Hi Ángel,
On Thu 20/Jan/2022 16:27:59 +0100 Ángel González Berdasco wrote:
Alessandro Vesely wrote:
I propose that RIPE accepts abuse-c email addresses from verified effective
users of a range of IP numbers, stores them in the database, and serves them in
RDAP/ WHOIS queries besides the abuse-c addresses provided by the ISP. Various
automated methods can be adopted to allow an effective user to be verified; for
example publishing an HTTP URL or a DNS entry. Abuse contacts added that way
can expire after a few months, forcing the effective user to renew them, so as
to avoid stale entries.
I think you should describe how this proposal differs from what is
available nowadays. Wouldn't they already be able to configure verified
effective users for the IP addresses (e.g. with an abuse-c of the
client and another of theirs) ?
They may be unwilling to do so or consider it a hurdle, requiring them
to create new objects and so on, but what makes you believe they would
be willing to use that new system?
Curiously, IME, they're keen on doing RFC 2317 delegations, but refrain from
assigning abuse-c attributes. I don't know if those belong to different
departments or if there's just a different policy. The concept that they are
safer holding abuse-c for themselves was expressed on mailop recently. If I
were an ISP, I'd set up different abuse-c addresses for each customer,
something like abuse-customer@isp.example, with possible auto-forward to a
customer supplied address. But I'm not.
RDAP allows some leeway in responses, so that something could be set to
indicate whether a vcard entry belongs to the ISP or to the final operator. I
don't think ARIN or other RIRs are already featuring that kind of facility. Is
it because nobody asked?
Best
Ale
--
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
