Re: [policy-announce] 2010-08 New Policy Proposal (Abuse contact information)
Hi, On 08.11.10 16:14, Emilio Madaio wrote:
Dear Colleagues,
A new RIPE Policy Proposal has been made and is now available for discussion. [mandatory reference to irt objects in the inetnum, inet6num and aut-num objects in the RIPE Database]
assuming I used the right keywords, I get the following numbers from a recent version of the ripe.db: lysis@ra:~$ egrep -c '^org-type: *LIR' ripe.db 8838 lysis@ra:~$ grep -c ^irt: ripe.db 216 So nearly 9000 LIRs and 216 irt objects registered. Let us assume for a minute that only 50% of those LIRs are interested in creating inet[6]nums for assigning IP addresses to their customers. So your proposal is basically saying: 4300 LIRs should each write an e-mail to RIPE NCC explaining how they handle abuse in their organization and requesting an irt object and RIPE NCC should evaluate all those requests in a rather prolonged process. Furthermore, all future PI assignments to end users need to have an irt reference, so all new PI holders also need to form an abuse team and document this accordingly through the RIPE NCC. I am also very curious how PI assignments to individual persons will form such an abuse team. Although there is a "me" in team I don't think this will work. In conclusion: Really? Kind regards, Marcus -- man-da.de GmbH, AS8365 Phone: +49 6151 16-6956 Petersenstr. 30 Fax: +49 6151 16-3050 D-64287 Darmstadt e-mail: ms@man-da.de Geschäftsführer Marcus Stögbauer AG Darmstadt, HRB 94 84
Hi,
So nearly 9000 LIRs and 216 irt objects registered. Let us assume for a minute that only 50% of those LIRs are interested in creating inet[6]nums for assigning IP addresses to their customers. So your proposal is basically saying: 4300 LIRs should each write an e-mail to RIPE NCC explaining how they handle abuse in their organization and requesting an irt object and RIPE NCC should evaluate all those requests in a rather prolonged process.
I'm not sure if the explaining part of requesting an IRT Object was part of the original proposal or the original idea of having an IRT Object, or if this was something RIPE NCC decided to do for whatever reason. Will say, that RIPE NCC should be able to decide if they want people to explain or if they do not want them to explain. I think not explaining makes things easier. On the other hand making something mandatory excludes the option of refusing it from RIPE NCC side. So in my opinion there is no need to explain and if needed we can change any decision of an old policy in the new policy.
Furthermore, all future PI assignments to end users need to have an irt reference, so all new PI holders also need to form an abuse team and document this accordingly through the RIPE NCC. I am also very curious how PI assignments to individual persons will form such an abuse team.
No. If an ISP decides to do all the abuse handling for his customers he can do it. Create one IRT Object, link all inet(6)nums to this IRT object and all is good. If the ISP decides, that his customers should or can do the abuse handling, possibly this is something that can be changed on a per customer base, they have to create an IRT Object for the customer. This gives more flexibility to the ISPs. Think about business ISPs delegating a /24 to a customer and this customer wants to do his own abuse handling. Yes such customers really exists ;-) Today this is a huge problem and creates more trouble for NOCs than helping them or their abuse department. Thank you for the feedback, Tobias
On Mon, Nov 08, 2010 at 09:54:31PM +0100, Tobias Knecht wrote: Hi
This gives more flexibility to the ISPs. Think about business ISPs delegating a /24 to a customer and this customer wants to do his own abuse handling. Yes such customers really exists ;-) Today this is a huge problem and creates more trouble for NOCs than helping them or their abuse department.
I'm pretty much sure that a lot of LIRs will make a script to create irt objects basing on actual whois data. That's why and because there are so many inetnum objects in the DB I have mixed feelings about that proposal. I think that we can do something bit different - we can make irt objects mandatory for new object types (INET-REG, INET6-REG and AS-REG). Of course if those new object types will be eventually implemented. Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl
Hi,
This gives more flexibility to the ISPs. Think about business ISPs delegating a /24 to a customer and this customer wants to do his own abuse handling. Yes such customers really exists ;-) Today this is a huge problem and creates more trouble for NOCs than helping them or their abuse department.
I'm pretty much sure that a lot of LIRs will make a script to create irt objects basing on actual whois data. That's why and because there are so many inetnum objects in the DB I have mixed feelings about that proposal.
Even if they do, there will be an enhancement. At the moment there are query restrictions, which are causing problems we can solve with the IRT. And we can solve the problem of variety and confusion on how to do it right. The problem of data accuracy which your concern is aiming to, (I guess) will be handled in another proposal, for example with an mechanisms to report wrong whois information and RIPE NCC enforcing the correctness.
I think that we can do something bit different - we can make irt objects mandatory for new object types (INET-REG, INET6-REG and AS-REG). Of course if those new object types will be eventually implemented.
I'm absolutely on your page, but we do not know if, and when they are coming and therefor we should work on a solution for the existing things. Thanks, Tobias abusix.org
participants (3)
-
Marcus Stoegbauer -
Piotr Strzyzewski -
Tobias Knecht