Envoyé de mon iPhone par René Briaut
Le 17 janv. 2020 à 07:48, Fi Shing a écrit :
Your email presumes that an "ombudsman" model would resolve an issue.
If a person has dedicated themselves to controlling a 200,000 strong botnet and
sending spam emails through unauthorised access etc.
Your email presumes that an "ombudsman" model would resolve an issue.
If a person has dedicated themselves to controlling a 200,000 strong botnet and
sending spam emails through unauthorised access etc. what is sending them a
fancy piece of paper or an email "asking them to be nice" going to
> Database and routing people who haven’t worked security or don’t want
> security roles trying to lecture people who work cert and abuse roles
> on why something abuse mitigation related won’t work is always
> interesting. Not you Randy but many other posters in this thread.
lecturing such bs at
Database and routing people who haven’t worked security or don’t want security
roles trying to lecture people who work cert and abuse roles on why something
abuse mitigation related won’t work is always interesting. Not you Randy but
many other posters in this thread.
--srs
In message <2ff201d5cccf$f6ffe640$e4ffb2c0$@makeitsimple.pt>,
"=?iso-8859-1?Q?S=E9rgio_Rocha?=" wrote:
>Someone said: You must be new here, yes it's true, I'm on the list for a
>few months. Maybe that's why you're still optimistic.
You completely mis-read my comment.
What I meant was that you
In message ,
Volker Greimann wrote:
>As the abuse using domains registered through us usually does not happen
>on our networks, we have zero ability to detect it in advance, all we
>can do is take care of them after the fact, which we do dilligently. We
>have a team tasked exclusively with
Hello everyone,
Someone said: You must be new here, yes it's true, I'm on the list for a few
months. Maybe that's why you're still optimistic.
Someone said that the shower of comments against any proposed amendment was
Democracy. Maybe that is what we really need.
Many complain that this
I’ve been following this mailing list for the last couple of years having read
far too many arguments resulting in next to no progress.
This post from Denis was a refreshing read and one that many should read more
than once!
Thank you Denis for a reasoned, adult (accepting the UK jab) and
Hi Sergio
As I read through this thread similar ideas came to my mind. The question I
would ask is "Is it too late to take a completely different approach to abuse
contacts and reporting via the RIPE Database?"
Suppose we had a standard form available via the ripe.net website for providing
> It’d be interesting to take individual names of the people most vocal
> in their objections and feed them through LinkedIn - that assumption
> you made about dealing with spam would soon be tested.
give me a hand here. how is this construcive and helpful for the
internet operations community?
It’d be interesting to take individual names of the people most vocal in their
objections and feed them through LinkedIn - that assumption you made about
dealing with spam would soon be tested.
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent:
I’m afraid you’ve misunderstood me. I haven’t been talking about people going
out to clean networks not their own. All I would like to see is people
accepting responsibility for the networks that they do control
As for other concerns eg Volker raised about the difference between a heavily
Colleagues
I have just read this whole thread, it took a while (I should get sick more
often and spend a day in bed reading emails). I have a few points to make. Some
are similar to points already raised but I will reinforce them. I cut out the
bits I want to respond to, but sorry I have not
In message , JORDI
PALET MARTINEZ via anti-abuse-wg writes
>So, if I'm reading it correctly (not being a lawyer), a service provider not
>acting against abuse when it has been informed of so, is liable.
don't get confused between the "Hosting" and "Mere Conduit" provisions
> I'm sure if the
Hi,
do you talk to your mother with that mouth? Does she know how you behave
yourself on the internet?
Whatever you assume I know about the volume of illegal use, I dispute
that. Most of our customers are legitimate businesses using their domain
names in legitimate ways. Your vitriole will
Hi Alex,
Undersood, and thanks a lot; it is very helpful to know that the ecommerce
directive has a problem.
As said, I’m not advocating for RIPE to take actions if the operator doesn’t
react on an abuse case.
What I’m trying to make sure, mainly, is that the abuse contact is a *real
Hi All
How about we just try this for a year and then take stock?
Best
Serge
On 16/01/2020 18:07, Andreas Worbs wrote:
> I'm completely with you.
>
> For our US-AS i verify my contact once a year: open the mail, click the
> link, verify my data and that's it. You don't even need 5 minutes for
I'm completely with you.
For our US-AS i verify my contact once a year: open the mail, click the
link, verify my data and that's it. You don't even need 5 minutes for it.
If you have an automation fpr your abuse mails? Ok, you have to adjust
your configuration a little bit but you have to do
In message ,
Volker Greimann wrote:
>Hi Robert,
The nane is Ron, actually.
>in 99,9% of the cases, the customer we forward the complaint to is not
>the spammer, but the service provider used by the spammer for their
>domain registration services, e.g. the party who has the closer
Hi Alex,
My reading of the eCommerce Directive
(https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32000L0031) is
different. Some points (most relevant text only):
(40) … the provisions of this Directive relating to liability should not
preclude the development and effective
> I do not see so far any concrete proposal in the sense of addressing
> issues, only shooting down proposals (for good or bad reasons
the desire to stop a whack-a-mole does not imply a responsibility to
make moles.
a lot of folk here actually deal with spam, or likely they would not be
on this
> It would be interesting if a large number of people who actually work
> for the security / infosec / abuse teams of various ripe members were
> to attend the aawg meetings instead of a clutch of mostly IP / dns /
> network people.
did. a couple of interesting presos, but the plural of anecdote
On Thu, Jan 16, 2020 at 12:38:26PM -, Srgio Rocha wrote:
It's amazing that nobody cant propose anything without receiving a shower of
all sorts of arguments against
It's called "democracy". As Chuchill said, it's an awful system
but better than any other that have been tried.
rgds,
On Thu, Jan 16, 2020 at 03:36:46PM +, Marcolla, Sara Veronica wrote:
Alex,
You say ???they just feel this issue should be address via leveraging RIPE
resouces???, but I do not see so far any concrete proposal in the sense of
addressing issues, only shooting down proposals (for good or bad
Jordi,
Nice analogy, but when you add the eCommerce Directive into the mix, where a
network provider (or hosting provider) is not liable for what their users do,
the outcome changes. Only if you have knowledge there might be a possibility
for liability, but if you do not accept abuse notices,
Hi Alex,
El 16/1/20 16:30, "anti-abuse-wg en nombre de Alex de Joode"
escribió:
Hi Sara,
The issue with your statement below is that RIPE NCC cannot (legally, under
Dutch contract law) disconnect resources if a resource holder (or more likely
his customer) does not (properly)
Hi Volker,
El 16/1/20 16:03, "anti-abuse-wg en nombre de Volker Greimann"
escribió:
Hi Jordi,
your example seems a bit off though. If your contract is with your ISP and you
need to complain to them, why would you complain to another ISP you have no
contract with?
Text was not
Hi Sara,
The issue with your statement below is that RIPE NCC cannot (legally, under
Dutch contract law) disconnect resources if a resource holder (or more likely
his customer) does not (properly) deal with abuse complaints. (for instance due
to reasons of proportionality)
Currently RIPE NCC
In message <23ad49c8-8fc4-41fa-a8fc-cae3479ad...@key-systems.net>,
Volker Greimann wrote:
>In the domain industry, we were required to provide an abuse contact,
>however the reports we get to that address usually deal with issues we
>cannot do much about other than pulling or deactivating the
Good evening!
I fully understand that why RIPE abuse policy is a subject of community
agreement. It dates back to the history of internet and back when it was
mainly academic with few services and dependencies to the functioning of
the society and state.
Every day we in CERT-EE send out a number
Hi Jordi,
your example seems a bit off though. If your contract is with your ISP
and you need to complain to them, why would you complain to another ISP
you have no contract with?
I agree that current GDPR implementations may impact the contactibility
of the customer, but that can be
Hi Volker,
I don’t agree with that, because:
I believe the electricity sample I provided proves otherwise. My contract is
with the electricity provider (the Internet provider), so I need to complain to
them and they need to follow the chain.
For a victim, to complain directly to the customer
Obviously every user should lock their doors / protect themselves
against fraud. I am just saying that the ability of many service
providers to curtail abuse of their system (without impacting legitimate
uses) is very limited as it may not their customers doing the abusing
and any targeted
My apologies. I see that I must make a slight but important correction
to my proposal...
Be it resolved that:
Henceforth, and until this policy is retracted, it shall be the
policy and practice of RIPE NCC to place electronic copies of
all documents used to establish
El 16/1/20 15:25, "anti-abuse-wg en nombre de Ronald F. Guilmette"
escribió:
In message ,
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>I'm sure that this is the same in every EU country. Can we agree on that?
Quite certainly not! Doing so would break ALL
In message ,
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>I'm sure that this is the same in every EU country. Can we agree on that?
Quite certainly not! Doing so would break ALL established precedent!
When was the last time this working group agreed on *anything*?
Regards,
rfg
P.S.
Let’s try to see it from another perspective.
If you’re an electricity provider, and one of your customers injects 1.000 v
into the network and thus create damages to other customers (even from other
electricity providers), the electricity provider must have the means to resolve
the
Hi Volker
On 16/01/2020 15:03, Volker Greimann wrote:
> isn't making the world (and the internet) first and foremost a job of
> law enforcement agencies like the police and Europol?
Law enforcement's job primarily is arresting criminals. And yes they do
prevention. But you can't stop locking
In message ,
JORDI PALET MARTINEZ wrote:
>{... quoting Sara...}
>"Complete, accurate information goes hand in hand with a duty of care..."
A simple proposal:
Be it resolved that:
Henceforth, and until this policy is retracted, it shall be the
policy and practice of RIPE
Hi Volker,
Did you realize you just proved Sergio’s point?
I do agree, Law Enforcement have a duty in maintaining security. But as it
happens that municipalities have a duty in maintaining the roads clean of
litter and organize pick-ups for rubbish, this does not exempt all citizens and
In message <33b2e10eb9694eadb4bdaba30eb25...@elvas.europol.eu.int>,
"Marcolla, Sara Veronica" wrote:
>If the community does not agree that everyone has the right to a safe, spam
>free, crime free Internet, maybe we have some issue to solve here first.
Welcome to the Working Group. You must be
In message <077501d5cc69$d9427020$8bc75060$@makeitsimple.pt>,
"=?iso-8859-1?Q?S=E9rgio_Rocha?=" wrote:
>Agree, This anti-abuse list seems the blocking group to any anit-abuse
>response measure.
>
>It's amazing that nobody cant propose anything without receiving a
>shower of all sorts of
Hi Sara,
isn't making the world (and the internet) first and foremost a job of
law enforcement agencies like the police and Europol? While I agree that
everyone has a role to play, crime prevention and protection of the
public is part of the LEA job description, right? Civil society entities
Hi Jordi,
Indeed. However, it’s exactly what policies like the abuse –c and this new
iteration of your proposal are trying to solve. Apparently, in a sea of
denial/counterarguments/gaslighting. I do indeed hope more “security” people
from ISPs and CERTs can join the discourse and make it
Hi Sara,
While I fully agree with Sergio and yourself, the issue here is that this part
of your text
“Complete, accurate information goes hand in hand with a duty of care, of
promptly taking actions against abuse, and should be accompanied by a social
responsibility of trying to make
Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a
part of) the community.
We should not forget that, according to the provisions of RIPE NCC audits,
“every party that has entered into an agreement with the RIPE NCC is
contractually obliged to provide the RIPE NCC
Hi,
Agree, This anti-abuse list seems the blocking group to any anit-abuse response
measure.
It's amazing that nobody cant propose anything without receiving a shower of
all sorts of arguments against
There is an idea that everyone has to hold, if as a community we cannot
organize a
In message <4be52277-cecb-603f-6840-4ee76245b...@first.org>,
Serge Droz wrote:
>I think we already spent way more executive time on this thread than it
>would cost us to verify e-mail addresses.
I think that I may cut that out, print it in a 48-point type face, have
it framed, and hang it on
Hi All
I think we already spent way more executive time on this thread than it
would cost us to verify e-mail addresses.
I agree e-mail does not solve all the problems. It's hard to
automatically process, .
But it is simple to use, and from my work as an incident handler it did
do me good
49 matches
Mail list logo