CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.


Colleagues

I know consensus on the new WG has already been declared, but I have
some questions on this change. The charter for the AA-WG specifically
included abuse of internet users. It included these phrases:

"Consequently, the Anti-Abuse Working Group has a wide scope, to
include all relevant kinds of abuse."

"Within scope are all systems and mechanisms, both technical and
non-technical, that are used to create, control, and make money from
such abuse."

The charter for the new Security WG seems to be focused only on
"Tackling abuse of Internet infrastructure and
resources is a core goal of the WG".

So is the new WG no longer concerned with tackling abuse of internet
users? For example spam, phishing, ransomware attacks, etc. If so,
where can we discuss these issues? They don't fit within the charter
of any RIPE WG.

Looking back in time, the 'Anti Spam WG' became the 'Anti Abuse WG' in
2008. The new Security WG still refers to 'abuse'. But we still don't
have a definition of 'abuse'. Without even a basic definition of
abuse, is the new WG going to be another talking shop where we go
round in circles and no one will agree on anything?

The WG membership is still made up of the 'good' guys and the 'bad'
guys. The good guys will do what they can to prevent abuse, as long as
it doesn't involve significant extra work or costs. Both reasons were
used many times in the past to kill off policy proposals for tackling
abuse issues. And of course, since 2023-04, we now have the new
concept of 'operator convenience' which seems to override any other
consideration. The bad guys will always try to kill off policy
proposals for tackling abuse as they provide services to the abusers.
So the prospect of this new WG achieving anything beyond giving advice
(which can be ignored) is seriously limited from the start.

cheers
denis

========================================================
DISCLAIMER
Everything I said above is my personal, professional opinion. It is
what I believe to be honest and true to the best of my knowledge. No
one in this industry pays me anything. I have nothing to gain or lose
by any decision. I push for what I believe is for the good of the
Internet, in some small way. Nothing I say is ever intended to be
offensive or a personal attack. Even if I strongly disagree with you
or question your motives. Politicians question each other's motives
all the time. RIPE discussion is often as much about politics and self
interest as it is technical. I have a style of writing that some may
not be familiar with, others sometimes use it against me. I also have
OCD. It makes me see the world slightly differently to others. It
drives my mind's obsessive need for detail. I can not change the way I
express my detailed opinions. People may choose how to interpret them.
========================================================

On Tue, 1 Oct 2024 at 17:21, Brian Nisbet via anti-abuse-wg
<anti-abuse-wg@ripe.net> wrote:
>
> Good Afternoon,
>
> Following on from the list discussion pre-RIPE 88, the discussion at the meeting, and the subsequent refining of the proposed charter and further discussion, the WG Co-Chairs, after discussion with the RIPE Chair Team, are declaring consensus on the re-chartering and re-naming of the WG.
>
> The charter is as posted to the group on the 29th of July by Markus:
>
> *************
>
> The Security Working Group is committed to fostering collaboration,
> sharing best practices, and addressing security challenges within the
> RIPE community. The primary objective of the WG is to enhance the
> security, resilience, and stability of the Internet infrastructure
> within our region. Tackling abuse of Internet infrastructure and
> resources is a core goal of the WG, as well as:
>
> - Collaborating with stakeholders to develop and advocate for best
> practices, guidelines, and standards for securing Internet resources
> - Facilitating information sharing and cooperation among relevant entities
> - Providing education, training, and outreach initiatives to raise
> awareness of security issues and promote best practices adoption
>
> *************
>
> and we are confirming that the new name of the WG will be the RIPE Security Working Group.
>
> Our first hybrid meeting will be at RIPE 89 in Prague and, between then and now we'll sort out the logistics of the change including mailing lists, websites, fancy logos, branded merchandise etc. etc. There will be further communications on this, of course, but the current plan is to migrate this list, in the whole part, to the new WG, meaning no action would be required on the part of the subscribers. More on that as we have it.
>
> I'd like to thank my fellow Co-Chairs, the RIPE Chair Team, the NCC and, of course, all of you, the wonderful WG members, for all your help with this discussion, decision & process.
>
> I would also like to thank everyone who has been a part of the Anti-Abuse Working Group over the years for your discussion and work. A lot has happened and been done since we rechartered from Anti-Spam to Anti-Abuse in 2008 and it absolutely would not have happened without you all!
>
> Thank you,
>
> Brian
> Co-Chair RIPE <s>Anti-Abuse</s> Security Working Group
>
> Brian Nisbet (he/him)
> Service Operations Manager
> HEAnet CLG, Ireland's National Education and Research Network
> North Dock Two, 93-94 North Wall Quay, Dublin 1, D01 V8Y6
> +35316609040 brian.nisbet@heanet.ie www.heanet.ie
> Registered in Ireland, No. 275301. CRA No. 20036270
> -----
> To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/anti-abuse-wg.ripe.net/
> As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
> More details at: https://www.ripe.net/membership/mail/mailman-3-migration/