On Thu, Jun 1, 2023 at 12:46 PM Peter Hessler <phessler@theapt.org> wrote:
On 2023 Jun 01 (Thu) at 11:40:14 +0000 (+0000), Matthias Merkel wrote: :Maybe it'd be worth requiring all (or a majority) of user accounts on an :LIR to confirm the opt-in? This would prevent potential abuse in cases of :insider threats (think disgruntled employees, etc). :
If you read the text of the proposal, the opt-in requires a director of the company to approve it. This is the same level of protection as transferring IP addresses.
I think the proposal as-is has enough protection against potential abuse.
Agree, requiring opt-in from multiple LIR user accounts would be too rigid. But all user accounts should at least be clearly and fully informed. They can then choose to de-register from the LIR if they are not comfortable with the decision, e.g. if they don't feel safe for any reason. Regards, James