Hi Sascha
On 04/11/2015 15:32, Sascha Luck [ml] wrote:
On Wed, Nov 04, 2015 at 12:05:28AM +0000, ripede...@yahoo.co.uk wrote:
the sponsoring LIR should be restricted to an LIR in the same
geographical/political/language area as the end user resource
holder. Otherwise it could render the whole notion of an LIR
validating their sponsored user's data pointless.
IANAL, but I can't imagine that such a rule would even be legal
under EU legislation. Common Market, remember? Considering that the
Internet doesn't recognise any borders or
political blocs, this is one of the more outlandish suggestions
even for this forum.
That may well be right, but if the sponsor cannot understand the
language of the resource holder the validation may not be very effective.
Interesting point about the creation of this ORGANISATION
object. It touches on an issue I have been trying to raise for a
number of years. But I am almost universally shouted down by
most of the vocal members of the RIPE community whenever I
mention it. Even though many less vocal members have privately
Ah, "the majority agrees with me in email"
I never mentioned email or majority. 'Some' people I have talked to at
RIPE Meetings have agreed with me. The majority will not even talk about it.
Sascha Caveat - “we are not the [xyz] police” .. in this
case, “the document police” .. a fine old trope, that.
I didn't actually write this, your quoting appears to be broken.
My apologies it was in a reply 'to' you not from you.
Sander "I personally think that someone holding resources should
at least be identifiable in the DB,"
I absolutely agree, but also anyone who partly manages any
aspect of a resource should be identifiable.
No. Just NO. I am, frankly, flabbergasted at this mindset:
1) All resource holders are presumed to be bad actors and all of
their data must be kept in a database, their correctness to be
strictly enforced.
That seems to be the basis of this whole thread....not my assumption
2) It's no problem making this data available, for free, to every
Tom, Dick & Harry with an internet connection.
I actually have some very strong views on making parts of the data in
the RIPE Database private, but that is another proposal...
The very idea that
someone might use this data for nefarious purposes is obviously
farcical.
You have a very negative and misguided view of what I am saying.
There is a need to be able to reach a resource holder to notify
them of abuse coming from their network (the abuse-c) or
technical problems (the tech-c). There is NO need to have the
street address and phone number of every *person* "who partly
manages any aspect of a resource" in a public database, just to
satisfy the curiosity of some curtain-twitcher or give actual
criminals some data for ID theft purposes.
First of all I never said anything about personal data. Maybe you have
not heard of the concept of business data. Maybe also you have never had
problems trying to contact people regarding resources in the RIPE
Database. The 2007-01 policy to contact all resource holders took about
7 years to implement. I suspect many of them are uncontactable again by now.
The complexity of this database schema allows for many ways to hide
yourself. By manipulating the relationship between PERSON, ROLE, MNTNER,
ORGANISATION objects and building complex references and chains of
objects it can become very difficult to find who to contact. Do you
realise you can make a business out of a MNTNER object? If you 'own' the
MNTNER object you can provide a service to other people. You put the
password of some anonymous person into your MNTNER and this anonymous
person can then maintain resources. As the 'owner' of the MNTNER you can
claim you have nothing to do with the resource. You are simply providing
a service to your customers. By creating a new MNTNER for each customer
only they (and you) can manage their data. You try contacting that
resource holder!! The RIPE NCC and maybe the sponsoring LIR knows who it
is, but no one else does. A proper implementation of personalised auth
and dropping the MNTNER object would solve this issue of anonymity.
Unfortunately the watered down version of my original plan being offered
now does not go far enough.
My main point was the chain of trust for resource holders and resource
managers. Also being contactable does not mean personal contact data
must be displayed to the public. There are many ways to be contactable.
But few people are even willing to discuss possibilities when it comes
to changing the data model.
cheers
denis
community and talks with the WG chairs. In the end, when the
RIPE NCC thinks it has worked out the best way to achieve the
policy, they present the final implementation plan with
timelines to the mailing list. If and when consensus is reached
on the implementation, the RIPE NCC will go ahead and do the
work.
For completeness' sake, if the policy leads to changes in the
members' contract or the Terms & Conditions, a membership vote at
the GM is also required for implementation.
rgds,
Sascha Luck
