Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c
This bit is not possible. The "abuse-c:" attribute is 'single'. So the resource object can only ever reference one abuse contact.
Thanks Denis. abuse-c arity is a point I was dubious about. Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP copied at the same time, as desired. In order to know what is being sent thete, the ISP needs to provide its own address and (if appropriate) forward complaints received there to the customer. Best regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys ==================================================================== INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. ==================================================================== In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. ====================================================================
That’s not entirely true. It’ll depend on how granular the LIR is with their allocations to their clients. Speaking on behalf of my company we do assign blocks and abuse-c contacts to quite a few of our clients. However we wouldn’t do that for every single IP address and due to the nature of some of the services we provide a single IP address is going to be linked to multiple clients. The main issue we run into is with some reporters using a scatter gun approach with reporting abuse, which is just a waste of everyone’s time. (Basically sending notices to every single contact they can find – not just the abuse-c) Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Ángel González Berdasco <angel.gonzalez@incibe.es> Date: Saturday, 22 January 2022 at 23:12 To: denis walker <ripedenis@gmail.com> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
This bit is not possible. The "abuse-c:" attribute is 'single'. So the resource object can only ever reference one abuse contact.
Thanks Denis. abuse-c arity is a point I was dubious about. Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP copied at the same time, as desired. In order to know what is being sent thete, the ISP needs to provide its own address and (if appropriate) forward complaints received there to the customer. Best regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys ==================================================================== INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. ==================================================================== In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. ====================================================================
Hi Michele Yes you can allow any customer with an assignment to have their own abuse-c contact. But the database query will only return a single abuse contact for any IP address. If the assignment object has an abuse-c then a query on any IP address in the range of that assignment will only return the customer's abuse contact details. If an assignment does not have an abuse-c then such a query will return the resource holder's abuse-contact details. A query will not return both the customer's and the resource holder's details. However, this can be changed if the community wants something different. We can make abuse-c a multiple attribute so the resource holder can add the customer's and their own abuse-c to an assignment. Or we can change the default behaviour of the query so when an abuse-c is found in an assignment it always returns the resource holder's abuse-c as well. Or we can add a new query flag to return both abuse-c details when available. Or we can modify the abuse-c attribute in some way so the resource holder can choose what a query returns. Any behaviour is possible as long as you define what behaviour you want and the community finds it useful. chears denis co-chair DB-WG On Thu, 10 Feb 2022 at 11:54, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
That’s not entirely true.
It’ll depend on how granular the LIR is with their allocations to their clients.
Speaking on behalf of my company we do assign blocks and abuse-c contacts to quite a few of our clients.
However we wouldn’t do that for every single IP address and due to the nature of some of the services we provide a single IP address is going to be linked to multiple clients.
The main issue we run into is with some reporters using a scatter gun approach with reporting abuse, which is just a waste of everyone’s time. (Basically sending notices to every single contact they can find – not just the abuse-c)
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Ángel González Berdasco <angel.gonzalez@incibe.es> Date: Saturday, 22 January 2022 at 23:12 To: denis walker <ripedenis@gmail.com> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
This bit is not possible. The "abuse-c:" attribute is 'single'. So the
resource object can only ever reference one abuse contact.
Thanks Denis. abuse-c arity is a point I was dubious about.
Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP copied at the same time, as desired.
In order to know what is being sent thete, the ISP needs to provide its own address and (if appropriate) forward complaints received there to the customer.
Best regards
--
INCIBE-CERT - Spanish National CSIRT
PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys
====================================================================
INCIBE-CERT is the Spanish National CSIRT designated for citizens,
private law entities, other entities not included in the subjective
scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
Jurídico del Sector Público", as well as digital service providers,
operators of essential services and critical operators under the terms
of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
las redes y sistemas de información" that transposes the Directive (EU)
2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and
information systems across the Union.
====================================================================
In compliance with the General Data Protection Regulation of the EU
(Regulation EU 2016/679, of 27 April 2016) we inform you that your
personal and corporate data (as well as those included in attached
documents); and e-mail address, may be included in our records
for the purpose derived from legal, contractual or pre-contractual
obligations or in order to respond to your queries. You may exercise
your rights of access, correction, cancellation, portability,
limitationof processing and opposition under the terms established by
current legislation and free of charge by sending an e-mail to
dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de
Ciberseguridad de España, M.P., S.A. More information is available
on our website: https://www.incibe.es/proteccion-datos-personales
and https://www.incibe.es/registro-actividad.
====================================================================
Hi, On Thu 10/Feb/2022 22:40:18 +0100 denis walker wrote:
Yes you can allow any customer with an assignment to have their own abuse-c contact. But the database query will only return a single abuse contact for any IP address. If the assignment object has an abuse-c then a query on any IP address in the range of that assignment will only return the customer's abuse contact details. If an assignment does not have an abuse-c then such a query will return the resource holder's abuse-contact details. A query will not return both the customer's and the resource holder's details.
Queries at ARIN or APNIC (and maybe more) often return multiple addresses. For example: https://rdap.apnic.net/ip/136.185.8.145 has two addresses, returned as two entries in the relevant vcardArray.
However, this can be changed if the community wants something different. We can make abuse-c a multiple attribute so the resource holder can add the customer's and their own abuse-c to an assignment. Or we can change the default behaviour of the query so when an abuse-c is found in an assignment it always returns the resource holder's abuse-c as well. Or we can add a new query flag to return both abuse-c details when available. Or we can modify the abuse-c attribute in some way so the resource holder can choose what a query returns. Any behaviour is possible as long as you define what behaviour you want and the community finds it useful.
I don't know if the current settings allows to enter a comma-separated list as an abuse-c string value. Most often, the abuse-c value is an email alias. So, I don't see why people would enter several addresses if they can manage the aliases. IMHO, it makes more sense to store multiple addresses if they can be added by different people. jm2c Ale --
Hi Alessandro A query on APNIC's web query form for 136.185.0.0/16 only specifies a single abuse email contact. The other email address in the rdap output is the "email:" attribute value from the referenced IRT object. That is not intended for abuse reports. When we implemented abuse-c in the RIPE Database, one of the underlying principles was to have a single process for documenting and finding abuse contact details. We specifically removed "abuse-mailbox:" from the IRT object, which APNIC still has. So you can't directly compare the two database outputs. There are many ways we can tweak the technical details of how abuse-c works in the RIPE Database. Rather than go round in circles discussing all possible permutations, perhaps it would be better if you specified the behaviour you would like to see. If others in the community agree, then the RIPE NCC can make the necessary technical changes. As long as we don't break that basic principle of having the one process for documenting and finding abuse contacts, each of which is singularly defined, anything else can be changed. cheers denis co-chair DB-WG On Mon, 14 Feb 2022 at 11:09, Alessandro Vesely <vesely@tana.it> wrote:
Hi,
On Thu 10/Feb/2022 22:40:18 +0100 denis walker wrote:
Yes you can allow any customer with an assignment to have their own abuse-c contact. But the database query will only return a single abuse contact for any IP address. If the assignment object has an abuse-c then a query on any IP address in the range of that assignment will only return the customer's abuse contact details. If an assignment does not have an abuse-c then such a query will return the resource holder's abuse-contact details. A query will not return both the customer's and the resource holder's details.
Queries at ARIN or APNIC (and maybe more) often return multiple addresses. For example: https://rdap.apnic.net/ip/136.185.8.145 has two addresses, returned as two entries in the relevant vcardArray.
However, this can be changed if the community wants something different. We can make abuse-c a multiple attribute so the resource holder can add the customer's and their own abuse-c to an assignment. Or we can change the default behaviour of the query so when an abuse-c is found in an assignment it always returns the resource holder's abuse-c as well. Or we can add a new query flag to return both abuse-c details when available. Or we can modify the abuse-c attribute in some way so the resource holder can choose what a query returns. Any behaviour is possible as long as you define what behaviour you want and the community finds it useful.
I don't know if the current settings allows to enter a comma-separated list as an abuse-c string value. Most often, the abuse-c value is an email alias. So, I don't see why people would enter several addresses if they can manage the aliases.
IMHO, it makes more sense to store multiple addresses if they can be added by different people.
jm2c Ale --
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
participants (4)
-
Alessandro Vesely -
denis walker -
Michele Neylon - Blacknight -
Ángel González Berdasco