A case can be made that lax "not the internet police" policies that earlier allowed a single shady LIR to get multiple /14s and now, as per Furio, allows serial registration of bogus LIRs to gather up IP space is actually making
abuse and security teams worldwide expend rather more man hours than they would spend in a lifetime of engaging in this sort of occasional compliance.
From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net>
Sent: Saturday, May 18, 2019 1:59 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
El 18/5/19 9:56, "anti-abuse-wg en nombre de Gert Doering" <anti-abuse-wg-bounces@ripe.net en nombre de gert@space.net> escribió:
Hi,
On Sat, May 18, 2019 at 12:02:48AM +0100, Carlos Friaças wrote:
> > There is no indication that the complications Jordi is proposing are
> > an actual improvement in any metric, except "human life time wasted".
>
> Starting with "complications" is really not that constructive.
>
> If the process is too complex let's work on it, and make it simpler where
> it is possible.
We have an existing process that is the result of a PDP discussed in this
very working group, reflecting community consensus on the balance between
checking and annoyance.
Nobody has made a convincing argument why this needs to be made stricter
and more time consuming.
> Trying to build a softer approach, maybe the NCC doesn't need to send
> _everyone_ a message twice a year, but if someone finds an abuse-mailbox
> to be unresponsive, then if it is mandatory to have a working
> contact/mailbox, the NCC could only get into the picture when someone
> detects that is not in place.
>
> Or is _that_ already in place...?
We *HAVE* a process to check abuse contacts.
We *HAVE* ARCs.
So, please state *first* what is wrong or insufficient with the current
process, and why these added complications would improve the end goal:
abuse reports sent to ISPs are handled "better" (in a to-be-defined
metric).
A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke.
Note: taking away lifetime from the people doing abuse mail handling is
not going to make them more enthusiastic about doing their job.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of
the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents
of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.