[db-wg] abuse-c
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
John Green
j.green at ukerna.ac.uk
Mon Jan 12 11:31:24 CET 2004
Menno Pieters (Stelvio) wrote: > To elaborate on that, the complications for creating an IRT object are: > - You need a maintainer for an IRT object (which is not required for an > extra attribute or a person/role object); > - Strong authentication from both the IRT and the LIR is required to > link an IRT object to the inet[6]num object. > > The reasons to do it this way is to prevent that the IRT mentioned in > the IRT object gets complaints about abuse made form IP ranges that they > are not responsible for, simply because "Evil Company" put the e-mail > address of the IRT in its inet[6]num object (or as Daniel Karrenberg > suggested in on of the maintainer objects protecting the object). > > So both the IRT and the LIR (even if they are in the same room or just > next door), must agree. In a small organisation it is possible that it's > the same (group of) person(s), using the same PGP key and the problem is > void, because the request needs to be signed only once. I have never understood what this gives you. If "Evil Company" wants to misdirect abuse reports (why?) they can circumvent this by making a fake IRT object with IRT XYZ as the contact email address. John Green JANET-CERT
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]