Hi Guys You could add an optional attribute "security-mailbox:" alongside the "abuse-mailbox:". If present it could be returned in a query with the abuse-mailbox address by default, or with a specific query. Or reference it separately with a "sec-c:" attribute.
cheers denis co-chair DB-WG On Tue, 7 Jun 2022 at 12:01, Gert Doering <g...@space.net> wrote: > > Hi, > > On Tue, Jun 07, 2022 at 11:45:05AM +0200, Max Grobecker wrote: > > TL;DR: > > Should there be an optional contact for sending security information to > > (i.e. about vulnerable services), > > which can be different from the abuse contact? > > I see the problem, and maybe we need to re-think the definition of > admin-c:, tech-c: and abuse-c: > > Reporters seem to only understand two possible approaches - use abuse-c:, > or send to everything whois returns that has an "@" in it. The latter > is something I consider borderline abusive, the former is not that helpful > for security incident reporting (which might warrant a similarily fast > reaction, but from a different team). > > So, no clear answer, just seconding that we might need to do a bit of > work here. > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
