Maybe make more use of the 'role'-objects? Within organisations people
come and go, while their departments responsible for network operations
and abuse keep rolling. Listing a department as role and using a shared
e-mail address would reduce the ever increase of new person-objects in
the database.
Kennedy, James via address-policy-wg wrote at 2019-04-09 10:46:
Hi everyone,
For those not already aware of recent discussions on the topic, there
is an ever increasing need primarily for network operators and others
running the internet, but also CSIRTs, certain governmental bodies,
LEAs and more to have contact details for IP networks correct at all
times in the RIPE database.
This is actually required by RIPE policy and is one of the database's
fundamental missions but as flagged during the RIPE77 meeting, on the
RIPE mailing lists and felt daily by those managing IP networks it is
clear that improvements are very much needed to help contact
registration accuracy and ease of maintenance.
· Community members have questioned the reliability of the RIPE
database today - Whois has been described as "broken", "a horrible
mess", even "should be gotten rid of"
· +2M PERSON objects were found in the database though the number
of LIRs is less than 22K
· The increasing amount of contact data has become more difficult
for operators to manage, which also puts IP number resources at risk of
hijacks and even deregistration
· The RIPE NCC is challenged with contacting and validating IP
network holders, with additional pressure stemming from the growing
monetary value of IP resources
It is our responsibility as the RIPE community to build and implement
improvements as and when needed. To echo Hans Petter's comment during
the RIPE NCC Services WG at RIPE77 - we made the mess, we must clean it
up!
Rather than just mandating the RIPE NCC to perform validation exercises
on 2M PERSON objects, we would like to start by re-evaluating exactly
what contact info the community actually wants in the database and then
consider if the current RIPE policies sufficiently reflects this.
Please see Denis' mail below for contact detail references in current
policies.
So we ask the community - please can you please tell us what contact
info do you want to see in the RIPE database? Do it differ per type of
IP network user - LIRs and PA/PI End Users, orgs and individuals (sole
trader or residential), 3rd parties managing IP resources on behalf of
an LIR/org/individual, etc.?
Regards,
James
FROM: address-policy-wg [mailto:[email protected]] ON
BEHALF OF ripedenis--- via address-policy-wg
SENT: 22 March 2019 11:00
TO: [email protected]
SUBJECT: [address-policy-wg] Clarification of policy requirements for
contact information
Colleagues,
Elvis, James and myself have started talking about personal data in the
RIPE Database. I said we would bring sub issues to the community when
we need direction or clarification. We looked at three policy documents
maintained by AP-WG and have a few questions.
Before we look at WHERE and HOW the data is stored, we would like to
get community feedback on exactly WHAT contact details should be
published as per current policies?
Below are the quotes and links to the 3 policy documents we looked at.
cheers
denis
co-chair DB-WG
In the "IPv4 Address Allocation and Assignment Policies for the RIPE
NCC Service Region" (ripe-708) [1] first mention about contact data is
4.0:
"4.0 Registration Requirements
All assignments and allocations must be registered in the RIPE
Database. This is necessary to ensure uniqueness and to support network
operations.
Only allocations and assignments registered in the RIPE Database are
considered valid. Registration of objects in the database is the final
step in making an allocation or assignment. Registration data (range,
contact information, status etc.) must be correct at all times (i.e.
they have to be maintained)."
and then in 6.2:
"6.2 Network Infrastructure and End User Networks
IP addresses used solely for the connection of an End User to a service
provider (e.g. point-to-point links) are considered part of the service
provider's infrastructure. These addresses do not have to be registered
with the End User's contact details but can be registered as part of
the service provider's internal infrastructure. When an End User has a
network using public address space this must be registered separately
with the contact details of the End User. Where the End User is an
individual rather than an organisation, the contact information of the
service provider may be substituted for the End Users.
[...]"
In the "IPv6 Address Allocation and Assignment Policy" (ripe-707) [2]
the requirement is even more vague in 3.3:
"3.3. Registration
Internet address space must be registered in a registry database
accessible to appropriate members of the Internet community. This is
necessary to ensure the uniqueness of each Internet address and to
provide reference information for Internet troubleshooting at all
levels, ranging from all RIRs and IRs to End Users.
The goal of registration should be applied within the context of
reasonable privacy considerations and applicable laws."
The "Autonomous System (AS) Number Assignment Policies" [3] does not
mention anything about contact data requirements.
[1] https://www.ripe.net/publications/docs/ripe-708
[2] https://www.ripe.net/publications/docs/ripe-707
[3] https://www.ripe.net/publications/docs/ripe-679
