Dear WG, I have read the document and would like to thank the authors for their work. Some of my observations match and support points already raised by Gilles: On Tue, Nov 17, 2015 at 03:39:57PM +0200, Gilles Massen wrote:
This is a very interesting document, and a very nice thing to have (although it is unclear to me if the information in it is not too volatile for a BCP).
The end of chapter 4 reads:
This document is intended to be a request for input from the Internet community. As a next step we would like to define a standard API for abuse contact lookups.
This is consistent with the style and content of the paper but would not suggest a status of "Best Current Practice". Also, the document would benefit from some copy editing before publication. Some of the terms in section 2 do not appear in the rest of the paper or have been replaced - e.g., "registrant" is defined but "domain owner" is used (where "owner" is a suboptimal phrase for both domains and IP addresses). Also, while the example domain name is used, IP addresses should also come from the dedicated assignment. The intended audience section should be promoted to immediately follow the abstract, then followed by the problem statement. I'd like to see a clear distinction between "abuse" and "IT security incident", where both terms appear to be used interchangeably.
- under point 4 it says implicitly that name-based whois is quicker outdated than number-based whois. Is there any hard data to back that statement up?
I fail to see the relevance of this statement in the first place, especially given that the catalog in chapter 6 does not refer to any name based data repository - and rightfully so. The structure in chapter 6's catalog looks good, some prose elaborating the meaning of "first" or "second hand" sources could be helpful. What's the implication of either attribute? Same for the up-to-date-ness: the availability of per-object-timestamps might be more helpful than a general assessment of the repository, knowing that timestamps do not imply accuracy. Speaking of which: perpetuating the out of area examples in this document might turn out to be confusing. I'd like to understand the emphasis on "national CERTs". Regards, Peter