Markus de Brün wrote on 28/08/2024 10:40:
Apologies for the delay in getting back to you.
The section on policy development was removed from the charter because
there was a general consensus that the document was too lengthy, with
too many detailed points and enumerations. We decided to shorte
Hi Markus,
This looks ok. The section on policy development has been removed from
this version of the charter, I'm guessing after the discussion in
Krakow. Do you have a short summary to outline why this section was
dropped? The 12,500 words in the steno logs
(https://ripe88.ripe.net/archive
Serge,
The first step is for the WG to reach some consensus about what it ought
to recharter to. There's a bunch of topics for a potential new
security-wg which seem to be broadly acceptable to people on the WG, and
another set of suggestions relating to telling the RIPE NCC to turn
itself in
Serge,
there's been extensive debate on AAWG over the years about the
principles behind your additional suggestions below, but very little
consensus. If sanctioning is added to the charter of a new security-wg,
this lack of consensus is likely to continue, and the only outcome will
be that th
I'm in favour of a re-charter along these grounds. There is an appetite
for the wider issue of security, and a place that a RIPE working group
could fill. The scope below looks reasonable for re-chartering the
anti-abuse working group.
Nick
mar...@mxdomain.de wrote on 07/05/2024 12:59:
Dear
I don't have an issue expanding the scope of the WG by e.g. rechartering
as security wg. This would be probably be useful.
In relation to lack of progress on WG policy items and repeated circular
discussions, most of the these centered on one of two things 1.
perceived lack of viability of som
Michele Neylon - Blacknight via anti-abuse-wg wrote on 10/02/2022 10:49:
I also find the ridiculously broad definition of abuse so broad that it
renders any output without much merit.
"It's always DNS!"
A comparable style of analysis could find that TCP was a good root cause
candidate for abu
Volker Greimann wrote on 20/02/2021 00:39:
It sounds GDPR legal. After all, they are telling you exactly what will
happen with anything that you send there, so by sending it there in full
knowledge, you are essentially consenting to that processing of your data.
the best that could be said in
furio ercolessi wrote on 19/02/2021 20:55:
This is so absurd, I had to read it twice to make sure that I was not
misreading it.
They state that they automatically pass all my personal data to abusers if I
send a report to them, so that:
it's difficult to see how this is fully compatible with t
Cynthia Revström via anti-abuse-wg wrote on 20/01/2021 13:40:
First of all this mailing list is not intended to discuss individual
cases of abuse (especially ones not related to the RIPE NCC), but rather
to discuss and develop new methods for dealing with it in general.
(Brian, please correct m
Hi Petrit,
Petrit Hasani wrote on 20/07/2020 18:46:
The financial cost approximation of a proposal is not part of the
Impact Analysis and the Policy Development Process, so we have not
made a calculation. As too many factors have to be taken into account
that we can't estimate realistically at t
Petrit Hasani wrote on 20/07/2020 14:07:
As per the RIPE Policy Development Process (PDP), the purpose of this
four week Review Phase is to continue discussion of the proposal,
taking the impact analysis into consideration, and to review the full
draft RIPE Policy Document.
This is the second mos
Suresh Ramasubramanian wrote on 11/05/2020 18:23:
All I am asking is that cobblers stick to their last. People with
backgrounds in routing and networking are not necessarily the people in
their organizations that handle abuse issues.
From another point of view, you're asking for the RIPE NCC R
Ángel González Berdasco wrote on 11/05/2020 17:08:
These are not statistics about online abuse. These are statistics about
the contact information registered by RIPE being valid.
The statistics thing was something that was inserted into version 3 of
the proposal. It's hard to tell what the ex
Suresh Ramasubramanian wrote on 11/05/2020 13:20:
I am not entirely sure the discussion has moved all that much in the
past decade beyond this exact point - how to pressure ripe to deal with
shady actors getting themselves LIR status or appropriating large legacy
netblocks belonging to defunct
Hi Carlos,
Carlos Friaças wrote on 09/05/2020 22:25:
On Sat, 9 May 2020, Nick Hilliard wrote:
Suresh Ramasubramanian wrote on 09/05/2020 15:23:
Having one might at least lay this discussion to rest once and for
all. I?ve seen variants of it for several years now.
But imagine if someone
Suresh Ramasubramanian wrote on 09/05/2020 15:23:
Having one might at least lay this discussion to rest once and for all.
I’ve seen variants of it for several years now.
But imagine if someone contacted a bunch of their colleagues and said:
"look, there's this policy proposal going on in RIPE
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 08/05/2020 12:07:
[Jordi] The job of the RIPE NCC is to implement the policies agreed
by the community. Different folks may consider different pieces of
all of our policies as "inappropriate" or "arbitrary"
which is fine, mostly. Subject to usual
Töma Gavrichenkov wrote on 07/05/2020 10:03:
What does GDPR have to say about this?
You mean the Privacy and Electronic Communications Regulations / PECR.
Spamming is prohibited under article 13.
National transcriptions of this legislation have implemented this as a
civil offence in some EU co
Suresh Ramasubramanian wrote on 30/04/2020 14:07:
What would get discussed in an anti abuse wg?
Carrots? Almost all the discussion in AAWG seems to be single-tracked
on turning the RIPE NCC registry into a stick.
E.g. industry standards / best practices, liaison with other anti-abuse
group
Suresh Ramasubramanian wrote on 30/04/2020 13:42:
RIPE NCC need not decide whether a behaviour is legal or not in order to
prohibit use of resources that it allocates for such behaviour.
You're putting the car before the horse. You're assuming that the RIPE
NCC has a right to tell organisatio
Suresh Ramasubramanian wrote on 30/04/2020 01:58:
Why would I ask about something I am posting as an individual in my
personal capacity?
because your day job involves abuse / security and in that capacity you
may have access to good quality legal resources.
I see great pains being taken to h
Suresh Ramasubramanian wrote on 29/04/2020 17:26:
Is there anything that stops NCC from doing additional due diligence
such as validating abuse issues along with the invalid contact
information etc, before taking such a decision?
Did you ask your corporate legal counsel for their opinion on how
Serge Droz via anti-abuse-wg wrote on 29/04/2020 16:55:
So, it's the security guys, saying
This may help a bit, but won't solve all problems.
versus the infrastructure operators saying
Beware! This it creating huge costs and will not help at all, and
answering two mails a year will be ou
Petrit Hasani wrote on 28/04/2020 15:01:
A new version of RIPE policy proposal, 2019-04, "Validation of
"abuse-mailbox"", is now available for discussion.
The updated version of this policy proposal is here:
https://www.ripe.net/participate/policies/proposals/2019-04/draft
The proposal has
Tõnu Tammer via anti-abuse-wg wrote on 20/01/2020 15:10:
According to Oxford Dictionary, consensus means an opinion that all
members of a group agree with.
generally speaking, internet related groups use the rfc7282 approach to
determining consensus.
https://tools.ietf.org/html/rfc7282
Nick
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 15/01/2020 12:38:
and allows sending abuse reports
You're demanding that resource holders handle abuse reports by email and
how to handle that mailbox, i.e. telling them how to run their businesses.
It's not appropriate for the RIPE NCC to get
Serge Droz via anti-abuse-wg wrote on 15/01/2020 08:24:
So the extra work is what, 10 minutes / year, if the system is setup
properly?
Serge,
The policy proposal here is: if the registry doesn't comply, then it is
in explicit violation of RIPE policies.
According to the "Closure of Members,
Gert Doering wrote on 14/01/2020 10:19:
And if it's not going to have the desired effect, do not waste time on it.
More to the point, the RIPE number registry should not be used as a
stick for threatening to beat people up if they don't comply with our
current favourite ideas about how to man
Ronald F. Guilmette wrote on 03/01/2020 23:50:
Well, RPKI quite certainly beats the hell out of the nothing that we have
had in its place for lo these many years now.
having used irrdb prefix filtering in production for many years, I
respectfully disagree.
I certainly believe that in the ab
On 3 Jan 2020, at 22:41, Ronald F. Guilmette wrote:
>
> I have been waiting for the right moment to note that although RPKI
> has been widely touted, including by myself, as the thing that will in
> future save us all
Who claimed this?
What a strange thing to think.
Nick
Marco Schmidt wrote on 01/10/2019 13:18:
As per the RIPE Policy Development Process (PDP), the purpose of this
four-week Discussion Phase is to discuss the proposal and provide
feedback to the proposer.
This version addresses none of the issues I brought up with the previous
version in May:
Marco Schmidt wrote on 05/09/2019 14:23:
The RIPE NCC has prepared an impact analysis on this latest proposal
version to support the community’s discussion. You can find the full
proposal and impact analysis at:
https://www.ripe.net/participate/policies/proposals/2019-03
that is as damning an
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 18/05/2019 14:32:
This will not work.
Allowing every resource holder in the world to use their own form means
that you need to develop tons of specific reporting tools to match all
those specific formats and bring the cost of that to the victims.
Shane Kerr wrote on 17/05/2019 08:45:
All I can say is that the law is stupid then, and it SHOULD allow the
proposed policy. 😉
fundamentally, it shouldn't. Proportionality is a cornerstone of most
legal systems - if you don't have proportionality, you end up with
tyranny. The idea of threat
Gert Doering wrote on 16/05/2019 21:47:
No positive effect, but lots of negative side-effects.
Abuse mailboxes are already checked. What matters for abuse management
is whether reports are acted on. This policy doesn't address that.
If the RIPE NCC is instructed to send 6-monthly reminders
Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03:
Would you find reasonable to have the rule/policy in place say for 2 or
3 years, and then evaluate its impact/efectiveness...?
No. In principle, the proposal is completely broken, antithetical to
the RIPE NCC's obligations of being a
Carlos Friaças via anti-abuse-wg wrote on 17/04/2019 22:13:
The main concept is that the RIPE NCC will not have the role to
investigate or to judge, following a report.
who is liable if a mistake is made? The individuals on the judging
panel or the RIPE NCC?
Nick
Carlos Friaças via anti-abuse-wg wrote on 04/04/2019 21:58:
On Thu, 4 Apr 2019, Ronald F. Guilmette wrote:
Wny have Tier 1 providers not stepped up and done a much better job
of policing hijacks better than they have done?
Not all hijacks reach the so-called DFZ.
"Partial visibility" hijacks
Hank Nussbacher wrote on 02/04/2019 18:54:
To the moderators,
It could be that numerous people just don't want to get sucked up into
an endless discussion about the pros and cons of this proposal and just
want to weigh in with their feelings about whether they support the
proposal or not.
F
Carlos Friaças wrote on 01/04/2019 18:06:
<< Here you might have forgot to comment about "weaponized IXPs" :-) >>
Hi Carlos,
No, this was deliberate. I didn't comment because a lot of people are
throwing analogies into this discussion which aren't directly relevant
to 2019-03. If you want
Carlos Friaças wrote on 01/04/2019 16:51:
But let's also focus on two words:
"punishing" -- no, that's not the goal, the goal is to close a clear gap
and make people understand that hijacking is not tolerated.
The explicit aim of this proposal is that if the expert panel judges
that you have
Gert Doering wrote on 01/04/2019 13:54:
Sorry, this is getting ridiculous.
It's worse than that: the proposal is that the RIPE NCC weaponises its
registry data and turns it into a mechanism for punishing people when
they do things that other people don't like.
BGP hijacking is just the star
Carlos Friaças via anti-abuse-wg wrote on 30/03/2019 09:17:
Perhaps one of the Chairs can shed some light.
Hi Carlos,
The approach by most if not all RIPE working groups is set out in
rfc7282: "On Consensus and Humming in the IETF". It's worth reading
this document carefully to understand t
Carlos Friaças via anti-abuse-wg wrote on 24/03/2019 14:32:
Also, i have read allegations about a "monopoly" regarding the service
region. Afaik, there is a transfer market which contradicts the concept
of said "monopoly" (i.e. can't get more addresses from the RIR, then go
to the market).
Hi
Hank Nussbacher wrote on 23/03/2019 17:23:
Purity of concept will result in massive gov't intervention since we
will have shown that we don't know how to self-regulate.
The voices are already there:
https://hackernoon.com/why-the-internet-must-be-regulated-9d65031e7491
If you have an alternative
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 23/03/2019 11:52:
El 23/3/19 12:32, "Nick Hilliard" escribió:
1. it's not the job of the RIPE NCC to make up for a short-fall of civil
legislation in this area, no matter how distasteful we might find the
consequence
JORDI PALET MARTINEZ via anti-abuse-wg wrote on 22/03/2019 22:55:
The legal bindings of the NCC already have that for those that don’t
follow existing policies, don’t pay bills, etc. So, the proposal is
adding in the table a policy for confirming what is a hijack according
to the community cons
The aim of the 2019-03 proposal, as far as I understand it, is to grant
the RIPE NCC the authority to make formal judgements about alleged abuse
of network resources with the implicit intention that unless the party
involved ends the alleged abuse, the RIPE NCC would enforce the
judgement by LI
Ronald F. Guilmette via db-wg wrote on 14/08/2018 21:53:
None of them have even had the courtesy to send me a FOAD message in
response.
Their silence on these matters is deafening.
Yes, and there is not a problem with this. The RIPE NCC board of
directors are not involved in day-to-day opera
Ángel González Berdasco wrote:
> Being able to contact the proper admins is the first step in combating
> the abuse.
Ángel,
There is nothing in the proposal about contacting admins or that the
email address is associated with combating abuse.
Nick
Brian Nisbet wrote:
> No, it isn't. It's a statement that the process has many steps and that
> the NCC both say they do and clearly do whatever they can to not reach
> the termination point of the process. I'm not saying it could never
> happen, I'm saying that it if happens it's may have been sta
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
> I agree that exaggeration is not useful, and probably we need to have
> several clear attempts before turning down a contract, BUT, if we are
> talking about proportionality, there are MANY cases of abuses where
> the responsible LIRs aren't respondin
Brian Nisbet wrote:
> I believe the NCC have stated very clearly how incredibly unlikely
> deregistration of resources would be and I honestly don't believe the
> exaggeration for emphasis or otherwise is useful.
this seems to be a statement that just because an extreme policy
compliance enforceme
Brian Nisbet wrote:
> Well, this is where we keep on coming back to in this conversation.
> There are clearly those who wish for the validation to go much further
> and others who do not wish it to happen at all. Threading that line is
> proving tricky. I, personally, do not see how the ARC could s
Brian Nisbet wrote:
> Given the NCC have repeatedly said that the ARC is not a suitable way to
> validate the abuse contact and have proposed an alternative method,
> supported by the ARC process, do you have any comment on the actually
> proposed process?
Honestly, it's hard to tell.
After looki
Michele Neylon - Blacknight wrote:
> The current situation is that abuse-c can be populated with rubbish.
> The email addresses can be completely non-functioning.
> That is the real and current issue.
the real issue is that this is a complex layer 9 problem inside each
organisation, and although c
Richard Clayton wrote:
> #1 people who set the email address to nowh...@example.com
>
> #2 people who set the email address to nowh...@unregistereddomain.com
>
> #3 people who used to own unregistereddomain.com but forgot that email
> addresses are using that domain in a RIPE object
>
> #4 peo
herve.clem...@orange.com wrote:
> To be clear regarding the acceptability of the auto-responder:
>
> It refers to "If no valid reply is received by RIPE NCC within two weeks
> (including if the email bounces back), the “abuse-mailbox:” contact
> attribute will be marked as invalid"
So, to be clea
Suresh Ramasubramanian wrote:
> I am sure an impact assessment would work – my point was that a lot
> of the criticism so far has been jumping to conclusions over the
> impact.
That's not an unreasonable comment, but the flip side is also true: the
policy makes an a-priori assumption that this is
> The goal of this proposal is to give the RIPE NCC a mandate to
> regularly validate "abuse-c:" information and to follow up in cases
> where contact information is found to be invalid.
which states:
> b. Arguments opposing the proposal
[...]
> If organisations are not cooperative, the RIPE NC
Randy Bush wrote:
> and i would rather govt regulation than regulation by a bunch of amateur
> policy weenies. at least i get to vote on the former and have courts.
The international government regulation tool of choice for handling this
would be the ITU, which - unless you are a government - lac
Randy Bush wrote:
> it would be a convenience to me for you to send me €1000/mo, and i am
> sure many other sould line up. let's make it mandatory.
can we agree to leave the straw men out of this discussion? They're not
helping.
Nick
Randy Bush wrote:
> so the idea is we mandate that there be an abuse-c: so that there is an
> email address where we can send mail to which there will be no response?
you could just as easily make the same arguments about admin-c or tech-c.
Nick
denis wrote:
> There is nothing special about legacy resources or legacy resource
> holders. They are IP addresses just like all the others. [...] From a
> moral, ethical and community point of view there should be no
> difference in the way either is treated.
These are good principals.
I suppor
On 06/11/2015 11:55, denis wrote:
> STEP 3
>
> On a daily basis, for each ROUTE object in the RIPE Database that relates
> to an out of region resource, check for the continued existence of that
> resource in the appropriate RIR database. If it no longer exists, delete
> the ROUTE object from the
66 matches
Mail list logo