2006-04 Draft Document will be produced (Contact e-mail Address Requirements)
PDP Number: 2006-04 Contact e-mail Address Requirements Dear Colleagues, The discussion period for the proposal 2006-04, Contact e-mail Address Requirements has ended. This proposal suggests that working and up-to-date contact e-mail addresses should be maintained at all times for address space that is registered in the RIPE Database. A draft document will now be prepared for review. We will publish the document in about four weeks. You can find the full proposal at: http://www.ripe.net/ripe/policies/proposals/2006-04.html Regards, Filiz Yilmaz RIPE NCC Policy Development Officer
I find it ridiculous that the author of this proposal himself is not providing a real contact e-mail address in the proposal. If it was up to me, I would have rejected the policy proposal just because of that. Author: Jeffrey L. Scribner jscribner@localhost ASI Enterprises, Inc. j -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Filiz Yilmaz Sent: 26. september 2006 15:11 To: policy-announce@ripe.net Cc: Jeffrey L. Scribner; Hans Petter Holen; address-policy-wg@ripe.net Subject: [address-policy-wg] 2006-04 Draft Document will be produced (Contact e-mail Address Requirements) PDP Number: 2006-04 Contact e-mail Address Requirements Dear Colleagues, The discussion period for the proposal 2006-04, Contact e-mail Address Requirements has ended. This proposal suggests that working and up-to-date contact e-mail addresses should be maintained at all times for address space that is registered in the RIPE Database. A draft document will now be prepared for review. We will publish the document in about four weeks. You can find the full proposal at: http://www.ripe.net/ripe/policies/proposals/2006-04.html Regards, Filiz Yilmaz RIPE NCC Policy Development Officer
Hi, Jørgen Hovland wrote:
I find it ridiculous that the author of this proposal himself is not providing a real contact e-mail address in the proposal.
If it was up to me, I would have rejected the policy proposal just because of that.
Author: Jeffrey L. Scribner jscribner@localhost ASI Enterprises, Inc. [...]
as you might have noticed by browsing through other RIPE Websites, this is just due to the very useful Anti-Spam-E-Mail-Address-obsfucator of the Webserver, nothing else. I'm sure the real E-Mail address is in the original proposal text :-) -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
Then I guess nobody will object when I put the following in my RIPE handle in order to be compliant with the new policy: e-mail: U2FsdGVkX19DjGgCGGBqHru1mllYpl+qhZZZycdQg9F42g== remarks: please decode my email address with base64 remarks: then decrypt it with AES-256-OFB using key jorgen remarks: then read from right to left remarks: In the subject you must put the name of the current day Or perhaps I should just use some javascript code instead? Or Haskell.. j -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Michael.Dillon@btradianz.com Sent: 26. september 2006 16:19 To: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] 2006-04 Draft Document will be produced (Contact e-mail Address Requirements)
jscribner@localhost ASI Enterprises, Inc. I'm sure the real E-Mail address is in the original proposal text :-)
Just click on that funny email address in your web browser and the real email address automagically appears in your email client. --Michael Dillon
From a technical & security point of view I like your proposal :-) But...
Jørgen Hovland wrote:
Then I guess nobody will object when I put the following in my RIPE handle in order to be compliant with the new policy:
e-mail: U2FsdGVkX19DjGgCGGBqHru1mllYpl+qhZZZycdQg9F42g== remarks: please decode my email address with base64 remarks: then decrypt it with AES-256-OFB using key jorgen remarks: then read from right to left remarks: In the subject you must put the name of the current day
Or perhaps I should just use some javascript code instead? Or Haskell..
j
... quoting from $ whois -v person e-mail The e-mail address of a person, role, organisation or irt team. This attribute is filtered from the default whois output when at least one of the objects returned by the query contains an abuse-mailbox attribute. An e-mail address as defined in RFC 2822. I wonder if you approach is coverd by RFC 2822 :-) Wilfried.
Wilfried Woeber, UniVie/ACOnet wrote:
From a technical & security point of view I like your proposal :-) But...
Jørgen Hovland wrote:
Then I guess nobody will object when I put the following in my RIPE handle in order to be compliant with the new policy:
e-mail: U2FsdGVkX19DjGgCGGBqHru1mllYpl+qhZZZycdQg9F42g== remarks: please decode my email address with base64 remarks: then decrypt it with AES-256-OFB using key jorgen remarks: then read from right to left remarks: In the subject you must put the name of the current day
Or perhaps I should just use some javascript code instead? Or Haskell..
j
... quoting from $ whois -v person
The e-mail address of a person, role, organisation or irt team. This attribute is filtered from the default whois output when at least one of the objects returned by the query contains an abuse-mailbox attribute.
An e-mail address as defined in RFC 2822.
I wonder if you approach is coverd by RFC 2822 :-)
sorry guys....you will not get past the parser with this one :) cheers denis
Wilfried.
Jørgen Hovland wrote:
I find it ridiculous that the author of this proposal himself is not providing a real contact e-mail address in the proposal.
Following up... I was fooled by that a while ago, too :-) Just click on the mail address and - assuming you've got a compatible MUA - the compose window comes up with the correct mail address filled in. Wilfried.
This policy is directed at ISPs and at their customers.
Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained). Every organisation controlling an IP address should provide at least one working contact e-mail address where notifications of abuse emanating from that IP address can be sent.
A company in the SPAM business could be in full compliance with this policy if they operate an auto-responder like RIPE's hostmaster mailbox, which replies to every email saying "Thank you for your concern. We will deal with the matter promptly". The net benefit to the Internet community would be zero.
All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address.
I don't believe that RIPE has any authority over what ISP customers do with their Internet connection. If a customer has a contract with and ISP for the purposes of originating abusive messages, then what authority does RIPE have to forbid this? On the other hand, if this is something which should be forbidden, who is the proper authority to take action? My answers are "None" and "National governments". A few days ago, whilst riding the tube to work, I was looking over someone's shoulder reading the newspaper. It was one of the cheap tabloids, possible the Sun. There was an advert for a company that offered to send abusive phone messages to someone else for a fee. It was an 0900 number which you dialled, then selected from a menu of message types, and then gave the number to be called. The choices were "Stop seeing my boyfriend", "Stop seeing my girlfriend", "Last notice to pay parking fine", "Mortgage reposession of home", etc. Clearly, there is at least one UK business that has a contract with a UK phone company for the purpose of originating abusive messages. Apparently, the regulator does not prohibit this, although maybe they simply don't know about it yet. In any case, the problem of sending abusive messages clearly does exist outside the Internet therefore it is NOT an Internet problem. If abusive messages are considered bad by society, then society should pass a law in the usual way rather than foisting unenforceable rules on the RIPE community. --Michael Dillon P.S. I am opposed to sending abusive messages and I would like to see them disappear from the Internet. But I also do not believe that any technical measures targetted at abusive messages will ever work since the perpetrators just discover new ways to avoid those measures. I really don't want to give the perpetrators an incentive to corrupt RIPE or the RIPE NCC which is what I believe will happen if RIPE gets in their way.
Hello Michael, On 9/26/06, Michael.Dillon@btradianz.com <Michael.Dillon@btradianz.com> wrote:
This policy is directed at ISPs and at their customers.
What makes you think this?
Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained). Every organisation controlling an IP address should provide at least one working contact e-mail address where notifications of abuse emanating from that IP address can be sent.
A company in the SPAM business could be in full compliance with this policy if they operate an auto-responder like RIPE's hostmaster mailbox, which replies to every email saying "Thank you for your concern. We will deal with the matter promptly". The net benefit to the Internet community would be zero.
yes, but it's not supposed to stop SPAM, just correct an old oversight, that of an email address not being a required contact detail.
All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address.
I don't believe that RIPE has any authority over what ISP customers do with their Internet connection. If a customer has a contract with and ISP for the purposes of originating abusive messages, then what authority does RIPE have to forbid this? On the other hand, if this is something which should be forbidden, who is the proper authority to take action? My answers are "None" and "National governments".
Would it be acceptable to you if it said: |All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address without their knowledge" or smt similarly toothless?? -- Cheers, McTim $ whois -h whois.afrinic.net mctim
Hi It seems to me that this policy is about having a rule that says "everyone responsible for address space should provide contact details and keep them up to date". Having such a rule is a good starting point. But who is going to enforce it and how? Our support team already get many complaints about invalid contact details. If we have a policy that says people should keep them up to date, we may just get more complaints. People will tell us we have a policy about it so what are we going to do about it? let me give you a quote from our standard reply about invalid contact data: "There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity. If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Antispam Working Group or Address Policy Working Group mailing lists." So a question that needs answering is do you want to allocate resources to finding ways to check the validity of email addresses in the RIPE Databse and what realistic penalty can be applied to unreachable people? regards Denis Walker Software Engineering Department RIPE NCC McTim wrote:
Hello Michael,
On 9/26/06, Michael.Dillon@btradianz.com <Michael.Dillon@btradianz.com> wrote:
This policy is directed at ISPs and at their customers.
What makes you think this?
Registration data (range, contact information, status etc.) must be correct at all times (i.e. they have to be maintained). Every organisation controlling an IP address should provide at least one working contact e-mail address where notifications of abuse emanating from that IP address can be sent.
A company in the SPAM business could be in full compliance with this policy if they operate an auto-responder like RIPE's hostmaster mailbox, which replies to every email saying "Thank you for your concern. We will deal with the matter promptly". The net benefit to the Internet community would be zero.
yes, but it's not supposed to stop SPAM, just correct an old oversight, that of an email address not being a required contact detail.
All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address.
I don't believe that RIPE has any authority over what ISP customers do with their Internet connection. If a customer has a contract with and ISP for the purposes of originating abusive messages, then what authority does RIPE have to forbid this? On the other hand, if this is something which should be forbidden, who is the proper authority to take action? My answers are "None" and "National governments".
Would it be acceptable to you if it said:
|All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address without their knowledge" or smt similarly toothless??
Denis Walker wrote: [...]
... If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Antispam Working Group or Address Policy Working Group mailing lists."
My feeling is that the only appropriate one is the AP-WG - if at all. Anti-Spam seems to be a niche market, looking at the number of different abusive behaviour patterns, and DB-WG usually looks at issues regarding the tools and the registration machinery. In particular, DB-WG is very reluctant to get drawn into (human) resource allocation (i.e. money :-) ) discussions... Wilfried. PS: I know I am not making new friends with the following text, but still: Spam is not a network or addressing problem - it is an application and socio-economic problem. Now shoot - you know where to find me :-)
Wilfried Woeber, UniVie/ACOnet wrote:
Denis Walker wrote:
[...]
... If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Antispam Working Group or Address Policy Working Group mailing lists."
My feeling is that the only appropriate one is the AP-WG - if at all.
we can easily change this if the AP-WG is considered to be the best place to raise such issues.
Anti-Spam seems to be a niche market, looking at the number of different abusive behaviour patterns, and DB-WG usually looks at issues regarding the tools and the registration machinery.
In particular, DB-WG is very reluctant to get drawn into (human) resource allocation (i.e. money :-) ) discussions...
Wilfried.
PS: I know I am not making new friends with the following text, but still: Spam is not a network or addressing problem - it is an application and socio-economic problem. Now shoot - you know where to find me :-)
I think we are confusing two seperate issues here. Spam itself is a socio-economic-political problem. How to stop spam is outside the scope of network operations and addressing policy issues. But the issue here is if I can identify an individual spammer who is causing me problems who should I contact to try to have this person/organisation disconnected? This ties into the whole discussion on the irt object and abuse-mailbox: attributes. Even if we get this part exactly right, if the final email address we present to someone is invalid then the whole system breaks down. This brings us back to the question of how to enforce a policy that says everyone should keep their contact details up to date. I know it is a difficult question, but until it is addressed the whole policy on abuse handling fails. regards Denis Walker Software Engineering Department RIPE NCC
But the issue here is if I can identify an individual spammer who is causing me problems who should I contact to try to have this person/organisation disconnected?
The answer is; you should contact someone who has committed to receive and act upon reports of network abuse. RIPE can get involved by requiring its LIRs to maintain an abuse desk that commits to receive and act upon abuse reports. Beyond this RIPE can publish the contact details for any 3rd parties who have committed to receive and act upon abuse reports.
This brings us back to the question of how to enforce a policy that says everyone should keep their contact details up to date. I know it is a difficult question, but until it is addressed the whole policy on abuse handling fails.
You are right that this is the key question. "Everyone" does not have a contractual relationship with RIPE therefore RIPE policies do not apply to "Everyone". This is unlikely to change. In any case, it is a waste of time directing abuse reports at "Everyone" because, chances are, "Everyone" has not made a commitment to receive and act upon abuse reports. Some might say; but "Everyone" should make such a commitment. That is a noble sentiment and one which often drives politicians to make laws. If you really believe in this sentiment then RIPE is the wrong place to discuss it because RIPE members are not politicians and RIPE has no input into national or EU laws. --Michael Dillon
This policy is directed at ISPs and at their customers.
What makes you think this?
Who else has IP addresses?
Would it be acceptable to you if it said:
|All persons and organisations assigned an IP address should act to prevent abusive messages originating from that IP address without their knowledge" or smt similarly toothless??
No, because I don't believe it is appropriate for RIPE to require 3rd parties to supply any information at all, not email address, not company name, nothing at all. If the organization using the addresses has no legal contract with RIPE, then RIPE cannot oblige them to submit data for publication. I do think that it is a good idea for RIPE to require all LIRs to have an active, responsive email address that is published. And I think it is good for RIPE to allow 3rd parties to publish contact info if they operate an active and responsive email address. But if the 3rd party does not have a NOC or an abuse desk, then I would rather see no contact info published so that the LIR is the first point of contact. Since the LIR does have a contractual relationship with the 3rd party, they will know how to get their attention. Basically, I think this policy and much of the thinking behind the whois directory which RIPE publishes, is obsolete and has been obsolete for almost 10 years. Such things can only work in a collegial environment such as a university or a research consortium, but they have proven themselves to be totally unworkable on the public Internet. By publishing incorrect information, RIPE encourages people with abuse issues to waste valuable time trying to contact the wrong people. The fix to this problem is to remove all incorrect information from the whois directory that is published. --Michael Dillon
On Wed, Sep 27, 2006 at 10:15:44AM +0100, Michael.Dillon@btradianz.com wrote:
This policy is directed at ISPs and at their customers. What makes you think this? Who else has IP addresses?
Corporate networks. And they do not need unique ones, to route them in the global routing table, but in other companies networks they connect to. Nils --
What's the title for the head of the Greek Orthodox church?
God [Rowan Mayfair <rowanm@innocent.com>]
Michael.Dillon@btradianz.com wrote:
This policy is directed at ISPs and at their customers. What makes you think this?
Who else has IP addresses?
Corporate, educational, goverment (yes, for example Security service of Ukraine, ex-KGB branch in Ukraine, have PI 193.29.204.0/24! :-) ). Even some individuals have it. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
participants (9)
-
Denis Walker -
Filiz Yilmaz -
Jørgen Hovland -
Max Tulyev -
McTim -
Michael.Dillon@btradianz.com -
Nils Ketelsen -
Sascha Lenz -
Wilfried Woeber, UniVie/ACOnet