Re: [db-wg] [anti-abuse-wg] objection to RIPE policy proposal 2016-01
Hi I fail to understand how spammer are legal in certain country has to do with my reasoning or logic. The argument is about if there is managing position for community to take, my answer is no, we are not law enforcement and we only do book keeping, we don't tell people what to do, if they want to be good guy, great, if they don't care about spam or any abuse so to say, ok, it's their call. Making things mandatory with no real enforcing power are just not working. So make logic simple to understand, if the abuse is serious as crime, you don't need abuse c to get the right person(law enforcement has much better way than ripe db), if it is not serious as crime, if the op cares, with or without abuse c they will have their abuse contact there, and will deal with it. For ops don't care, with or without abuse c, they still don't care. So you can put up an extra line ask people to fill, but I don't think it makes much difference.
On 4 Mar 2016, at 20:00, Jeffrey Race <jrace@post.harvard.edu> wrote:
Dear Lu,
Your reasoning fails the logic test because you do not cognize the mismatch between the operation of "law to enforce things" and the spammer business model. The loss to no single victim rises above the threshold to initiate either criminal or civil proceedings. The spammers organize their business model in this way expecting most people to have your attitude.
This is clearly explained in
<http://www.jeffreyrace.com/nugget/spam_05.pdf>
Kind regards,
Dr. Jeffrey Race, President Cambridge Electronics Laboratories 20 Chester Street, Somerville MA 02144-3005 Tel +1 617 629-2805 Fax +1 617 623-1882
Avoid spinal damage from computer use! Read "Cripples by Thirty?"
<http://www.camblab.com/nugget/nugget.htm>
--Original Message Text--- From: Lu Heng Date: Fri, 4 Mar 2016 14:20:28 +1300
Hi there:
I think the whole notion about we are managing the internet though the policy are not correct.
We are not managing the internet, we are book keeping really.
Denis, your argument standing on a group that if we do not manage the internet, the gov will step in and do it for us, but that is largely untrue.
The Gov are managing it now as we speak, they have something called law to enforce things, they really don't need bother to go though policy here to block content they dislike, bust people they think are bad, find people are responsible, if there is a seriou crime going on, with or without abuse-c, gov will find them or not---abuse c does not change the outcome.
Take China for example, A 500 m user can not access Facebook, tell me they go though any sort of APNIC policy to do that, same goes for some countries inA Middle East.
So my last point is. If you like their gov job, you can apply one, don't try to push community here to do gov's job.
On Friday 4 March 2016, denis <ripedenis@yahoo.co.uk> wrote: Hi Peter
OK lets cut to the bottom line. Does anyone NOT agree with these points:
-Internet abuse (in it's various forms) is considered both a nuisance and a danger by the publicA -Politicians will jump onto any band wagon that has popular public support and enhances their careers -Responsible internet resource management includes receiving and handling abuse complaints related to the networks you manage
If we all supported these points, especially the last one, then in an ideal world all network managers would be happy to provide abuse contact details and would take action on complaints received.
Unfortunately we don't live in that ideal world. The fact that so many experienced technical internet people are opposing this policy worries me. So many of you are fixating on this point about 'mandatory', 'enforcing', 'justifying'. If everyone agreed with point 3 above then you would all be willing to do this voluntarily anyway. So what difference does it make to those of you who do this anyway if it is mandatory?
But we know some people simply can't be bothered to handle abuse complaints and we also know some people make money by providing services to the abusers. There is no point pretending this does not happen. If there is a lot of money to be made some people will want a slice of it. That is why this has to be mandatory.
When abuse-c was first introduced it was made clear that this was the first step of a process. The intention was for all IP addresses within the RIPE region to have one common way of documenting an abuse contact that can be accessed programatically. It was also made clear that this first step had nothing to do with whether anyone responds to reports sent to that contact. Because it was and still is clear that some people don't want to publicise any abuse contact details it had to be and still has to be mandatory. If you enter data into the RIPE Database you are required to ensure it is correct. Dealing with whether anyone responds to the reports sent to this contact is a separate issue and should not cloud the discussion on the abuse-c information in the RIPE Database. Neither should the technical implementation of the abuse-c attribute.
I know there are policies about policies for legacy resources. Personally I think that is crazy. All IP addresses are technically the same no matter how or when you acquired it. Abuse can come from any one of them.
I don't know why we are making the policy side so complicated. The principle is simple. If you manage IP addresses in the public domain, from where abuse can be generated, responsible management requires you to provide abuse contact details!!!
cheers denis
On 03/03/2016 23:30, Peter Koch wrote: On Thu, Mar 03, 2016 at 11:46:45AM +0100, denis wrote:
In these days of political interest in how the internet is 'managed' the RIRs need to do more than 'just maintain an accurate registry'. The
indeed. The community should be careful to maintain and improve the credibility and legitimacy of its policy development process. ``Extra constitutional'' activity (imposing "abuse" handling procedures camouflaged as syntax changes to database objects) and retroactive changes to policy without an exceptional justification both aren't helpful.
2016-01 claims "Better data quality", which is not backed with arguments. 2016-01 claims "More accurate data for abuse contact", which is not A A A A A supported by arguments or evidence/precedent.
internet is a crucial part of modern life. Abuse is considered to be a serious problem. What you are saying is that you don't give a dam about abuse and are not interested in being part of the management of abuse.
The alleged correctness of data does not imply a "right to response" (cf ripe-563), and rightfully so.A Therefore the claims that refusal to add abuse-c would imply refusal to deal with abuse reports are pointless, since the sheer presence of the attribute does not imply anything, either.
Also, I have not heard RA¬diger (or anyone else) claim they would not want to even add abuse-c - it's making this policy mandatory what is being contested.A ripe-639 re-establishes the 'special role' of legacy resources as exempt from policy changes:
A A A A Any existing or future RIPE policy referring to resources shall not apply A A A A to legacy resources unless the policy explicitly includes legacy resources in its scope.
Now, if that was simply a matter of a boilerplate in any future policy (xxx shall also apply to legacy resources), this clause would not make the slightest sense.A Consequently, a special consideration is needed. 2016-01 simply refers to inconsistency (obviously a simple consequence of ripe-639 and thus not exceptional) and "better data quality" - without justification.A No indication is given of any harm caused by legacy resources currently not subject to ripe-563.A ripe-563/ripe-639 do not preclude use of abuse-c for legacy resources, either.
All in all, I understand the motivation behind 2016-01, but the reasoning is far too poor to justify proceeding with the proposal.
-Peter
-- -- Kind regards. Lu
On 05/03/2016, 09:53, "anti-abuse-wg on behalf of h.lu@anytimechinese.com" <anti-abuse-wg-bounces@ripe.net on behalf of h.lu@anytimechinese.com> wrote:
Hi
I fail to understand how spammer are legal in certain country has to do with my reasoning or logic.
The argument is about if there is managing position for community to take, my answer is no, we are not law enforcement and we only do book keeping, we don't tell people what to do, if they want to be good guy, great, if they don't care about spam or any abuse so to say, ok, it's their call.
Who? A LIR or an assignee? Considering the IPv4 space is such a valuable resource now I’d happily argue that if you do a bad job of managing it then maybe you shouldn’t have it
Making things mandatory with no real enforcing power are just not working.
That’s more of a chicken and egg argument. The issue that abuse-C resolves is the provision of a consistent and thus parseable contact point for abuse issues. Of course if there was a way to get abuse contacts to be more responsive then everyone would be happier (or unhappier .. ).
So make logic simple to understand, if the abuse is serious as crime, you don't need abuse c to get the right person(law enforcement has much better way than ripe db), if it is not serious as crime, if the op cares, with or without abuse c they will have their abuse contact there, and will deal with it. For ops don't care, with or without abuse c, they still don't care.
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
So you can put up an extra line ask people to fill, but I don't think it makes much difference.
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Sat, Mar 05, 2016 at 10:54:45AM +0000, Michele Neylon - Blacknight wrote:
Considering the IPv4 space is such a valuable resource now I’d happily argue that if you do a bad job of managing it then maybe you shouldn’t have it
You should not forget to add the "and instead I should have it" at the end. Besides, this discussion is about ERX resources which the NCC CANNOT take away from their holders, which fact all the screaming and bickering cannot change. Overall, this entire thread is proof of my point that this wg should not make policy.
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
Now they contact whomever the NCC saw fit to put in that field because $org didn't fill it in themselves. rgds, Sascha Luck
Hi there:
On 5 Mar 2016, at 11:54, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
On 05/03/2016, 09:53, "anti-abuse-wg on behalf of h.lu@anytimechinese.com" <anti-abuse-wg-bounces@ripe.net on behalf of h.lu@anytimechinese.com> wrote:
Hi
I fail to understand how spammer are legal in certain country has to do with my reasoning or logic.
The argument is about if there is managing position for community to take, my answer is no, we are not law enforcement and we only do book keeping, we don't tell people what to do, if they want to be good guy, great, if they don't care about spam or any abuse so to say, ok, it's their call.
Who? A LIR or an assignee?
Considering the IPv4 space is such a valuable resource now I’d happily argue that if you do a bad job of managing it then maybe you shouldn’t have it
Whoever using it. I don't think you should have it or not are based on abuse handing, otherwise you can take all IPs from some telecoms:)
Making things mandatory with no real enforcing power are just not working.
That’s more of a chicken and egg argument.
The issue that abuse-C resolves is the provision of a consistent and thus parseable contact point for abuse issues.
Of course if there was a way to get abuse contacts to be more responsive then everyone would be happier (or unhappier .. ).
Before that there is a field called abuse:
So make logic simple to understand, if the abuse is serious as crime, you don't need abuse c to get the right person(law enforcement has much better way than ripe db), if it is not serious as crime, if the op cares, with or without abuse c they will have their abuse contact there, and will deal with it. For ops don't care, with or without abuse c, they still don't care.
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
Again, before that there is "abuse:"
So you can put up an extra line ask people to fill, but I don't think it makes much difference.
Lastly, again, I sent the first message was to against the argument about managing internet part in which I strongly disagree, abuse c or not, I don't strong opinion against it, nor do I have strong feeling to support it, I just dislike the medatory part and doubt its usefulness.
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On 05/03/2016 12:36, h.lu@anytimechinese.com wrote:
The issue that abuse-C resolves is the provision of a consistent and thus parseable contact point for abuse issues.
Of course if there was a way to get abuse contacts to be more responsive then everyone would be happier (or unhappier .. ).
Before that there is a field called abuse:
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
Again, before that there is "abuse:"
So you can put up an extra line ask people to fill, but I don't think it makes much difference.
no there was no field called abuse. Before the "abuse-c:" policy the attribute "abuse-mailbox:" was allowed in 5 object types: PERSON, ROLE, MNTNER, ORGANISATION, IRT. There was no policy or even any guidelines on where to put it. This was left entirely to the user's judgement if they put anything anywhere. Or they might add it to a remark in any object. It was completely unworkable.
Lastly, again, I sent the first message was to against the argument about managing internet part in which I strongly disagree, abuse c or not, I don't strong opinion against it, nor do I have strong feeling to support it, I just dislike the medatory part and doubt its usefulness.
You can doubt the 'responsibility' of network manages to properly handle abuse complaints or their honesty in defining a true abuse complaint email address, but you cannot doubt the need for a single, machine parsable abuse contact. It needs to be mandatory because so many people seem unwilling to define it voluntarily. As far as the government aspect is concerned you clearly understand nothing about internet governance, despite all the discussion on this topic in recent years. The internet is not currently managed by governments or the police as you suggested. It is still largely self governed by the industry. But there are some governments, China being one of them, who would love to put it into the hands of the ITU and have government telcos operate the internet on a country basis. At the moment industry bodies, including the RIRs, are proving to governments and LEAs they are capable of managing this thing called the internet. But it is a fragile peace. If governments or LEAs feel they are not able to get what they want/need things could change. Abuse IS an important issue for the internet. It is also an emotive issue for the public and one that the media loves to make sensational stories out of. To me this policy is a no brainer. If the industry wants to show it has a responsible attitude to this topic, EVERY internet resource should be covered by an abuse contact. The fact that so many of you are making such a fuss over it and basically saying you don't care about abuse and will not handle complaints shows why it is such an important topic. ...and before any of you individually start screaming at me "I never said I don't care about abuse" this whole discussion is about accepting that 'people' do not want to be responsible. Lets turn it on its head and start with the premise that everyone 'should' be responsible and should handle abuse and then start working out how to move in that direction. In other words, stop evading the real issue and tackle it. cheers denis
Hi There: On Mon, Mar 7, 2016 at 10:18 AM, denis <ripedenis@yahoo.co.uk> wrote:
On 05/03/2016 12:36, h.lu@anytimechinese.com wrote:
The issue that abuse-C resolves is the provision of a consistent and thus parseable contact point for abuse issues.
Of course if there was a way to get abuse contacts to be more responsive then everyone would be happier (or unhappier .. ).
Before that there is a field called abuse:
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
Again, before that there is "abuse:"
So you can put up an extra line ask people to fill, but I don't think it makes much difference.
no there was no field called abuse. Before the "abuse-c:" policy the attribute "abuse-mailbox:" was allowed in 5 object types: PERSON, ROLE, MNTNER, ORGANISATION, IRT. There was no policy or even any guidelines on where to put it. This was left entirely to the user's judgement if they put anything anywhere. Or they might add it to a remark in any object. It was completely unworkable.
Lastly, again, I sent the first message was to against the argument about managing internet part in which I strongly disagree, abuse c or not, I don't strong opinion against it, nor do I have strong feeling to support it, I just dislike the medatory part and doubt its usefulness.
You can doubt the 'responsibility' of network manages to properly handle abuse complaints or their honesty in defining a true abuse complaint email address, but you cannot doubt the need for a single, machine parsable abuse contact. It needs to be mandatory because so many people seem unwilling to define it voluntarily.
As far as the government aspect is concerned you clearly understand nothing about internet governance, despite all the discussion on this topic in recent years. The internet is not currently managed by governments or the police as you suggested. It is still largely self governed by the industry. But there are some governments, China being one of them, who would love to put it into the hands of the ITU and have government telcos operate the internet on a country basis. At the moment industry bodies, including the RIRs, are proving to governments and LEAs they are capable of managing this thing called the internet. But it is a fragile peace. If governments or LEAs feel they are not able to get what they want/need things could change.
Well, claim I "understand nothing about internet governance" in a public mailing list are both in polite and unprofessional. Internet governance is another huge topic in which I am not sure if it is suitable to be discussed in this mailing list, and its relevance to the current topic. And I seriously doubt the idea "if we don't manage the internet the government will take over" thing has any thing to do with the current discussion, and the idea itself of course. Since I do not have strong opinion about the "abuse C" discussion, I will stop here and leave others to debate the topic in question.
Abuse IS an important issue for the internet. It is also an emotive issue for the public and one that the media loves to make sensational stories out of.
To me this policy is a no brainer. If the industry wants to show it has a responsible attitude to this topic, EVERY internet resource should be covered by an abuse contact. The fact that so many of you are making such a fuss over it and basically saying you don't care about abuse and will not handle complaints shows why it is such an important topic.
...and before any of you individually start screaming at me "I never said I don't care about abuse" this whole discussion is about accepting that 'people' do not want to be responsible. Lets turn it on its head and start with the premise that everyone 'should' be responsible and should handle abuse and then start working out how to move in that direction. In other words, stop evading the real issue and tackle it.
cheers denis
-- -- Kind regards. Lu
Not aiming at Michele... On 05/03/16 11:54, Michele Neylon - Blacknight wrote:
The issue isn’t that simple. Prior to the introduction of abuse-c people would try to contact whatever contact they could find.
The abuse-c as an operational information is certainly useful. The technical implementation is certainly not as useful as it could be (and I side completely with Gert here). But I continue to disapprove the mandatory nature of the abuse-c, it is not helpful, on the edge of counterproductive: the willing will have them anyway. The unwilling will put anything in that passes the syntax test. And as a reporter, I prefer a clear "I don't care" over wasting my time on an ignored report. So advertising the abuse-c actively: yes, sure. Mandatory: no. Thus changing policy in regard to ERX: no (besides, that's poor form, cf Peter Koch's comment). And by all means make the 'more specific' work. Gilles -- Fondation RESTENA - DNS-LU 2, avenue de l'Université LU-4365 Esch-sur-Alzette tel: +352.4244091 fax: +352.422473
On 07-Mar-2016, at 2:48 PM, Gilles Massen <gilles.massen@restena.lu> wrote:
And as a reporter, I prefer a clear "I don't care" over wasting my time on an ignored report.
So advertising the abuse-c actively: yes, sure. Mandatory: no. Thus changing policy in regard to ERX: no (besides, that's poor form, cf Peter Koch's comment).
As a reporter doing manual reporting of occasional phish - great, an optional format is just fine. As a reporter of quite a lot of phish - I think having something that is standardized and machine parseable helps. Those that really don’t want to handle reports for a range might want to populate something standard there too (and yes, this is a semi ironic policy proposal) - devnull@example.com or whatever. —srs
On 07/03/16 10:23, Suresh Ramasubramanian wrote:
As a reporter of quite a lot of phish - I think having something that is standardized and machine parseable helps.
Those that really don’t want to handle reports for a range might want to populate something standard there too (and yes, this is a semi ironic policy proposal) - devnull@example.com or whatever.
"no abuse-c found" looks pretty machine parsable to me. Gilles -- Fondation RESTENA - DNS-LU 2, avenue de l'Université LU-4365 Esch-sur-Alzette tel: +352.4244091 fax: +352.422473
On 07-Mar-2016, at 3:00 PM, Gilles Massen <gilles.massen@restena.lu> wrote:
On 07/03/16 10:23, Suresh Ramasubramanian wrote:
As a reporter of quite a lot of phish - I think having something that is standardized and machine parseable helps.
Those that really don’t want to handle reports for a range might want to populate something standard there too (and yes, this is a semi ironic policy proposal) - devnull@example.com or whatever.
"no abuse-c found" looks pretty machine parsable to me.
I might even agree with you, if abuse-c was actually standardized and if abuse contacts weren’t spread across a variety of other fields - such as the remarks. remarks: +---------------------------------------+ remarks: | In case of complaints use the contact | remarks: | information in the role object below. | remarks: +---------------------------------------+
Hi Suresh On 07/03/2016 10:57, Suresh Ramasubramanian wrote:
On 07-Mar-2016, at 3:00 PM, Gilles Massen <gilles.massen@restena.lu> wrote:
On 07/03/16 10:23, Suresh Ramasubramanian wrote:
As a reporter of quite a lot of phish - I think having something that is standardized and machine parseable helps.
Those that really don’t want to handle reports for a range might want to populate something standard there too (and yes, this is a semi ironic policy proposal) - devnull@example.com or whatever.
"no abuse-c found" looks pretty machine parsable to me.
I might even agree with you, if abuse-c was actually standardized and if abuse contacts weren’t spread across a variety of other fields - such as the remarks.
The "abuse-c:" IS standardised. It is well defined and documented as THE method of defining abuse contact details in the RIPE Database according to the policy. Historically, as I mentioned in other emails, there was "abuse-mailbox:" defined in 5 object types and users often put details in remarks. The plan was to do a cleanup after deploying "abuse-c:" and remove "abuse-mailbox:" from other object types and adjust the syntax. The RIPE NCC provides tools for finding abuse contacts based on "abuse-c:" and these can be used through the database API. Again if I can ever get people to accept that the data model needs 'some improvement', the API should provide a means to find information from the database rather than pull out blocks of raw data for human readable, manual interpretation. cheers denis
remarks: +---------------------------------------+ remarks: | In case of complaints use the contact | remarks: | information in the role object below. | remarks: +---------------------------------------+
On 07-Mar-2016, at 4:08 PM, denis <ripedenis@yahoo.co.uk> wrote:
The "abuse-c:" IS standardised. It is well defined and documented as THE method of defining abuse contact details in the RIPE Database according to the policy. Historically, as I mentioned in other emails, there was "abuse-mailbox:" defined in 5 object types
Sure - but as you point out nobody much seems to be implementing it so far - or at least, very few organizations. So yes, I’d welcome abuse-c being implemented more widely. I’m tired of hunting up contact information from comment fields, in particular. —srs
On 7 Mar 2016, at 10:43, Suresh Ramasubramanian wrote:
On 07-Mar-2016, at 4:08 PM, denis <ripedenis@yahoo.co.uk> wrote:
The "abuse-c:" IS standardised. It is well defined and documented as THE method of defining abuse contact details in the RIPE Database according to the policy. Historically, as I mentioned in other emails, there was "abuse-mailbox:" defined in 5 object types
Sure - but as you point out nobody much seems to be implementing it so far - or at least, very few organizations.
So yes, I’d welcome abuse-c being implemented more widely. I’m tired of hunting up contact information from comment fields, in particular.
I can imagine. I've just taken a look at this thread (https://www.ripe.net/ripe/mail/archives/db-wg/2004-April/thread.html#2678) about the plans to move away from depending on comments by defining and introducing the "abuse-mailbox" property. You tell us that, 12 years or so later, you're still depending on comments. On Thu May 6 12:39:12 CEST 2004, I wrote (https://www.ripe.net/ripe/mail/archives/db-wg/2004-May/002724.html):
[...] we (for some value of "we") have to devise a least-effort, greatest-effect strategy for reaching "there" from "here". I keep feeling we're still looking at tactics.
I'm sorry to say that I see proposal 2016-01 as more of the same, and a distraction from the real work. Administrative imposition of some measure as mandatory won't fill the gaps in the data. Neither will having a more consistent data model. This toothpaste has been out of the tube since before the RIPE NCC came into existence. By now, it's all over the floor. Cleaning it up can only be done by crawling around between the cabinets and sanitary fittings with a spatula or damp cloth, not by admiring the architect's proposals for how the bathroom might be remodelled. At least for for 2028 (12 years further on), we can hope that pervasive adoption of IPv6 will have made Legacy IPv4 resources irrelevant. Best regards, Niall
At least for for 2028 (12 years further on), we can hope that pervasive adoption of IPv6 will have made Legacy IPv4 resources irrelevant.
and how is rosenantes?
On 07-Mar-2016, at 10:18 PM, Niall O'Reilly <niall.oreilly@ucd.ie> wrote:
At least for for 2028 (12 years further on), we can hope that pervasive adoption of IPv6 will have made Legacy IPv4 resources irrelevant.
History repeating itself will probably mean more comment fields for a bunch of v6 IP space as well V6 being handed out like candy because there is so much of it reminds me of the days when classful address blocks were available for the asking. While that is another discussion altogether - it is simply yet another instance of history repeating itself on a regular basis - so just cited as another example
HI Niall On 07/03/2016 17:48, Niall O'Reilly wrote:
On 7 Mar 2016, at 10:43, Suresh Ramasubramanian wrote:
On 07-Mar-2016, at 4:08 PM, denis <ripedenis@yahoo.co.uk> wrote:
The "abuse-c:" IS standardised. It is well defined and documented as THE method of defining abuse contact details in the RIPE Database according to the policy. Historically, as I mentioned in other emails, there was "abuse-mailbox:" defined in 5 object types
Sure - but as you point out nobody much seems to be implementing it so far - or at least, very few organizations.
So yes, I’d welcome abuse-c being implemented more widely. I’m tired of hunting up contact information from comment fields, in particular.
I can imagine. I've just taken a look at this thread (https://www.ripe.net/ripe/mail/archives/db-wg/2004-April/thread.html#2678) about the plans to move away from depending on comments by defining and introducing the "abuse-mailbox" property.
You tell us that, 12 years or so later, you're still depending on comments.
Your assessment is not accurate. Yes 12 years ago someone (I won't mention names) came up with the idea of adding "abuse-mailbox:" as a way to provide abuse contact details. However it was implemented in a way that was bound to fail. (Yes Gert I know you feel the same way about abuse-c now, but the situation is completely different.) The "abuse-mailbox was added to 5 object types with not even any guidelines on how to use it. So of course users started adding it to the PERSON object, referenced in a MNTNER object, that maintains a ROLE object, that is referenced in an INETNUM object as admin-c. It seemed like the logical place to put it by the user at the time. But of course it was impossible to find it programatically with any confidence it was the right contact. We tried to write algorithms to find these references, but often got it wrong. This was combined with the still popular usage of adding the abuse contact in remarks. It was this mess that prompted the introduction of abuse-c backed by a policy and made mandatory. So abuse-c does work and would work better if people did not try to evade their responsibilities. We avoided having to clean up the tooth paste by laying another floor on top of it :) cheers denis
On Thu May 6 12:39:12 CEST 2004, I wrote (https://www.ripe.net/ripe/mail/archives/db-wg/2004-May/002724.html):
[...] we (for some value of "we") have to devise a least-effort, greatest-effect strategy for reaching "there" from "here". I keep feeling we're still looking at tactics.
I'm sorry to say that I see proposal 2016-01 as more of the same, and a distraction from the real work. Administrative imposition of some measure as mandatory won't fill the gaps in the data. Neither will having a more consistent data model.
This toothpaste has been out of the tube since before the RIPE NCC came into existence. By now, it's all over the floor. Cleaning it up can only be done by crawling around between the cabinets and sanitary fittings with a spatula or damp cloth, not by admiring the architect's proposals for how the bathroom might be remodelled.
At least for for 2028 (12 years further on), we can hope that pervasive adoption of IPv6 will have made Legacy IPv4 resources irrelevant.
Best regards, Niall
Hi Suresh On 07/03/2016 11:43, Suresh Ramasubramanian wrote:
On 07-Mar-2016, at 4:08 PM, denis <ripedenis@yahoo.co.uk> wrote:
The "abuse-c:" IS standardised. It is well defined and documented as THE method of defining abuse contact details in the RIPE Database according to the policy. Historically, as I mentioned in other emails, there was "abuse-mailbox:" defined in 5 object types
Sure - but as you point out nobody much seems to be implementing it so far - or at least, very few organizations.
It has been implemented for the whole of the address space allocated or assigned by the RIPE NCC. We spent 6 months 'encouraging' members to deploy it, then another year 'encouraging' PI holders to deploy it. Then a recent thread on this mailing list by Tim explained how the NCC was going to fill in a few gaps that were created before the new LIR process incorporated adding abuse-c as part of the process. So it is fully deployed and it is required for new LIRs.
So yes, I’d welcome abuse-c being implemented more widely. I’m tired of hunting up contact information from comment fields, in particular.
The legacy resources are the only resources in the RIPE Database that currently do not all have an abuse-c. If you use the tools provided by the NCC you should not need to do any manual lookups or read comments. cheers denis
—srs
It has been implemented for the whole of the address space allocated or assigned by the RIPE NCC. We spent 6 months 'encouraging' members to deploy it, then another year 'encouraging' PI holders to deploy it. ...
and 42% of those addresses black-hole or bounce. and we keep tilting at this windmill.
The legacy resources are the only resources in the RIPE Database that currently do not all have an abuse-c. If you use the tools provided by the NCC you should not need to do any manual lookups or read comments.
and the black-hole and bounce fraction will be higher. wake up and smell the coffee. randy
Yes of course. I mean to say - legacy IP space isn't immune to compromise or whatever else that causes phish urls, so every so often a manual step does come into the process when I run into a comments field We wouldn't be having this longish discussion otherwise --srs
On 08-Mar-2016, at 1:05 AM, denis <ripedenis@yahoo.co.uk> wrote:
The legacy resources are the only resources in the RIPE Database that currently do not all have an abuse-c. If you use the tools provided by the NCC you should not need to do any manual lookups or read comments.
participants (9)
-
denis -
Gilles Massen -
h.lu@anytimechinese.com -
Lu Heng
-
Michele Neylon - Blacknight -
Niall O'Reilly -
Randy Bush -
Sascha Luck [ml] -
Suresh Ramasubramanian