Hi Nick,
El 8/5/20 23:58, "Nick Hilliard" <n...@foobar.org> escribió:
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 08/05/2020 12:07:
> [Jordi] The job of the RIPE NCC is to implement the policies agreed
> by the community. Different folks may consider different pieces of
> all of our policies as "inappropriate" or "arbitrary"
which is fine, mostly. Subject to usual discretion of the RIPE NCC to
ignore policy which is harmful to itself or others. Various board
members have confirmed in the past that the RIPE NCC will not buy an
island if instructed to do so by the RIPE Community.
> and the goal is
> to find a point in the middle, which is what we call consensus.
The goal is to try to find consensus. There's nothing in the concept of
consensus about trying to find a point in the middle.
If I make a policy proposal to demand that the RIPE NCC buy an island,
would it be reasonable to settle on a compromise which involved the RIPE
NCC buying only half an island?
It's ok for consensus to be that a policy proposal be rejected entirely.
[Jordi] I guess there is a translation problem here. For us in Spain, something
in the middle means a middle term or "compromise" to find an agreement, not to
buy half of the island ;-) even less when I'm not trying to buy any island!
Consensus is very well described in many nice sentences in RFC7282 (by the way,
remember that is not just consensus, we use it for short, but actually it is
"rough consensus"). For example:
"Coming to consensus is when everyone (including the person making the
objection) comes to the conclusion that either the objections are
valid, and therefore make a change to address the objection, or that
the objection was not really a matter of importance, but merely a
matter of taste. Of course, coming to full consensus like that does
not always happen. That's why in the IETF, we talk about "rough
consensus"."
*** See also "5. Consensus is the path, not the destination", it requires time
and sometimes many cycles (many versions), is the only way we have, is slow, by
in my opinion is the right way.
> I believe is perfectly understandable the need to avoid using manual
> forms which don't follow a single standard, which means extra work
> for *everyone*.
Couple of things on this:
- if you want to standardise a mechanism for abuse reporting, then that
would be useful and by all means, go ahead with that idea first. There
are many forums available for doing this.
[Jordi] The standard is already defined and this version of the proposal
included it. Now we need to agree if we want to use it or not, and at the time
being I wrote it as one choice. Maybe the community prefers making it as the
only valid option. We do that very often in many other proposals. Why not for
abuse reporting?
- your proposal threatens to close down RIPE NCC members if they decline
to support abuse reports over email. This is unhinged.
[Jordi] No, this is not my proposal, this is already *any policy violation* ,
and actually the actual policy already do that, but in an unclear way. I'm
trying to expose it being more honest and transparent with the interpretation
of the actual text:
"The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually.
Where the attribute is deemed incorrect, it will follow up in compliance with
relevant RIPE Policies and RIPE NCC procedures."
> [Jordi] The actual policy has a bigger level of micro-management, by
> setting one year and not allowing the NCC to change that. I think it
> is much better to explicitly allow it. One alternative, I will be
> fine with that, is not define the time at all, and let the NCC to
> adapt it to the needs. Would you thing this is more appropriate?
The entire policy is poorly thought-through to start with. You can't
fix bad policy with minor tweaks around the edges.
[Jordi] Well, we disagree here, many documents reached consensus thru
contributions from people, even if it was a bad document (I don't think it is
the case) from the start.
> [Jordi] What I'm asking here is to make sure that we have stats. I'm
> not changing what is an actual practice. You can always report to
> *any* RIR, what you think is wrong and if you're a good internet
> citizen, you should do that.
If you're a good internet citizen, you have some moral obligation to
report abuse to an internet number resources registry?
[Jordi] This is my opinion, not just in the Internet community. If I see
something wrong in "any community", I need to cooperate to make it better.
Otherwise I can't complain. If you don't like the food in the restaurant, you
either stop eating there or complain so they improve ... If you don't like how
your city major does his job, you will complain, even provide suggestions, or
not vote him anymore and convince others about that.
You're completely putting the cart before the horse here. The purpose
of the RIRs is number resource registration.
[Jordi] Which include reliable and usable database information.
> I'm happy if you believe that my wording
> is not good, and we agree on that goal, to find an alternative one.
> Any suggestion?
Firstly, if you propose to collect stats about anything, you need to
think about what sort of stats should be collected.
Secondly, you need to make a credible argument about why the RIPE NCC
should be obliged to spend membership funds collecting these stats and
why the RIPE NCC is a more appropriate vehicle for collecting these
stats than other organisations which specialise in online security and
abuse issues, particularly those which already collect statistics about
online abuse.
[Jordi] What I understood from RIPE NCC, correct me please if I'm wrong, is
that they have already those stats, but they aren't mandated to keep collecting
them or even less, publish periodic reports. Regarding what stats, I was
thinking that it is obvious, but seems not: Escalation cases for failed abuse
mailboxes. We can then compare with the existing validation procedure and see
if something is not really working or it is people that just don't handle abuse
cases. By the way, this has been in place in APNIC for already around one year,
and it is providing good results.
Nick
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
