Re: [ncc-services-wg] Admin: request for "Company Registration documents"
Hello Larisa!
Yes, yes. It is boring me too and delays registration for monthes until documents are gathered, translated and so... you don't have spend monthes gathering documents if you are legal organisation. You do have them already, just spend a minute for Xerox.
Sure. If you are only person in the firm and only you need is to put document in copy machine (Xerox) or scanner. In practice, getting a legal paper (any one, for example registration) from medium or large company (or just high-bueraucratic one) is near one month. Of course, the ball is in their side all that time and only I can is wait, but... I don't ever think about translation time ;) So for me I just ask for registration papers _before_ sending initial request for PI/AS, and often it is enough. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
On Mon, 10 Oct 2005, Maxim V. Tulyev wrote:
Hello Larisa!
Yes, yes. It is boring me too and delays registration for monthes until documents are gathered, translated and so... you don't have spend monthes gathering documents if you are legal organisation. You do have them already, just spend a minute for Xerox.
Sure. If you are only person in the firm and only you need is to put document in copy machine (Xerox) or scanner.
In practice, getting a legal paper (any one, for example registration) from medium or large company (or just high-bueraucratic one) is near one month. Of course, the ball is in their side all that time and only I can is wait, but...
Having just done this for a 2000+ employee company to become a LIR I can attest that it indeed takes a number of weeks until the right papers are found and then translated and notarized and passed through corporate counsel before being sent off to RIPE. Regards, Hank
I don't ever think about translation time ;)
So for me I just ask for registration papers _before_ sending initial request for PI/AS, and often it is enough.
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
+++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
On Mon, 10 Oct 2005, Hank Nussbacher wrote:
On Mon, 10 Oct 2005, Maxim V. Tulyev wrote:
Hello Larisa!
Yes, yes. It is boring me too and delays registration for monthes until documents are gathered, translated and so... you don't have spend monthes gathering documents if you are legal organisation. You do have them already, just spend a minute for Xerox.
Sure. If you are only person in the firm and only you need is to put document in copy machine (Xerox) or scanner.
In practice, getting a legal paper (any one, for example registration) from medium or large company (or just high-bueraucratic one) is near one month. Of course, the ball is in their side all that time and only I can is wait, but...
Having just done this for a 2000+ employee company to become a LIR I can attest that it indeed takes a number of weeks until the right papers are found and then translated and notarized and passed through corporate counsel before being sent off to RIPE.
RIPE NCC never demand them to be notarized.
Regards, Hank
With respect, Larisa Yurkina --- RIPN Registry center -----
I don't ever think about translation time ;)
So for me I just ask for registration papers _before_ sending initial request for PI/AS, and often it is enough.
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
+++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
Having just done this for a 2000+ employee company to become a LIR I can attest that it indeed takes a number of weeks until the right papers are found and then translated and notarized and passed through corporate counsel before being sent off to RIPE.
RIPE NCC never demand them to be notarized.
Seems you never do mass PI registering ;) Yes, they sometime requests different unexpected things, like translations, users agreements, invoices for hardware listed in request and others. And almost anytime - registration papers. P.S. The question is still exists: what kind of documents these requirements are based on? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
On Mon, 10 Oct 2005, Max Tulyev wrote:
Having just done this for a 2000+ employee company to become a LIR I can attest that it indeed takes a number of weeks until the right papers are found and then translated and notarized and passed through corporate counsel before being sent off to RIPE.
RIPE NCC never demand them to be notarized.
Seems you never do mass PI registering ;)
I didn't mean PI registering, but LIRs only. The document ripe-321, as it was already said. PI registering is another procedure, as far as I know there is no special policy document on that.
Yes, they sometime requests different unexpected things, like translations, users agreements, invoices for hardware listed in request and others. And almost anytime - registration papers.
P.S. The question is still exists: what kind of documents these requirements are based on?
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
With respect, Larisa Yurkina --- RIPN Registry center -----
Seems you never do mass PI registering ;)
I didn't mean PI registering, but LIRs only. The document ripe-321, as it was already said.
Yes, for establishing a new LIR anything is clear now...
PI registering is another procedure, as far as I know there is no special policy document on that.
...but not for LIR client's assignments. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Mon, Oct 10, 2005 at 04:39:56PM +0400, Max Tulyev wrote:
Yes, for establishing a new LIR anything is clear now... ...but not for LIR client's assignments.
Same motivation: traceability to organizations that have proven their existance. Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 81421 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi,
Same motivation: traceability to organizations that have proven their existance.
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back?
Of course, not ;) But I really don't believe that scanned picture often without any phone or address helps traceability. Look other way: is there some precedents that data helps to eliminate spammers? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Mon, Oct 10, 2005 at 06:24:23PM +0400, Max Tulyev wrote:
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back?
Of course, not ;)
But I really don't believe that scanned picture often without any phone or address helps traceability.
Official documents might...
Look other way: is there some precedents that data helps to eliminate spammers?
There is precendence that spammers (and other abusers) hijack address space from the registries, most often "old and not well maintained" address blocks (weak passwords, mail only authentication, and such), and abuse that. Demonstrating that some abuse did *not* happen due to measures taken is sort of difficult - but I'm sure the LIR folks can say some more about this, like "how often do you get PI requests that never come back when asking for proof of existance" or such? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 81421 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
On Oct 10, 2005, at 4:27 pm, Gert Doering wrote: [...]
There is precendence that spammers (and other abusers) hijack address space from the registries, most often "old and not well maintained" address blocks (weak passwords, mail only authentication, and such), and abuse that.
Leslie Nobile and I gave a short presentation on this subject at RIPE 48. The slides we presented are available on the web site at: http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof- nobile-vegoda.pdf http://tinyurl.com/cgnsf with the webcast archived here: http://www.ripe.net/ripe/meetings/ripe-48/sessions-archive.html#tuesday Regards, -- leo vegoda Registration Services Manager RIPE NCC
Hi Leo!
Leslie Nobile and I gave a short presentation on this subject at RIPE 48. The slides we presented are available on the web site at:
http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof- nobile-vegoda.pdf http://tinyurl.com/cgnsf
with the webcast archived here:
http://www.ripe.net/ripe/meetings/ripe-48/sessions-archive.html#tuesday
Nice! BTW, how currently requested for PI/AS registration documents helps to pervent hijacking address space? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi,
But I really don't believe that scanned picture often without any phone or address helps traceability. Official documents might...
If I'm The Really Bad Guy, it is only a half of an hour with PhotoShop, isn't it? Even real firm registered with stolen or lost passports in UA or RU is $300 (the cost of one good mass mail).
Look other way: is there some precedents that data helps to eliminate spammers? There is precendence that spammers (and other abusers) hijack address space from the registries, most often "old and not well maintained" address blocks (weak passwords, mail only authentication, and such), and abuse that.
RIPE DB is just database, and if some records is changed - it doesn't help spammers. The aim is to take actions to networks giving them connectivity and announces that networks to the world. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Mon, Oct 10, 2005 at 06:53:07PM +0400, Max Tulyev wrote:
RIPE DB is just database, and if some records is changed - it doesn't help spammers. The aim is to take actions to networks giving them connectivity and announces that networks to the world.
If you go to an upstream ISP, and can display a RIPE network entry that claims "I own 195.30.0.0/16 and AS5539", chances are good that this ISP will then provide routing for you... So indeed, getting the database entry is an important step toward tricking ISPs to route you. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 81421 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
On Mon, Oct 10, 2005 at 04:57:46PM +0200, Gert Doering wrote:
On Mon, Oct 10, 2005 at 06:53:07PM +0400, Max Tulyev wrote:
RIPE DB is just database, and if some records is changed - it doesn't help spammers. The aim is to take actions to networks giving them connectivity and announces that networks to the world.
If you go to an upstream ISP, and can display a RIPE network entry that claims "I own 195.30.0.0/16 and AS5539", chances are good that this ISP will then provide routing for you...
It's usually enough to just announce it right away, or fill some crappy web form with the prefix information. Unfortunately.
So indeed, getting the database entry is an important step toward tricking ISPs to route you.
Only for evildoers being customers of large ISPs who do stricly filter against IRR data. And then only RIPE IRR data can be used for authorization, as the only thing you need to create false IRR data in RADB is that you need to pay for a maintainer object. This is why I say that we need ONE constistent hierarchy of IRR auth data from IANA down. The safety net has larger holes than you seem to think, I'm afraid. :-Z Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
It's usually enough to just announce it right away, or fill some crappy web form with the prefix information. Unfortunately.
Yes. But you need physic link to make announcement. And that is much traceable than unknown papers. Evil people can make evil papers with a PhotoShop and half of an hour of free time. But good people have to be bored gathering it in the real :( -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Mon, Oct 10, 2005 at 05:26:37PM +0200, Daniel Roesen wrote:
So indeed, getting the database entry is an important step toward tricking ISPs to route you.
Only for evildoers being customers of large ISPs who do stricly filter against IRR data. And then only RIPE IRR data can be used for authorization, as the only thing you need to create false IRR data in RADB is that you need to pay for a maintainer object. This is why I say that we need ONE constistent hierarchy of IRR auth data from IANA down.
The safety net has larger holes than you seem to think, I'm afraid. :-Z
Networks tend to consist mostly of holes between the rope... :-) But yes, I'm aware of that, and we should be working toward making it more difficult to spoof things, not making it more convenient. (If we can do it without ending up in horrendous bureaucracy) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 81421 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Demonstrating that some abuse did *not* happen due to measures taken is sort of difficult - but I'm sure the LIR folks can say some more about this, like "how often do you get PI requests that never come back when asking for proof of existance" or such?
and what percentage that did not come back merely gave up on dealing with a stultifying rigid bureaucracy, took a /28 from an upstream, and natted 666 customers? randy
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back?
do i care if joe is legally registered or not? do i care if joe is blonde? this places a barrier to entry which seems hard to reach for a number of classes of valid lirs, e.g. ngos in odd countries. randy
On 10 okt 2005, at 15.03, Gert Doering wrote:
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back?
Put another way. Even _with_ these requirements we have a hard time knowing who owns what address space... - kurtis -
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back? Put another way. Even _with_ these requirements we have a hard time knowing who owns what address space...
this illogic does not at all show that these requirements improve that knowledge. e.g. even with invading iraq and murdering tens of thousands of human beings, we have a hard time knowing who owns what address space. randy
Randy, On 11 okt 2005, at 18.51, Randy Bush wrote:
Do *you* want Joe Random Spammer setup a spam business under false name, getting PI space from RIPE (using the false name), and then get out annoying people, with no way to trace him back?
Put another way. Even _with_ these requirements we have a hard time knowing who owns what address space...
this illogic does not at all show that these requirements improve that knowledge.
e.g.
even with invading iraq and murdering tens of thousands of human beings, we have a hard time knowing who owns what address space.
Whatever you tried to say went passed me here...:-( - kurtis -
Put another way. Even _with_ these requirements we have a hard time knowing who owns what address space...
this illogic does not at all show that these requirements improve that knowledge.
e.g.
even with invading iraq and murdering tens of thousands of human beings, we have a hard time knowing who owns what address space.
Whatever you tried to say went passed me here...:-(
your sentence implied and relied on an assertion of relationship which you failed to justify. you have no idea if these requirements have helped or hindered knowledge of address space ownership or anything else. randy
On 12 okt 2005, at 15.45, Randy Bush wrote:
Put another way. Even _with_ these requirements we have a hard time knowing who owns what address space...
this illogic does not at all show that these requirements improve that knowledge.
e.g.
even with invading iraq and murdering tens of thousands of human beings, we have a hard time knowing who owns what address space.
Whatever you tried to say went passed me here...:-(
your sentence implied and relied on an assertion of relationship which you failed to justify. you have no idea if these requirements have helped or hindered knowledge of address space ownership or anything else.
I was arguing that as the LIRs are the ones that (in the majority of the cases) submit the data to the RIPE DB, and more often are also listed instead of their customers (DSL blocks), and they have a documented relationship with the NCC, proving the identity of the LIR will help (partly) securing the trail to the owner of and allocated addressblock. In asking for the papers this does help the NCC to establish that trail. Which I believe is a good thing. - kurtis -
I was arguing that as the LIRs are the ones that (in the majority of the cases) submit the data to the RIPE DB, and more often are also listed instead of their customers (DSL blocks), and they have a documented relationship with the NCC, proving the identity of the LIR will help (partly) securing the trail to the owner of and allocated addressblock. In asking for the papers this does help the NCC to establish that trail. Which I believe is a good thing.
what is the identity of an lir? try looking at, for example, the issues being raised in http://www.identity20.com/media/OSCON2005/ randy
On Oct 14, 2005, at 1:13 PM, Randy Bush wrote:
I was arguing that as the LIRs are the ones that (in the majority of the cases) submit the data to the RIPE DB, and more often are also listed instead of their customers (DSL blocks), and they have a documented relationship with the NCC, proving the identity of the LIR will help (partly) securing the trail to the owner of and allocated addressblock. In asking for the papers this does help the NCC to establish that trail. Which I believe is a good thing.
what is the identity of an lir? try looking at, for example, the issues being raised in http://www.identity20.com/media/OSCON2005/
randy
Hi Randy, Thanks for this reference. Identity is a tool or pragmatic feature like a database key field, that makes inter-temporal associations (e.g., "recognition") and cross-referencing ("resemblance") possible. Recognition over time makes thinks like trust and reputation possible -- which in turn makes makes trust-based judgments (e.g., association vs. avoidance) easier, which in turn reduces opex (infinite safeguards, 200% advance deposits, full replacement value insurance, etc.). It's not 100% effective even in the mundane world -- nor would we want it to be (think panopticon). However it seems pretty easy to say that it "works better" -- to this particular end -- if there is a reasonably high correlation between thing-x and signaling feature (x). The OSCOM guy talks about all of the associations, experiences, and historical contingencies associated with him as if they could serve as a full and final description description of his identity. But it seems to me that *he* is the key field -- the physical guy in the middle of all of the swirl. There's nothing to hang all of those experiences/observations on if you take him out. And it's hard for me to imagine how a theory like his would have ever seemed plausible if we lived in a place like the Internet, where it's possible to jump out of one's own skin (key field) and into the skin (key field) of another existing "identity" -- or to make a completely new one up. This doesn't mean that that experiential/observational identity features have no place in the Internet, nor does it mean that we've already got the best Internet identity key field (i.e., whois and the other less visible parts of the RIR databases) possible. I just have a hard time understanding how one would be of any use at all without the other. Maybe all you really care about is long-term stable behavioral/historical identities, and you're prepared to shun the news ones and erratic ones as peers, customers, etc., until they stabilize and become familiar? But that leaves the little guys in the semi-permanent outs, and it gives the big guys permanent license -- because they can always spawn and then drop new peripheral identities when they want to do bad things. Relying exclusively on historical/ behavioral identities provides no assurance at all against false negatives (failing to recognize a bad guy) like this. Or so it seems to me. Viewed this way, aggregating and decomposing key fields and associated records doesn't seem like such an intractable dilemma. The identity of an LIR depends on what you want to know about it -- maybe in this context what we want to know is what ASNs it legitimately controls, what these are authorized to originate and announce, and how to get in touch with them when necessary. Others may want to know about explicitly observational things (frequency of flapping, bad traffic, timely bill payment, etc.) Still others might find it useful to recognize other features of the LIR to serve other purposes (e.g., for regulatory compliance, taxation, etc.). But to cohere all of these things have to have something else to hang off of -- for the LIR presumably, this is some conventional official institutional records. Wrote an article about this for ARIN, coming out any day. Apologies in advance for the usual obscurities/ambiguities, but this really is a place were ops can take a lesson from philosophy... Tom
The OSCOM guy talks about all of the associations, experiences, and historical contingencies associated with him as if they could serve as a full and final description description of his identity. But it seems to me that *he* is the key field -- the physical guy in the middle of all of the swirl.
and when we can send [a copy of] him over the net, we can enjoy the benefits of all the wordy sophistry. until then, we'll just have to muddle along with the reality with which we are faced. and, in this reality, some paper from a government agency seems both unnecessary and unhelpful in trusting the identity of an lir. we trust them enough to have a clearly tracable financial transaction. do we have the right to tell them how they must do business? randy
On Oct 15, 2005, at 3:43 AM, Randy Bush wrote:
and, in this reality, some paper from a government agency seems both unnecessary and unhelpful in trusting the identity of an lir. we trust them enough to have a clearly tracable financial transaction.
So, maybe my understanding of the process/content of billing in RIPE- land is deficient. A "clearly traceable financial transaction" sounds a lot more confidence inspiring "any financial transaction at all, so long as it arrives on time" (e.g., anonymous money order from 7-11, etc.). What does RIPE require that the transaction be clearly traceable to? If it's something that anchors net-identity to some stable, persistent, contactable institution, then maybe that's enough. Can someone share details?
do we have the right to tell them how they must do business?
I'm glad to have a friend in the society of sophists :) I think we do have a right to tell them they have to identity themselves in some way in order to *go into* the business, and to expect that that information remains accurate over time. If we don't have the right to expect stable/transparent identification at at least the LIR/ASN level, then is there another practical, scalable, fair way to secure end-points? If there isn't, don't we have a right to declare that such identification is required for the greater good of all? The only rights we really enjoy are the ones that we've declared this way, and then fought to protect and enforce. Right now operators in some places enjoy the de-facto option of complete or selective anonymity (i.e., no one but my friends may recognize me, and only to the degree chosen by me; who my friends are are determined by me on a transaction-by-transaction basis, subject to modification at any time) I've never heard this declared as a right. Is it? Tom
On Oct 10, 2005, at 2:13 pm, Max Tulyev wrote: [...]
Seems you never do mass PI registering ;)
Yes, they sometime requests different unexpected things, like translations, users agreements, invoices for hardware listed in request and others. And almost anytime - registration papers.
P.S. The question is still exists: what kind of documents these requirements are based on?
In cases where we are asked to assign resources to a non-member we will often ask for documentation to let us know exactly who will be receiving the resources. The key issue is that as a registry, we have a responsibility to have a clear record of who a resource is registered to. If you ever have a query about exactly what we're looking for then we're happy to talk it through with you on the telephone if that's easier than e-mail. Kind regards, -- leo vegoda Registration Services Manager RIPE NCC
but what is the need/goal of this requirement? randy
participants (10)
-
Daniel Roesen -
Gert Doering -
Hank Nussbacher -
Kurt Erik Lindqvist -
Larisa A. Yurkina -
leo vegoda -
Max Tulyev -
Maxim V. Tulyev -
Randy Bush -
Tom Vest