Report & Co-Chair's Decision on Proposal 2019-04
Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710 Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important. A number of people spoke in clear opposition. Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today. No No did not want anyone to be restricted in how they received abuse reports. Michele Neylon opposed the proposal and agreed with the points made by Nick. A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal: Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020. There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis. - There was no messages of support to the proposal. There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not. - There were opposing arguments based on two fronts: 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value. There was no attempt to address the opposing arguments above during the review phase. With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term. Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
That fact that you classify my email as being on the "no" argument, shows how misguided you are. Not for one second was I against this proposal, just the point about mandating emails. There is no consensus "against" this proposal. Your methodology of surveying views is so warped, it is unbelievable. ------ On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Colleagues,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
Discussion Phase:
There was some clear support for the policy during the Discussion Phase. This came from:
Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy.
Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis.
Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions.
Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important.
A number of people spoke in clear opposition.
Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet.
Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today.
No No did not want anyone to be restricted in how they received abuse reports.
Michele Neylon opposed the proposal and agreed with the points made by Nick.
A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush
The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020.
There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis.
- There was no messages of support to the proposal.
There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not.
- There were opposing arguments based on two fronts:
1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator.
Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value.
There was no attempt to address the opposing arguments above during the review phase.
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG
Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nisbet@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270
A bit too late to the party but I was in support, I am sorry I wasn’t clear --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JJS JJS <no0484985@gmail.com> Sent: Monday, September 7, 2020 8:57:14 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 That fact that you classify my email as being on the "no" argument, shows how misguided you are. Not for one second was I against this proposal, just the point about mandating emails. There is no consensus "against" this proposal. Your methodology of surveying views is so warped, it is unbelievable. ------ On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie>> wrote: Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710 Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important. A number of people spoke in clear opposition. Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today. No No did not want anyone to be restricted in how they received abuse reports. Michele Neylon opposed the proposal and agreed with the points made by Nick. A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal: Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020. There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis. - There was no messages of support to the proposal. There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not. - There were opposing arguments based on two fronts: 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value. There was no attempt to address the opposing arguments above during the review phase. With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term. Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie> www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270
Thank you for the clarification, Suresh. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Suresh Ramasubramanian <ops.lists@gmail.com> Sent: Monday 7 September 2020 16:32 To: JJS JJS <no0484985@gmail.com>; anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. A bit too late to the party but I was in support, I am sorry I wasn’t clear --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JJS JJS <no0484985@gmail.com> Sent: Monday, September 7, 2020 8:57:14 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 That fact that you classify my email as being on the "no" argument, shows how misguided you are. Not for one second was I against this proposal, just the point about mandating emails. There is no consensus "against" this proposal. Your methodology of surveying views is so warped, it is unbelievable. ------ On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie>> wrote: Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocs%2Fripe-710&data=02%7C01%7C%7C3dcd3df8a62b412eb48808d853434240%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350895635519057&sdata=ORTXYJtqaJnEi9%2B4fcexmd5gbV1ERj2r0Roh7gwc6Fc%3D&reserved=0> Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important. A number of people spoke in clear opposition. Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today. No No did not want anyone to be restricted in how they received abuse reports. Michele Neylon opposed the proposal and agreed with the points made by Nick. A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal: Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020. There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis. - There was no messages of support to the proposal. There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not. - There were opposing arguments based on two fronts: 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value. There was no attempt to address the opposing arguments above during the review phase. With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term. Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie> www.heanet.ie<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heanet.ie%2F&data=02%7C01%7C%7C3dcd3df8a62b412eb48808d853434240%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350895635519057&sdata=6KBLvNwr2MKDqC6cx%2FOllCsHRhL6QP8woOpalfEykuM%3D&reserved=0> Registered in Ireland, No. 275301. CRA No. 20036270
Thank you for the clarification, albeit I would ask you not to launch into attacks when doing so. Even given that I do not believe it makes any difference to the overall decision from the Co-Chairs. I would suggest that you look at the resources on https://www.ripe.net/participate/policies which explain the various phases. Equally, the comments made during the Discussion Phase were taken into account. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JJS JJS <no0484985@gmail.com> Sent: Monday 7 September 2020 16:27 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. That fact that you classify my email as being on the "no" argument, shows how misguided you are. Not for one second was I against this proposal, just the point about mandating emails. There is no consensus "against" this proposal. Your methodology of surveying views is so warped, it is unbelievable. ------ On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie>> wrote: Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocs%2Fripe-710&data=02%7C01%7C%7C52743e2d79214186604e08d8534291ff%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350892677909839&sdata=5AZsDBvQNpP7S%2Brm07cWbqf2buJv33M%2BRA2HtZwDCgI%3D&reserved=0> Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important. A number of people spoke in clear opposition. Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today. No No did not want anyone to be restricted in how they received abuse reports. Michele Neylon opposed the proposal and agreed with the points made by Nick. A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal: Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020. There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis. - There was no messages of support to the proposal. There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not. - There were opposing arguments based on two fronts: 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value. There was no attempt to address the opposing arguments above during the review phase. With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term. Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie> www.heanet.ie<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heanet.ie%2F&data=02%7C01%7C%7C52743e2d79214186604e08d8534291ff%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350892677909839&sdata=zECAlNSlhfdANfCkiTRmtnJA1zFr3%2F59poSOQm2Fta0%3D&reserved=0> Registered in Ireland, No. 275301. CRA No. 20036270
I am disputing your methodology in determining consensus. If I didn't know that you expected me to offer support for this proposal, neither did anyone else. ___ On Tue, Sep 8, 2020 at 1:36 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Thank you for the clarification, albeit I would ask you not to launch into attacks when doing so.
Even given that I do not believe it makes any difference to the overall decision from the Co-Chairs.
I would suggest that you look at the resources on https://www.ripe.net/participate/policies which explain the various phases.
Equally, the comments made during the Discussion Phase were taken into account.
Brian Co-Chair, RIPE AA-WG
Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nisbet@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270 ------------------------------ *From:* anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JJS JJS <no0484985@gmail.com> *Sent:* Monday 7 September 2020 16:27 *To:* anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> *Subject:* Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
That fact that you classify my email as being on the "no" argument, shows how misguided you are.
Not for one second was I against this proposal, just the point about mandating emails.
There is no consensus "against" this proposal.
Your methodology of surveying views is so warped, it is unbelievable.
------
On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Colleagues,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710 <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocs%2Fripe-710&data=02%7C01%7C%7C52743e2d79214186604e08d8534291ff%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350892677909839&sdata=5AZsDBvQNpP7S%2Brm07cWbqf2buJv33M%2BRA2HtZwDCgI%3D&reserved=0>
Discussion Phase:
There was some clear support for the policy during the Discussion Phase. This came from:
Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy.
Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis.
Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions.
Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important.
A number of people spoke in clear opposition.
Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet.
Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today.
No No did not want anyone to be restricted in how they received abuse reports.
Michele Neylon opposed the proposal and agreed with the points made by Nick.
A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush
The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020.
There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis.
- There was no messages of support to the proposal.
There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not.
- There were opposing arguments based on two fronts:
1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator.
Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value.
There was no attempt to address the opposing arguments above during the review phase.
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG
Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nisbet@heanet.ie www.heanet.ie <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heanet.ie%2F&data=02%7C01%7C%7C52743e2d79214186604e08d8534291ff%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637350892677909839&sdata=zECAlNSlhfdANfCkiTRmtnJA1zFr3%2F59poSOQm2Fta0%3D&reserved=0>
Registered in Ireland, No. 275301. CRA No. 20036270
If I didn't know that you expected me to offer support for this proposal, neither did anyone else.
i, for one, did. it's standard procedure under the pdp. and assuming no one else understands what you do not understand is an interesting mis-understanding. randy
you are misunderstood in your understanding of my misunderstanding. -- On Tue, Sep 8, 2020 at 11:22 AM Randy Bush <randy@psg.com> wrote:
If I didn't know that you expected me to offer support for this proposal, neither did anyone else.
i, for one, did. it's standard procedure under the pdp.
and assuming no one else understands what you do not understand is an interesting mis-understanding.
randy
As you will see in the report, we made mention of comments for, against and uncertain in both the Discussion Phase and the Review Phase. We took all of this into account in making our decision. Even with your clarification of support in the Discussion Phase it still does not point at consensus being reached for this proposal. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JJS JJS <no0484985@gmail.com> Sent: Tuesday 8 September 2020 00:31 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. I am disputing your methodology in determining consensus. If I didn't know that you expected me to offer support for this proposal, neither did anyone else. ___ On Tue, Sep 8, 2020 at 1:36 AM Brian Nisbet <brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie>> wrote: Thank you for the clarification, albeit I would ask you not to launch into attacks when doing so. Even given that I do not believe it makes any difference to the overall decision from the Co-Chairs. I would suggest that you look at the resources on https://www.ripe.net/participate/policies<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fparticipate%2Fpolicies&data=02%7C01%7C%7Cbf540183a2214c1656c408d8538647a8%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637351183483775754&sdata=B68JAV6pZFtYim09Izj28qJRrBbXbQkzqAYjfq932fg%3D&reserved=0> which explain the various phases. Equally, the comments made during the Discussion Phase were taken into account. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie> www.heanet.ie<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heanet.ie%2F&data=02%7C01%7C%7Cbf540183a2214c1656c408d8538647a8%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637351183483775754&sdata=T%2BjOKChsphuK6pErjsI%2FEnvd0fwZjn9v0e0XmlZQMdI%3D&reserved=0> Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of JJS JJS <no0484985@gmail.com<mailto:no0484985@gmail.com>> Sent: Monday 7 September 2020 16:27 To: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. That fact that you classify my email as being on the "no" argument, shows how misguided you are. Not for one second was I against this proposal, just the point about mandating emails. There is no consensus "against" this proposal. Your methodology of surveying views is so warped, it is unbelievable. ------ On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie>> wrote: Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocs%2Fripe-710&data=02%7C01%7C%7Cbf540183a2214c1656c408d8538647a8%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637351183483785747&sdata=VFmoQCbyWqljrC%2B1woyecnU6Ne1UusYtFcCXhwjd%2B8w%3D&reserved=0> Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important. A number of people spoke in clear opposition. Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today. No No did not want anyone to be restricted in how they received abuse reports. Michele Neylon opposed the proposal and agreed with the points made by Nick. A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal: Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020. There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis. - There was no messages of support to the proposal. There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not. - There were opposing arguments based on two fronts: 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value. There was no attempt to address the opposing arguments above during the review phase. With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term. Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie<mailto:brian.nisbet@heanet.ie> www.heanet.ie<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heanet.ie%2F&data=02%7C01%7C%7Cbf540183a2214c1656c408d8538647a8%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637351183483785747&sdata=4abuBg5oRHhQ0ViffYEdkwBTzFvYRDJPmejlAJaQ3YQ%3D&reserved=0> Registered in Ireland, No. 275301. CRA No. 20036270
Hi, On Tue, Sep 08, 2020 at 01:27:14AM +1000, JJS JJS wrote:
That fact that you classify my email as being on the "no" argument, shows how misguided you are.
Not for one second was I against this proposal, just the point about mandating emails.
There is no consensus "against" this proposal.
Your methodology of surveying views is so warped, it is unbelievable.
There is no consensus *for* this proposal, and that is what would be required to proceed. There does not need to be "consensus against" (which, indeed, would make the WG chair's life much easier). The argument "those that are in favour of the proposal do not know that they should speak up" is deeply flawed - if there is a very obviously controversial discussion, and people feel deeply about either side, they will speak up. I think the WG chairs had quite a difficult task on their hands, and the summary is very detailed and I find it well representing the voices I can remember (thanks!). If you feel misrepresented, you can always point out where you spoke up otherwise - everything is archived. Gert Doering -- with some experience with policy proposals -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
At no stage did you say "those who support this proposal, indicate that you support it now" Of course people that support it aren't going to say anything if they don't know they need to say anything. ------------- On Tue, Sep 8, 2020 at 1:19 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Colleagues,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
Discussion Phase:
There was some clear support for the policy during the Discussion Phase. This came from:
Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy.
Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis.
Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions.
Angel Gonzalez Berdasco suuported the proposal, but also made multiple comments on a different approach, including an abuse-uri and highlighted that standarising the communications was important.
A number of people spoke in clear opposition.
Nick Hilliard stated that it is not the job of the RIPE NCC to tell its members how to handle abuse reports. He further said that the is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet.
Gert Doering said that if people *do not want* to handle abuse reports, this proposal will not make them and that cases of misconfiguration are already caught today.
No No did not want anyone to be restricted in how they received abuse reports.
Michele Neylon opposed the proposal and agreed with the points made by Nick.
A number of other people posted either with mixed comments, or in a way that did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian, Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton, Alessandro Vesely, Randy Bush
The Review Phase of the proposal lasted from 20 July 2020 to 18 August 2020.
There were 14 messages received during the review phase. Out of which, 3 were from the PDO, 1 was myself's and 2 were Jordi’s requesting clarification on the Impact Analysis.
- There was no messages of support to the proposal.
There was one message stating that the form is more beneficial than email to report abuse because it always reaches the host to which Jordi tried to address stating that email can be automated whilst forms can not.
- There were opposing arguments based on two fronts:
1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator.
Nick Hilliard and Michele Neylon also requested the proposal to be dropped as concerns raised over the last 18 months have not been addressed and tweaking this proposal would not add any value.
There was no attempt to address the opposing arguments above during the review phase.
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Alireza, Brian, Tobias Co-Chairs, RIPE AA-WG
Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nisbet@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote: Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you. Stay safe, Piotr -- Piotr Strzyżewski
Hi, I would like to second Piotr's comment. Thank you for your hard work, and for not quitting over anti-abuse. As i read it consensus was not reached, and it's hard to dispute the objections are not valid/admissible: " 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. " I just want to note that: A) it's very hard to measure the benefits. some parties would see bigger benefits than others. B) converging abuse reports to email usage is a rule that is inexistent *today*. people which are not worried about abuse, will likely want to keep it that way... as a webform is an effective way of discouraging reports. At some point, people which discard abuse reports (or people which simulate handling abuse reports) will not be able to run networks. We're far from it, but if it gets to that point that will not be reached through consensus, but probably through regulation. Regards, Carlos On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you.
Stay safe, Piotr
-- Piotr Strzy?ewski
Probably through regulation as you say. If ripe doesn’t want to be the Internet police they’ll suddenly find that there actually is such a thing created and with oversight over them, sooner or later. Nobody is going to like the result if that happens, neither the government nor ripe nor its membership. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Tuesday, September 8, 2020 4:44:26 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 Hi, I would like to second Piotr's comment. Thank you for your hard work, and for not quitting over anti-abuse. As i read it consensus was not reached, and it's hard to dispute the objections are not valid/admissible: " 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged. 2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. " I just want to note that: A) it's very hard to measure the benefits. some parties would see bigger benefits than others. B) converging abuse reports to email usage is a rule that is inexistent *today*. people which are not worried about abuse, will likely want to keep it that way... as a webform is an effective way of discouraging reports. At some point, people which discard abuse reports (or people which simulate handling abuse reports) will not be able to run networks. We're far from it, but if it gets to that point that will not be reached through consensus, but probably through regulation. Regards, Carlos On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you.
Stay safe, Piotr
-- Piotr Strzy?ewski
There are a couple of things in play here. Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this means they do not have a (legal) requirement to actively address abuse within their networks. They need to forward the abuse to their customer, but basically that is it. The up coming DSA (Digital Services Act, which will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation (within the EU area) for networks with respect to 'abuse handling' is very low. The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for no real gain. If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue. Cheers, Alex -- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Probably through regulation as you say. If ripe doesn’t want to be the Internet police they’ll suddenly find that there actually is such a thing created and with oversight over them, sooner or later. Nobody is going to like the result if that happens, neither the government nor ripe nor its membership.
--srs From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net>
Sent: Tuesday, September 8, 2020 4:44:26 PM
To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Hi,
I would like to second Piotr's comment. Thank you for your hard work, and
for not quitting over anti-abuse.
As i read it consensus was not reached, and it's hard to dispute the
objections are not valid/admissible:
"
1) Nick Hilliard and Erik Bais commented that the effort and cost to
implement this proposal are too great in relations to the benefits that
are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing
operators to use only email for
handling abuse reports and internal handling procedures should be solely
defined by the operator.
"
I just want to note that:
A) it's very hard to measure the benefits. some parties would see bigger
benefits than others.
B) converging abuse reports to email usage is a rule that is inexistent
*today*. people which are not worried about abuse, will likely want to
keep it that way... as a webform is an effective way of discouraging
reports.
At some point, people which discard abuse reports (or people which
simulate handling abuse reports) will not be able to run networks.
We're far from it, but if it gets to that point that will not be reached
through consensus, but probably through regulation.
Regards,
Carlos
On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase
and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP -
https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there
is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to
fulfill. With this is mind, it is even more important that you have made
this report. Thank you.
Stay safe,
Piotr
--
Piotr Strzy?ewski
On Tue, 8 Sep 2020, Alex de Joode wrote:
There are a couple of things in play here. Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this means they do not have a (legal) requirement to actively address abuse within their networks. They need to forward the abuse to their customer, but basically that is it.
Before that, a webform may be in the way :-) If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not.
The up coming DSA (Digital Services Act, which will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation (within the EU area) for networks with respect to 'abuse handling' is very low.
Unless there are some additional provisions...
The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for no real gain.
If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue.
Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG... Regards, Carlos
Cheers, Alex
?-- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode
On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: Probably through regulation as you say. If ripe doesn?t want to be the Internet police they?ll suddenly find that there actually is such a thing created and with oversight over them, sooner or later. Nobody is going to like the result if that happens, neither the government nor ripe nor its membership.
--srs
______________________________________________________________________________________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Tuesday, September 8, 2020 4:44:26 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Hi,
I would like to second Piotr's comment. Thank you for your hard work, and for not quitting over anti-abuse.
As i read it consensus was not reached, and it's hard to dispute the objections are not valid/admissible:
" 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. "
I just want to note that: A) it's very hard to measure the benefits. some parties would see bigger benefits than others. B) converging abuse reports to email usage is a rule that is inexistent *today*. people which are not worried about abuse, will likely want to keep it that way... as a webform is an effective way of discouraging reports.
At some point, people which discard abuse reports (or people which simulate handling abuse reports) will not be able to run networks. We're far from it, but if it gets to that point that will not be reached through consensus, but probably through regulation.
Regards, Carlos
On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you.
Stay safe, Piotr
-- Piotr Strzy?ewski
As abuse notices might have legal effect, a company could state they will only accept them by fax, or with registered mail. A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that FB and Google also *only accept* complaints, notices etc via webforms. So one can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform is a second rate instrument for accepting abuse notifications. As for ECD/DSA that will most likely be subject to lobby forces beyond our imagination, so anything is possible there ... -- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode On Tue, 08-09-2020 15h 51min, Carlos Friaças <cfriacas@fccn.pt> wrote:
On Tue, 8 Sep 2020, Alex de Joode wrote:
There are a couple of things in play here. Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this means they do not have a (legal) requirement to actively address abuse within their networks. They need to forward the abuse to their customer, but basically that is it.
Before that, a webform may be in the way :-)
If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not.
The up coming DSA (Digital Services Act, which will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation (within the EU area) for networks with respect to 'abuse handling' is very low.
Unless there are some additional provisions...
The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for no real gain.
If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue.
Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG...
Regards, Carlos
Cheers, Alex
?-- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode
On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian " target="_blank"><ops.lists@gmail.com> wrote: Probably through regulation as you say. If ripe doesn?t want to be the Internet police they?ll suddenly find that there actually is such a thing created and with oversight over them, sooner or later. Nobody is going to like the result if that happens, neither the government nor ripe nor its membership.
--srs
______________________________________________________________________________________________________________ From: anti-abuse-wg " target="_blank"><anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg " target="_blank"><anti-abuse-wg@ripe.net> Sent: Tuesday, September 8, 2020 4:44:26 PM To: anti-abuse-wg@ripe.net " target="_blank"><anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Hi,
I would like to second Piotr's comment. Thank you for your hard work, and for not quitting over anti-abuse.
As i read it consensus was not reached, and it's hard to dispute the objections are not valid/admissible:
" 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. "
I just want to note that: A) it's very hard to measure the benefits. some parties would see bigger benefits than others. B) converging abuse reports to email usage is a rule that is inexistent *today*. people which are not worried about abuse, will likely want to keep it that way... as a webform is an effective way of discouraging reports.
At some point, people which discard abuse reports (or people which simulate handling abuse reports) will not be able to run networks. We're far from it, but if it gets to that point that will not be reached through consensus, but probably through regulation.
Regards, Carlos
On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you.
Stay safe, Piotr
-- Piotr Strzy?ewski
On Tue 08/Sep/2020 16:33:20 +0200 Alex de Joode wrote:
A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that FB and Google also *only accept* complaints, notices etc via webforms. So one can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform is a second rate instrument for accepting abuse notifications.
IME that's not true. I notice Google's auto-responses. Perhaps, I should set up a web form myself for receiving such replies...? Best Ale --
El mié, 09-09-2020 a las 08:52 +0200, Alessandro Vesely escribió:
On Tue 08/Sep/2020 16:33:20 +0200 Alex de Joode wrote:
A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that FB and Google also *only accept* complaints, notices etc via webforms. So one can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform is a second rate instrument for accepting abuse notifications.
IME that's not true. I notice Google's auto-responses. Perhaps, I should set up a web form myself for receiving such replies...?
Best Ale
Google does indeed accept abuse notifications via email. In some cases there is even an API that can be used for reporting (e.g. Safe Browsing). Plus I think the handling for Google Cloud may be quite different to one about a service directly owned by Google. The extent and speed to which reports are actioned is of course unknown but they do take down abuse. Best regards -- TU AYUDA EN CIBERSEGURIDAD INSTITUTO NACIONAL DE CIBERSEGURIDAD SPANISH NATIONAL CYBERSECURITY INSTITUTE Ángel González Berdasco Técnico de Ciberseguridad de INCIBE-CERT INCIBE-CERT Cybersecurity Technician angel.gonzalez@incibe.es incibe.es @INCIBE ℡ +34 987 877 189 Av. José Aguado 41 / 24005 León / Spain En cumplimiento del Reglamento General de Protección de Datos de la UE (Reglamento UE 2016/679, de 27 de abril de 2016) le informamos que sus datos personales, corporativos (así como los incorporados a documentos adjuntos); y dirección de correo electrónico, podrán ser incorporados en nuestros registros con la finalidad derivada de obligaciones legales, contractuales o precontractuales o bien, para responder a sus consultas, pudiendo ejercitar sus derechos de acceso, rectificación, supresión, portabilidad, limitación del tratamiento y oposición en los términos establecidos en la legislación vigente y de manera gratuita mediante correo electrónico a dpd@incibe.es. El responsable del tratamiento es la S.M.E. Instituto Nacional de Ciberseguridad de España M.P., S.A. Más información en nuestra web: Política de Protección de Datos Personales y Registro de actividad de tratamiento de datos personales. In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitation of processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: Personal Data Protection Policy and Personal data processing activity log.
I don’t think this is correct, at least not for google, amazon, and other big providers, which I send email with abuses every other day and they react to it and resolve them. El 8/9/20 16:33, "anti-abuse-wg en nombre de Alex de Joode" <anti-abuse-wg-bounces@ripe.net en nombre de alex@idgara.nl> escribió: As abuse notices might have legal effect, a company could state they will only accept them by fax, or with registered mail. A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that FB and Google also *only accept* complaints, notices etc via webforms. So one can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform is a second rate instrument for accepting abuse notifications. As for ECD/DSA that will most likely be subject to lobby forces beyond our imagination, so anything is possible there ... -- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode On Tue, 08-09-2020 15h 51min, Carlos Friaças <cfriacas@fccn.pt> wrote: On Tue, 8 Sep 2020, Alex de Joode wrote:
There are a couple of things in play here. Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this means they do not have a (legal) requirement to actively address abuse within their networks. They need to forward the abuse to their customer, but basically that is it.
Before that, a webform may be in the way :-) If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not.
The up coming DSA (Digital Services Act, which will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation (within the EU area) for networks with respect to 'abuse handling' is very low.
Unless there are some additional provisions...
The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for no real gain.
If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue.
Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG... Regards, Carlos
Cheers, Alex
?-- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode
On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: Probably through regulation as you say. If ripe doesn?t want to be the Internet police they?ll suddenly find that there actually is such a thing created and with oversight over them, sooner or later. Nobody is going to like the result if that happens, neither the government nor ripe nor its membership.
--srs
______________________________________________________________________________________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Tuesday, September 8, 2020 4:44:26 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Hi,
I would like to second Piotr's comment. Thank you for your hard work, and for not quitting over anti-abuse.
As i read it consensus was not reached, and it's hard to dispute the objections are not valid/admissible:
" 1) Nick Hilliard and Erik Bais commented that the effort and cost to implement this proposal are too great in relations to the benefits that are alleged.
2) Michele Neylon and Arash Naderpour commented that they oppose forcing operators to use only email for handling abuse reports and internal handling procedures should be solely defined by the operator. "
I just want to note that: A) it's very hard to measure the benefits. some parties would see bigger benefits than others. B) converging abuse reports to email usage is a rule that is inexistent *today*. people which are not worried about abuse, will likely want to keep it that way... as a webform is an effective way of discouraging reports.
At some point, people which discard abuse reports (or people which simulate handling abuse reports) will not be able to run networks. We're far from it, but if it gets to that point that will not be reached through consensus, but probably through regulation.
Regards, Carlos
On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote:
On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote:
Brian, Alireza, Tobias,
A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases.
As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710
[cut]
With all of this in mind, and with the continued failure of any kind of consensus from the working group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of possible edits, reaching consensus in the short or medium term.
Thank you for all your hard work here. It was not an easy task to fulfill. With this is mind, it is even more important that you have made this report. Thank you.
Stay safe, Piotr
-- Piotr Strzy?ewski
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Your fixation with web forms isn't helping you. Either you want operators to deal with abuse reports or not. If operators use web forms AND take action when appropriate, then you've no reason to complain about them. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 08/09/2020, 14:51, "anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces@ripe.net on behalf of anti-abuse-wg@ripe.net> wrote: On Tue, 8 Sep 2020, Alex de Joode wrote: > There are a couple of things in play here. > Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this > means they do not have a (legal) requirement to actively address abuse within their networks. They need to > forward the abuse to their customer, but basically that is it. Before that, a webform may be in the way :-) If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not. > The up coming DSA (Digital Services Act, which > will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation > (within the EU area) for networks with respect to 'abuse handling' is very low. Unless there are some additional provisions... > The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for > no real gain. > > If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue. Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG... Regards, Carlos > Cheers, > Alex > > ?-- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode > > On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: > Probably through regulation as you say. If ripe doesn?t want to be the Internet police they?ll suddenly find > that there actually is such a thing created and with oversight over them, sooner or later. Nobody is > going to like the result if that happens, neither the government nor ripe nor its membership. > > --srs > > ______________________________________________________________________________________________________________ > From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg > <anti-abuse-wg@ripe.net> > Sent: Tuesday, September 8, 2020 4:44:26 PM > To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> > Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 > > Hi, > > I would like to second Piotr's comment. Thank you for your hard work, and > for not quitting over anti-abuse. > > As i read it consensus was not reached, and it's hard to dispute the > objections are not valid/admissible: > > " > 1) Nick Hilliard and Erik Bais commented that the effort and cost to > implement this proposal are too great in relations to the benefits that > are alleged. > > 2) Michele Neylon and Arash Naderpour commented that they oppose forcing > operators to use only email for > handling abuse reports and internal handling procedures should be solely > defined by the operator. > " > > I just want to note that: > A) it's very hard to measure the benefits. some parties would see bigger > benefits than others. > B) converging abuse reports to email usage is a rule that is inexistent > *today*. people which are not worried about abuse, will likely want to > keep it that way... as a webform is an effective way of discouraging > reports. > > > At some point, people which discard abuse reports (or people which > simulate handling abuse reports) will not be able to run networks. > We're far from it, but if it gets to that point that will not be reached > through consensus, but probably through regulation. > > > Regards, > Carlos > > > > > On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote: > > > On Mon, Sep 07, 2020 at 03:19:27PM +0000, Brian Nisbet wrote: > > > > Brian, Alireza, Tobias, > > > >> A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked > closely with the NCC Policy Development Office since then to try to make a decision on this policy. This > email contains a report on the Discussion Phase and Review Phase and then a final decision which, we > believe, is supported by the activity during those phases. > >> > >> As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710 > > > > [cut] > > > >> With all of this in mind, and with the continued failure of any kind of consensus from the working > group, the Co-Chairs have decided to withdraw this proposal. As always we would welcome proposals on > this and other matters, however we do not feel that there is any likelihood of 2019-04, regardless of > possible edits, reaching consensus in the short or medium term. > > > > Thank you for all your hard work here. It was not an easy task to > > fulfill. With this is mind, it is even more important that you have made > > this report. Thank you. > > > > Stay safe, > > Piotr > > > > -- > > Piotr Strzy?ewski > > > > >
participants (12)
-
Alessandro Vesely -
Alex de Joode -
Brian Nisbet -
Carlos Friaças -
Gert Doering -
JJS JJS -
JORDI PALET MARTINEZ -
Michele Neylon - Blacknight -
Piotr Strzyzewski -
Randy Bush -
Suresh Ramasubramanian -
Ángel González Berdasco