Re: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61
I am rather late to this thread as it was just drawn to my attention elsewhere. 1. Richard Cox's concerns were entirely valid, and the abuse issues documented at http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE - mostly PI / PA blocks, several as large as /15, can't be wished away by removing critics of this WG from a co-chair post. 2. I would echo Peter's concerns about this being brought up as AOB, discussed (or rather, not discussed) in overtime with very few people in the room, leading to the removal of a co-chair. A much wider consensus should have been obtained - at least by discussion on this list if not at the plenary. This was not consensus. WG participants (and I count several who are in the anti abuse community, engage regularly with RIRs at other fora, but don't typically have the budget to travel to RIPE) should have been consulted before this. Yes, nobody else had much to say about this removal, so I'll take this opportunity to comment. About Richard Cox's removal and about two other meta issues. First - the prevailing attitude I have seen from at least some participants (this is not "us vs them" in terms of routing / dns people vs abuse people .. you have colleagues in your own organizations who will disagree with your views - especially Shane, I won't speak for Paul Vixie but I am not at all sure he'd agree with you about your comment, even after its rephrase). Second - the mantra, meme, fallacy etc of the "we are not the XYZ police" that I keep hearing cited. It would be fun indeed if a bank manager sanctioned a loan for say a quarter of a million dollars (lets say comparable to an allocation for a /15) and then baldly state that he's not the document police .. That presentation about LIR deregistration is what I'd call partially shutting the barn door long after the horses, plural, have bolted. That damage's been done, a lot of IP space has been poisoned. It is high time to realize that shooting the messenger is not the best way to deal with such a situation. srs Peter Koch wrote:
On Wed, Dec 15, 2010 at 03:47:42PM +0000, Brian Nisbet wrote:
Peter Koch said the session was already overrun by 15 minutes and this delicate issue should be resolved at another time.
I'd like to clarify that my point was that this topic was placed under AOB _and_ mostly dealt with during overtime, which, absence of written process and procedures nonwithstanding, did not meet my expectations and experiences of appropriateness given delicacy. That said, I consider the issue closed.
JD Falk wrote:
On Dec 15, 2010, at 3:15 PM, Shane Kerr wrote:
I think that my point was that there is a disconnect between people working on anti-abuse and the ISPs, not about the Anti-Abuse Working Group or its participants. I might not have said that of course...
Many people who work for ISPs would agree. It's often simply a matter of scale and imagination....
I personally have no position on this Richard Cox matter, because I have not been privvy to any of the interactions that led up to the current/ recent bruhaha, and also because my position, even if I had one, would be largely irrelevant to anything, because I neither own nor control any assets which fall within RIPE's jurisdiction (and thus I have no standing to have a position anyway). But I did feel compelled to make one brief comment about something my friend Suresh just said... In message <AANLkTimaLn=Uboczx-ZpbR7fJg4V=aHibxQvoH3eXFC8@mail.gmail.com>, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Second - the mantra, meme, fallacy etc of the "we are not the XYZ police" that I keep hearing cited. It would be fun indeed if a bank manager sanctioned a loan for say a quarter of a million dollars (lets say comparable to an allocation for a /15) and then baldly state that he's not the document police ..
Suresh did not include any emoticon which would help to clarify what he actually intended here (ironic humor perhaps?), but I just wanted to clarify, in case anybody hasn't been paying attention for the past two years, that Suresh's analogy about irresponsible bank managers making quarter-million-dollar loans (AND paying little attention to the niceties of the corresponding real estate title documentation) has indeed been rife of late. http://www.helium.com/items/1989991-what-is-robo-signing-foreclosure-mortgag... Anyway, (and perhaps this was the point that Suresh was attempting to make) I am persuaded that missing and/or incomplete documentation of the title to _Internet_ (IP) real estate is no more likely to produce acceptable results than those produced by a zillion missing (meatspace) real estate title documents. Regards, rfg
On 1/31/2011 6:51 PM, Suresh Ramasubramanian wrote:
Second - the mantra, meme, fallacy etc of the "we are not the XYZ police" that I keep hearing cited. It would be fun indeed if a bank manager sanctioned a loan for say a quarter of a million dollars (lets say comparable to an allocation for a /15) and then baldly state that he's not the document police .. That presentation about LIR deregistration is what I'd call partially shutting the barn door long after the horses, plural, have bolted.
That damage's been done, a lot of IP space has been poisoned. It is high time to realize that shooting the messenger is not the best way to deal with such a situation.
The challenge in making comparative references like this is to make sure the comparison has a reasonable basis. So, for example, banks are not expected to give loans to everyone. They are in fact /required/ to discriminate. (However even banks have limitations on the nature or extent of that discrimination.) A core problem with calls for differential handling of "abusive" domain registrations is that it opens the door to abuses by the authority. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
I thought we were talking about IP allocation, detecting shell companies and fake paperwork here, dave. If there were registrar rather than RIR issues involved I'd probably phrase that differently On Tue, Feb 1, 2011 at 9:19 PM, Dave CROCKER <dhc@dcrocker.net> wrote:
The challenge in making comparative references like this is to make sure the comparison has a reasonable basis. So, for example, banks are not expected to give loans to everyone. They are in fact /required/ to discriminate. (However even banks have limitations on the nature or extent of that discrimination.)
A core problem with calls for differential handling of "abusive" domain registrations is that it opens the door to abuses by the authority.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On 2/1/2011 7:51 AM, Suresh Ramasubramanian wrote:
I thought we were talking about IP allocation, detecting shell companies and fake paperwork here, dave.
Fake paperwork is clearly unacceptable, of course. "Shell" companies get more subtle since there are benign scenarios that produce the same appearance. As for "IP allocation", that does not describe an abuse, nevermind make clear how it is obviously unacceptable without inviting its own abuse. But note that Richard's note contained none of these particulars. For discussions about policy changes by organizations with massive potential power, the calls for change need to be rather precise, IMO. The calls for change need to worry as much about the dangers of the change as they do about the need for it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
On Tue, Feb 1, 2011 at 9:27 PM, Dave CROCKER <dcrocker@bbiw.net> wrote:
But note that Richard's note contained none of these particulars.
I read it in the context of earlier articles he posted here and elsewhere such as on the spamhaus website. And also in the context of http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE [and in advance to those that would like to point it out - yes please, I know ripe isnt an isp, and I guess so does richard] -- Suresh Ramasubramanian (ops.lists@gmail.com)
On 2/1/2011 8:16 AM, Suresh Ramasubramanian wrote:
On Tue, Feb 1, 2011 at 9:27 PM, Dave CROCKER<dcrocker@bbiw.net> wrote:
But note that Richard's note contained none of these particulars.
I read it in the context of earlier articles he posted here and elsewhere such as on the spamhaus website.
If that larger context were part of the current, public exchange, that would make sense. But I haven't seen it and Richard did not provide it.
And also in the context of http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE
That citation is an example of the problem, IMO. An audit like that list can be useful for particular discussion, but as a standalone citation as it has been getting used, it's merely inflammatory. All it does is say that there is a problem and it creates an association of that problem with RIPE, implying that the responsibility is RIPE's. Whether that implication is valid is a core, controversial point. (The cliche, here, is that correlation is not the same as causation.) Example: Make a list of the communication services used by drug cartels. Publish it. Clearly that means we need to have communication services enforce rules against drug cartels. For extra credit, explain how the rules will only be used legally against drug cartels and not also bleed over to other, legitimate groups, such as an active group of old ladies who regularly plan getting together to play Mah Jong. Discussions concerning registration institutions tend to treat this topic simplistically. Richard's note did not even go into enough detail to be guilty of this. Worse, it didn't even cite the larger context of discussion and issues. It merely made a public, flat condemnation. I don't see how that's productive. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
On 2/1/2011 7:51 AM, Suresh Ramasubramanian wrote:
I thought we were talking about IP allocation, detecting shell companies and fake paperwork here, dave.
Fake paperwork is clearly unacceptable, of course. "Shell" companies get more subtle since there are benign scenarios that produce the same appearance. As for "IP allocation", that does not describe an abuse, nevermind make clear how it is obviously unacceptable without inviting its own abuse. But note that Richard's note contained none of these particulars. For discussions about policy changes by organizations with massive potential power, the calls for change need to be rather precise, IMO. The calls for change need to worry as much about the dangers of the change as they do about the need for it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Hi,
For discussions about policy changes by organizations with massive potential power, the calls for change need to be rather precise, IMO. The calls for change need to worry as much about the dangers of the change as they do about the need for it.
Exactly. I am sure that any RIPE working group would accept a policy proposal that defines a policy to prevent abuse while taking these dangers into account. Many people have asked for policy to prevent abuse, but none have come up with a workable proposal. I wish there was an easy solution for this... Sander
On Tue, Feb 1, 2011 at 10:32 PM, Sander Steffann <sander@steffann.nl> wrote:
Exactly. I am sure that any RIPE working group would accept a policy proposal that defines a policy to prevent abuse while taking these dangers into account. Many people have asked for policy to prevent abuse, but none have come up with a workable proposal.
this is what I'm waiting for, among others http://ripe.net/ripe/wg/ncc-services/r59-minutes.html And nick hilliard's comment below was what I was remembering when I talked about the "internet police" meme. --srs ----------------------- H. Recovering resources assigned to non-existing entities http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering... Uwe Manuel Rasmussen, Microsoft Ruediger pointed out the importance of distinguishing between actual criminal activity on the net and the ways to fight this from the administrative procedures. It is not related to the RIPE administration processes. Uwe agreed with this, but mentioned that this didn't lead to the entity with the real responsibility. Ruediger stated again that the registration is not the point, and that you must get to the "box" and that this may be a botnet. The administrative data in the RIPE Database is irrelevant to this. Uwe stated that there should be a check that organisations requesting resources actually exist before assigning to them. Nick Hilliard (INEX) pointed out that this check is already done by the RIPE NCC. However, there is little the RIPE NCC can do if documents are fake. The RIPE NCC is not the routing police. Uwe agreed but would still like a way to be able to challenge an assignment. Carsten Schiefner (DENIC) commented that there is a similarity with TLDs. There is still no solution to guarantee WHOIS accuracy. Uwe explained that he was not looking for WHOIS accuracy, but for a solution to remove the people that don't exist. John Curran (ARIN) explained how this is done in the ARIN region. He said that ARIN does verification, but when a fraud is uncovered, ARIN does act to revoke resources. This is not related directly to the criminal activities, but due to a violation of the policy. Uwe agreed that it is not the RIPE NCC's job to determine what is legal or not, but pointed out that allowing somebody that obtained resources to use these resources for illegal purposes leaves him outside the law. He said that he will present propositions to the mailing list to reformulate the text in RIPE Document ripe-452 to revoke resources if an organisation if found not to actually exist. -- Suresh Ramasubramanian (ops.lists@gmail.com)
* Suresh Ramasubramanian:
I thought we were talking about IP allocation, detecting shell companies and fake paperwork here, dave.
LLCs are so cheap to create in parts of the RIPE region that it's not worth bothering with forgeries. RIPE cannot discriminate against newcomers too much, that would be the end of self-regulation. (The current charging scheme, grossly favoring owners of older resources, is already quite problematic.) RIPE has to hand out the initial package of resources to any new LIR. Of course, the LIR might not exist past the first year, but that's plenty of time to recoup the (rather small) investment. Based on that, I think that any form of remediation has to come after the allocation, and RIPE NCC has to gather and evaluate intelligence on its own because trusting external sources opens the door to abuse. (There is precedent for that because some TLDs/registry providers do something like this.) Therefore, I think Kauto's questions about RIPE NCC processes in this area are very relevant. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
On Wed, Feb 2, 2011 at 4:26 PM, Florian Weimer <fweimer@bfk.de> wrote:
Therefore, I think Kauto's questions about RIPE NCC processes in this area are very relevant.
+1 -- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (6)
-
Dave CROCKER -
Dave CROCKER -
Florian Weimer -
Ronald F. Guilmette -
Sander Steffann -
Suresh Ramasubramanian