Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Nick Hilliard 
I'm in favour of a re-charter along these grounds.  There is an appetite 
for the wider issue of security, and a place that a RIPE working group 
could fill. The scope below looks reasonable for re-chartering the 
anti-abuse working group.


Nick

mar...@mxdomain.de wrote on 07/05/2024 12:59:

Dear Anti-Abuse Working Group Members,

Thank you for your responses and support for both the WG itself and 
the current Co-Chairs. We are pleased to see that you prefer to keep 
this WG active.


As Co-Chairs, we see an opportunity to broaden our scope (i.e., 
re-charter). Our main intention is to bring in fresh energy and 
perspectives by welcoming new faces. Additionally, there are relevant 
security topics that don't always neatly fit into other WGs.


Regarding the question of what a new charter might entail, we have put 
together a preliminary, high level, draft that we would love to 
discuss further at RIPE88.


— snip —
Objective:
The Security Working Group is committed to fostering collaboration, 
sharing best practices, and addressing security challenges within the 
RIPE community. The primary objective of the WG is to enhance the 
security, resilience, and stability of the Internet infrastructure 
within our region. Tackling abuse of Internet infrastructure and 
resources would remain a goal of the WG.


Scope:
- Identifying and analyzing emerging security threats and 
vulnerabilities affecting Internet infrastructure.
- Collaborating with stakeholders to develop and advocate for best 
practices, guidelines, and standards for securing Internet resources.
- Facilitating information sharing and cooperation among network 
operators, law enforcement, and relevant entities to mitigate security 
risks.
- Providing education, training, and outreach initiatives to raise 
awareness of security issues and promote best practices adoption.
- Develop policies and best practices to improve security and response 
to security incidents and abuse issues.

— snap —

We are looking forward to your input and comments.

Best regards,
Brian, Tobias, Markus



-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Co-Chair selection

2024-05-09 Thread Janos Zsako 

Dear all,

Brian is willing to accept his nomination. Tobias and I are happy to 
continue to work with him. It would be great to hear from you if you 
support Brian as well.


I am glad Brian is willing to continue this work. I think he has already 
proven that he is well fitted for this task, so I am very happy to 
support him.


Best regards,
Janos



Kind regards,
Markus



--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Serge Droz via anti-abuse-wg 

Dear Markus

Thanks for this list. I'd love to see a bit more than best practices 
though. I'd like to see this group come up with recommendations of what 
RIPE can/should do to curb malicious behavior.


I think there are already a lot of groups that share info, so I'm not 
sure we need another one, but if members have a need for that, we could 
liaise with such existing groups. Shadowserver and FIRST come to mind. 
But again, people that want to do things probably already have this inf. 
We should figure out what to do with people who don't care.


Best
Serge



On 07.05.24 13:59, mar...@mxdomain.de wrote:

Dear Anti-Abuse Working Group Members,

Thank you for your responses and support for both the WG itself and the 
current Co-Chairs. We are pleased to see that you prefer to keep this WG 
active.


As Co-Chairs, we see an opportunity to broaden our scope (i.e., 
re-charter). Our main intention is to bring in fresh energy and 
perspectives by welcoming new faces. Additionally, there are relevant 
security topics that don't always neatly fit into other WGs.


Regarding the question of what a new charter might entail, we have put 
together a preliminary, high level, draft that we would love to discuss 
further at RIPE88.


— snip —
Objective:
The Security Working Group is committed to fostering collaboration, 
sharing best practices, and addressing security challenges within the 
RIPE community. The primary objective of the WG is to enhance the 
security, resilience, and stability of the Internet infrastructure 
within our region. Tackling abuse of Internet infrastructure and 
resources would remain a goal of the WG.


Scope:
- Identifying and analyzing emerging security threats and 
vulnerabilities affecting Internet infrastructure.
- Collaborating with stakeholders to develop and advocate for best 
practices, guidelines, and standards for securing Internet resources.
- Facilitating information sharing and cooperation among network 
operators, law enforcement, and relevant entities to mitigate security 
risks.
- Providing education, training, and outreach initiatives to raise 
awareness of security issues and promote best practices adoption.
- Develop policies and best practices to improve security and response 
to security incidents and abuse issues.

— snap —

We are looking forward to your input and comments.

Best regards,
Brian, Tobias, Markus



--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Leo Vegoda 
Serge,

On Thu, 9 May 2024 at 10:23, Serge Droz via anti-abuse-wg
 wrote:
>
> Dear Markus
>
> Thanks for this list. I'd love to see a bit more than best practices
> though. I'd like to see this group come up with recommendations of what
> RIPE can/should do to curb malicious behavior.

Are you referring to RIPE as a community or to the RIPE NCC as a legal entity?

Kind regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Serge Droz via anti-abuse-wg 

Hi Leo

We can only recommend the community, obviously. So these aare the best 
practices


We can recommend that RIPE NCC changes its rules and procedures to 
address certain issues.


As a WG, if I'm correct we have no other power.

Best
Serge

On 09.05.24 20:15, Leo Vegoda wrote:

Serge,

On Thu, 9 May 2024 at 10:23, Serge Droz via anti-abuse-wg
 wrote:


Dear Markus

Thanks for this list. I'd love to see a bit more than best practices
though. I'd like to see this group come up with recommendations of what
RIPE can/should do to curb malicious behavior.


Are you referring to RIPE as a community or to the RIPE NCC as a legal entity?

Kind regards,

Leo


--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Leo Vegoda 
Hi Serge,

On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg
 wrote:
>
> Hi Leo
>
> We can only recommend the community, obviously.

I agree.

> So these aare the best
> practices
>
> We can recommend that RIPE NCC changes its rules and procedures to
> address certain issues.
>
> As a WG, if I'm correct we have no other power.

Based on thisl, I don't understand what's missing from the draft text.
Maybe you could suggest some specific edits?

Kind regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Serge Droz via anti-abuse-wg 

Hi Leo

It's more about sharpening the focus. I colored this red below. I feel 
eventually the RIPE NCC must adapt stronger policies to punish 
non-action or disregard of action. I think it would be better if this WG 
comes up with such policies which the RIPE NCC can then adopt (or not) 
rather than the RIPE NCC having to react to external pressure, e.g. from 
policy makers, in particular the EU. I'm sure one can formulate this 
much better. I firmly believe, that there is no way around stronger 
regulation, and I'd much rather see this coming from this community than 
form the outside. The regulators i see and work with are increasingly 
irritated and react with totally inadequate demands, which I wont 
reproduce here.


1. Identifying and analyzing emerging security threats and
   vulnerabilities affecting Internet infrastructure.
2. Collaborating with stakeholders, in particular the RIPE community,
   to develop and advocate and implement best practices, guidelines,
   and standards for securing Internet resources.
3. Facilitating information sharing and cooperation among network
   operators, law enforcement, and relevant entities to mitigate
   security risks.
4. Providing education, training, and outreach initiatives to raise
   awareness of security issues and promote best practices adoption.
5. Develop policies recommendations to the RIPE NCC that help enforcing
   good behavior and sanction disregard for faccepted security
   standards. This includes the definition of acceptable minimal
   standards.

Best regards
Serge

On 09.05.24 21:39, Leo Vegoda wrote:

Hi Serge,

On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg
  wrote:

Hi Leo

We can only recommend the community, obviously.

I agree.


So these aare the best
practices

We can recommend that RIPE NCC changes its rules and procedures to
address certain issues.

As a WG, if I'm correct we have no other power.

Based on thisl, I don't understand what's missing from the draft text.
Maybe you could suggest some specific edits?

Kind regards,

Leo


--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group

2024-05-09 Thread Suresh Ramasubramanian 
And includes much more due diligence in IP allocation and membership 
procedures, hopefully


--srs

From: anti-abuse-wg  on behalf of Serge Droz 
via anti-abuse-wg 
Sent: Friday, May 10, 2024 11:51:13 AM
To: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse 
Working Group


Hi Leo

It's more about sharpening the focus. I colored this red below. I feel 
eventually the RIPE NCC must adapt stronger policies to punish non-action or 
disregard of action. I think it would be better if this WG comes up with such 
policies which the RIPE NCC can then adopt (or not) rather than the RIPE NCC 
having to react to external pressure, e.g. from policy makers, in particular 
the EU. I'm sure one can formulate this much better. I firmly believe, that 
there is no way around stronger regulation, and I'd much rather see this coming 
from this community than form the outside. The regulators i see and work with 
are increasingly irritated and react with totally inadequate demands, which I 
wont reproduce here.

  1.  Identifying and analyzing emerging security threats and vulnerabilities 
affecting Internet infrastructure.
  2.  Collaborating with stakeholders, in particular the RIPE community, to 
develop and advocate and implement best practices, guidelines, and standards 
for securing Internet resources.
  3.  Facilitating information sharing and cooperation among network operators, 
law enforcement, and relevant entities to mitigate security risks.
  4.  Providing education, training, and outreach initiatives to raise 
awareness of security issues and promote best practices adoption.
  5.  Develop policies recommendations to the RIPE NCC that help enforcing good 
behavior and sanction disregard for faccepted security standards. This includes 
the definition of acceptable minimal standards.

Best regards
Serge

On 09.05.24 21:39, Leo Vegoda wrote:

Hi Serge,

On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg
 wrote:



Hi Leo

We can only recommend the community, obviously.



I agree.



So these aare the best
practices

We can recommend that RIPE NCC changes its rules and procedures to
address certain issues.

As a WG, if I'm correct we have no other power.



Based on thisl, I don't understand what's missing from the draft text.
Maybe you could suggest some specific edits?

Kind regards,

Leo


--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg