A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make
a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
There was some clear support for the policy during the Discussion Phase. This came from:
Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would
allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this
policy.
Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate,
then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis.
Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal:
- The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow
a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard)
- The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard)
- The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting.
(Responding to No No)
- The actual validation is not working, it is just a technical validation (responding to Gert Doering)
- The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am
not asking to verify if you handle abuse case or not and I am not asking to take any new actions.
Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications
was important.
A number of people spoke in clear opposition.
Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC
membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet.
Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today.
No No did not want anyone to be restricted in how they received abuse reports.
Michele Neylon opposed the proposal and agreed with the points made by Nick.
A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush
The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020.
There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis.
- There was no messages of support to the proposal.
There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email
can be automated whilst forms can not.
- There were opposing arguments based on two fronts:
1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely
defined by the operator.
Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would
not add any value.
There was no attempt to address the opposing arguments above during the review phase.
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would
welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.