On Mon, Jan 22, 2018 at 04:45:43PM +0200, ox wrote:
Have I made myself sufficiently clear?
Not really.
Right. I will then re-iterate all of my arguments including the ones against v1. 1) The proposal states: "Improving the trust and safety of the IP address space is a priority for the RIPE community. It has therefore established the Assisted Registry Check (ARC) in order to help its members strengthen registry data by explaining the risks of outdated information and the benefits of ensuring their data is correct. ARC reviews are carried out for approximately 25%-30% of the membership every year and cover four subject areas: registry consistency, resource consistency, route/rDNS consistency and resource certification usage/consistency (RPKI). However, the ARC was not designed for the validation of the “abuse-c:” contact." While the ARC was not specifically designed to validate the correctness of abuse-c, it is *suitable* for the purpose. I disagree with the implication that the ARC can't be used to perform this validation. In my view, nothing makes abuse-c: any more special than admin-c: and tech-c:, so that it needs a separate ARC all of its own 2) The proposal states: "The objective of this proposal is not to devise a detailed validation procedure. The RIPE NCC is best placed to assess the technical challenges and the financial and human resources necessary to conduct validation tests in the most efficient manner." This actually makes the entire discussion around captchas and humans wasting their time with reading abuse-c emails redundant. Nothing of the kind of process you're dreaming about is actually part of the proposal, so I will forgo any further discussion on this unless a new implementation proposal comes along. What you have is a problem with the Impact Assessment and the way the NCC proposes to validate this contact. In fact, on this point alone, *I* should support the proposal and *you* should oppose it. (However, since I'm not sure the implementation process cannot just change without my consent, I still oppose it on this point, too) 3) Not explicitly stated in the proposal. The proposal and the IA assume that the abuse-c: is an email address (and the object, iirc explicitly asks for one). I don't think any new policy should be made that, even implicitly, ties RIPE NCC database information to legacy technologies. rgds, Sascha Luck