Hi Sascha On 04/11/2015 15:32, Sascha Luck [ml] wrote:
On Wed, Nov 04, 2015 at 12:05:28AM +0000, ripedenis@yahoo.co.uk wrote:
the sponsoring LIR should be restricted to an LIR in the same geographical/political/language area as the end user resource holder. Otherwise it could render the whole notion of an LIR validating their sponsored user's data pointless.
IANAL, but I can't imagine that such a rule would even be legal under EU legislation. Common Market, remember? Considering that the Internet doesn't recognise any borders or political blocs, this is one of the more outlandish suggestions even for this forum.
That may well be right, but if the sponsor cannot understand the language of the resource holder the validation may not be very effective.
Interesting point about the creation of this ORGANISATION object. It touches on an issue I have been trying to raise for a number of years. But I am almost universally shouted down by most of the vocal members of the RIPE community whenever I mention it. Even though many less vocal members have privately
Ah, "the majority agrees with me in email"
I never mentioned email or majority. 'Some' people I have talked to at RIPE Meetings have agreed with me. The majority will not even talk about it.
Sascha Caveat - “we are not the [xyz] police” .. in this case, “the document police” .. a fine old trope, that.
I didn't actually write this, your quoting appears to be broken.
My apologies it was in a reply 'to' you not from you.
Sander "I personally think that someone holding resources should at least be identifiable in the DB,"
I absolutely agree, but also anyone who partly manages any aspect of a resource should be identifiable.
No. Just NO. I am, frankly, flabbergasted at this mindset:
1) All resource holders are presumed to be bad actors and all of their data must be kept in a database, their correctness to be strictly enforced.
That seems to be the basis of this whole thread....not my assumption
2) It's no problem making this data available, for free, to every Tom, Dick & Harry with an internet connection.
I actually have some very strong views on making parts of the data in the RIPE Database private, but that is another proposal...
The very idea that someone might use this data for nefarious purposes is obviously farcical.
You have a very negative and misguided view of what I am saying.
There is a need to be able to reach a resource holder to notify them of abuse coming from their network (the abuse-c) or technical problems (the tech-c). There is NO need to have the street address and phone number of every *person* "who partly manages any aspect of a resource" in a public database, just to satisfy the curiosity of some curtain-twitcher or give actual criminals some data for ID theft purposes.
First of all I never said anything about personal data. Maybe you have not heard of the concept of business data. Maybe also you have never had problems trying to contact people regarding resources in the RIPE Database. The 2007-01 policy to contact all resource holders took about 7 years to implement. I suspect many of them are uncontactable again by now. The complexity of this database schema allows for many ways to hide yourself. By manipulating the relationship between PERSON, ROLE, MNTNER, ORGANISATION objects and building complex references and chains of objects it can become very difficult to find who to contact. Do you realise you can make a business out of a MNTNER object? If you 'own' the MNTNER object you can provide a service to other people. You put the password of some anonymous person into your MNTNER and this anonymous person can then maintain resources. As the 'owner' of the MNTNER you can claim you have nothing to do with the resource. You are simply providing a service to your customers. By creating a new MNTNER for each customer only they (and you) can manage their data. You try contacting that resource holder!! The RIPE NCC and maybe the sponsoring LIR knows who it is, but no one else does. A proper implementation of personalised auth and dropping the MNTNER object would solve this issue of anonymity. Unfortunately the watered down version of my original plan being offered now does not go far enough. My main point was the chain of trust for resource holders and resource managers. Also being contactable does not mean personal contact data must be displayed to the public. There are many ways to be contactable. But few people are even willing to discuss possibilities when it comes to changing the data model. cheers denis
community and talks with the WG chairs. In the end, when the RIPE NCC thinks it has worked out the best way to achieve the policy, they present the final implementation plan with timelines to the mailing list. If and when consensus is reached on the implementation, the RIPE NCC will go ahead and do the work.
For completeness' sake, if the policy leads to changes in the members' contract or the Terms & Conditions, a membership vote at the GM is also required for implementation.
rgds, Sascha Luck