On 31.12.2011 16:25, John Levine wrote: > This seems way, way, over-detailed for an Applicability Statement. > > As I understand it, and AS is intended to answer basic questions about > "what do you use this for"? In the case of ARF, the answer is that > mostly you use it in private FBLs, but we've found that you can also > use it for normal abuse reports. That's it.
I don't think we should feel constrained by formal purism. The document's usability won't be compromised if we mix a few technical specifications in it. For Security Considerations in particular, we should note possible weaknesses if they are relevant to abuse reporting. I'd rather discuss their merit than their formal role. > When we have more experience with using ARF in abuse reports, we might > put some of this stuff in a BCP, but since I don't know anyone other > than me who has much experience using them in abuse reports, that > seems rather premature. I agree there's a number of techniques we never tried. IMHO, such kind of stuff belongs to reporting-discovery, be it destined to PS, Experimental, or (gasp) oblivion. For example, how should network providers handle the complaints sent to their RIR-published abuse mailboxes? Happy 2012 _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
