[anti-abuse-wg] 2011-06 Review Phase Extension
- Previous message (by thread): [anti-abuse-wg] 2011-06 Review Phase Extension
- Next message (by thread): [anti-abuse-wg] 2011-06 Review Phase Extension
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Koch
pk at DENIC.DE
Sat Jul 28 19:39:55 CEST 2012
On Mon, Jul 16, 2012 at 10:02:29AM +0100, Brian Nisbet wrote:
> would ask if members could raise any points that they are still
> uncertain about and state as clearly as possible, their current opinion
> on the proposal.
I have read version 3.0 of 2011-06 and the NCC's impact analysis.
While I agree with some of the goals of 2011-06, I object to the
proposal in its current form. In fact, I think it is not even ready
for the Review Phase, even though I understand that was the way to
invoke the NCC impact analysis. Here's already one reason to object: the
proposal itself is hardly comprehensible without said impact analysis
but since the latter is not part of the proposal it can only be
considered transient. Without even remotely suggesting the NCC was driving
policy here, I must say with both hesitance and regret that I am not
comfortable with the role the NCC has been dragged into w.r.t 2011-06.
o The proposal and impact analysis are unclear about the aspects of
data protection issues for the "abuse-mailbox:" attribute. It appears
it is intended to "by definition" avoid PII here. How would that work
for address space allocated (or, more importantly, assigned) to a natural
person? That said, the proposal is also unclear whether the abuse-c: would
apply to PI space, as well.
o The proposal uses unclear language w.r.t. the mandatory nature of the
"abuse-c:" attribute:
``This policy introduces a new contact attribute named "abuse-c:", that can
be included in inetnum, inet6num and aut-num objects. ''
vs.
``The role objects used for abuse contact information
will be required to contain a single "abuse-mailbox:" attribute which is
intended for receiving automatic and manual reports about abusive behavior
originating in the resource holders' networks.''
o The second paragraph quoted above expresses an expectation regarding the
handling of submitted email reports (what else would it mean to be prepared for
"receiving automatic and manual reports"?)
o The purpose of the "e-mail:" attribute is given with "other". I do not
understand that. I would suggest to separate the targets for 'manual' and
'machine readable' reports. It is natural for any object in the RIPE DB to
use the 'email:' attribute for email communication. {this is listed for
completeness; i have read the longthread on the topic and don't suggest
to rehash. The proposal, in summary, has bigger problems.}
o The proposal is unclear at least about the future of irt: objects.
o Finally, and most importantly, I object to the mandatory nature of the attribute.
Neither the impact analysis nor the counter arguments section assess the impact
of presence of an abuse (role) object and the resulting actions on maintainers/...
LIRs/NCC members.
-Peter
- Previous message (by thread): [anti-abuse-wg] 2011-06 Review Phase Extension
- Next message (by thread): [anti-abuse-wg] 2011-06 Review Phase Extension
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]