In message <CAFV686cXFY63mHQ0H0xutLtcrzDxFjN1_F0=16PVRfZeSdFsZw@mail.gmail.com> Jacob Slater <jacob@rezero.org> wrote:
In this context, RIPE's published guidelines on due diligence ( https://www.ripe.net/publications/docs/ripe-700) cover what exactly is checked. From my experience, the guidelines are always enforced as written.
Thank you for the link! I was unware of that. In that document section 1.1 (a) seem to the one one and only section relevant to my question: a. Proof of establishment/registration Normally, proof of establishment of a legal person can be registration with the national authorities (e.g., a recent extract from the Commercial Trade Register or equivalent document proving registration with the national authorities). When this is not available, other proof of establishment may be required (e.g., the law according to which the legal person was established). That last sentence is quite obviously an attempt... and a rather feeble one, in my personal estimation... to cleverly dance around the exact inconvenient question that I raised. "When this is not available..." Yes. When the entity -claims- to be incorporated in Malta, or Cyprus, or Liechtenstein, or Gurnesy, or the Isle of Man, or... then what happens, exactly? This is not strictly an academic question, or one that I am asking just for the sake of my health. The answer... if a truthful one might ever be successfully extracted from either NCC or the membership or the community... has Real World practical implications. Where, how, and from whom can I get an actual answer about what -actually- happens in such cases? Is there some secret procedure manual, burried on some obscure shelf somewhere within NCC that explains the procedure?
As you mention, due to a variety of factors (based primarily on differences in jurisdiction), this process isn't always perfect. I'm sure the NCC deals with at least some of fraudulent activity as a result of the flaws you mention.
You refer to this as a "flaw". That terminology, it seems to me, may perhaps inadvertantly give some the false impression that this glaring problem is akin to the tiny spec of dust that ruins an otherwise perfectly good diamond. I however view it more along the lines of a self-evident and *major* design flaw, rather like the problematic rubber O-Rings that caused the destruction of the Space Shuttle Challenger. I guess it all depends on one's point of view.
Unfortunately, short of drastic measures (such as prohibiting certain jurisdictions from requesting resources), I can't see an easy way to improve the current situation. Do you have a suggestion for how the process could be improved?
I do. Or rather I should say, I would. However it would be presumptive and inapproporaie of me, as a non-European -and- a non-member to propose any solution, and least of all, on this particular mailing list, where any such propoal would quite certainly be out of order and off-topic. More to the point however, I haver no firm reason to believe that anyone other than your's truly even has a serious concern about this self-evident and gaping hold in what passes for "vetting" in the RIPE region. If noone other than me is at all concerned, then the liklihood of there ever being any change in procedure or policy must surely approach zero. I would however appreciate it if RIPE, NCC, the membership, and the community would discontinue the current practice of papering over this problem, pretending that it does not exist, or that it doesn't make a mockery of any and all pretenses of "vetting". I don't know how people in Europe feel, generally, about airport security, but where I am from it is widely derided as amounting to little more than "security theater" in practice. (Google for "beedoop machine".) I'm sorry to have to say it, but this notion of organization vetting in the RIPE region is so evidently riddled with loopholes that I personally feel that it is deserving of the same derision. Regards, rfg