Hi Jan,
Hi Leo,
On Wed, 19 Oct 2022 at 05:26, Jan Ingvoldstad <frettled@gmail.com> wrote:
>
> Contacting the LIR only vaguely makes sense, it's like contacting the domain registrar because someone is sending phishing mail from gmail.com. In other words, mostly completely useless.
Can you please expand on this? People without your experience might
not understand the processes you are referring to. Can you explain the
problems that users need to resolve and the value that registration of
small assignments in the database brings?
Okay. Let's say that there is an ongoing phishing campaign. A CERT or abuse department investigates, finds that IP address A.B.C.D is hosting malicious content.
Currently, abuse departments can then use a locally installed whois tool to query ARIN, RIPE etc. whois databases to find out what the presumed correct contact point is, both for the purpose of disabling the phishing campaign.
However, if the contact point is a LIR, instead of the end user, this means that the LIR's abuse department gets all the complaints and police contacts, increasing workload and delaying action, if any is taken at all.
In phishing and other kinds of IP-traceable abuse, time is of the essence, so accurate and direct contact information for the party responsible is vital.
It is therefore better to have a database of contact points with some errors in it, than a database that, over time, is designed to become useless.
> Additionally, introducing this policy change without also doing something about historical records, seems pointless.
Can you expand on this, too?
If small assignments, for whatever value of "small", do not have value and are only causing extra work, the obvious thing to do is to purge the database of these records as well.
However, there is no proposal to do so, and that means that this policy proposal only suggests making very modest changes in how the database is managed, with dubious benefits.
--
Jan