A lot of what is being requested in this thread seems outside of RIPEs remit and raises endless questions about responsibility / overreach. RIPEs job is to manage the distribution and registration of resources across members as efficiently and fairly as possible - I've only been a member for a few years but it seems to be doing a pretty good job at that.
The stated goal of the organisation is not to police and rule on the activities of those using the resources and take unilateral action against them if they break a law. I also reject the notion that this is what they should be doing - having a central authority to police internet activity seems to run contrary to the idea of an open internet and raises numerous questions. Who makes the rules? What level of evidence is needed? How do you accurately validate evidence? What is the process? What if there is some miscarriage of justice?
Furthermore, the practicality of basing security on relying on a RIR correctly policing resource usage and preventing things like hacking attempts is ineffective and will lead to issues. There are multiple RIRs that would all need to work effectively to do this and even then, most hacking attempts are made through botnets anyways. In my experience, blacklists are effective and simple to set up so I don't understand how this isn't the easy solution here.
All that being said, if RIPE wants to begin sending email notifications and checking whether abuse contact information is up to date / being replied to and publish that list then I think that is reasonable but it should be purely educational and made available for stakeholders to act independently with no central authority recommending any kind of action using the list. Again, practically speaking here.. I think all you'd find there would be a huge number of non-respondents and having to make a decision whether or not to block millions of european internet resources from your network just because the owner didn't click a email button.
Timur Gok |
Managing Director |
|
| |
|