> -----Original Message----- > From: Alessandro Vesely <ves...@tana.it> > Sent: Tuesday, February 15, 2022 1:08 PM > To: Hollenbeck, Scott <shollenb...@verisign.com>; regext@ietf.org > Subject: [EXTERNAL] Re: [regext] RDAP preference on abuse reporting > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content > is safe. > > Hi, > > On Tue 15/Feb/2022 14:28:17 +0100 Hollenbeck, Scott wrote: > >> From: regext <regext-boun...@ietf.org> On Behalf Of Alessandro Vesely > >> > >> I wrote a small utility to get abuse address(es) via RDAP.[*] Today > >> someone told me that APNIC only has one abuse address, the other > >> address in the same vcardArray is not supposed to be used for abuse > >> reporting. The addresses can be discriminated by one having pref=1 and > the other no pref. > >> AFAIK, pref is described in Section 5.3 of RFC 6530. However, it is > >> still not very clear how to use it in this particular case. Which of > >> the following is better for abuse > >> reporting: > >> > >> * When email addresses are ordered by preference use only the most > >> preferred, > >> > >> * When email addresses are ordered by preference use all except the > >> least preferred, or > >> > >> * When email addresses are ordered by preference use the upper half of > them. > >> > >> > >> Note that the result is the same in the APNIC case. > > > > [SAH] Could you show us the JSON data structure that you're referring to? > > That'll better help us understand the RDAP response. > > > The example we were talking about is this: > https://secure- > web.cisco.com/1c_nTuKekZk59w0wfIpkFx8t1CZeXY4DolMyhNEdZQkD2yjDIh > mMthVeMz- > rBuu5WgpYPqXn0DWuJ4dsCRjLePgKCI66KJAwl71aiW7Z3q7QacUWrUq7gckRb > M-06XhwNaHFdRuJ00sH6BcV-p1xRVfu-qu-mRL9VSOznJJFa037rUvkB0_u9- > 5niG9Lb8wiQc_OgP7d6i9EMIzCmaaRZbAZp3O2iTSiZ3dSlkn- > Xt5MMF8AxqGVaN4kiRD__KIDO/https%3A%2F%2Frdap.apnic.net%2Fip%2F > 136.185.8.145 > which has: > > [ > "email", > {}, > "text", > "shanka...@airtel.com" > ], > [ > "email", > { > "pref": "1" > }, > "text", > "dsltac2north.u...@airtel.com" > ]
[SAH] According to what I read in 6350, "dsltac2north.u...@airtel.com" is the preferred address and "shanka...@airtel.com" is the least preferred address because it omits the pref parameter. > Compare that with the whois version: > https://secure-web.cisco.com/1ODCHjK8pZn1FEkH787OrWs7- > 2vqLQE9k1ZPKOwdIBysTqHHGEFIlRmh5NmY5JnNqR5dKowQjFW-TaasRvN- > BoiIcOekHmuLI6bwcg4fo_3ZZacP1c_JEwvUj6MgbC10Wgeg_fUeT0t4Fi4YHjZp > hwUJ5YokMF1hf6gUABG7OLmuXGJrMI- > fC2YwDgGqOS4QD63Flm1kp7IBL4pFAzVFFgZjiQxv7I3MNy7LhjjBFuGBeJT0WI > wI6mvG11zfBMS7T/https%3A%2F%2Fwq.apnic.net%2Fstatic%2Fsearch.html > %3Fquery%3D136.185.8.145 > which has a prominent comment: > > % Abuse contact for '136.185.0.0 - 136.185.255.255' is > 'dsltac2north.u...@airtel.com' [SAH] OK, this is consistent with the RDAP representation. > and afterwards has: > > role: ABUSE BHARTITELEMEDIAIN > address: Bharti Airtel Ltd. > country: ZZ > phone: +000000000 > e-mail: shanka...@airtel.com > admin-c: NS282-AP > tech-c: NS282-AP > nic-hdl: AB914-AP > remarks: Generated from irt object IRT-BHARTI-TELEMEDIA-IN > abuse-mailbox: dsltac2north.u...@airtel.com > mnt-by: APNIC-ABUSE > last-modified: 2020-05-16T21:36:43Z > source: APNIC [SAH] ...and this could be confusing because WHOIS doesn't include anything to indicate priority. As a human reader, though, the comment tells me which address is preferred. > > Section 5.3 of RFC 6350 doesn't say anything about using only the > > most-preferred address(es). My suggestion with respect to 6350 is that > > you should start with the most preferred address, use the next one if > > that doesn't work, and so on. That suggestion might change depending > > on what we see in the RDAP response. > > The program's intention is to provide an email address for automated abuse > reports. It seems clear to me that the intention of APNIC is to provide the > address of the responsible person for human-generated escalated support. > Did they overinterpret RFC 6350? Or maybe they meant further specify PREF > t some point. I know Byron participated to the discussion. > > I just saw now a new draft for JSContact. However, it neither says whether > PREF is to be used to discriminate automatic email messages. [SAH] I'll leave that point for Mario to address. I don't think ANY of these representations include a method to identify an address to received automated messages. Scott _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
