Petra.Zeidler--- via ripe-list <ripe-list@ripe.net> wrote: > Andrew Campling <andrew.campling@419.consulting> writes: >> Irrespective of any view regarding rights holders, the lack of >> effective KYC procedures is also a problem in combating both malicious >> and illegal content > Know Your Customer does require that someone IS their customer, right? > Which in very many cases will not be the case for resource users and > RIPE. > In cases of someone using "fallow" resources without authorization by > the formal resource holder, would you also blame the RIPE database for > having incorrect info? Isn't this why the RIRs send out these yearly reminders to verify contact info? > Let me point out that even a "bulletproof" hoster will not beam their > packets onto the Internet but will be connected to an uplink or > uplinks, which ought to be readily traceable with a plain traceroute > until you find the closest-to-them entity you can identify and that > picks up their phones, which likely have a contract either with the > hoster or their provider (and maybe even an acceptable use > policy). Following that scavenger-hunt wise is sure more work than just > looking it up in a phone book (RIR database), but the likelihood of > finding entities whose customers the sought-after parties are is > distinctly better. It's clear from many interactions with canadian federal bureaucrats that such a proceedure, while obvious to us, is not at all obvious to them. Even *internally* they have no idea that it is possible to do. (Unicast me) My opinion: we (the RIR community), can do better. There is some give and take with law enforcemenet, and this is a place where we can give a bit more. We do that in order to keep them from thinking they have to take things, like end to end encryption. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide