@EXT: RE: 2017-02 New Policy Proposal (Regular abuse-c Validation)
Hi everyone, Thanks for your questions and comments. In light of those, Hervé and I will prepare a slightly amended version of the proposal to specify some languages, in particular when it comes to the role of RIPE NCC’s impact analysis in providing more details about the concrete implementation of this policy change proposal. Andre rightly asked what was the goal of the proposal. Ultimately, the goal of the proposal is to reduce the likelihood of getting no response when someone (anyone) need to urgently contact a LIR via the abuse-c contact. To achieve this goal we believe that RIPE NCC should be mandated to regularly validate the abuse-c contact point. We think that the main criteria to decide whether to move the proposal to the review phase or not, should be whether there is a majority of AAWG members who thinks that having a valid and functioning abuse-c contact points is a valid goal. Most questions raised were about the actual implementation of the proposal. As explained by Marco/RIPE NCC, the practical details of how the validation procedure will be implemented should not be laid down in the policy change proposal at this stage but rather by the impact analysis that RIPE NCC will conduct. RIPE NCC is the best placed to propose a working procedure (whether it should be done in the framework of ARC, what will be the criteria to consider a contact point invalid, how to address auto-answer, how often the validation process should be carried out etc.) because they are the ones who can best assess the financial and human resources to conduct these checks in the most efficient manner. Lastly, it seems that some members assume that this proposal is driven by law enforcement (LE) needs only. It is not. All network operators/LIRs have at some points been in the frustrating situation of not being able to find a valid contact point, this is why Hervé/Orange is co-authoring the proposal. There is not so many ways of ensuring that you get an answer: the community needs to agree that at least one contact point will be validated by RIPE NCC. In parallel, law enforcement is indeed working with NCC and some RIPE members to develop our knowledge and possibly a tool to visualize BGP routing tables. But improving the way LE can identify and investigate malicious IPs is not the goal of this policy change proposal. In conclusion, we think that so far, except for one or two members who explicitly opposed the goal of the proposal, a majority of members who expressed themselves on the AAWG mailing list during the discussion phase, agrees with the general objective of the proposal – that is to mandate RIPE NCC to regularly validate abuse-c contact in order to reduce the likelihood of not getting an answer when someone needs to urgently contact a LIR. Therefore, in agreement with the AAWG chair, we would like to move this proposal to the review phase. Thanks Greg and Hervé From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of herve.clement@orange.com Sent: 09 October 2017 15:01 To: Nick Hilliard; Michele Neylon - Blacknight Cc: ox; Gert Doering; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation) Hello Nick, We have already talked with the RIPE NCC about ARC. If the ARC would include actual contact validation, a same LIR would be contacted less frequently for a global audit. Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis will answer the question of extra work evaluation. Hervé -----Message d'origine----- De : anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] De la part de Nick Hilliard Envoyé : lundi 9 octobre 2017 13:01 À : Michele Neylon - Blacknight Cc : ox; Gert Doering; anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation) Michele Neylon - Blacknight wrote:
The current situation is that abuse-c can be populated with rubbish.
The email addresses can be completely non-functioning.
That is the real and current issue.
the real issue is that this is a complex layer 9 problem inside each organisation, and although creating technological tickbox policies will provide a veneer of doing something, that veneer is very thin. The RIPE NCC already has a mechanism for information consistency audits, namely the Assisted Registry Check. Has anyone talked to the RIPE NCC about including abuse contacts in the ARC, and been given credible reasons as to why this wouldn't be a simpler, better and more effective way of dealing with issue of stale / inaccurate details? Nick _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. *******************
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Network Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 Mounier, Grégory wrote on 10/10/2017 15:49:
Hi everyone,
Thanks for your questions and comments. In light of those, Hervé and I will prepare a slightly amended version of the proposal to specify some languages, in particular when it comes to the role of RIPE NCC’s impact analysis in providing more details about the concrete implementation of this policy change proposal.
Andre rightly asked what was the goal of the proposal. Ultimately, the goal of the proposal is to reduce the likelihood of getting no response when someone (anyone) need to urgently contact a LIR via the abuse-c contact. To achieve this goal we believe that RIPE NCC should be mandated to regularly validate the abuse-c contact point. We think that the main criteria to decide whether to move the proposal to the review phase or not, should be whether there is a majority of AAWG members who thinks that having a valid and functioning abuse-c contact points is a valid goal.
Most questions raised were about the actual implementation of the proposal. As explained by Marco/RIPE NCC, the practical details of how the validation procedure will be implemented should not be laid down in the policy change proposal at this stage but rather by the impact analysis that RIPE NCC will conduct. RIPE NCC is the best placed to propose a working procedure (whether it should be done in the framework of ARC, what will be the criteria to consider a contact point invalid, how to address auto-answer, how often the validation process should be carried out etc.) because they are the ones who can best assess the financial and human resources to conduct these checks in the most efficient manner.
Lastly, it seems that some members assume that this proposal is driven by law enforcement (LE) needs only. It is not. All network operators/LIRs have at some points been in the frustrating situation of not being able to find a valid contact point, this is why Hervé/Orange is co-authoring the proposal. There is not so many ways of ensuring that you get an answer: the community needs to agree that at least one contact point will be validated by RIPE NCC. In parallel, law enforcement is indeed working with NCC and some RIPE members to develop our knowledge and possibly a tool to visualize BGP routing tables. But improving the way LE can identify and investigate malicious IPs is not the goal of this policy change proposal.
In conclusion, we think that so far, except for one or two members who explicitly opposed the goal of the proposal, a majority of members who expressed themselves on the AAWG mailing list during the discussion phase, agrees with the general objective of the proposal – that is to mandate RIPE NCC to regularly validate abuse-c contact in order to reduce the likelihood of not getting an answer when someone needs to urgently contact a LIR.
Therefore, in agreement with the AAWG chair, we would like to move this proposal to the review phase.
Thanks
Greg and Hervé
*From:*anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] *On Behalf Of *herve.clement@orange.com *Sent:* 09 October 2017 15:01 *To:* Nick Hilliard; Michele Neylon - Blacknight *Cc:* ox; Gert Doering; anti-abuse-wg@ripe.net *Subject:* Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation)
Hello Nick,
We have already talked with the RIPE NCC about ARC.
If the ARC would include actual contact validation, a same LIR would be contacted less frequently for a global audit.
Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis will answer the question of extra work evaluation.
Hervé
-----Message d'origine----- De : anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] De la part de Nick Hilliard Envoyé : lundi 9 octobre 2017 13:01 À : Michele Neylon - Blacknight Cc : ox; Gert Doering; anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation)
Michele Neylon - Blacknight wrote:
The current situation is that abuse-c can be populated with rubbish.
The email addresses can be completely non-functioning.
That is the real and current issue.
the real issue is that this is a complex layer 9 problem inside each organisation, and although creating technological tickbox policies will provide a veneer of doing something, that veneer is very thin.
The RIPE NCC already has a mechanism for information consistency audits, namely the Assisted Registry Check.
Has anyone talked to the RIPE NCC about including abuse contacts in the ARC, and been given credible reasons as to why this wouldn't be a simpler, better and more effective way of dealing with issue of stale / inaccurate details?
Nick
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
On 11/10/2017 15:06, Brian Nisbet wrote:
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis.
Does this constitute a declaration of consensus in support of this proposal by the WG Chairs? Malcolm -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Malcolm, Malcolm Hutty wrote on 11/10/2017 15:10:
On 11/10/2017 15:06, Brian Nisbet wrote:
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis.
Does this constitute a declaration of consensus in support of this proposal by the WG Chairs?
No. To be very clear, this is moving 2017-02 from Discussion Phase to the Review Phase, part of which is the NCC Impact Analysis, which the WG has effectively asked for. This does not prejudice any further discussion about the proposal. A declaration of the presence or lack of rough consensus comes at the end of the Review Phase. Brian Co-Chair, AA-WG
Hi, On Wed, Oct 11, 2017 at 03:10:12PM +0100, Malcolm Hutty wrote:
On 11/10/2017 15:06, Brian Nisbet wrote:
For the avoidance of any doubt, the WG Co-Chairs agree that this proposal will move forward to Review Phase and there will be a new version of the proposal and, subsequent to that, the NCC will work on their Impact Analysis.
Does this constitute a declaration of consensus in support of this proposal by the WG Chairs?
After the discussion phase, the PDP does not require consensus. It only requires the desire to go ahead by the proposer (and agreement by the WG chairs). https://www.ripe.net/publications/docs/ripe-642 2.2 Discussion phase .. At the end of the Discussion Phase, the proposer, with the agreement of the WG chair, decides whether the proposal will move to the next phase (Review Phase) or if it should be withdrawn from the RIPE PDP, depending on the feedback received We've done this for particular contentious proposals in APWG to see how the impact analysis would look like, and to be able to do a more qualified discussion. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On 11/10/2017 19:16, Gert Doering wrote:
Does this constitute a declaration of consensus in support of this proposal by the WG Chairs?
After the discussion phase, the PDP does not require consensus. It only requires the desire to go ahead by the proposer (and agreement by the WG chairs).
Thanks for the clarification. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
participants (4)
-
Brian Nisbet -
Gert Doering -
Malcolm Hutty -
Mounier, Grégory