[anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Nisbet
brian.nisbet at heanet.ie
Wed Oct 11 16:06:59 CEST 2017
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Network Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet at heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 Mounier, Grégory wrote on 10/10/2017 15:49: > Hi everyone, > > > > Thanks for your questions and comments. In light of those, Hervé and I > will prepare a slightly amended version of the proposal to specify some > languages, in particular when it comes to the role of RIPE NCC’s impact > analysis in providing more details about the concrete implementation of > this policy change proposal. > > > > Andre rightly asked what was the goal of the proposal. Ultimately, the > goal of the proposal is to reduce the likelihood of getting no response > when someone (anyone) need to urgently contact a LIR via the abuse-c > contact. To achieve this goal we believe that RIPE NCC should be > mandated to regularly validate the abuse-c contact point. We think that > the main criteria to decide whether to move the proposal to the review > phase or not, should be whether there is a majority of AAWG members who > thinks that having a valid and functioning abuse-c contact points is a > valid goal. > > > > Most questions raised were about the actual implementation of the > proposal. As explained by Marco/RIPE NCC, the practical details of how > the validation procedure will be implemented should not be laid down in > the policy change proposal at this stage but rather by the impact > analysis that RIPE NCC will conduct. RIPE NCC is the best placed to > propose a working procedure (whether it should be done in the framework > of ARC, what will be the criteria to consider a contact point invalid, > how to address auto-answer, how often the validation process should be > carried out etc.) because they are the ones who can best assess the > financial and human resources to conduct these checks in the most > efficient manner. > > > > Lastly, it seems that some members assume that this proposal is driven > by law enforcement (LE) needs only. It is not. All network > operators/LIRs have at some points been in the frustrating situation of > not being able to find a valid contact point, this is why Hervé/Orange > is co-authoring the proposal. There is not so many ways of ensuring that > you get an answer: the community needs to agree that at least one > contact point will be validated by RIPE NCC. In parallel, law > enforcement is indeed working with NCC and some RIPE members to develop > our knowledge and possibly a tool to visualize BGP routing tables. But > improving the way LE can identify and investigate malicious IPs is not > the goal of this policy change proposal. > > > > In conclusion, we think that so far, except for one or two members who > explicitly opposed the goal of the proposal, a majority of members who > expressed themselves on the AAWG mailing list during the discussion > phase, agrees with the general objective of the proposal – that is to > mandate RIPE NCC to regularly validate abuse-c contact in order to > reduce the likelihood of not getting an answer when someone needs to > urgently contact a LIR. > > > > Therefore, in agreement with the AAWG chair, we would like to move this > proposal to the review phase. > > > > Thanks > > > > Greg and Hervé > > > > > > > > > > *From:*anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] *On Behalf > Of *herve.clement at orange.com > *Sent:* 09 October 2017 15:01 > *To:* Nick Hilliard; Michele Neylon - Blacknight > *Cc:* ox; Gert Doering; anti-abuse-wg at ripe.net > *Subject:* Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular > abuse-c Validation) > > > > Hello Nick, > > > > We have already talked with the RIPE NCC about ARC. > > If the ARC would include actual contact validation, a same LIR would be > contacted less frequently for a global audit. > > Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis > will answer the question of extra work evaluation. > > > > Hervé > > > > > > -----Message d'origine----- > De : anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] De la part de > Nick Hilliard > Envoyé : lundi 9 octobre 2017 13:01 > À : Michele Neylon - Blacknight > Cc : ox; Gert Doering; anti-abuse-wg at ripe.net > <mailto:anti-abuse-wg at ripe.net> > Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c > Validation) > > > > Michele Neylon - Blacknight wrote: > >> The current situation is that abuse-c can be populated with rubbish. > >> The email addresses can be completely non-functioning. > >> That is the real and current issue. > > > > the real issue is that this is a complex layer 9 problem inside each > organisation, and although creating technological tickbox policies will > provide a veneer of doing something, that veneer is very thin. > > > > The RIPE NCC already has a mechanism for information consistency audits, > namely the Assisted Registry Check. > > > > Has anyone talked to the RIPE NCC about including abuse contacts in the > ARC, and been given credible reasons as to why this wouldn't be a > simpler, better and more effective way of dealing with issue of stale / > inaccurate details? > > > > Nick > > > > _________________________________________________________________________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme > ou falsifie. Merci. > > > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and > delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have > been modified, changed or falsified. > > Thank you. > > ******************* > > DISCLAIMER : This message is sent in confidence and is only intended for > the named recipient. If you receive this message by mistake, you may not > use, copy, distribute or forward this message, or any part of its > contents or rely upon the information contained in it. > Please notify the sender immediately by e-mail and delete the relevant > e-mails from any computer. This message does not constitute a commitment > by Europol unless otherwise indicated. > > *******************
- Previous message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] @EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]