Hello
Tobias Knecht, CEO of Abusix. One of the Bulk Data Users.I'm explicitly _NOT_
speaking as Co-Chair of the Security (f.k.a. anti-abuse) Working Group at RIPE.
I strongly oppose the policy proposal in its current form.
Contact Objects, like IRT, abuse-c, and ORG, are nonpersonal objects. They
should not include any PII but be used and treated as role objects. When used
correctly, there are no privacy issues.
In addition, I'd like to give three use cases that would break if this proposal
finds consensus.
1.) Abuse Reporting:We run the Abuse Contact DB
(https://abusix.com/docs/abuse-contact-db/abuse-contact-db-overview/),
translating an IP into the responsible abuse contact email addresses. Bulk data
maintains this database. We see millions of queries daily. Internally, we are
also using this data to report abusive behavior. The volume is north of a
million per day as well. Using Whois for this will put more load on the
existing systems. On top of that, to my knowledge, the Whois server's rate
limit will make high-volume querying impossible.
2.) We and other companies use abuse@ addresses to identify and cluster issues
from the same "Network Owner," which is sometimes only covered by a properly
maintained abuse@ since ASNs are occasionally incomplete. This is especially
true in leased IP space. This issue is even bigger than what I described in
point 1. Imagine attributing logfiles with abuse@ addresses using whois. -->
Volume is enormous, and rate limits will make it impossible.
3.) Threat Hunting and Threat Research. Identifying a problematic resource and
finding patterns through contact information to identify more resources is a
common practice in the industry. However, this would not be possible if this
proposal reached a consensus.
LACNIC is the only RIR not providing bulk data today, which is a big issue.
Compared to other regions, the chances of taking down a problematic resource in
the LACNIC region are very low.
Again, I strongly oppose the proposal.
If you have any questions or need clarification, please let me know.
Thanks,
Tobias
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
