>From a systems perspective the discussion below is exactly
backwards.
A millions-user system dependent for correct operation (e.g. one not
promoting abuse [the subject of this list]) must be [re]designed to
place the onus on the user not the registrar. Rule: if your data are
not correct, you are off the net. Same as if you don't pay your
bills to your ISP. The ISP (or the electric company, or the
phone company . . . .) don't chase after you and spend hours
getting you to pay your bill. They just disconnect you after sufficient
notice to the registered address.
At present the internet is a cesspool of crime without effective
mechanisms of accountability and traceability. An outsider viewing this
thread (and the dozens of others I've been monitoring for more than a
decade) would find remarkable the unspoken assumption of their
discussions: how to make life trouble-free for the registration and
contracting bodies, even though this makes inevitable the criminal
nature of the mechanism they are charged with managing.
With a proper goal in mind ("Develop our mechanisms so the internet
is no longer a cesspool of crime") the kind of discussion below
("We can't consider that because it would be a lot of work and
some people would become upset") would be out of bounds.
The matter of the "defining discussion goal" will have to be taken up
in order to make progress on this list's putative purpose of "anti-abuse."
Jeffrey Race
On Fri, 6 Nov 2015 13:49:01 +0000, Sascha Luck [ml] wrote:
>On Fri, Nov 06, 2015 at 11:56:51AM +0100, denis wrote:
>>
>>Add to that all the possible language issues and I am not sure how you
>>will expect the RIPE NCC to validate all this personal contact data
>>with people who they have no relationship with and who may have never
>>heard of the RIPE NCC or RIPE. Anyone who receives an email from an
>>organisation they have never heard of, possibly in a language they
>>don't understand, asking to validate personal information...well you
>>know how that will be treated these days.
>
>I've occasionally done db cleanup death-marches for customers
>where I've created/updated/deleted 100 or so objects in a single
>day. (usually with contact data relating to the LIR which does
>have a contract with the NCC)
>Is the idea seriously that someone doing this will have to field
>100 phone calls or reply to 100 emails over the day?
>
>What about the numerous LIRs who do their resource management
>programatically, without human input?
>
>IMO, such actions would actually discourage proper resource
>management and lower the quality of the db.
>
>>Also bear in mind a single data validation is quite pointless. What is
>>valid today may not be tomorrow. So you cannot trust data that was
>>validated yesterday. To have any benefit this data would have to be
>>routinely re-validated. Given the quantity of personal data sets in
>>the RIPE Database (we are talking millions), many of whom have never
>>heard of the RIPE NCC, to ask them to undertake this exercise would
>>result in the RIPE NCC being reported to many law enforcement
>>authorities for phishing.
>
>Not even considering the inevitable members' revolt.
>
>rgds,
>Sascha Luck
>
