Hi, On Wed, 29 Apr 2020, Nick Hilliard wrote:
Serge Droz via anti-abuse-wg wrote on 29/04/2020 16:55:
So, it's the security guys, saying
This may help a bit, but won't solve all problems.
+1 here.
versus the infrastructure operators saying
Beware! This it creating huge costs and will not help at all, and answering two mails a year will be our ruin.
The root problem is that the policy proposes to use the RIPE NCC to enforce abuse management processes.
The specifics in this iteration of the document are to threaten and then act to deregister an organisation's number resources - and thereby remove their ability to conduct business - if the organisation declines to handle abuse complaints over email.
If the "deregistration" could be placed outside of the picture (in a new version?), what's the next major hurdle then...? I mean, if "deregistration" is not possible when validation fails (continuously), there might still be positive outcomes (transparency...), if the price tag on the RIPE NCC is not that big. I don't see an impact analysis yet, but if it's affordable for other RIRs, maybe it will be also for the RIPE NCC -- who knows?
To be clear, it's a fundamental right in large chunks of the RIPE service region to conduct business. If the RIPE NCC acts to threaten to remove this ability to conduct business,
Very glad it's "business", not "abuse" :-)) Carlos
there would need to be sound legal justification for doing so.
Nick