domain which > can bee looked up). It seems to me if the RIPE database entries are > "personal information" then so it the IP address associated > with that record. Even if is is personal information the issue is then > whether they gave permission to have it posted in a public database. > > If the RIPE NCC legal department had an answer it would have been put on > the public reports and/or they would answer the inquiries > put forth my me and others. I have sent an inquiry to the Dutch > privacy office but, while these offices sound good in theory, > they are usually a bureaucratic nightmare. Since I dot live within the > region I think it is unlikely I would get an answer. If the process > is legitimate I would have thought RIPE would have gone to the office > for a ruling before they changed the access policy. the fact is > RIPE won't supply their legal department's analysis and they won't > respond to my request to have the Dutch privacy office review the > matter. There would be a much better chance of getting a ruling if RIPE > would ask them ... but they don't seem to want to do that > so I can only speculate why they would not want to do the obvious thing. > > Thank You > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From security at mutluit.com Wed Jan 18 12:27:16 2012 From: security at mutluit.com (U.Mutlu) Date: Wed, 18 Jan 2012 12:27:16 +0100 Subject: [anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database) In-Reply-To: References: <201111231347.pANDlH64028370@pechora5.dc.icann.org> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A3EB9@EXVPMBX100-1.exc.icann.org> <4ECE4C4A.5090106@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A411A@EXVPMBX100-1.exc.icann.org> <4ED3F845.6080708@abusix.com> Message-ID: <4F16AC94.5010201@mutluit.com> Dan Luedtke wrote, On 2012-01-18 08:39: > On Mon, Nov 28, 2011 at 10:08 PM, Tobias Knecht wrote: >> The abuse-c will reference a person, role or >> organization object. > I followed the discussion and looked at some RIPE Database entries to > get an idea what the problem was. With the reference to roles and/or > organizations, for most space holders it will be easy to comply with > the proposed policy. > > I support this proposal, even if the wording might not be the best at > the moment (I guess it will change during the process, I saw that on > other policies already). I too support the proposal, but under these conditions: the new handle "abuse-c" and the abuse contact info under this handle must be _mandatory_, not optional, and it must be a functioning email address, not a web link etc. A non-functional abuse email contact shall mean an abuse itself. To automate the task of abuse reporting (and of abuse processing at the receiver side) I even would like to have several (2 or 3) abuse contact email addresses as there are several kinds of abuses (spam with ads, spam with criminal intent, hacking attempts, flood attacks/(D)DoS, portscans, service attacks, copyright infringement, impersonation, sockpuppetry, insult/discrimination, ...), but I think this should be made some time later in a new proposal when enough experience has been collected with "abuse-c". Another method would be to use just one abuse address but use a specific keyword in the subject line for automatic filtering/routing the report to the right department at the receiver side. These keywords (key) should be the same for all organizations, ie. it shall be standardized and published by the RIR. But as said, these extended methods can be done some time later in a new proposal. For newcomers: here's the ongoing proposal and some related pages: http://www.ripe.net/ripe/policies/proposals/2011-06 https://labs.ripe.net/ripe-database/abuse-handling-in-the-ripe-database http://www.ripe.net/ripe/groups/tf/abuse-contact Minutes and archives: http://www.ripe.net/ripe/groups/wg/anti-abuse Rgds, U.Mutlu www.mutluit.com From russ at consumer.net Wed Jan 18 13:57:34 2012 From: russ at consumer.net (russ at consumer.net) Date: Wed, 18 Jan 2012 07:57:34 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: References: Message-ID: <4F16C1BE.6000504@consumer.net> >The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed. This is good information. However, I do not understand why all this information is not contained in the report at http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-task-force I have made several inquiries to RIPE, the w- chairs, etc. yet nobody has an answer. If you have system that is supposed to be bottom up then the members need to have this type of information to make informed decisions. Can anyone explain why this information (and other relevant information) does not appear in the official report? People keep suggesting I make a proposal but if I don't have the information that is not practical. The system seems designed to deter people from getting involved. Thank You From michele at blacknight.ie Wed Jan 18 14:04:17 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Wed, 18 Jan 2012 13:04:17 +0000 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F16C1BE.6000504@consumer.net> References: <4F16C1BE.6000504@consumer.net> Message-ID: <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> This thread has really gone on for long enough Russ - if you have concerns regarding RIPE policy etc., then you either need to take them up with RIPE or maybe on the relevant RIPE mailing list I honestly don't see how all this back and forth, which is bordering on a monologue, is of any relevance to Anti-Abuse On 18 Jan 2012, at 12:57, russ at consumer.net wrote: > >The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed. > > This is good information. However, I do not understand why all this information is not contained in the report at > > http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-task-force > > I have made several inquiries to RIPE, the w- chairs, etc. yet nobody has an answer. If you have > system that is supposed to be bottom up then the members need to have this type of information > to make informed decisions. > > Can anyone explain why this information (and other relevant information) does not appear in the > official report? People keep suggesting I make a proposal but if I don't have the information that is > not practical. The system seems designed to deter people from getting involved. > > Thank You > > Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From russ at consumer.net Wed Jan 18 14:09:36 2012 From: russ at consumer.net (russ at consumer.net) Date: Wed, 18 Jan 2012 08:09:36 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> Message-ID: <4F16C490.9050409@consumer.net> >I honestly don't see how all this back and forth, which is bordering on a monologue, is of any relevance to Anti-Abuse I don't see the relevance of any of your posts other than to (1) promote an agenda of driving people away and (2) to post all that spam in your signature. Thank You From maildanrl at googlemail.com Wed Jan 18 17:19:20 2012 From: maildanrl at googlemail.com (Dan Luedtke) Date: Wed, 18 Jan 2012 17:19:20 +0100 Subject: [anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database) In-Reply-To: <4F16AC94.5010201@mutluit.com> References: <201111231347.pANDlH64028370@pechora5.dc.icann.org> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A3EB9@EXVPMBX100-1.exc.icann.org> <4ECE4C4A.5090106@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A411A@EXVPMBX100-1.exc.icann.org> <4ED3F845.6080708@abusix.com> <4F16AC94.5010201@mutluit.com> Message-ID: On Wed, Jan 18, 2012 at 12:27 PM, U.Mutlu wrote: > I even would like to have several (2 or 3) abuse contact email addresses > as there are several kinds of abuses (spam with ads, spam with criminal > intent, > hacking attempts, flood attacks/(D)DoS, portscans, service attacks, > copyright infringement, impersonation, sockpuppetry, insult/discrimination, > ...), I like this kind of information to be embedded in the protocol/format used for reporting. There are already standards being worked on, or even used. This should not be part of the RIPE database itself. regards, danrl -- Dan Luedtke http://www.danrl.de From security at mutluit.com Wed Jan 18 18:30:34 2012 From: security at mutluit.com (U.Mutlu) Date: Wed, 18 Jan 2012 18:30:34 +0100 Subject: [anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database) In-Reply-To: References: <201111231347.pANDlH64028370@pechora5.dc.icann.org> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A3EB9@EXVPMBX100-1.exc.icann.org> <4ECE4C4A.5090106@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A411A@EXVPMBX100-1.exc.icann.org> <4ED3F845.6080708@abusix.com> <4F16AC94.5010201@mutluit.com> Message-ID: <4F1701BA.9030905@mutluit.com> Dan Luedtke wrote, On 2012-01-18 17:19: > On Wed, Jan 18, 2012 at 12:27 PM, U.Mutlu wrote: >> I even would like to have several (2 or 3) abuse contact email addresses >> as there are several kinds of abuses (spam with ads, spam with criminal >> intent, >> hacking attempts, flood attacks/(D)DoS, portscans, service attacks, >> copyright infringement, impersonation, sockpuppetry, insult/discrimination, >> ...), > > I like this kind of information to be embedded in the protocol/format > used for reporting. There are already standards being worked on, or > even used. This should not be part of the RIPE database itself. I guess you mean ARF/MARF (RFC 5965; http://www.ietf.org/dyn/wg/charter/marf-charter); yes, makes sense to handle the details therein. Of course ARF/MARF as well depends on a abuse contact, so we need a mandatory standard to follow, and therefore the current proposal of the wg should be ratified as soon as possible. From kranjbar at ripe.net Thu Jan 19 15:30:50 2012 From: kranjbar at ripe.net (Kaveh Ranjbar) Date: Thu, 19 Jan 2012 15:30:50 +0100 Subject: [anti-abuse-wg] Limited access to personal data in bulk Message-ID: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> Dear colleagues, Following recent discussions on this mailing list regarding personal data, the RIPE NCC would like to clarify a few points. The main issue is the limited access to what is considered personal data. One of the consequences of this limit is our access control system. That system automatically bans IP addresses that hit the daily limit of queries with personal data several times. There are some important points to bear in mind here: - The EU Directive sets minimum requirements for protecting personal data - The RIPE NCC is the secretariat for the RIPE community and as such implements the policies and wishes of the RIPE community - The RIPE NCC does not make any policies - The RIPE NCC itself is neutral regarding the choice of allowing either full or restricted public access to that information in bulk - As part of the RIPE Policy Development Process, the RIPE NCC may recommend a legal review of a policy proposal A few years ago, the RIPE Data Protection Task Force was formed to consider the whole issue of data protection for the data contained within the RIPE Database. After discussing different scenarios and analysing their impacts, the Task Force reported back to the RIPE Database Working Group. It was recognised by the Task Force that all the personal data contained within the RIPE Database must remain publicly available. Each individual personal data set can be queried by using the interfaces made available to the RIPE Database. The RIPE Database Working Group placed a number of action points on the RIPE NCC to implement some features, including restricting access to *bulk* personal data. The current policies impose restrictions on accessing *bulk* personal data to prevent possible abuse of the personal data contained within the database. Imposing any restrictions will have consequences. One of the consequences is restricted access to abuse contacts as currently stored in the RIPE Database. RIPE Policy Proposal 2011-06 is being discussed by the Anti-Abuse Working Group to address this specific issue. This policy will require an abuse contact related to Internet resources. This contact can be clearly marked and documented as a public field that, from the beginning, will not be regarded as personal data and will not be subject to any access restrictions, even bulk access. I would like to emphasise that the RIPE NCC executes the wishes of the RIPE community. When the community reaches consensus for a certain functionality or process, the RIPE NCC will implement and/or execute the functionality or process. In case of legal limitations, the RIPE NCC will strive for a solution that is as close as possible to the original community wishes. The RIPE NCC always reports back on this implementation and its details. There has been a suggestion that what is considered personal data should be publicly available in bulk, without any restrictions. If the community has any concerns about this restriction, perhaps this can be discussed as a specific issue on the Anti-Abuse or RIPE Database Working Group mailing list to determine if there is any consensus within the community to amend this restriction. As always, the RIPE NCC will follow all discussions and will do its best to implement the wishes of the community. The RIPE NCC always welcomes direct feedback from its members and the community. However for issues such as this, addressing concerns directly to the RIPE NCC has little effect because the RIPE NCC does not have the authority to make such a decision on behalf of the community. I hope this has helped explain some background to the concerns and ways to move forward if the issues are not resolved. Please let me know if there are any further questions, or put them to the community using the mailing lists. Kind Regards, Kaveh. --- Kaveh Ranjbar RIPE NCC Database Group Manager From russ at consumer.net Thu Jan 19 17:38:47 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 19 Jan 2012 11:38:47 -0500 Subject: [anti-abuse-wg] Limited access to personal data in bulk In-Reply-To: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> Message-ID: <4F184717.4000505@consumer.net> >Following recent discussions on this mailing list regarding personal data, the RIPE NCC would like to clarify a few points. I have a few questions to RIPE and the RIPE community: -The issue of whois access is not specific to an RIR so why isn't the issue elevated to the ASO so the policies are consistent across RIR's? -What requirements does the EU set for personal information where the owner has agreed to place the information in a publicly available database? Each discussion I have seen merely says personal information must be protected without any discussion as to whether permission was given to make the information available. -Why is the abuse contact fundamentally different than the other types of contacts as it relates to the protection of personal information? -Once RIPE reviewed the report from the task force was apparently a legal review completed. Is that review available to the public? -Why does task force report have little or no useful information about how the conclusions were reached? -Since these mailing lists and meetings are only a tiny fraction of Internet users what initiatives are there to solicit opinions of those being affected by the decisions? In this case spam, abuse, and access to the whois data is a universal issue and not limited within a region. there is a large gap between the task force report and the implementation of the AUP. Isn't this policy setting by the RIPE NCC? (such as setting a limit of a certain number of queries per day, disregarding the fact that some requests are "pass-through" and the IP they detect is not the actual IP address, definition of "bulk" access, etc.) -Since the current restriction do little or nothing to stop "harvesters" from collecting the information (since they use a distributed system of IP's) what is the purpose of IP address restrictions (other than cases of DOS attacks which is obvious)? -What exactly is "abuse of the information"? Is this defined anywhere? It seems to me that each person will have a different idea of what is "abuse" depending on their personal view of the world. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From h.lu at anytimechinese.com Thu Jan 19 19:32:13 2012 From: h.lu at anytimechinese.com (Lu Heng) Date: Thu, 19 Jan 2012 19:32:13 +0100 Subject: [anti-abuse-wg] Regarding distinguish different type of claims into different mail box. Message-ID: Hi Colleagues: One question very much brother me is that we have setup different mailbox for different kind of abuse claims. But the claim reporter still sending everything to our main abuse mailbox. We want to use abuse at outsideheaven.com as network-related abuse mailbox, and copyrightclaims at outsideheaven.com as well as trademarkclaims at outsideheaven.com for its related issues. And legal at outsideheaven.com for crime activity claim that need attention immediately. By that way I can give only the copyright claim and trademark claim mailbox access rights to my lawyers, and they don't have to have the access to the abuse mailbox which contain lot of network abuse report as well(which often related to the detailed sensitive IP information). Vise-versa, my network engineer can focus on take down network abuse but not getting bothered with all the content-related claims. And my partner and I can focus only the most urgent claim but don't have to look every copyright/network abuse claims. We believe this idea can save us a lot of work load in the abuse related issues, and we have see all the other major provider such as godaddy taking the same actions. However, the claim reporter still tend to send everything to abuse at outsideheaven.com, even though we had made it very clear in our IP's whois information that all the other claim send to "abuse at outsideheaven.com" will be ignored. So I would appreciated if one of you have any knowledge to my following questions: 1. Can we ignore all the other claims sent to abuse at outsideheaven.com mailbox since we have made it clear in the whois? Will that make us a big legal trouble afterwards(my lawyer said we can not ignore the copy right claims send to network abuse mail box, but I want to hear your advice as well)? 2. How your guys deal with this problem? If all the abuse report send to single Email address, do your guys have someone just for clear up the mailbox and forward the Email to the right person? 3. Anyone have better idea to this problem other than this distinguish mail box way? I would thank if anyone can help in this issue, even just 2 cents of your thought will be very much appreciated. -- Kind regards. Lu This transmission is intended solely for the addressee(s) shown above. It may contain information that is privileged, confidential or otherwise protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons other than the intended addressee(s) is strictly prohibited. If you have received this transmission in error, please notify this office immediately and e-mail the original at the sender's address above by replying to this message and including the text of the transmission received. From michele at blacknight.ie Thu Jan 19 20:11:28 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Thu, 19 Jan 2012 19:11:28 +0000 Subject: [anti-abuse-wg] Regarding distinguish different type of claims into different mail box. In-Reply-To: References: Message-ID: <87EA2A44-F8C5-458F-8F6E-8956EADE3CBD@blacknight.ie> On 19 Jan 2012, at 18:32, Lu Heng wrote: > So I would appreciated if one of you have any knowledge to my > following questions: > > 1. Can we ignore all the other claims sent to abuse at outsideheaven.com > mailbox since we have made it clear in the whois? Will that make us a > big legal trouble afterwards(my lawyer said we can not ignore the copy > right claims send to network abuse mail box, but I want to hear your > advice as well)? You can't ignore them Legally speaking, at least under Irish and EU law, you would be "on notice" of something once you were in receipt of the report. What you might want to try doing is politely asking them to send the trademark issues to the designated alias / mailbox in future. A lot of the time, in our experience anyway, the same reporters crop up over and over and over. > > 2. How your guys deal with this problem? If all the abuse report send > to single Email address, do your guys have someone just for clear up > the mailbox and forward the Email to the right person? All abuse@ emails go into our help desk system. If it's not an abuse issue then we can move it in the ticketing system to the appropriate department. If it needs to go for legal review the software we currently use allows us to export the ticket as a PDF and then we simply email it our legal counsel > > 3. Anyone have better idea to this problem other than this distinguish > mail box way? It depends on what you are using internally. We use a web based ticketing system for most of our customer service queries, so moving a "ticket" around the system isn't that much of a challenge. HTH Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From ops.lists at gmail.com Fri Jan 20 04:18:02 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 20 Jan 2012 08:48:02 +0530 Subject: [anti-abuse-wg] Regarding distinguish different type of claims into different mail box. In-Reply-To: References: Message-ID: Hi Lu Heng, if it is the same organization or a small set of organizations auto reporting copyright / DMCA claims etc to your abuse mailbox, you can always set up a filter to redirect all their email to your copyrightclaims / legal etc mailbox. That way your lawyers don't get to see your IP addresses and you don't get to waste your time on DMCA notifications. Easy isn't it? :) -srs On Fri, Jan 20, 2012 at 12:02 AM, Lu Heng wrote: > > > 1. Can we ignore all the other claims sent to abuse at outsideheaven.com > mailbox since we have made it clear in the whois? Will that make us a > big legal trouble afterwards(my lawyer said we can not ignore the copy > right claims send to network abuse mail box, but I want to hear your > advice as well)? > > 2. How your guys deal with this problem? If all the abuse report send > to single Email address, do your guys have someone just for clear up > the mailbox and forward the Email to the right person? -- Suresh Ramasubramanian (ops.lists at gmail.com) From russ at consumer.net Fri Jan 20 21:57:53 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 20 Jan 2012 15:57:53 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F16C490.9050409@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> Message-ID: <4F19D551.6010809@consumer.net> RIPE has collected personal information about me that led to them blacklisting my business from accessing the whois database. When i ask for disclosure of the information they collected about me the answer I received from RIPE NCC is: "Unfortunately we cannot provide you with such information. It is considered to be confidential information and thus cannot be disclosed to the public." Who considers it "confidential information" and for what reason? I am asking for information collected about me and not "public" disclosure. I though EU companies had to disclose the personal information they collected about people? I guess they figure there is no much a foreigner can do so they are going to disregard these privacy laws? So much for EU privacy protection! Thank You From shane at time-travellers.org Mon Jan 23 12:07:17 2012 From: shane at time-travellers.org (Shane Kerr) Date: Mon, 23 Jan 2012 12:07:17 +0100 Subject: [anti-abuse-wg] Limited access to personal data in bulk In-Reply-To: <4F184717.4000505@consumer.net> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> <4F184717.4000505@consumer.net> Message-ID: <20120123120717.61a0d9aa@shane-desktop> Russ, > -The issue of whois access is not specific to an RIR so why isn't the > issue elevated to the ASO so the policies are consistent across RIR's? Any past attempts to normalize WHOIS access has failed miserably (I was involved with at least one). The RIR system is designed to have different policies in each region, so this is not too surprising. Asking for a global policy seems to mean we would have to take on all of the WHOIS issues for every region, all at once. For example, in APNIC they have issues about languages, character sets, and national sovereignty regarding this kind of information that luckily we don't have too much of in the RIPE region. > -Why is the abuse contact fundamentally different than the other > types of contacts as it relates to the protection of personal > information? I think the idea forming in people's heads is that the abuse contact will be only corporate contact information in the future. Apparently companies have no privacy protection in the EU. I guess maybe the USA is the only place where companies have more rights than people instead of fewer rights than actual human beings. ;) > -Since these mailing lists and meetings are only a tiny fraction of > Internet users what initiatives are there to solicit opinions of > those being affected by the decisions? In this case spam, abuse, > and access to the whois data is a universal issue and not limited > within a region. All crime is a universal issue, yet each country has its own laws. Indeed in many countries there are also state, county, and city laws, as well as neighborhood ordinances, and even "house rules" for both businesses and private homes! Probably submitting to a global policy-making body would result in less representation for Internet users rather than more, so I'm not so eager to see this situation change. > -Since the current restriction do little or nothing to stop > "harvesters" from collecting the information (since they use a > distributed system of IP's) what is the purpose of IP address > restrictions (other than cases of DOS attacks which is obvious)? It's designed to make it more expensive than collecting e-mail addresses from other sources, not to make it impossible. Anyone who can set up a distributed cloud to gather e-mail addresses from the RIPE database could probably save money just by buying a list of spam targets. Cheers, -- Shane From russ at consumer.net Mon Jan 23 14:04:38 2012 From: russ at consumer.net (russ at consumer.net) Date: Mon, 23 Jan 2012 08:04:38 -0500 Subject: [anti-abuse-wg] Limited access to personal data in bulk In-Reply-To: <20120123120717.61a0d9aa@shane-desktop> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> <4F184717.4000505@consumer.net> <20120123120717.61a0d9aa@shane-desktop> Message-ID: <4F1D5AE6.5060308@consumer.net> >Apparently companies have no privacy protection in the EU. I >guess maybe the USA is the only place where companies have more >rights than people instead of fewer rights than actual human beings. ;) You pointed out the problem with the whois blocking. Those are corporate contacts meant for public dissemination. There is no privacy protection for such information under the USA or EU. What is being said is that corporate contacts in the whois database deserve protection but similar information collected by RIPE is somehow not worthy of protection. This is what happens when you get involved in trying to use the regulatory laws to deceive people. Companies are made up of actual human beings so I don't see a distinction. Companies (unlike regulatory agencies) create jobs. Thank You From russ at consumer.net Tue Jan 24 18:45:32 2012 From: russ at consumer.net (russ at consumer.net) Date: Tue, 24 Jan 2012 12:45:32 -0500 Subject: [anti-abuse-wg] Response from Dutch DPA In-Reply-To: <4F1D5AE6.5060308@consumer.net> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> <4F184717.4000505@consumer.net> <20120123120717.61a0d9aa@shane-desktop> <4F1D5AE6.5060308@consumer.net> Message-ID: <4F1EEE3C.5000904@consumer.net> Below is the response from the Ducth DPA to my inquiry. From what I gather from the translation the Ducth DPA has decided to refuse to accept e-mail inquiries! I need to translate so I can't call and I need electronic copies to copy and paste. This is why people should not put faith into these regulatory bodies. Can you image a profit-making company telling their customers that they will no longer accept e-mail communications? This is what happens when you set up all these feel-good regulations with regulatory bodies who answer to no one. This is also why RIPE gives all kinds of evasive, contradictory, and incomplete answers. They know there is no recourse for the average person so they just say "screw you" and let you waste your time with these useless regulatory bodies. Once all the regulatory bodies (like RIPE and the Dutch DPA) destroy all the profit-making businesses that support them then they go crying to the people making money to bail them out. Thank You Dutch DPA response: U heeft het College bescherming persoonsgegevens (CBP) om zijn emailadres gevraagd om een vraag voor te leggen. *_Nieuwe werkwijze CBP_* Vanaf 1 juli 2011 beantwoordt het College bescherming persoonsgegevens (CBP) geen vragen meer per e-mail. Daarom krijgt u geen inhoudelijk antwoord op uw mail. Wij verwijzen u graag naar onze websites of het telefonisch spreekuur. U kunt ook een signaal doorgeven aan het CBP. *_Informatie op websites CBP_* Op MijnPrivacy.nl en CBPweb.nl vindt u veel informatie over privacy en de bescherming van uw persoonsgegevens. Wellicht staat het antwoord op uw vraag hier al tussen. Mocht u er toch niet uitkomen, dan kunt u altijd terecht op het speciale spreekuur voor privacyvragen. *_Telefonisch spreekuur voor privacyvragen_* Tijdens het spreekuur zijn de publieksvoorlichters van het CBP rechtstreeks telefonisch bereikbaar. U kunt bellen op werkdagen van 9:30 uur tot 12:30 uur via 0900-2001 201 (vijf cent per minuut). De voorlichters helpen u dan verder door het geven van algemene informatie die van toepassing is op uw vragen. *_Signaal geven over privacy_* Twijfelt u of er wel zorgvuldig met uw persoonsgegevens wordt omgegaan? Denkt u dat een bedrijf of organisatie de privacywetgeving overtreedt? Geef dan een signaal door aan het CBP via het signaalformulier op MijnPrivacy.nl. Het CBP vertrouwt erop u hiermee voldoende te hebben ge?nformeerd. Hoogachtend, Namens het College bescherming persoonsgegevens, Mw. Z. Maazouzi-Makhloufi Medewerker Frontoffice Antwoord op uw privacyvragen Heeft u een vraag over de bescherming van uw persoonsgegevens? U vindt algemene informatie op de websites www.mijnprivacy.nl en www.cbpweb.nl. Is uw vraag daarmee niet beantwoord, dan kunt u bellen met het telefonisch spreekuur via 0900-2001 201 (vijf cent per minuut). Dit spreekuur is bereikbaar op werkdagen van 09.30 tot 12.30 uur. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 8514 bytes Desc: not available URL: From brian.nisbet at heanet.ie Tue Jan 24 22:00:14 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 24 Jan 2012 21:00:14 +0000 Subject: [anti-abuse-wg] Response from Dutch DPA In-Reply-To: <4F1EEE3C.5000904@consumer.net> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> <4F184717.4000505@consumer.net> <20120123120717.61a0d9aa@shane-desktop> <4F1D5AE6.5060308@consumer.net> <4F1EEE3C.5000904@consumer.net> Message-ID: <4F1F1BDE.9040508@heanet.ie> Russ, I know you'll likely cry foul at this and tell me that I'm part of the problem, but I think this conversation has gone a long way past any usefulness. The NCC responded to most of the points you have raised and I am willing to bring any remaining points up with them when I meet them next week. However you are now repeating yourself and you are unwilling to actually attempt to change the situation via a proposal or appeal to the RIPE arbiters. There appears to be no back-up on list for your complaints nor consensus that a change is required. Please do post if you have something constructive or useful to say, but further complaints regarding perceived and unsubstantiated unfairness or conspiracy theories are not welcome. Brian, Co-Chair, RIPE AA-WG On 24/01/2012 17:45, russ at consumer.net wrote: > Below is the response from the Ducth DPA to my inquiry. From what I > gather from the translation > the Ducth DPA has decided to refuse to accept e-mail inquiries! I need > to translate so I can't call > and I need electronic copies to copy and paste. > > This is why people should not put faith into these regulatory bodies. > Can you image a profit-making > company telling their customers that they will no longer accept e-mail > communications? This is what > happens when you set up all these feel-good regulations with regulatory > bodies who answer to no one. > This is also why RIPE gives all kinds of evasive, contradictory, and > incomplete answers. They know there is > no recourse for the average person so they just say "screw you" and let > you waste your time with these useless > regulatory bodies. Once all the regulatory bodies (like RIPE and the > Dutch DPA) destroy all the > profit-making businesses that support them then they go crying to the > people making money to bail them out. > > Thank You > > Dutch DPA response: > > U heeft het College bescherming persoonsgegevens (CBP) om zijn > emailadres gevraagd om een vraag voor te leggen. > > *_Nieuwe werkwijze CBP_* > > Vanaf 1 juli 2011 beantwoordt het College bescherming persoonsgegevens > (CBP) geen vragen meer per e-mail. Daarom krijgt u geen inhoudelijk > antwoord op uw mail. Wij verwijzen u graag naar onze websites of het > telefonisch spreekuur. U kunt ook een signaal doorgeven aan het CBP. > > *_Informatie op websites CBP_* > > Op MijnPrivacy.nl en CBPweb.nl vindt u veel informatie over privacy en > de bescherming van uw persoonsgegevens. Wellicht staat het antwoord op > uw vraag hier al tussen. Mocht u er toch niet uitkomen, dan kunt u > altijd terecht op het speciale spreekuur voor privacyvragen. > > *_Telefonisch spreekuur voor privacyvragen_* > > Tijdens het spreekuur zijn de publieksvoorlichters van het CBP > rechtstreeks telefonisch bereikbaar. U kunt bellen op werkdagen van 9:30 > uur tot 12:30 uur via 0900-2001 201 (vijf cent per minuut). De > voorlichters helpen u dan verder door het geven van algemene informatie > die van toepassing is op uw vragen. > > *_Signaal geven over privacy_* > > Twijfelt u of er wel zorgvuldig met uw persoonsgegevens wordt omgegaan? > Denkt u dat een bedrijf of organisatie de privacywetgeving overtreedt? > Geef dan een signaal door aan het CBP via het signaalformulier op > MijnPrivacy.nl. > > Het CBP vertrouwt erop u hiermee voldoende te hebben ge?nformeerd. > > Hoogachtend, > > Namens het College bescherming persoonsgegevens, > > Mw. Z. Maazouzi-Makhloufi > > Medewerker Frontoffice Antwoord op uw privacyvragen Heeft u een vraag > over de bescherming van uw persoonsgegevens? U vindt algemene informatie > op de websites www.mijnprivacy.nl en www.cbpweb.nl. Is uw vraag daarmee > niet beantwoord, dan kunt u bellen met het telefonisch spreekuur via > 0900-2001 201 (vijf cent per minuut). Dit spreekuur is bereikbaar op > werkdagen van 09.30 tot 12.30 uur. > From denatrisconsult at hotmail.nl Tue Jan 24 23:03:21 2012 From: denatrisconsult at hotmail.nl (Wout de Natris) Date: Tue, 24 Jan 2012 23:03:21 +0100 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 13 RE: 1. Response from Dutch DPA (russ@consumer.net) In-Reply-To: References: Message-ID: 1. Response from Dutch DPA (russ at consumer.net) Stating up front that I agree with Brian latest response, as I tried to bring subtly to you last week, to close my part to this conversation: No, the DPS does accept e-mails, they have stopped responding to them directly. They refer to their website for referencing and future answers. Russ, there will be no more response from me, as I can't help you further than refering you to the DPA and then it's up to the Commissioner. Regards, Wout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - De Natris Consult Raaphorst 33 Tel: +31 648388813 2352 KJ Leiderdorp Skype: wout.de.natris denatrisconsult at hotmail.nl http://www.denatrisconsult.nl Blog http://woutdenatris.wordpress.com > From: anti-abuse-wg-request at ripe.net > Subject: anti-abuse-wg Digest, Vol 5, Issue 13 > To: anti-abuse-wg at ripe.net > Date: Tue, 24 Jan 2012 22:00:16 +0100 > > Send anti-abuse-wg mailing list submissions to > anti-abuse-wg at ripe.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ripe.net/mailman/listinfo/anti-abuse-wg > or, via email, send a message with subject or body 'help' to > anti-abuse-wg-request at ripe.net > > You can reach the person managing the list at > anti-abuse-wg-owner at ripe.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of anti-abuse-wg digest..." > > > Today's Topics: > > 1. Response from Dutch DPA (russ at consumer.net) > 2. Re: Response from Dutch DPA (Brian Nisbet) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 24 Jan 2012 12:45:32 -0500 > From: "russ at consumer.net" > Subject: [anti-abuse-wg] Response from Dutch DPA > To: anti-abuse-wg at ripe.net > Message-ID: <4F1EEE3C.5000904 at consumer.net> > Content-Type: text/plain; charset="iso-8859-1" > > Below is the response from the Ducth DPA to my inquiry. From what I > gather from the translation > the Ducth DPA has decided to refuse to accept e-mail inquiries! I need > to translate so I can't call > and I need electronic copies to copy and paste. > > This is why people should not put faith into these regulatory bodies. > Can you image a profit-making > company telling their customers that they will no longer accept e-mail > communications? This is what > happens when you set up all these feel-good regulations with regulatory > bodies who answer to no one. > This is also why RIPE gives all kinds of evasive, contradictory, and > incomplete answers. They know there is > no recourse for the average person so they just say "screw you" and let > you waste your time with these useless > regulatory bodies. Once all the regulatory bodies (like RIPE and the > Dutch DPA) destroy all the > profit-making businesses that support them then they go crying to the > people making money to bail them out. > > Thank You > > Dutch DPA response: > > U heeft het College bescherming persoonsgegevens (CBP) om zijn > emailadres gevraagd om een vraag voor te leggen. > > *_Nieuwe werkwijze CBP_* > > Vanaf 1 juli 2011 beantwoordt het College bescherming persoonsgegevens > (CBP) geen vragen meer per e-mail. Daarom krijgt u geen inhoudelijk > antwoord op uw mail. Wij verwijzen u graag naar onze websites of het > telefonisch spreekuur. U kunt ook een signaal doorgeven aan het CBP. > > *_Informatie op websites CBP_* > > Op MijnPrivacy.nl en CBPweb.nl vindt u veel informatie over privacy en > de bescherming van uw persoonsgegevens. Wellicht staat het antwoord op > uw vraag hier al tussen. Mocht u er toch niet uitkomen, dan kunt u > altijd terecht op het speciale spreekuur voor privacyvragen. > > *_Telefonisch spreekuur voor privacyvragen_* > > Tijdens het spreekuur zijn de publieksvoorlichters van het CBP > rechtstreeks telefonisch bereikbaar. U kunt bellen op werkdagen van 9:30 > uur tot 12:30 uur via 0900-2001 201 (vijf cent per minuut). De > voorlichters helpen u dan verder door het geven van algemene informatie > die van toepassing is op uw vragen. > > *_Signaal geven over privacy_* > > Twijfelt u of er wel zorgvuldig met uw persoonsgegevens wordt omgegaan? > Denkt u dat een bedrijf of organisatie de privacywetgeving overtreedt? > Geef dan een signaal door aan het CBP via het signaalformulier op > MijnPrivacy.nl. > > Het CBP vertrouwt erop u hiermee voldoende te hebben ge?nformeerd. > > Hoogachtend, > > Namens het College bescherming persoonsgegevens, > > Mw. Z. Maazouzi-Makhloufi > > Medewerker Frontoffice Antwoord op uw privacyvragen Heeft u een vraag > over de bescherming van uw persoonsgegevens? U vindt algemene informatie > op de websites www.mijnprivacy.nl en www.cbpweb.nl. Is uw vraag daarmee > niet beantwoord, dan kunt u bellen met het telefonisch spreekuur via > 0900-2001 201 (vijf cent per minuut). Dit spreekuur is bereikbaar op > werkdagen van 09.30 tot 12.30 uur. > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20120124/e3527ac1/attachment-0001.html > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: image/png > Size: 8514 bytes > Desc: not available > Url : https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20120124/e3527ac1/attachment-0001.png > > ------------------------------ > > Message: 2 > Date: Tue, 24 Jan 2012 21:00:14 +0000 > From: Brian Nisbet > Subject: Re: [anti-abuse-wg] Response from Dutch DPA > To: anti-abuse-wg at ripe.net > Message-ID: <4F1F1BDE.9040508 at heanet.ie> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Russ, > > I know you'll likely cry foul at this and tell me that I'm part of the > problem, but I think this conversation has gone a long way past any > usefulness. The NCC responded to most of the points you have raised and > I am willing to bring any remaining points up with them when I meet them > next week. > > However you are now repeating yourself and you are unwilling to actually > attempt to change the situation via a proposal or appeal to the RIPE > arbiters. There appears to be no back-up on list for your complaints nor > consensus that a change is required. > > Please do post if you have something constructive or useful to say, but > further complaints regarding perceived and unsubstantiated unfairness or > conspiracy theories are not welcome. > > Brian, > Co-Chair, RIPE AA-WG > > On 24/01/2012 17:45, russ at consumer.net wrote: > > Below is the response from the Ducth DPA to my inquiry. From what I > > gather from the translation > > the Ducth DPA has decided to refuse to accept e-mail inquiries! I need > > to translate so I can't call > > and I need electronic copies to copy and paste. > > > > This is why people should not put faith into these regulatory bodies. > > Can you image a profit-making > > company telling their customers that they will no longer accept e-mail > > communications? This is what > > happens when you set up all these feel-good regulations with regulatory > > bodies who answer to no one. > > This is also why RIPE gives all kinds of evasive, contradictory, and > > incomplete answers. They know there is > > no recourse for the average person so they just say "screw you" and let > > you waste your time with these useless > > regulatory bodies. Once all the regulatory bodies (like RIPE and the > > Dutch DPA) destroy all the > > profit-making businesses that support them then they go crying to the > > people making money to bail them out. > > > > Thank You > > > > Dutch DPA response: > > > > U heeft het College bescherming persoonsgegevens (CBP) om zijn > > emailadres gevraagd om een vraag voor te leggen. > > > > *_Nieuwe werkwijze CBP_* > > > > Vanaf 1 juli 2011 beantwoordt het College bescherming persoonsgegevens > > (CBP) geen vragen meer per e-mail. Daarom krijgt u geen inhoudelijk > > antwoord op uw mail. Wij verwijzen u graag naar onze websites of het > > telefonisch spreekuur. U kunt ook een signaal doorgeven aan het CBP. > > > > *_Informatie op websites CBP_* > > > > Op MijnPrivacy.nl en CBPweb.nl vindt u veel informatie over privacy en > > de bescherming van uw persoonsgegevens. Wellicht staat het antwoord op > > uw vraag hier al tussen. Mocht u er toch niet uitkomen, dan kunt u > > altijd terecht op het speciale spreekuur voor privacyvragen. > > > > *_Telefonisch spreekuur voor privacyvragen_* > > > > Tijdens het spreekuur zijn de publieksvoorlichters van het CBP > > rechtstreeks telefonisch bereikbaar. U kunt bellen op werkdagen van 9:30 > > uur tot 12:30 uur via 0900-2001 201 (vijf cent per minuut). De > > voorlichters helpen u dan verder door het geven van algemene informatie > > die van toepassing is op uw vragen. > > > > *_Signaal geven over privacy_* > > > > Twijfelt u of er wel zorgvuldig met uw persoonsgegevens wordt omgegaan? > > Denkt u dat een bedrijf of organisatie de privacywetgeving overtreedt? > > Geef dan een signaal door aan het CBP via het signaalformulier op > > MijnPrivacy.nl. > > > > Het CBP vertrouwt erop u hiermee voldoende te hebben ge?nformeerd. > > > > Hoogachtend, > > > > Namens het College bescherming persoonsgegevens, > > > > Mw. Z. Maazouzi-Makhloufi > > > > Medewerker Frontoffice Antwoord op uw privacyvragen Heeft u een vraag > > over de bescherming van uw persoonsgegevens? U vindt algemene informatie > > op de websites www.mijnprivacy.nl en www.cbpweb.nl. Is uw vraag daarmee > > niet beantwoord, dan kunt u bellen met het telefonisch spreekuur via > > 0900-2001 201 (vijf cent per minuut). Dit spreekuur is bereikbaar op > > werkdagen van 09.30 tot 12.30 uur. > > > > > > > > > End of anti-abuse-wg Digest, Vol 5, Issue 13 > ******************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Tue Jan 24 23:16:12 2012 From: russ at consumer.net (russ at consumer.net) Date: Tue, 24 Jan 2012 17:16:12 -0500 Subject: [anti-abuse-wg] Response from Dutch DPA In-Reply-To: <4F1F1BDE.9040508@heanet.ie> References: <1231C643-F520-4335-BC6B-A925B15158FC@ripe.net> <4F184717.4000505@consumer.net> <20120123120717.61a0d9aa@shane-desktop> <4F1D5AE6.5060308@consumer.net> <4F1EEE3C.5000904@consumer.net> <4F1F1BDE.9040508@heanet.ie> Message-ID: <4F1F2DAC.6070509@consumer.net> >Please do post if you have something constructive or useful to say, but further complaints >regarding perceived and unsubstantiated unfairness or conspiracy theories are not welcome. All you do is make posts claiming I have no proof so I keep posting the proof over and over. You (and people like you) are a big part of the problem. if you don't like my messages then don't read them ... or are you threatening to throw me off the list because you don't the facts I am presenting or my opinion? I would not be surprised at that type of threat. If this was few hundred years ago and I said the world was round I am sure you would be head of the committee to have my head chopped off. Who are you to tell people what opinions are welcome and what is not? I am sorry I don't fit into your little group of insiders who want things a certain way but that is your problem, not mine. I have posted numerous questions that RIPE will not address and I want answers. If you want to cover the monetary loss caused by RIPE NCC then send me some cash. The fact is you just don't people to bring up all the problems you have caused by not following a legitimate procedure in your little so-called working groups. Anyone who disagrees is "not constructive" and "not welcome." If you have any complaints I suggest you take them up with RIPE NCC as they caused all this by damaging business and not responding in a legitimate way. thank You From russ at consumer.net Tue Jan 24 23:32:03 2012 From: russ at consumer.net (russ at consumer.net) Date: Tue, 24 Jan 2012 17:32:03 -0500 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 13 RE: 1. Response from Dutch DPA (russ@consumer.net) In-Reply-To: References: Message-ID: <4F1F3163.1070808@consumer.net> > there will be no more response from me, as I can't help you further than refering you to the DPA and then it's up to the Commissioner. The point is that the people who are claiming the privacy laws cover the information in the RIPE database does not afford protection under EU laws are simply lying. People agreed to have the information public so there is no protection. Nobody wants to get an official ruling because they know it will point out the false claims made that lead to the blocking. It is interesting to note that the insiders on this list all say there is no support for my position *on this list* yet several people have contacted me who agree with my position. However, it appears they are afraid to post because they will be ridiculed like I have been. This is the atmosphere created by the insiders so why don't you just admit that there is no "community consensus"? Thank You From ripe-wg-antiabuse at kyubu.de Wed Jan 25 09:01:53 2012 From: ripe-wg-antiabuse at kyubu.de (Adrian) Date: Wed, 25 Jan 2012 08:01:53 +0000 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 13 RE: 1. Response from Dutch DPA (russ@consumer.net) In-Reply-To: <4F1F3163.1070808@consumer.net> References: <4F1F3163.1070808@consumer.net> Message-ID: <20120125080153.GA4829@core.kyubu.de> On Tue, Jan 24, 2012 at 05:32:03PM -0500, russ at consumer.net wrote: > The point is that the people who are claiming the privacy laws cover > the information in the RIPE > database does not afford protection under EU laws are simply lying. Could you elaborate how this topic is covered for this list? Maybe it would be better to f'up tp RIPE NCC Services Working Group? Best regards, Adrian From gert at space.net Wed Jan 25 11:17:59 2012 From: gert at space.net (Gert Doering) Date: Wed, 25 Jan 2012 11:17:59 +0100 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 13 RE: 1. Response from Dutch DPA (russ@consumer.net) In-Reply-To: <4F1F3163.1070808@consumer.net> References: <4F1F3163.1070808@consumer.net> Message-ID: <20120125101759.GV55041@Space.Net> Hi, On Tue, Jan 24, 2012 at 05:32:03PM -0500, russ at consumer.net wrote: > People agreed to have the information > public so there is no protection. This, actually, seems to be the cause of your confusion. It's still personal information under EU law - you *do* get access, but you do not get *unlimited* access. There's a subtle difference. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From iane at sussex.ac.uk Wed Jan 25 12:34:34 2012 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 25 Jan 2012 11:34:34 +0000 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <4F19D551.6010809@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> Message-ID: <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> On 20 Jan 2012, at 20:57, russ at consumer.net wrote: > RIPE has collected personal information about me that led to them blacklisting my business from accessing the whois database. > When i ask for disclosure of the information they collected about me the answer I received from RIPE NCC is: > > "Unfortunately we cannot provide you with such information. It is > considered to be confidential information and thus cannot be disclosed > to the public." > > Who considers it "confidential information" and for what reason? > I am asking for information collected about me and not "public" disclosure. I though EU companies had to disclose the personal > information they collected about people? They should release information about you, to you. However, they should not release to you information about other people. For example, if someone had filed a spam report, then RIPE could tell you that that had happened, but they should not release information that allows you to identify the reporter. When considering what to release to you, they should have regard to other information that you might have, or which might be publicly available. So, they certainly should not release the name and address of the reporter. They should also be careful about releasing information like email message-ids, which you might be able to use to identify the reporter. > I guess they figure there is no much a foreigner can do so > they are going to disregard these privacy laws? > > So much for EU privacy protection! > > Thank You > > -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148 From russ at consumer.net Wed Jan 25 12:58:18 2012 From: russ at consumer.net (russ at consumer.net) Date: Wed, 25 Jan 2012 06:58:18 -0500 Subject: [anti-abuse-wg] What is Personal information? In-Reply-To: <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> Message-ID: <4F1FEE5A.7040207@consumer.net> >They should release information about you, to you. However, they should not release to you information about other people. Right, but the fact is most abuse people never consider any of this (including RIPE). They think privacy laws are there to protect them from spam but fail to consider that the information they collect also has privacy implications. the thought process being that people they agree with get privacy protection but people they don't like don't get any protection >This, actually, seems to be the cause of your confusion. It's still personal information under >EU law - you *do* get access, but you do not get *unlimited* access. There's a subtle difference. Yes, but that distinction does not make any sense. As a practical matter harvesters use many different IP's so blocking IP's has essentially no effect on harvesters, it just disrupts legitimate uses. Further, nobody can explain the legal issue of why the information should be protected in this manner after people agreed to have it published. People keep bringing up these issues but they can't explain the reasoning or point to any legal analysis that should have been done before initiating a policy change. Right now RIPE claimed to me a legal analysis was done but they won't give me a copy. RIPE made a different statement when they posted to this list saying sometimes they do a legal analysis of community decisions without specifically saying if they have an analysis for this issue. They won't say publicly that a legal analysis was done. It seems because they don't want the information to be public. I suspect the results were distorted when they reported it to the working group so they want to hide this legal analysis because it will show the community was deceived. >Could you elaborate how this topic is covered for this list? >Maybe it would be better to f'up tp RIPE NCC Services Working Group? I was directed here by RIPE. However, this topic is relevant to the list. I am pointing out how the entire system is flawed. For instance, the current proposal about abuse contacts is not properly being presented to the public. If the process were legitimate the legal opinions would be published for review. First you need to explain what types of information need protection and why. Then you need to explain why the abuse contacts are somehow fundamentally different. Why would abuse contacts be available in an unlimited manner while other contacts are restricted. This makes no sense and most people on this list want to avoid getting a real decision. My impression is that it is small group of people who treat abuse like a "religion." They seem to be against anyone with conflicting opinions and they harass and intimate people who have diverse opinions until they leave. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Thu Jan 26 00:15:33 2012 From: russ at consumer.net (russ at consumer.net) Date: Wed, 25 Jan 2012 18:15:33 -0500 Subject: [anti-abuse-wg] Policies vs. business practices In-Reply-To: <4F1FEE5A.7040207@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> Message-ID: <4F208D15.9070903@consumer.net> I noticed this paragraph in the RIPE policy development process. Several people have suggested to submit proposals for issues that are actually related to RIPE NCC "business practices" "RIPE Policies are also separate from RIPE NCC business practices and procedures. Business practices and procedures that the RIPE NCC follows are defined and governed by the RIPE NCC Executive Board and approved by the RIPE NCC membership. If a policy proposal would bring implementation and/or operational problems for the RIPE NCC if accepted, the RIPE NCC Executive Board is tasked to notify the RIPE community accordingly as well as to make necessary suggestions and recommendations about possible changes to the proposal." everything is also supposed to be "transparent" so the legal opinions relating to the EU privacy laws and the WHOIS database are supposed to be released to the community but RIPE NCC refuses to release them. I also note that RIPE says: "All RIPE Meetings and RIPE Working Group mailing lists are open to everyone." That is E V E R Y O N E. Not just large network operators, your anti-abuse buddies that you used to hang out with on NANOG, not people who have been in the ICANN process all their lives, not small groups of people who all think like you. EVERYONE. A certain percentage of people claim they have been abducted aliens. EVERYONE means them too. Thank You From gert at space.net Thu Jan 26 08:46:43 2012 From: gert at space.net (Gert Doering) Date: Thu, 26 Jan 2012 08:46:43 +0100 Subject: [anti-abuse-wg] Policies vs. business practices In-Reply-To: <4F208D15.9070903@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> Message-ID: <20120126074643.GB55041@Space.Net> Hi, On Wed, Jan 25, 2012 at 06:15:33PM -0500, russ at consumer.net wrote: > I also note that RIPE says: > > "All RIPE Meetings and RIPE Working Group mailing lists are open to > everyone." > > That is E V E R Y O N E. Yes...? You are here on one of these open mailing lists. What are you trying to tell us? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From russ at consumer.net Thu Jan 26 12:55:22 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 26 Jan 2012 06:55:22 -0500 Subject: [anti-abuse-wg] Policies vs. business practices In-Reply-To: <20120126074643.GB55041@Space.Net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> Message-ID: <4F213F2A.4000706@consumer.net> >Yes...? You are here on one of these open mailing lists. What are you trying to tell us? Gert Doering -- NetMaster I am telling you that you do not have a legitimate process to seek community involvement. Since I started posting I have been constantly harassed and told not to post and get off the list. People keep saying my posts are off-topic when, in fact, they are on topic but people just don't agree. One guy even investigated my business and tried to claim my network was not large enough so I apparently am not worthy of posting here. I posted a list of questions but instead of addressing my questions I get ridicule and the co-chairs says my posts are "not welcome." I have seen hundreds of people drop out of ICANN involvement over the years for just this very reason. Those people are interested in driving people away so they can control everything. The lists only exists so they can claim there was some kind of bottom up process when there is not. Thank You From russ at consumer.net Thu Jan 26 14:12:05 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 26 Jan 2012 08:12:05 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F213F2A.4000706@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> Message-ID: <4F215125.8000900@consumer.net> Below is the latest reply from RIPE. They claim they cannot verify that I operate the IP address in question. This sounds like a frivolous/ridiculous response to me. I told them to: -Check the ARIN whois, -Type the IP address into their browser and send a message to the contact link and I will respond -Check the domain name whois -Check the business registration in the State where my business is located -Verify with the ISP who is renting me the IP's and completed the ARIN registration Here is RIPE NCC's latest response: I understand that you are concerned about your privacy and that you would like to know details about the number of queries made by this specific IP address. Unfortunately, we are unable to disclose this information to you. We have no way to verify that you were the user of this address. Please be reassured that access to the RIPE Data base is blocked based on query volume within a specific time-frame and nothing else. I'm sorry we are not able to help you further. -- If you have any questions, please feel free to contact us. Best regards, Andrea Di Menna Customer Services RIPE NCC From michele at blacknight.ie Thu Jan 26 14:35:55 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Thu, 26 Jan 2012 13:35:55 +0000 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F215125.8000900@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> Message-ID: On 26 Jan 2012, at 13:12, russ at consumer.net wrote: > Below is the latest reply from RIPE. They claim they cannot verify that I operate the IP address in question. What is the IP address? > This sounds > like a frivolous/ridiculous response to me. I told them to: > > -Check the ARIN whois, > -Type the IP address into their browser and send a message to the contact link and I will respond > -Check the domain name whois > -Check the business registration in the State where my business is located > -Verify with the ISP who is renting me the IP's and completed the ARIN registration > > Here is RIPE NCC's latest response: > > I understand that you are concerned about your privacy and that you would like to know details about the number of queries made by this specific IP address. Unfortunately, we are unable to disclose this information to you. We have no way to verify that you were the user of this address. Please be reassured that access to the RIPE Data base is blocked based on query volume within a specific time-frame and nothing else. I'm sorry we are not able to help you further. > -- If you have any questions, please feel free to contact us. Best regards, Customer Services RIPE NCC > > > Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From russ at consumer.net Thu Jan 26 18:05:49 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 26 Jan 2012 12:05:49 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F215125.8000900@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> Message-ID: <4F2187ED.4030503@consumer.net> Another response from RIPE. First they claimed it is confidential. Then they claimed they could send it to me because they couldn't verify I owned the IP address. Now they just say they "cannot" disclose the information without any explanation. The people running RIPE NCC are frauds. There is no other way to put it. Thank You >I am sorry but we cannot disclose this information. >Best regards, >Andrea Di Menna >Customer Services >RIPE NCC From aftab.siddiqui at gmail.com Fri Jan 27 06:57:05 2012 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Fri, 27 Jan 2012 10:57:05 +0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F2187ED.4030503@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> Message-ID: Hi Russ, If you think that the system is flawed (sorry, I don't agree with the delusion that the ppl are fraud) than why not propose a policy to correct the system. Its just a matter of couple of weeks work IFF you are correct. Regards, Aftab A. Siddiqui On Thu, Jan 26, 2012 at 10:05 PM, russ at consumer.net wrote: > Another response from RIPE. First they claimed it is confidential. > Then they claimed they could send it to me because they couldn't > verify I owned the IP address. Now they just say they "cannot" disclose > the information without any explanation. > > The people running RIPE NCC are frauds. There is no other way to put it. > > Thank You > > > I am sorry but we cannot disclose this information. >> > > Best regards, >> > > Andrea Di Menna >> Customer Services >> RIPE NCC >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ripe-wg-antiabuse at kyubu.de Fri Jan 27 09:28:22 2012 From: ripe-wg-antiabuse at kyubu.de (Adrian) Date: Fri, 27 Jan 2012 08:28:22 +0000 Subject: [anti-abuse-wg] Policies vs. business practices In-Reply-To: <4F213F2A.4000706@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> Message-ID: <20120127082822.GA1146@core.kyubu.de> On Thu, Jan 26, 2012 at 06:55:22AM -0500, russ at consumer.net wrote: > People keep saying my posts are off-topic when, in fact, they are on > topic but people just don't agree. People cannot agree to anything, since you are ignoring these mails. Bashing on EU and dutch privacy regulations and RIPC NCC itself on a mailinglist whose topic is about tackling online abuse is off-tooic. *PLONK* Adrian From russ at consumer.net Fri Jan 27 14:03:19 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 08:03:19 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> Message-ID: <4F22A097.9060108@consumer.net> >If you think that the system is flawed (sorry, I don't agree with the delusion that the ppl are fraud) >than why not propose a policy to correct the system. Its just a matter of couple of weeks >work IFF you are correct. That is because the system is so flawed in its current state that it is a waste of time. I already pointed to the report to the community is so sketchy that the majority of the community do not know what is actually going on and RIPE is actively hiding information (such as the legal opinion) from the community. So I don't agree with the delusion that you have a working, legitimate system. What you have is a small number of people who run things their way and run anyone else "out of town." >Bashing on EU and dutch privacy regulations and RIPC NCC itself on a mailing list whose topic is about tackling >online abuse is off-tooic. I never bashed the regulations themselves. It is the RIPE NCC and some people in the community who are lying about the applicability of the laws because they have a personal agenda. If the people involved in abuse are not following laws, regulations, and common sense how can those people competently deal with abuse issues? What you are really saying is that nobody is allowed to question the anti-abuse groups because they are on a "mission from God" and are above following regulations themselves. You don't like me pointing out these facts so you claim it is off-topic because you have no other argument. I went to catholic School when I was young. nobody was allowed to say anthing bad about the church or priests. Now the truth is starting to come out. If the group is lying about the application of EU privacy laws, if they are hiding information, if they don't follow the privacy laws themselves then they cannot legitimately handle abuse issues. You need to clean house with these groups and get a diverse group to tackle this issue. Right now you have a small number of system admins who never consider any other issue in the world other than the spams they get. Thank You From aftab.siddiqui at gmail.com Fri Jan 27 14:13:53 2012 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Fri, 27 Jan 2012 18:13:53 +0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22A097.9060108@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> Message-ID: > >If you think that the system is flawed (sorry, I don't agree with the > delusion that the ppl are fraud) > >than why not propose a policy to correct the system. Its just a matter of > couple of weeks > >work IFF you are correct. > > That is because the system is so flawed in its current state that it is a > waste of time. I already pointed to the > report to the community is so sketchy that the majority of the community > do not know what is actually going on > and RIPE is actively hiding information (such as the legal opinion) from > the community. So I don't agree with the > delusion that you have a working, legitimate system. What you have is a > small number of people who run > things their way and run anyone else "out of town." > > > If system is there no matter how flawed or bad it is, than it can be changed by all means and the procedure is already given. That is all what I can suggest to sum-up. Regards, Aftab A. Siddiqui. -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Fri Jan 27 14:21:34 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 08:21:34 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> Message-ID: <4F22A4DE.9060507@consumer.net> >If system is there no matter how flawed or bad it is, than it can be changed by all >means and the procedure is already given. That is all what I can suggest to sum-up. Yes, that is true. You need to start somewhere but I am not the person to do it. I am pointing out these issues publicly and taking all the heat. Several people agree with me but they don't want to say so publicly so maybe this will encourage some of the people local to RIPE to submit some proposals. Thank You From michele at blacknight.ie Fri Jan 27 14:32:09 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Fri, 27 Jan 2012 13:32:09 +0000 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22A4DE.9060507@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> Message-ID: <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> On 27 Jan 2012, at 13:21, russ at consumer.net wrote: > >If system is there no matter how flawed or bad it is, than it can be changed by all > >means and the procedure is already given. That is all what I can suggest to sum-up. > > Yes, that is true. You need to start somewhere but I am not the person to do it. I am pointing > out these issues publicly and taking all the heat. Several people agree with me but they don't > want to say so publicly so maybe this will encourage some of the people local to RIPE to submit > some proposals. You're "taking all the heat", because you are like a bull in a china shop. You've made all sorts of crazy assertions that were not based on facts. You've even gone so far as to make defamatory comments about people on this list and RIPE NCC staff, including myself. If there was a "big conspiracy" you'd have been kicked off the list by now, but you haven't been, because no such conspiracy exists. And you have continually ignored any replies that would have helped you when you didn't like the answers Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From russ at consumer.net Fri Jan 27 14:36:28 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 08:36:28 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> Message-ID: <4F22A85C.7090701@consumer.net> >You're "taking all the heat", because you are like a bull in a china shop. Look who is talking! Are you ever going to make a post that has more lines than all the ads in your signature? From james.davis at ja.net Fri Jan 27 14:40:42 2012 From: james.davis at ja.net (James Davis) Date: Fri, 27 Jan 2012 13:40:42 +0000 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22A85C.7090701@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> Message-ID: <4F22A95A.1030000@ja.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 27/01/2012 13:36, russ at consumer.net wrote: > Look who is talking! Are you ever going to make a post that has > more lines than all the ads in your signature? I'm not sure if anyone has noticed but this is the *anti* abuse working group. Perhaps we should all take a short break for reflection: http://www.youtube.com/watch?v=RDjCqjzbvJY James - -- James Davis 0300 999 2340 (+44 1235 822340) Senior CSIRT Member Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk8iqVoACgkQjsS2Y6D6yLxd4gEAnrVE4Iunpkt6plVjX8pQOPY7 2ffQBnjgk9IzEUS4J0QA+wftqbVwLCoZxeVQZh+GqifRDBYnpiAwdI2h5TNOKLCt =O6aY -----END PGP SIGNATURE----- JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG From michele at blacknight.ie Fri Jan 27 14:42:01 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Fri, 27 Jan 2012 13:42:01 +0000 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22A85C.7090701@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> Message-ID: <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> On 27 Jan 2012, at 13:36, russ at consumer.net wrote: > >You're "taking all the heat", because you are like a bull in a china shop. > > Look who is talking! Are you ever going to make a post that has more lines > than all the ads in your signature? And there you go again If you learnt how to engage with people without simply coming across as an incredibly dumb, ignorant, abrasive and idiotic American, then maybe people would take you a lot more seriously. Regards Michele Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From russ at consumer.net Fri Jan 27 15:10:49 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 09:10:49 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> Message-ID: <4F22B069.9020209@consumer.net> >If you learnt how to engage with people without simply coming across as an incredibly >dumb, ignorant, abrasive and idiotic American, then maybe people would take you a lot >more seriously. Well I have a CISSP to go along with my advanced degrees in physics and computer science. Maybe if I went to your school I would have learnt more. However, I would have thought you would have learnt not to use the race card when you are in an argument. It is not about race or regions of the world as ICANN does the same thing here in the USA. >I'm not sure if anyone has noticed but this is the *anti* abuse Right. My point is that the people claiming to be "anti-abuse" are actually abusers themselves. If you lie and mislead people that is "abuse" even if the stated goal is "anti-abuse." People involved with anti-abuse often think the rules don't apply to them because they are on some kind of "mission from god" to find the "holy grail." I do have a video that shows what it is like dealing with RIPE NCC over this whois blocking issue: http://www.youtube.com/watch?v=RZvsGdJP3ng Time to stop these RIPE NCC abusers from disrupting the whois system and access to abuse contacts That is the system paid for by USA taxpayers and not the RIPE members who are disrupting it. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradley.freeman at csirt.ja.net Fri Jan 27 15:21:13 2012 From: bradley.freeman at csirt.ja.net (Bradley Freeman) Date: Fri, 27 Jan 2012 14:21:13 +0000 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22B069.9020209@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> Message-ID: <4F22B2D9.5040207@csirt.ja.net> > Time to stop these RIPE NCC abusers from disrupting the whois system > and access to abuse contacts > That is the system paid for by USA taxpayers and not the RIPE members > who are disrupting it. The RIPE NCC is not paid for by the USA taxpayer, and most of the personal data they hold has been collected by RIPE. Funding details are at http://www.ripe.net/lir-services/ncc/gm/september-2004/nccfinanceupdate.pdf/view the majority of funds come from membership fees. This is getting off topic, personal and not related to abuse, could we get back on topic? Thanks Bradley Freeman Janet CSIRT Member +44(0)300 999 2340 From russ at consumer.net Fri Jan 27 16:31:08 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 10:31:08 -0500 Subject: [anti-abuse-wg] latest RIPE reply on privacy In-Reply-To: <4F22B2D9.5040207@csirt.ja.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> Message-ID: <4F22C33C.9050204@consumer.net> >The RIPE NCC is not paid for by the USA taxpayer, and most of the personal data they hold has been collected by RIPE. RIPE is able to register IP's and collect the fees because of the MOU with IANA which is paid for by the USA taxpayer. RIPE can collect user fees because they entered into the MOU agreement with IANA. Part of that agreement is to provide certain services required by the RIR's which includes the whois data. RIPE collected this data under the MOU agreement and has agreed to make the data available under the MOU agreement. The entire system hinges on the US government contract with IANA. RIPE clearly says the members are responsible for entering their own data into the RIP database so the members voluntarily give up any privacy protection under EU directives when they do that. These issues are all on topic and need to be dealt with before you can start discussing you want to discuss. I don't understand why these issues have not be dealt with before but many want to ignore them and run around changing policies without taking this stuff into account. Thank You From axel.pawlik at ripe.net Fri Jan 27 19:55:45 2012 From: axel.pawlik at ripe.net (Axel Pawlik) Date: Fri, 27 Jan 2012 19:55:45 +0100 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F22C33C.9050204@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> Message-ID: <4F22F331.5010509@ripe.net> All, it is difficult to not to correct some of the misconceptions voiced here repeatedly. Apologies to those who already know. So, for the record, here are some facts: > RIPE is able to register IP's and collect the fees because of the MOU > with IANA which is paid for by the USA taxpayer. Not correct. The RIPE NCC is registering IP addresses based on a long string of documentation starting with RFC 1174 and ripe-19, for about 20 years now. The RIPE NCC is a membership organisation, based on its Articles of Asscociation, and funded by its members, according to the RIPE NCC Charging Scheme, agreed to by its members. The IANA function, performed by ICANN, is provided under a zero-cost contract with the US Department of Commerce. ICANN bears the operating cost of IANA. ICANN in turn is financed by its community. The RIRs contribute to the ICANN budget since 1999. RIPE > can collect user fees because they entered into the MOU agreement with > IANA. Not correct. See above. Also, the RIPE NCC has no MoU with IANA. Part of that agreement is to provide certain > services required by the RIR's which includes the whois data. RIPE > collected this data under the MOU agreement and has agreed > to make the data available under the MOU agreement. Not correct. The RIPE NCC and ICANN agreed on an MoU establishing ICANN's Address Supporting Organisation. Its purpose is... " - defining roles and processes supporting global policy development, including the relationship between the Internet addressing community (represented by the NRO) and ICANN within the operation of this process; - defining mechanisms for the provision of recommendations to the Board of ICANN concerning the recognition of new RIRs; and - defining accessible, open, transparent and documented procedures for the selection of individuals to serve on other ICANN bodies, including selection of Directors of ICANN and selection of members of various standing committees and ad hoc ICANN bodies." The entire system > hinges on the US government contract with IANA. This is occasionally debated, but not really relevant for this discussion. As it stands, the activities of the RIPE NCC are determined by its members through the RIPE NCC Activity Plan. Allocations of Internet Number Resources (IP addresses and ASN) to the RIPE NCC are done according to the Policy Development Process, described in Attachment A to the ASO MoU. Links to the relevant documents in order of appearance: ftp://ftp.ripe.net/rfc/rfc1174.txt http://www.ripe.net/ripe/docs/ripe-019 RIPE NCC Activity Plan: http://www.ripe.net/ripe/docs/ripe-543 RIPE NCC Charging Scheme: http://www.ripe.net/ripe/docs/ripe-499 IANA Contract: http://www.icann.org/en/general/iana-contract-14aug06.pdf ASO MoU: http://www.nro.net/documents/icann-address-supporting-organization-aso-mou RIPE NCC Activity Plan: http://www.ripe.net/ripe/docs/ripe-543 kind regards, and have a good weekend, all, Axel From russ at consumer.net Fri Jan 27 23:01:13 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 17:01:13 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F22F331.5010509@ripe.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> Message-ID: <4F231EA9.8000904@consumer.net> >it is difficult to not to correct some of the misconceptions voiced here repeatedly. >Apologies to those who already know. So, for the record, here are some facts: If it is that difficult then why isn't this information on the RIPE web site in a clear fashion and why didn't you respond weeks ago when I first brought this up? The US taxpayer is paying for the US Dept of Commerce to administer this contract. The contact states: "Allocate Internet Numbering Resources - - This function involves overall responsibility for allocated and unallocated IPv4 and IPv6 address space and Autonomous System Number space. It includes the responsibility for delegation of IP address blocks to regional registries for routine allocation, typically through downstream providers, to Internet end-users within the regions served by those registries. This function also includes reservation and direct allocation of space for special purposes, such as multicast addressing, addresses for private networks as described in RFC 1918, and globally specified applications." ... "Secure Data -- The Contractor shall ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." As I understand this IANA is responsible for the authentication, integrity, and reliability of the whois data. Thank You From dhc at dcrocker.net Fri Jan 27 23:15:08 2012 From: dhc at dcrocker.net (Dave CROCKER) Date: Fri, 27 Jan 2012 14:15:08 -0800 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F231EA9.8000904@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> Message-ID: <4F2321EC.9000507@dcrocker.net> On 1/27/2012 2:01 PM, russ at consumer.net wrote: > If it is that difficult then why isn't this information on the RIPE web site in > a clear fashion > and why didn't you respond weeks ago when I first brought this up? They don't work for you. They can't anticipate every question someone might ask. If you have text you want to contribute to a FAQ, feel free to write it and submit it. But mostly you need to take your concerns to ICANN or the US Dept. of Commerce, rather than bothering the nice folks in Europe about things related to the US Dept. of Commerce. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From russ at consumer.net Fri Jan 27 23:43:20 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 17:43:20 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F2321EC.9000507@dcrocker.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> Message-ID: <4F232888.4050607@consumer.net> >They don't work for you. Yes they do. They work for the community and I am part of the community who pays the bills. The attitude you have is typical of ICANNers. They tax and then go tell the people who pay the tax to go jump in the lake when they ask a basic question. >They can't anticipate every question someone might ask. These are basic questions that relate to the authority to operate which is one of the very. Everyone involved anticipates these questions will be asked. The problem is people like you. For decades you have fostered an approach where only a small of group of people run everything and when people ask basic questions they get responses like you always provide. It seems your main mission is to drive people away. That is why there is a need for someone like me to come on this list. You are the poster child for what is wrong with these ICANN processes. Where is your tag-team buddy (Crispin)? Thank You From sander at steffann.nl Sat Jan 28 00:26:54 2012 From: sander at steffann.nl (Sander Steffann) Date: Sat, 28 Jan 2012 00:26:54 +0100 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> Message-ID: <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> Hi, Sorry, bad text editing here? > I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the data that IANA is responsible for. No more, no less. Which should have read: I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander From sander at steffann.nl Sat Jan 28 00:22:08 2012 From: sander at steffann.nl (Sander Steffann) Date: Sat, 28 Jan 2012 00:22:08 +0100 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F231EA9.8000904@consumer.net> References: <4F16C1BE.6000504@consumer.net> <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> Message-ID: <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> Hi Russ, Op 27 jan. 2012, om 23:01 heeft russ at consumer.net het volgende geschreven: > If it is that difficult then why isn't this information on the RIPE web site in a clear fashion > and why didn't you respond weeks ago when I first brought this up? Take a look at http://www.ripe.net/internet-coordination/press-centre/publications/annual-reports > The US taxpayer is paying for the US Dept of Commerce to administer this contract. Euhm? You seem to think that the money is flowing from US to EU. It is the other way around: the RIPE NCC makes an annual contribution to ICANN (? 234k in 2010, look it up in the annual report of 2010 on page 50). > As I understand this IANA is responsible for the authentication, integrity, and reliability of the whois data. I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the data that IANA is responsible for. No more, no less. - Sander From russ at consumer.net Sat Jan 28 00:56:13 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 27 Jan 2012 18:56:13 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> References: <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> Message-ID: <4F23399D.8060204@consumer.net> >'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. >No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander Are you saying that IANA is not responsible for the whois data, just for high level data of IP address allocation? It seems to me that that is the way it is being done but it also seems to me that the controlling document (the contract between IANA and Us Government) does not say that. It says the addresses are allocated through downstream providers (the RIRs) but that IANA is still responsible for the data integrity. As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly. There is supposed to be a document that IANA produces which are the requirements for the RIR's. I have asked for this document but IANA won't give it to me. I suspect this document has the whois requirements for RIRs but since they won't give it to me I can only speculate and I have to go by what is says in the IANA contract . It says that the USA owns the data and IANA is responsible for "authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." The whois data is "data relevant to ... IP address allocation." So, according to this, IANA is not supposed to allocate IP addresses to any RIR unless IANA can ensure the "authentication, integrity, and reliability of the data." Thank You From sander at steffann.nl Sat Jan 28 14:55:10 2012 From: sander at steffann.nl (Sander Steffann) Date: Sat, 28 Jan 2012 14:55:10 +0100 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F23399D.8060204@consumer.net> References: <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> <4F23399D.806020 4@consumer.net> Message-ID: <12D57D20-7371-436F-90F1-647D7E38BE4E@steffann.nl> Hi, > >'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. > >No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander > > Are you saying that IANA is not responsible for the whois data, just for high level data of IP address allocation? Yes > It seems to me that that is the way it is being done but it also seems to me that the controlling document (the contract between IANA and Us Government) does not say that. That is between IANA (well, ICANN since IANA is a function of ICANN) and the US Government? If ICANN promised responsibility for something they have no control over, then that is a problem for them. But I leave that to someone from ICANN because I am not involved with either ICANN or the US Government, so I can't speak for them or make statements about contracts they might have signed. > It says the addresses are allocated through downstream providers (the RIRs) but that IANA is still responsible for the data integrity. As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly. No, that is not how it works. > There is supposed to be a document that IANA produces which are the requirements for the RIR's. I have asked for this document but IANA won't give it to me. I don't know which document you are talking about, unless you are talking about RFC 2050. It contains guidelines and is a 'representation of the current practice of the IP address registries with respect to address assignment' in 1996. > I suspect this document has the whois requirements for RIRs but since they won't give it to me I can only speculate and I have to go by what is says in the IANA contract . 'Suspect' and 'speculate'. Not very good grounds to build an argument on? Look at section 2.2 of RFC 2050. I think that comes close to what you are talking about. > It says that the USA owns the data and IANA is responsible for "authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." Of course: 'in performing the IANA requirements'. IP address allocation from IANA to the RIRs. That is the IANA requirement. > The whois data is "data relevant to ... IP address allocation." So, according to this, IANA is not supposed to allocate IP addresses to any RIR unless IANA can ensure the "authentication, integrity, and reliability of the data." No, that is not what it says? Sander From sander at steffann.nl Sat Jan 28 15:14:41 2012 From: sander at steffann.nl (Sander Steffann) Date: Sat, 28 Jan 2012 15:14:41 +0100 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F23399D.8060204@consumer.net> References: <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> <4F23399D.806020 4@consumer.net> Message-ID: > As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly. PS: You seem to have a top-down view, while this is a bottom-up world. Communities (like the RIPE community) set policy, and the RIR (RIPE NCC) implements that policy. On a global scale: when the communities of all RIRs agree on a global policy (see http://www.nro.net/policies/global-policies-development-process) then it gets implemented by ICANN (performing the IANA role). - Sander PS: list, please excuse me for all this off-topic stuff. I'm trying to solve this argument in a polite way. I'll take it off-list now. PPS: Russ, please send your messages off-list as well. This is not about abuse anymore but on policy structure... From russ at consumer.net Sat Jan 28 16:46:08 2012 From: russ at consumer.net (russ at consumer.net) Date: Sat, 28 Jan 2012 10:46:08 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: References: <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@co nsumer.net> <428913B4-2DB7-4C1F-A529-4DE52BA7F3B7@steffann.nl> <332E3B07-2F17-4650-9D3E-1CEFBE31D45F@steffann.nl> <4F23399D.806020 4@consumer.net> Message-ID: <4F241840.4090304@consumer.net> >That is between IANA (well, ICANN since IANA is a function of ICANN) and the US Government? The contract is with IANA (ICANN provides the resources but IANA is a distinct legal entity that entered into the contract). The contract allows IANA to delegate the IP's but they are responsible for the data surrounding the allocation. What it boils down to is that IANA has the ultimate responsibility for the data. When they allocate the IP's to someone else it is still IANA's responsibility for the authentication, integrity, and reliability of the data is still with IANA. I will agree that speculating on what the RIR requirements is not the basis for a stance on an issue. However, neither is "we have always done it this way." I looked at RFC 2050 and I see no issues there. IANA is allowed to delegate things to the RIR's and the RIR's can develop local policies for local issues. However, IANA is still ultimately responsible for the data. If some data responsibility is to transferred to the RIR then it would not be that big a deal to change the contract but the US Government must agree. IANA does not have the authority to transfer this responsibility on their own. I cannot immediately find the reference to IANA requirements for RIRs. I would speculate that there is a whois requirement like all the ICANN requirements for domain registries. That would bolster my argument but my argument does not hinge on that, it hinges on the IANA contract wording. If IANA had the authority to delegate something to someone else the contract would say so. It does say IANA can delegate the IP address space to regional registries but it does not say IANA can transfer the responsibility for the authentication, integrity, and reliability of the data to the RIRs. >PS: You seem to have a top-down view, while this is a bottom-up world. Yes. I have seen how this "bottom up" and "transparent" system works. How many transparency initiatives has ICANN had now? They seem to have one very few months ever since they started but they all fail. I had signed up for some type of community voting system years ago and what ever happened to that? I remember they harassed one Board member who used to suggest adding TLD's. Of course now that they came up with this big money grab scheme suddenly it is all the rage. I just don't believe or trust any of these ICANN or ICANN-like processes. I think ICANN was set up to tax people and the people paying the taxes have no say whatsoever. Since it is set up as a corporation rather than a government agency it circumvents one of the basic rights of taxpayers which is the access to the information (in the USA it is called the Freedom of Information Act or FOIA). Thank you From dhc at dcrocker.net Sat Jan 28 23:00:48 2012 From: dhc at dcrocker.net (Dave CROCKER) Date: Sat, 28 Jan 2012 14:00:48 -0800 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F232888.4050607@consumer.net> References: <2A084A55-887F-409C-B066-11E3C72334FD@blacknight.ie> <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> <4F232888.4050607@consumer.net> Message-ID: <4F247010.8010409@dcrocker.net> On 1/27/2012 2:43 PM, russ at consumer.net wrote: >> They don't work for you. > > Yes they do. They work for the community and I am part of the community Alas, that does not mean you get to assign tasks to them, anymore than it means you get to tell the folks down at city hall what daily tasks to perform. You might want to review the practical requirements for functioning administration in delegated democratic structures. The core requirement is to get a substantial support of a significant constituency. Just being a plaintive single voice isn't enough. > pays the bills. The attitude you have is typical of ICANNers. I haven't had anything to do with ICANN in more than 15 years and wasn't formally part of it then. My involvement was pre-ICANN. So you should consider something more current and substantive if you wish to continue the ad hominem bullying that you are invoking when someone disagrees with you. There's plenty to criticize in my behavior, but please at least try to focus on failings that really do apply to me. >> They can't anticipate every question someone might ask. > > These are basic questions that relate to the authority to operate which is > one of the very. Everyone involved anticipates these questions will be > asked. Everyone? Wow. With such certitude, no doubt you can document that assertion? In reality, what is obvious to one is obscure to another. Again, if you think something should be in a FAQ, then do the work to provide it. That's one of the aspects of community participation that seems to have escaped you. > The problem is people like you. The problem is people who have no active involvement in any of these administrative activities? That is, after all, the proper description of my role with respect to RIPE and IANA. (Full disclosure: there's an MOU between the IETF and ICANN, concerning a subset of IANA's functions, and I'm part of the IETF side that does the formal renewal. But anyone who thinks that's a substantive task hasn't read the minutes of the IAOC...) > For decades you have fostered an approach > where only a small of group of people run everything and when people ask > basic questions they get responses like you always provide. I do apologize for requesting that folks get their facts straight and contribute their own effort to getting things done, rather than their imposing workload on others. If a small group runs things -- and let's skip over the probable error of that assertion -- it's because the rest of the community chooses to be less active. By the way, as for facts, you keep asserting that IANA is a separate legal entity and that the US Dept. Commerce has a contract with them. Since it's already been pointed out that these assertions are incorrect -- and the language at IANA doesn't support your model: perhaps you'd care to point at the legal documents that prove otherwise. > That is why there is a need for someone > like me to come on this list. I could well be wrong, but I doubt that your strident efforts at bullying those who disagree with you is all that productive. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From russ at consumer.net Sat Jan 28 23:45:57 2012 From: russ at consumer.net (russ at consumer.net) Date: Sat, 28 Jan 2012 17:45:57 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F247010.8010409@dcrocker.net> References: <4F16C490.9050409@consumer.net> <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> <4F232888.4050607@consumer.net> <4F247010.8010409@dcrocker.net> Message-ID: <4F247AA5.8020306@consumer.net> >By the way, as for facts, you keep asserting that IANA is a separate legal entity and that the >US Dept. Commerce has a contract with them. Since it's already been pointed out that these >assertions are incorrect -- and the language at IANA doesn't support your model: > >perhaps you'd care to point at the legal documents that prove otherwise. It was already posted by Mr. Pawlik: http://www.icann.org/en/general/iana-contract-14aug06.pdf As you can see IANA is a separate legal entity. If you read you can see that ICANN provides the resources for the IANA function but the actual legal entity on the contract is IANA. The contract could have been directly with the legal entity ICANN. I have asked for an explanation as to why this is but I cannot get an answer from IANA/ICANN or DOC. I assume it was done to try to isolate ICANN from liability but that is just speculation. >I could well be wrong, but I doubt that your strident efforts at bullying those who disagree with you >is all that productive. You started with the ad hominem bullying and I just responded in kind. My methods may not help with my immediate issue but in the long run it is good to ruffle some feathers so maybe the next person who has issues like mine will get more consideration than I got from RIPE NCC. I didn't wake up one day and say I want to join a RIPE list and cause trouble. I was going fine for 13 years and now all of a sudden there is a problem and they cut me off. This is the kind of reaction that you will get when things like that are done. Thank You From russ at consumer.net Sat Jan 28 23:58:38 2012 From: russ at consumer.net (russ at consumer.net) Date: Sat, 28 Jan 2012 17:58:38 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F247AA5.8020306@consumer.net> References: <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> <4F232888.4050607@consumer.net> <4F247010.8010409@dcrocker.net> <4F247AA5.8020306@consumer.net> Message-ID: <4F247D9E.4030905@consumer.net> >As you can see IANA is a separate legal entity. I looked again. it actually says the legal entity is "Internet Corporation for Assigned Names" which I don't think even exists as a legal entity so who knows. From rezaf at mindspring.com Sun Jan 29 00:18:06 2012 From: rezaf at mindspring.com (Reza Farzan) Date: Sat, 28 Jan 2012 18:18:06 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F247D9E.4030905@consumer.net> References: <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net><4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net><4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie><4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net><4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net><4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net><4F232888.4050607@consumer.net> <4F247010.8010409@dcrocker.net><4F247AA5.8020306@consumer.net> <4F247D9E.4030905@consumer.net> Message-ID: Russ, I do not understand why you waste everyone's time by writing such meaningless messages frequently. If anyone is interested in Facts and Records, they can easily search for it, especially about ICANN, http://www.icann.org/en/about/. The Abuse Working group must focus its attention on more fundamental matters than squabbling about such trivial matters that you constantly bring up. Thank you, Reza Farzan =========== > -----Original Message----- > From: anti-abuse-wg-bounces at ripe.net > [mailto:anti-abuse-wg-bounces at ripe.net] On Behalf Of russ at consumer.net > Sent: Saturday, January 28, 2012 5:59 PM > To: anti-abuse-wg at ripe.net > Subject: Re: [anti-abuse-wg] Some Facts for the Record > > >As you can see IANA is a separate legal entity. > > > I looked again. it actually says the legal entity is > "Internet Corporation for Assigned Names" which I don't think > even exists as a legal entity so who knows. From dhc at dcrocker.net Sun Jan 29 00:32:27 2012 From: dhc at dcrocker.net (Dave CROCKER) Date: Sat, 28 Jan 2012 15:32:27 -0800 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F247AA5.8020306@consumer.net> References: <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> <4F232888.4050607@consumer.net> <4F247010.8010409@dcrocker.net> <4F247AA5.8020306@consumer.net> Message-ID: <4F24858B.2010006@dcrocker.net> On 1/28/2012 2:45 PM, russ at consumer.net wrote: >> assertions are incorrect -- and the language at IANA doesn't support your > model: > >> perhaps you'd care to point at the legal documents that prove otherwise. > > It was already posted by Mr. Pawlik: > > http://www.icann.org/en/general/iana-contract-14aug06.pdf > > As you can see IANA is a separate legal entity. If you read you can see that Yes, reading carefully is a challenge. What name did you see under "Name and address of Contractor"? I can imagine all sorts of visual and cognitive impairments that might distort what's there, but none that produce "IANA" or any variant, out of what it says, which is ICANN. You seem to have some difficulty with the difference between a legal entity and a function to be performed by that entity. Note that IANA's own language says "department of" ICANN. > As you can see IANA is a separate legal entity. If you read you can see that > ICANN provides the resources for the IANA function but the actual legal > entity on the contract is IANA. Since you seem to be saying that something inside the contract refers to IANA as a separate legal entity, please cite the specific language, not just a generic pointer to the whole document. >> I could well be wrong, but I doubt that your strident efforts at bullying > those who disagree with you >> is all that productive. > > You started with the ad hominem bullying and I just responded in kind. Please cite the specific language in my original posting that you consider ad hominem. Please note that saying "you are wrong" is not ad hominem. Saying "you are an idiot" or "The problem is people like you" or "you are a bully" is. > My > methods may not help with my immediate issue but in the long run it is good > to ruffle some feathers so maybe the next person who has issues like mine Care to point to documents that substantiate some exemplars of this tactic's working, absent community support for that approach? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From maildanrl at googlemail.com Mon Jan 30 18:41:34 2012 From: maildanrl at googlemail.com (Dan Luedtke) Date: Mon, 30 Jan 2012 18:41:34 +0100 Subject: [anti-abuse-wg] 2011-06 New Policy Proposal (Abuse Contact Management in the RIPE NCC Database) In-Reply-To: <4F1701BA.9030905@mutluit.com> References: <201111231347.pANDlH64028370@pechora5.dc.icann.org> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A3EB9@EXVPMBX100-1.exc.icann.org> <4ECE4C4A.5090106@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A411A@EXVPMBX100-1.exc.icann.org> <4ED3F845.6080708@abusix.com> <4F16AC94.5010201@mutluit.com> <4F1701BA.9030905@mutluit.com> Message-ID: On Wed, Jan 18, 2012 at 6:30 PM, U.Mutlu wrote: > Of course ARF/MARF as well depends on a abuse contact, > so we need a mandatory standard to follow, and therefore the > current proposal of the wg should be ratified as soon as possible. Certainly yes, I just wanted to give a hint to those who already trying to expand the proposal. regards, danrl -- Dan Luedtke http://www.danrl.de From russ at consumer.net Mon Jan 30 23:13:48 2012 From: russ at consumer.net (russ at consumer.net) Date: Mon, 30 Jan 2012 17:13:48 -0500 Subject: [anti-abuse-wg] Some Facts for the Record In-Reply-To: <4F247AA5.8020306@consumer.net> References: <4F19D551.6010809@consumer.net> <83EF9D5F-40F2-4A11-AF6B-E5C7CE4FA459@sussex.ac.uk> <4F1FEE5A.7040207@consumer.net> <4F208D15.9070903@consumer.net> <20120126074643.GB55041@Space.Net> <4F213F2A.4000706@consumer.net> <4F215125.8000900@consumer.net> <4F2187ED.4030503@consumer.net> <4F22A097.9060108@consumer.net> <4F22A4DE.9060507@consumer.net> <49660A43-E226-42EB-A248-7E9984DF1DB5@blacknight.ie> <4F22A85C.7090701@consumer.net> <14A729EE-631B-40DD-9564-407E184FB7AB@blacknight.ie> <4F22B069.9020209@consumer.net> <4F22B2D9.5040207@csirt.ja.net> <4F22C33C.9050204@consumer.net> <4F22F331.5010509@ripe.net> <4F231EA9.8000904@consumer.net> <4F2321EC.9000507@dcrocker.net> <4F232888.4050607@consumer.net> <4F247010.8010409@dcrocker.net> <4F247AA5.8020306@consumer.net> Message-ID: <4F27161C.3000005@consumer.net> This is a good treatise on how outsiders see these 'so-called' community systems like ICANN and RIPE. They come up with all these procedures simply designed to waste people's time so they can drive them away. this guy did extensive documentation of how it works: http://hasbrouck.org/icann/ The people who promote these community systems like RIPE are either delusional or, more likely, they have something to gain (either money, stature, or just the ability to tell others what they can and cannot do). Of course those people would just say there is something wrong with Mr. Hasbrouck as well. As for the current proposal, there is no legal review available to the community and it contradicts the current blocking policy as far as the EU privacy claims so, if the process was legitimate, it should not move forward until the legal review is complete and made available to the public. Since the process is not legitimate I expect that won't happen. Thank You From security at mutluit.com Tue Jan 31 23:52:24 2012 From: security at mutluit.com (U.Mutlu) Date: Tue, 31 Jan 2012 23:52:24 +0100 Subject: [anti-abuse-wg] no whois record for another crappy ISP Message-ID: <4F2870A8.4040900@mutluit.com> Hi, does anybody know why there is no whois record for the so-called ISP named "jazztel.es" ? It just says: "This TLD has no whois server" How is such possible? From michele at blacknight.ie Tue Jan 31 23:56:01 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Tue, 31 Jan 2012 22:56:01 +0000 Subject: [anti-abuse-wg] no whois record for another crappy ISP In-Reply-To: <4F2870A8.4040900@mutluit.com> References: <4F2870A8.4040900@mutluit.com> Message-ID: Go to nic.es Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 31 Jan 2012, at 22:53, "U.Mutlu" wrote: > Hi, > > does anybody know why there is no whois record > for the so-called ISP named "jazztel.es" ? > > It just says: "This TLD has no whois server" > How is such possible? >