Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Carlos Friaças via anti-abuse-wg]

Hi,


After reviewing version 2, i'm not very sure about:


1) "Require intervention by the recipient"

Some reports will not require intervention, they work only as a warning 
for a possible device infection. Some incident response teams may also 
decide not to process certain categories of reports/incidents.
One of our examples is the huge set of reports we receive related to the 
webcrawling activity that feeds into the portuguese web archive 
(arquivo.pt). Some networks/servers are more sensible to webcrawling and 
have automated report generation mechanisms. That's also something that 
must be considered. We can't expect a manual intervention by the recipient 
if the sender has an automated process...



2) "Must guarantee that abuse reports and related logs, examples, or email 
headers are received".


I think this one can be tweaked: The recipient domain's policy might be 
to discard messages bigger than  megabytes (we have that in my org's 
domain, but not on the CSIRT's domain). Hence, i would say to add ", upto 
a reasonable limit in size" to the sentence.



3) About "5.0 Escalation to the RIPE NCC"

It's also important to note that a domain is entirely free to block 
incoming messages from another given domain. So, if someone receives 500 
reports/day from the same mailbox, or from several mailboxes of the same 
domain, it's perfectly normal to blacklist the sending domain locally...



4) About the 1 year to 6 months change, i'm OK with it as long as it's 
feasible for the NCC's system -- but i guess the I.A. might clarify that.



Final comments: I think the proposal is useful, and it's important to note 
that if something de-rails (abuse-wise), then the most probable line of 
action seems to be an ARC, which is already part of the NCC's duties 
anyway.



Regards,
Carlos



On Tue, 1 Oct 2019, Marco Schmidt wrote:



Dear colleagues,

A new version of RIPE Policy proposal, 2019-04, "Validation of 
"abuse-mailbox"", is now available for discussion.

This proposal aims to have the RIPE NCC validate "abuse-c:" information more 
often, and introduces a new validation process that
requires input from resource holders.

The proposal has been updated following the last round of discussion and is now 
at version v2.0. Some of the differences from
version v1.0 include:
- Removes ambiguous examples from the policy text
- Defines mandatory elements of the abuse handling procedures
- Removes the prohibtion of automated processing of the abuse reports

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-04

As per the RIPE Policy Development Process (PDP), the purpose of this four-week 
Discussion Phase is to discuss the proposal and
provide feedback to the proposer.

At the end of the Discussion Phase, the proposer, with the agreement of the 
Anti-Abuse Working Group Chairs, decides how to proceed
with the proposal.

We encourage you to review this proposal and send your comments to 
 before 30 October 2019.

Kind regards,

Marco Schmidt
Policy Officer
RIPE NCC

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Gert Doering]

Hi,

On Tue, Oct 01, 2019 at 03:15:02PM +0100, Carlos Friaças via anti-abuse-wg 
wrote:
> I don't think it's a matter of authority, but only a matter of 
> understanding if the community wants to tighten the requeriments (or 
> not).

This part of the community does not want to increase the workload for
people handling abuse mailbox, for questionable results.

The general idea fails the most basic test "will it have a positiv effect, 
or will it just cause extra hurdles for those that already do the right
thing".

So, I do not agree with this proposal.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[furio ercolessi]

On Tue, Oct 01, 2019 at 03:15:02PM +0100, Carlos Friaças via anti-abuse-wg 
wrote:
> 
> On Tue, 1 Oct 2019, Nick Hilliard wrote:
> 
> >There isn't a major problem with the RIPE NCC testing abuse
> >mailboxes on a purely advisory basis, but the RIPE abuse working
> >group has no authority to
> 
> I'm sure you meant the RIPE *anti*-abuse working group :-)))

Smile, yes, but up to a point.

The group is certainly called anti-abuse, but participation is open to all
the stakeholders, so it should be safe to assume that both communities are
present and active.

In fact, it is not too uncommon to see posts from representatives of service
providers well known in the security community for knowingly providing
services to cybercrime.

This may be stating the obvious, but as far as I am concerned very little
real antiabuse work can be done here because of this reason.

furio ercolessi

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Carlos Friaças via anti-abuse-wg]

Hi Nick, All,


On Tue, 1 Oct 2019, Nick Hilliard wrote:


Marco Schmidt wrote on 01/10/2019 13:18:
As per the RIPE Policy Development Process (PDP), the purpose of this 
four-week Discussion Phase is to discuss the proposal and provide feedback 
to the proposer.


This version addresses none of the issues I brought up with the previous 
version in May:



https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-May/005120.html


There isn't a major problem with the RIPE NCC testing abuse mailboxes on a 
purely advisory basis, but the RIPE abuse working group has no authority to


I'm sure you meant the RIPE *anti*-abuse working group :-)))


dictate to internet resource holders how to perform their abuse management 
workflow, with an explicit threat that their businesses will be ruined unless 
they comply to the letter.


I don't think it's a matter of authority, but only a matter of 
understanding if the community wants to tighten the requeriments (or 
not).



Alex de Joode pointed out on May 17th that the proposal also lacks 
proportionality and would be unlikely to be upheld in court.  It seems 
inadvisable that the RIPE NCC should implement a policy with such poor legal 
basis.


What you mean is that if someone just flushes some bogus abuse contact, it 
isn't as serious as providing falsified data/documents to the RIPE 
NCC?
Because that bogus data is not aimed at the NCC but instead at the world, 
then it should be OK...?




The policy is fundamentally broken and should be withdrawn.


I haven't read this version yet, but i will.


Regards,
Carlos




Nick

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Nick Hilliard]

Marco Schmidt wrote on 01/10/2019 13:18:
As per the RIPE Policy Development Process (PDP), the purpose of this 
four-week Discussion Phase is to discuss the proposal and provide 
feedback to the proposer.


This version addresses none of the issues I brought up with the previous 
version in May:



https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-May/005120.html


There isn't a major problem with the RIPE NCC testing abuse mailboxes on 
a purely advisory basis, but the RIPE abuse working group has no 
authority to dictate to internet resource holders how to perform their 
abuse management workflow, with an explicit threat that their businesses 
will be ruined unless they comply to the letter.


Alex de Joode pointed out on May 17th that the proposal also lacks 
proportionality and would be unlikely to be upheld in court.  It seems 
inadvisable that the RIPE NCC should implement a policy with such poor 
legal basis.


The policy is fundamentally broken and should be withdrawn.

Nick

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Brian Nisbet]

Thanks for this, Marco!

Colleagues, this is a second Discussion Phase and it gives the WG the 
opportunity to comment on the new version. Unsurprisingly it will be on the 
agenda for our meeting at RIPE 79.

Thanks,

Brian
Co-Chair, RIPE AA-WG

Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nis...@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270

From: anti-abuse-wg  On Behalf Of Marco Schmidt
Sent: Tuesday 1 October 2019 13:19
To: anti-abuse-wg@ripe.net
Subject: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of 
"abuse-mailbox")


Dear colleagues,

A new version of RIPE Policy proposal, 2019-04, "Validation of 
"abuse-mailbox"", is now available for discussion.

This proposal aims to have the RIPE NCC validate "abuse-c:" information more 
often, and introduces a new validation process that requires input from 
resource holders.

The proposal has been updated following the last round of discussion and is now 
at version v2.0. Some of the differences from version v1.0 include:
- Removes ambiguous examples from the policy text
- Defines mandatory elements of the abuse handling procedures
- Removes the prohibtion of automated processing of the abuse reports

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-04

As per the RIPE Policy Development Process (PDP), the purpose of this four-week 
Discussion Phase is to discuss the proposal and provide feedback to the 
proposer.

At the end of the Discussion Phase, the proposer, with the agreement of the 
Anti-Abuse Working Group Chairs, decides how to proceed with the proposal.

We encourage you to review this proposal and send your comments to 
 before 30 October 2019.

Kind regards,

Marco Schmidt
Policy Officer
RIPE NCC

[anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

[Marco Schmidt]

Dear colleagues,

A new version of RIPE Policy proposal, 2019-04, "Validation of 
"abuse-mailbox"", is now available for discussion.


This proposal aims to have the RIPE NCC validate "abuse-c:" information 
more often, and introduces a new validation process that requires input 
from resource holders.


The proposal has been updated following the last round of discussion and 
is now at version v2.0. Some of the differences from version v1.0 include:

- Removes ambiguous examples from the policy text
- Defines mandatory elements of the abuse handling procedures
- Removes the prohibtion of automated processing of the abuse reports

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-04

As per the RIPE Policy Development Process (PDP), the purpose of this 
four-week Discussion Phase is to discuss the proposal and provide 
feedback to the proposer.


At the end of the Discussion Phase, the proposer, with the agreement of 
the Anti-Abuse Working Group Chairs, decides how to proceed with the 
proposal.


We encourage you to review this proposal and send your comments to 
 before 30 October 2019.


Kind regards,

Marco Schmidt
Policy Officer
RIPE NCC

[anti-abuse-wg] Draft Agenda RIPE 79

[Brian Nisbet]

Colleagues,

Just to let you all know, we should have a draft agenda by some point tomorrow. 
There were a few changes and I didn't want to publish anything not mentioning 
2019-03 until the final decision had been made there, because that would have 
been jumping the gun.

Thanks,

Brian
Co-Chair, RIPE AA-WG

Brian Nisbet 
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nis...@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270