Hi Leo,
I don’t see it as a regulator, I see it as one of the functions of a RIR. Not
just provide numbers, but also ensure that they are being used fairly and
according community agreed policies. Otherwise we could also say that other
reasons for recovery are invalid because we become a regula
Hi Leo,
The definition of a regulator is an entity that sets and enforces rules on the
persons it supervises.
If the RIPE NCC goes further than just providing numbers, and instead enforces
rules on usage associated with them (note that this doesn't even concern the
use of the numbers themselve
We do that already. We setup rules and enforce them in all the 5 RIRs.
Regards,
Jordi
@jordipalet
> El 30 nov 2023, a las 9:39, Matthias Merkel
> escribió:
>
> Hi Leo,
>
> The definition of a regulator is an entity that sets and enforces rules on
> the persons it supervises.
>
> If the RI
The RIPE community sets rules for the operation of the RIPE NCC, not rules
imposed on any network operators.
—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]
This email was sent by Staclar, Inc. Any statements contained in this email are
personal to the author and are not nec
Hi Jordi,
On Thu, 30 Nov 2023 at 09:36, jordi.palet--- via anti-abuse-wg
wrote:
[...]
> Each RIR has measured the “level of adoption” as they progressed with the
> initial verification (and this was presented at least a couple of times in
> every RIR), so there are slides in each of them, sho
I do not agree
Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.
In fact RIPE NCC will probably enforce that you pay your fees.
The issue her
Hi Serge,
The difference is the scope of the rules.
All organizations, including the RIPE NCC, enforce rules as part of their own
business, for example with customers, etc.
What is being proposed here is imposing rules on unrelated things. Abuse isn't
inherently of the resources provided by RI
In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses
(unless for “connected customers”) is not allowed.
If you do so, and the staff realize it, or somebody reports it to the staff,
then you will get a warning, or a few of them across a certain period of time,
you will get p
Well, I can personally feel it when comparing abuse reporting in those regions
(before and after the policy implementation) vs RIPE. That’s sufficient for me.
I call it results.
Also, when the LIRs don’t respond to abuse cases or abuse-c emails bounce, I
can ask the relevant RIR to resolve it,
That would not make them regulators because those are rules on the addresses
themselves, which are services provided by the RIR.
Enforcing a certain type of abuse handling or prevention would be rules on the
services addressed by the addresses, which are not part of the services
provided by the
>From the RIPE NCC LIR Account Agreement (the "Agreement”)
>https://www.ripe.net/about-us/legal/ripe-ncc-lir-account-agreement
3.6 If the Member fails to comply with the RIPE Policies and RIPE NCC
procedures as outlined in Section B.1 of the RIPE NCC procedural document
‘Closure of Members, Der
This is why we shouldn't have a policy like this.
The existing policies are on the resources themselves and the services the NCC
provides. If we create a policy that regulated services provided by RIPE NCC
members, it will be binding, but that will then make the NCC a regulator.
—
Maria Merkel
The funny part is that the abuse teams of the very same companies will be out
there in other conferences working earnestly and well on best practices. If
they were to turn up at a ripe meeting and provide consensus ..
And before you accuse me of packing the room to generate artificial consensu
On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian
wrote:
>
> The funny part is that the abuse teams of the very same companies will be out
> there in other conferences working earnestly and well on best practices. If
> they were to turn up at a ripe meeting and provide consensus ..
>
> And
As I said
I disagree. Gmail says what you can do with their accounts, that doesn't
make them a regulator. But it doesn't matter: At the end of the day it's
excuses to not do anything about a growing problem.
And what typically happens in such cases is that states get upset and
start dictatin
Of course, this is not how consensus works.
I also think you're misunderstanding my argument. I'm all for fighting abuse. A
lot of my work is in abuse and fraud prevention and in the prevention of
financial crime. I'm not arguing against preventing abuse, only against adding
even more regulator
A good friend who is a former regulator told me exactly this. I’ll share that
bottle with you, Serge :)
--srs
From: anti-abuse-wg on behalf of Serge Droz
via anti-abuse-wg
Sent: Thursday, November 30, 2023 3:20:29 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [an
This is simply an ongoing verification that the justification and other
paperwork which were used to allocate the numbers are reasonable and correct
Consensus tends to work in strange ways - and room packing isn’t unknown if you
see the example I cited
--srs
Fro
I have already noted that I have no objections to a proposal solely to verify
abuse mailbox functionality, but that we should be careful adding anything
further. Perhaps I wasn't clear enough in this:
Arguably a proposal to simply require verification of the abuse mailbox does
not make the NCC a
There is somewhat more being proposed than that bare minimum of due diligence
but none of this makes ripe ncc a regulator any more than a pharmacist
verifying a prescription becomes the FDA
--srs
From: Matthias Merkel
Sent: Thursday, November 30, 2023 4:03:07 PM
The proposal is to send verification emails to abuse mailboxes and have a link
in them clicked, right? I would have no objection to that.
Is there more that is being proposed in this proposal specifically?
—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]
This email was sent b
What happens if / when someone doesn’t?
laura
> On 30 Nov 2023, at 10:47, Matthias Merkel wrote:
>
> The proposal is to send verification emails to abuse mailboxes and have a
> link in them clicked, right? I would have no objection to that.
>
> Is there more that is being proposed in this
On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
What happens if / when someone doesn’t?
A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
pages. If the convention is clear that network operators without abuse-c are
non-responders, it is easy for all the other
On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely wrote:
>
> On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
> > What happens if / when someone doesn’t?
>
> A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
> pages. If the convention is clear that network operators w
As long as you publish it
--srs
From: anti-abuse-wg on behalf of Leo Vegoda
Sent: Thursday, November 30, 2023 6:08:59 PM
To: Alessandro Vesely
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
On Thu, 30 Nov 202
Hi,
On Thu, Nov 30, 2023 at 09:53:54AM +0100, Serge Droz via anti-abuse-wg wrote:
> And as long as this group cannot come up with a compromise nothing will
> change, in essence the anti-abuse wg is taken hostage by the nay sayers.
> These discussions have been going on for years. Nothing new has c
> On 30 Nov 2023, at 12:38, Leo Vegoda wrote:
>
> On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely wrote:
>>
>> On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
>>> What happens if / when someone doesn’t?
>>
>> A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
>
I would never say you didn’t handle abuse reports. The question is whether that
applies to each and every member in the ripe region.
Even if a fraction of a percent of members or LIRs are affected by such a
policy .. that is like saying there mustn’t be any speed limit because you are
a careful
28 matches
Mail list logo
