2017-02 Review Phase Reminder
Colleagues, I'd like to remind you that the review phase for 2017-02 will end on the 16th of February. If you would like to participate in the discussion, change your point of view (either way of course!), ask any questions etc. then you have a few more days to do so. It would be especially useful if those who's point of view might be ambiguous could clarify their opinions on the policy at this point. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Network Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Thanks for the reminder! Better late than never. I strongly oppose to this proposal. 1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:" 2) In my experience, real abusers have all their contacts valid (and responsive). 3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified. Also, RIPE NCC executive just got extraordinary powers to revoke resources. So we have to be very carefull with policies, which may lead to resource revocation just because of e-mail issues (i had such issues with RIPE NCC mail servers). Plus all other arguments against or concerning about this proposal, raised in discussion previously. Kind regards, Alexander Isavnin Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:" I've seen plenty of evidence and ramifications from first hand experience when abuse notifications go ignored/unanswered. 2) In my experience, real abusers have all their contacts valid (and responsive). Please share more of your experiences. I've never heard of this claim nor understand what a "real abuser" is. 3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified. Because that's where you send abuse notifications. In many cases, these will be critical messages regarding ongoing threats, such as a denial of service attack or malware distribution. Also, RIPE NCC executive just got extraordinary powers to revoke resource False - no new powers are granted to RIPE NCC by this proposal. __ *Troy Mursch* *Security Researcher* Bad Packets Report <https://badpackets.net/> @bad_packets <https://twitter.com/bad_packets> (702) 509-1248 On Fri, Feb 16, 2018 at 11:47 AM, Alexander Isavnin <isavnin@gmail.com> wrote:
Thanks for the reminder!
Better late than never.
I strongly oppose to this proposal.
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:" 2) In my experience, real abusers have all their contacts valid (and responsive). 3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified.
Also, RIPE NCC executive just got extraordinary powers to revoke resources. So we have to be very carefull with policies, which may lead to resource revocation just because of e-mail issues (i had such issues with RIPE NCC mail servers).
Plus all other arguments against or concerning about this proposal, raised in discussion previously.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
On Fri, 16 Feb 2018 12:30:53 -0800 Troy Mursch <troy@wolvtech.com> wrote:
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:"
I've seen plenty of evidence and ramifications from first hand experience when abuse notifications go ignored/unanswered.
+1
2) In my experience, real abusers have all their contacts valid (and responsive).
Please share more of your experiences. I've never heard of this claim nor understand what a "real abuser" is.
+1
3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified.
Because that's where you send abuse notifications. In many cases, these will be critical messages regarding ongoing threats, such as a denial of service attack or malware distribution.
+1
Also, RIPE NCC executive just got extraordinary powers to revoke resource
False - no new powers are granted to RIPE NCC by this proposal.
+1
__
*Troy Mursch*
*Security Researcher*
Bad Packets Report <https://badpackets.net/>
@bad_packets <https://twitter.com/bad_packets>
(702) 509-1248
On Fri, Feb 16, 2018 at 11:47 AM, Alexander Isavnin <isavnin@gmail.com> wrote:
Thanks for the reminder!
Better late than never.
I strongly oppose to this proposal.
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:" 2) In my experience, real abusers have all their contacts valid (and responsive). 3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified.
Also, RIPE NCC executive just got extraordinary powers to revoke resources. So we have to be very carefull with policies, which may lead to resource revocation just because of e-mail issues (i had such issues with RIPE NCC mail servers).
Plus all other arguments against or concerning about this proposal, raised in discussion previously.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Dear Troy! Thank you for reply. On 2018-02-16 21:30:53 CET, Troy Mursch wrote:
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:" I've seen plenty of evidence and ramifications from first hand experience when abuse notifications go ignored/unanswered. Please, notice difference between "checked by RIPE NCC" and responsive to abuse notifications. Which will lead us to:
2) In my experience, real abusers have all their contacts valid (and responsive). Please share more of your experiences. I've never heard of this claim nor understand what a "real abuser" is. Most of the routing incidents are misconfigurations, and we can't call it malicious. But some are really planned and in this case, you might (and will) recieve reply like "dumb first line support" or even "it's not us, it's our customer's customer and they have everything registered in routing registry well, so we are filtering with RIPE DB, and everything is ok, and we'll do nothing".
Dear Troy! Phone number without country code let me guess that you are from the country, where 13 marsh trolls led by Chef with $10K budget may affect presidental elections, which is out of RIPE NCC service region, so you might be a little out of the context. Let me give you some information in following answers.
3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified. Because that's where you send abuse notifications. In many cases, these will be critical messages regarding ongoing threats, such as a denial of service attack or malware distribution. RIPE Database (operated by RIPE NCC) have a number of different contacts where you may need to send critical messages. AFAIK abuse-c was introduced to add another contact point, which in modern businesses might be different from admitstrative or technical, and also have another privacy protection level. But RIPE Database main purpose is not to do the job of security researchers or police officers. There was a funny presentation by a police officer at RIPE Meeting in Madrid, crying that he could not catch a criminal just by quering RIPE Database and looking at Street view.
Once i had to consult LIR, which had no valid contacts at database at all, but having maintainer password and working postal address allowed it operate well. And support of entities of Global IP connectivity - is what RIPE NCC is mostly about. From the other hand, we have live example here, in Russia. All kinds of LEAs introducing more and more regulations adding additional data retention responsibilities to ISPs. And for LEAs surprise, such regulations doesn't help to prevent or investigate real crime. Would you like me to make presentation on this topic?
Also, RIPE NCC executive just got extraordinary powers to revoke resource False - no new powers are granted to RIPE NCC by this proposal. You are out of context. Managing Director got powers with RIPE NCC Article of Association change (i suspect that voting was also inferred by trolls :) ). And immediately after such change we got this policy, which can be really easily abused (see concerns in previous discussions, for example e-mail is not intended to be 100% reliable) to revoke resources.
It's sad, but once First RIPE Chair ensured me, that revocation of resources is not an option for enforcing RIPE policies. Seems we starting to forget him. Hope, we all are willing prevent and resolse threats. But not with "security theater". Kind regards, Alexander Isavnin Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
On Fri, 16 Feb 2018 20:47:36 +0100 Alexander Isavnin <isavnin@gmail.com> wrote:
Thanks for the reminder!
Better late than never.
I strongly oppose to this proposal.
1) With a lot of words about improving trust and safety in Proposal's summary, there is no evidence about issues with trust and safety with uncheked "abuse-c:"
I posted an actual IP with an auto responder that requires web form completion - where the web form itself has so many hoops and is broken. You did not bother telling me that I made a mistake or that the example company suddenly changed their behavior? Instead you simply choose to post: "there is no evidence about issues"
2) In my experience, real abusers have all their contacts valid (and responsive).
In my experience not 100% of abusers have their contacts valid and not 100% responsive. Never mind that there is no such thing as "real abusers" (abusers are abusers), some companies simply drop incoming abuse-c, some companies have fake auto responders, etc. etc.
3) Why only abuse-c have to be checked? There are a lot of different contacts or information, that could be verified.
Sure, but this is anti-abuse-wg
Also, RIPE NCC executive just got extraordinary powers to revoke resources.
This is just fake news / and / a completely incorrect/wrong statement. If you still think I am wrong - please elaborate and supply evidence.
So we have to be very carefull with policies, which may lead to resource revocation just because of e-mail issues (i had such issues with RIPE NCC mail servers).
Also completely wrong because it is built on a wrong statement.
Plus all other arguments against or concerning about this proposal, raised in discussion previously.
sure, this makes a lot of sense :)
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
participants (4)
-
Alexander Isavnin -
Brian Nisbet -
ox -
Troy Mursch