In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses (unless for “connected customers”) is not allowed.

If you do so, and the staff realize it, or somebody reports it to the staff, then you will get a warning, or a few of them across a certain period of time, you will get probably other policy-compliance reviewed, and then if you still not correct the situation, there will be a reclamation process.

So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I really don’t care if we call it regulator or not, it is a matter of ensuring that the resources are provided under certain rules and in the end, we enforce them.

Regards,
Jordi

@jordipalet

El 30 nov 2023, a las 9:58, Matthias Merkel <matthias.merkel@staclar.com> escribió:

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of their own business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse isn't inherently of the resources provided by RIPE, but rather of the services addressed by them. It's like the postal service making rules on what you can do at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited is from the dictionary.

—

Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.

On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do
what can be expected they should be doing, and another fractions that
feels every little bit of additional load is too much and will not solve
the problem 100%. It's like saying we give up on speed limits because it
doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will
change, in essence the anti-abuse wg is taken hostage by the nay sayers.
These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If
not we go back. But nope.

Best
Serge

On 30.11.23 09:39, Matthias Merkel wrote:

> Hi Leo,
>
> The definition of a regulator is an entity that sets and enforces rules
> on the persons it supervises.
>
> If the RIPE NCC goes further than just providing numbers, and instead
> enforces rules on usage associated with them (note that this doesn't
> even concern the use of the numbers themselves, but rather services
> addressed by them), it will, by definition, be a regulator.
>
> I'm not sure that there will be consensus on wanting the NCC to become a
> regulator.
>
> —
> Maria Merkel
>
> This email was sent by Staclar, Inc. Any statements contained in this
> email are personal to the author and are not necessarily the statements
> of the company unless specifically stated.
>
> Novecore and Staclar are collective trading names of Novecore Ltd.,
> registered in England and Wales under company number 11748197, Novecore
> Licensing Ltd., registered in England and Wales under company number
> 11544982, Staclar Carrier Ltd., registered in England and Wales under
> company number 12219686, Staclar Financial Services Ltd., registered in
> England and Wales under company number 13843292 (registered offices 54
> Portland Place, London, UK, W1B 1DY); Novecore Professional Services
> Ltd., registered in England and Wales under company number 13965912
> (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA);
> Novecore (Estonia) OÜ, registered in Estonia under registry code
> 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117
> Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under
> file number 6707907, Novecore Licensing (USA) LLC, registered in
> Delaware under file number 4030866, and Staclar, Inc., registered in
> Delaware under file number 7413401 (registered agents The Corporation
> Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE
> 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United
> Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ
> is registered for VAT in the European Union under VAT registration
> number EE102518979. Novecore Professional Services Ltd. is a trust or
> company service provider registered with and supervised by HM Revenue &
> Customs under the Money Laundering, Terrorist Financing and Transfer of
> Funds (Information on the Payer) Regulations 2017 (registration number
> XMML00000178208). Staclar Financial Services Ltd. is an Annex 1
> financial institution registered with and supervised by the Financial
> Conduct Authority under the Money Laundering, Terrorist Financing and
> Transfer of Funds (Information on the Payer) Regulations 2017 (firm
> reference number 989521). Registration is not equivalent to
> authorisation and is not an endorsement to do business with a firm.
> Staclar Financial Services Ltd. is not an authorised person within the
> meaning of the Financial Services and Markets Act 2000 and does not
> review, approve, or endorse financial promotions for securities issues
> it is involved in or provide any form of investment advice.
> Sent from Front
>> On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net
>> <mailto:anti-abuse-wg@ripe.net> wrote:
>>
>> Hi Leo,
>>
>> I don’t see it as a regulator, I see it as one of the functions of a
>> RIR. Not just provide numbers, but also ensure that they are being
>> used fairly and according community agreed policies. Otherwise we
>> could also say that other reasons for recovery are invalid because we
>> become a regulator, right?
>>
>> Each RIR has measured the “level of adoption” as they progressed with
>> the initial verification (and this was presented at least a couple of
>> times in every RIR), so there are slides in each of them, showing the
>> progress. I can try to find them for you in the previous year's events
>> if you can’t find them. Also my personal experience reporting over
>> 1.500 abuse cases, average per day, shows that I get more
>> “happy-ending” responses from those regions than before and keeps
>> going better and better, which is not the case from RIPE unfortunately.
>>
>> Regards,
>> Jordi
>>
>> @jordipalet
>>
>>>
>>> > El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org
>>> <mailto:leo@vegoda.org>> escribió:
>>> >
>>> > Hi Jordi,
>>> >
>>> >
>>> > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg
>>> <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> wrote:
>>> >>
>>> >> I agree that the carrot is better than the stick, but if the
>>> carrot doesn’t work, we need to use the stick.
>>> >>
>>> >> My original proposal was basically enforcing the NCC to reclaim
>>> the resources when there is a persistent violation of resolving abuse
>>> cases. This can be progressive, such as not allowing to update
>>> objects in the database, etc. No need to go with “a single failure
>>> means you lose your resources”.
>>> >
>>> > How could we do this without the RIPE NCC becoming some kind of
>>> regulator? Or is the proposal to make the RIPE NCC a private sector
>>> regulator?
>>> >
>>> >> As said, this is working in other 2 regions, one more coming
>>> (pending of the AFRINIC board ratification). Why should not work in
>>> this region the same? Also the PoC in ARIN works in a similar way,
>>> and being non-responsive means you get some “members” rights restricted.
>>> >
>>> > Who has been measuring the reduction is abuse? How tightly is that
>>> drop in abuse linked to this policy action rather than other factors?
>>> >
>>> > Kind regards,
>>> >
>>> > Leo
>>> >
>>>
>>> **********************************************
>>> IPv4 is over
>>> Are you ready for the new Internet ?
>>> http://www.theipv6company.com <http://www.theipv6company.com/>
>>> The IPv6 Company
>>>
>>> This electronic message contains information which may be privileged
>>> or confidential. The information is intended to be for the exclusive
>>> use of the individual(s) named above and further non-explicilty
>>> authorized disclosure, copying, distribution or use of the contents
>>> of this information, even if partially, including attached files, is
>>> strictly prohibited and will be considered a criminal offense. If you
>>> are not the intended recipient be aware that any disclosure, copying,
>>> distribution or use of the contents of this information, even if
>>> partially, including attached files, is strictly prohibited, will be
>>> considered a criminal offense, so you must reply to the original
>>> sender to inform about this communication and delete it.
>>>
>>> --
>>>
>>> To unsubscribe from this mailing list, get a password reminder, or
>>> change your subscription options, please visit:
>>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
>>> <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>
>

--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.