Fwd: Re: Re: NCC#2007083003 Fwd: DELIVERY FAILURE:
To whoever may read these: I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information. This would be very helpful in the process of fighting spam and abuse, and when you rely on the whois servers around the world to get the correct email address(es) so you may forward the abuse/spam to the correct department, but only to have if fail because of outdated data, is not useful in the process of reporting it. As an internet user myself, it is a pain to get so much spam and abusive emails. I'm tired of opening my mailbox on a daily basis, to see I've gotten not one, or two, but on average 75 spam messages a day. And simply telling my email provider, in this case it is Yahoo, that an email is spam/abuse, is not enough to stop it from coming into my mailbox. I now take the time to report it to the proper ISP that holds the IP address where the spam/abuse comes from, or sometimes its a potential virus that comes in the form of a URL/Web pages to visit. So, I rely on having correct data. Please look into developing a policy that will allow the ripe database managers the resources to contact ISP(s) when someone reports incorrect information, so that those of us, like me, who are tired of the amount of spam they get can have correct information when they go to look for it, instead of having to make phone contact with each individual ISP who happens to be international for me. I know that the whois database at www.arin.net has the resources to make contact when someone reports incorrect data, so why not follow suit and have the same resources to do the same thing. Sincerely, Matthew Brown RIPE Database Manager <ripe-dbm@ripe.net> wrote: To: BabyMatthew253 <babymattb253@yahoo.com> Subject: Re: Re: NCC#2007083003 Fwd: DELIVERY FAILURE: From: RIPE Database Manager <ripe-dbm@ripe.net> Date: Fri, 24 Aug 2007 10:25:14 +0200 Dear BabyMatthew253, Thank you for your email regarding out of date contact data in the RIPE database. There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity. If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Antispam Working Group or Address Policy Working Group mailing lists. You can find information about the mailing lists here http://www.ripe.net/ripe/wg/index.html These are open working groups and views are welcomed from anyone who wishes to discuss relevant issues. Regards, Milena Rakin ____________________________ RIPE Database Administration. --------------------------------- Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
Dear Mattew, you request describes a situation that gets discussed again and again, but up till now these discussions haven't gotten anywhere close to a well-prepared and broadly accepted or acceptable proposal. Maybe now it is time to work on it again? However, imho, trying to make real progress involves modifying quite a few policies, procedures and behaviour patterns; not just with the ISPs but for the community at large. And on top of that, I guess we need a better definition of "contact" and the facility or mechanisms which theses contacts are expected (or requied) to provide, and to whom. May I suggest that you try to step forward with a proposal that fits in with the "Policy Development Process" for the RIPE region? You can find the details for this appraoch at the following page and/or document(s): RIPE Policy Development http://www.ripe.net/ripe/policies/ Policy Development Process in RIPE (Document ID: ripe-350) http://www.ripe.net/ripe/docs/pdp.html Regards, Wilfried Wöber (RIPE-DB WG Chair and member of the Data-Privacy TaskForce) BabyMatthew253 wrote:
To whoever may read these:
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information. This would be very helpful in the process of fighting spam and abuse, and when you rely on the whois servers around the world to get the correct email address(es) so you may forward the abuse/spam to the correct department, but only to have if fail because of outdated data, is not useful in the process of reporting it. As an internet user myself, it is a pain to get so much spam and abusive emails. I'm tired of opening my mailbox on a daily basis, to see I've gotten not one, or two, but on average 75 spam messages a day. And simply telling my email provider, in this case it is Yahoo, that an email is spam/abuse, is not enough to stop it from coming into my mailbox. I now take the time to report it to the proper ISP that holds the IP address where the spam/abuse comes from, or sometimes its a potential virus that comes in the form of a URL/Web pages to visit. So, I rely on having correct data. Please look into developing a policy that will allow the ripe database managers the resources to contact ISP(s) when someone reports incorrect information, so that those of us, like me, who are tired of the amount of spam they get can have correct information when they go to look for it, instead of having to make phone contact with each individual ISP who happens to be international for me. I know that the whois database at www.arin.net has the resources to make contact when someone reports incorrect data, so why not follow suit and have the same resources to do the same thing.
Sincerely, Matthew Brown
RIPE Database Manager <ripe-dbm@ripe.net> wrote: To: BabyMatthew253 <babymattb253@yahoo.com> Subject: Re: Re: NCC#2007083003 Fwd: DELIVERY FAILURE: From: RIPE Database Manager <ripe-dbm@ripe.net> Date: Fri, 24 Aug 2007 10:25:14 +0200
Dear BabyMatthew253,
Thank you for your email regarding out of date contact data in the RIPE database.
There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity. If you feel this should have a higher priority then you may raise the issue on the Database Working Group or Antispam Working Group or Address Policy Working Group mailing lists. You can find information about the mailing lists here
http://www.ripe.net/ripe/wg/index.html
These are open working groups and views are welcomed from anyone who wishes to discuss relevant issues.
Regards,
Milena Rakin ____________________________ RIPE Database Administration.
--------------------------------- Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information.
Good luck - and I mean that; I hope you succeed, though at this point I don't really expect it. I've gone a few rounds with RIPE myself on that issue; they appear to want the authority of "owning" (and being paid for the subdelegation of) address space without the concomitant responsibility. Not surprising, of course; lots of people would rather pocket the money and duck the responsibility. The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority - and I don't mean just RIRs; the same problem recurs with domains) as the fundamental problem that is killing today's net with abusers and abuses. Any system with mismatches between authority and responsibility grows abuses, until one of three things happens: (1) the mismatch is corrected, (2) the system collapses, or (3) in mild cases, an equilibrium is reached, with the level of abuse concomitant with the level of mismatches. In the case of Internet governance, the mismatch appears to be total, so (3) is out, and there appears to be no will whatever to do (1), so I expect the abuses to simply grow until the net collapses from them. The only reason I'm not just standing back and watching it happen is that I'd like to have a usable Internet myself in the near term - during the time it would take for the current system to collapse and shake out something less broken. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
der Mouse wrote:
The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority ... Any system with mismatches between authority and responsibility grows abuses, until one of three things happens:
The scope of this problem is much larger than ICANN or the Internet. We need to press for the same application of power against communication abusers by the equivalent authorities who assign telephone numbers and postal addresses. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority
Any system with mismatches between authority and responsibility grows abuses, until one of three things happens:
The scope of this problem is much larger than ICANN or the Internet. We need to press for the same application of power against communication abusers by the equivalent authorities who assign telephone numbers and postal addresses.
I don't think so. In neither case is there the same kind of mismatch between authority and responsibility. In the case of telephone numbers, the delegated-to entities (the telcos) do take the responsibility - they don't ignore abuse. Filing complaints about telephone harrassment or other abuse doesn't happen that much, but that's in part because the threat is always there, and it's a real threat. Furthermore, as common carriers, the telcos are comparatively tightly regulated - I don't know the details, but at least some of that assumption of responsibility is mandated by law. In the case of postal addresses, there is no intermediate layer - the same entity that is the top-level manager is also the bottom-level manager, as if the IANA assigned individnal machines' IP addresses (which would be bizarre for the Internet, but, because the systems are so different, works for the postal system). And the responsibility is there; abuse involving postal addresses exists, but again, not much, because there are real sanctions against abusers. Use a postal address as a drop-box for a criminal enterprise and watch the heat that comes down on you for it. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
der Mouse wrote:
The scope of this problem is much larger than ICANN or the Internet. We need to press for the same application of power against communication abusers by the equivalent authorities who assign telephone numbers and postal addresses.
I don't think so. In neither case is there the same kind of mismatch between authority and responsibility.
In the case of telephone numbers, the delegated-to entities (the telcos) do take the responsibility - they don't ignore abuse. Filing
They have specific statutory rights and obligations as carriers, not as registrars. (Note, for example, that number portability now nicely separates the registration function from carriage.) A domain registrar is not the carrier of content.
In the case of postal addresses, there is no intermediate layer - the same entity that is the top-level manager is also the bottom-level manager
Actually, that's not correct. The post office assigns postal units, typically aligned with city/town boundaries and subdivided by postal code/zip code. But they do not define city/town boundaries and they do not assign street names or numbers. Again, carriage is distinguished from registration. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
The scope of this problem is much larger than ICANN or the Internet. We need to press for the same application of power against communication abusers by the equivalent authorities who assign telephone numbers and postal addresses. In the case of telephone numbers, the delegated-to entities (the telcos) do take the responsibility - they don't ignore abuse. They have specific statutory rights and obligations as carriers, not as registrars. (Note, for example, that number portability now nicely separates the registration function from carriage.)
Not really; porting a number - where possible; I assume you're talking NANPA here - transfers the registration as well as the carriage. In particular, consider porting it a second time; the original carrier, the one whom you are arguing is still registrar, is out of the loop.
In the case of postal addresses, [...] Again, carriage is distinguished from registration.
I suspect it depends on jurisdiction. But, in any case, the carrier enforces against abuse, so the registrars have nothing to do in that regard. Since there is a monopoly postal carrier, that situation is not very analogous to the Internet. In the telephone case, it depends. In some places, there is a monopoly carrier, and the above remarks apply. In places where there isn't, like the USA, a carrier that did not deal with abusers on its service would need to be slapped down. As far as I know, all such places also have something like the USA's common-carrier status, with legal oversight dealing with rogue actors in the telco space. If there is a jursidction with no monopoly carrier and no government oversight, then, yes, it probably needs attention from someone, quite possibly the number registrar(s). If the above assumptions fail, there will be similar problems in the telephone and postal realms, yes. It's possible there are places now (perhaps even the USA) where the stage is set for problems, and they just haven't got big enough yet to be very visible. If abuses start growing in the telephone or postal worlds, it would be worth taking a good look around for a mismatch between authority and responsibility. In any case, none of that is really very relevant to the Internet. Whether bad things are happening in place B doesn't mean that they're not in place A, nor that place A's bad things don't need attention. The only way this is relevant is if there is a long-standing mismatch between authority and responsibility somewhere that hasn't been abused, which if so is a point against my theory; I'm not convinced either telco or post is an example. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
* der Mouse:
But, in any case, the carrier enforces against abuse, so the registrars have nothing to do in that regard.
What happens if the registrar gets duped and assigns ressources to a fraudulent carrier?
Mouse, On 24 Aug 2007, at 19:55, der Mouse wrote:
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information.
Good luck - and I mean that; I hope you succeed, though at this point I don't really expect it. I've gone a few rounds with RIPE myself on that issue; they appear to want the authority of "owning" (and being paid for the subdelegation of) address space without the concomitant responsibility.
When you last commented on this subject in April, I suggested that you propose a policy to tackle the issue. Perhaps you are still developing your proposal. In any case, I look forward to reading it.
Not surprising, of course; lots of people would rather pocket the money and duck the responsibility. The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority - and I don't mean just RIRs; the same problem recurs with domains) as the fundamental problem that is killing today's net with abusers and abuses.
Sadly, you have misunderstood the policy development process. IANA does not set policy and nor does the RIPE NCC. Policy proposals come from anyone interested in developing policy, are discussed by others interested in developing policy and only become policy when there is a consensus that they are a good idea. IANA only implements global policies and only when all five RIR communities have reached consensus on a proposal and sent it to the ICANN board via the ASO. IANA and ICANN are the end and not the start of the process and the responsibility sits with us all and not with an elite group at the RIPE NCC or IANA. I'm sorry to disappoint you but if you want a policy you will have to develop and propose it before it can be agreed and implemented. Matthew Brown's mail was an excellent starting point for a discussion on what should be in a database policy. There is real value in following up on his request and developing a formal proposal that can become policy. To that end, I'd be grateful if the chairs of the appropriate WGs could coordinate and arrange agenda time for a discussion based on Matthew's request at RIPE 55. Thanks, Leo Vegoda
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information. Good luck - and I mean that; I hope you succeed, though at this point I don't really expect it. I've gone a few rounds with RIPE myself on that issue; they appear to want the authority of "owning" (and being paid for the subdelegation of) address space without the concomitant responsibility. When you last commented on this subject in April, I suggested that you propose a policy to tackle the issue. Perhaps you are still developing your proposal. In any case, I look forward to reading it.
["You" and related words here refer to ICANN/IANA, not any individual except insofar as that individual is wearing an ICANN/IANA hat.] Why is it *my* duty to fix *your* screwup? The current, broken, system was put in place asking (or even telling) me; why is it up to me to fix its problems? Because I'm the person pointing them out!? *You* are being paid to run the Internet; go do your job! Asking me to make up for your failings - without pay, I note - is shirking your duty. In any case, my "proposal" is that ICANN impose responsibility along with authority: as a simple example (restricted just to address space assignment), it could establish an AUP that RIRs would have to comply with to keep their assigned space - and then enforce it (this step is not optional, or the fix won't actually fix anything). What would this AUP say? I don't know, offhand; I am not a policy author. I recall seeing RIPE say their sub-assignees have to conform to an AUP of some sort, at least de-jure; if that memory is accurate, that policy might well be a reasonable place to start.
The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority - and I don't mean just RIRs; the same problem recurs with domains) as the fundamental problem that is killing today's net with abusers and abuses. Sadly, you have misunderstood the policy development process. IANA does not set policy and nor does the RIPE NCC.
IANA (or perhaps ICANN; I'm not entirely clear where the boundaries between them lie) *has* to. They have been given the authority; they have to take the responsibility - or we have the kind of mismatch I wrote about in the quote above. When they delegate authority, such as by assigning address space to RIRs, they have to impose corresponding responsibility, or, again, we have a mismatch. If they - IANA/ICANN - accept the authority but not the responsibility, as you seem to be saying they have, they system will break. Is breaking, in the case of the Internet, and will break worse and worse until the mismatch is fixed. Sitting on their thumbs waiting for someone else to solve the problem, which is what I see them doing, is *not* a responsible thing for ICANN/IANA to do here. If this is being done because that's what the procedures in place call for, then the procedures themselves are broken and need to be fixed. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
On 26 Aug 2007, at 23:59, der Mouse wrote: [...]
In any case, my "proposal" is that ICANN impose responsibility along with authority: as a simple example (restricted just to address space assignment), it could establish an AUP that RIRs would have to comply with to keep their assigned space - and then enforce it (this step is not optional, or the fix won't actually fix anything).
Are you suggesting that ICANN should assume the regulatory role that currently sits with sovereign nations? [...]
Sadly, you have misunderstood the policy development process. IANA does not set policy and nor does the RIPE NCC.
IANA (or perhaps ICANN; I'm not entirely clear where the boundaries between them lie) *has* to. They have been given the authority; they have to take the responsibility - or we have the kind of mismatch I wrote about in the quote above. When they delegate authority, such as by assigning address space to RIRs, they have to impose corresponding responsibility, or, again, we have a mismatch.
If they - IANA/ICANN - accept the authority but not the responsibility, as you seem to be saying they have, they system will break. Is breaking, in the case of the Internet, and will break worse and worse until the mismatch is fixed.
Sitting on their thumbs waiting for someone else to solve the problem, which is what I see them doing, is *not* a responsible thing for ICANN/IANA to do here. If this is being done because that's what the procedures in place call for, then the procedures themselves are broken and need to be fixed.
Please let me know where I can get a copy of the document authorising IANA to regulate in this area. A top down approach is unlikely to work without effective enforcement mechanisms. As you'd like to see an AUP it might be helpful to give us a general idea of what you'd like to see in it and what you'd like to see done when it is not followed. At the moment I'm not sure what you want and that makes it difficult to draft a policy proposal. Regards, Leo Vegoda
In any case, my "proposal" is that ICANN impose responsibility along with authority: as a simple example (restricted just to address space assignment), it could establish an AUP that RIRs would have to comply with to keep their assigned space - and then enforce it (this step is not optional, or the fix won't actually fix anything). Are you suggesting that ICANN should assume the regulatory role that currently sits with sovereign nations?
What regulatory role is that? The one that RIPE is assuming in imposing an AUP on its sub-assignees (if my memory of their claim is accurate)? The one that (almost) every ISP in the world assumes in imposing an AUP on its customers?
Sitting on their thumbs waiting for someone else to solve the problem, which is what I see them doing, is *not* a responsible thing for ICANN/IANA to do here. If this is being done because that's what the procedures in place call for, then the procedures themselves are broken and need to be fixed. Please let me know where I can get a copy of the document authorising IANA to regulate in this area.
Why do you need one? IANA has the authority to delegate address space (again, restricting the discussion to just address space for ease of language); where does it get that from? What compels it to so delegate without an AUP attached? If there is such a thing, then that thing is (part of) the problem and needs to be fixed before we can have a non-broken Internet.
A top down approach is unlikely to work without effective enforcement mechanisms.
Oh, certainly. The AUPs I'm speaking of would have to be enforced, or they won't help anything.
As you'd like to see an AUP it might be helpful to give us a general idea of what you'd like to see in it and what you'd like to see done when it is not followed. At the moment I'm not sure what you want and that makes it difficult to draft a policy proposal.
As I remarked upthread, I'm not a policy author. But there are plenty of AUPs around to look at as examples; as I also remarked upthread, I think RIPE told me they have one that they impose, de-jure at least, on their sub-assignees; that might be a reasonable place to start. Most ISPs have one; looking at a bunch of them would be a reasonable source of ideas too. Looking back to the days when there was an effective authority at the top in the form of the NSF and (earlier) DARPA and looking at the AUPs they had might give some ideas - though you'd have substantial sections to rip out. As for penalties, I don't know what would be most reasonable. Penultimately, there's deassigning of the address space in question; ultimately, revoking of all assignments and the "charter", if you will, as RIR. But those would necessarily be last-resort steps; I'm not sure what would be appropriate as intermediate sanctions. Maybe look at what ISPs do for problem customers? All your talk about bottom-up policy is, I think, missing something important. It seems to be treating the net as a democracy. Internet governance has never been democratic. Perhaps it would be better if it were, perhaps not - but it isn't; it is, and always has been, dictatorial. The dictators have been benevolent, laissez-faire, and relatively willing to listen to the populace, so it hasn't felt much like a dictatorship, but that's what it's been. And that could be where the problem is coming from: it looks to me as though you're treating the net like a dictatorship when it comes to authority, but like a democracy when it comes to responsibility. In any case, once again, why are you asking me to do your work for you? It's your *job* there, you at ICANN and the IANA, to deal with the difficult issues of Internet governance; go do your job! (What makes me think you're not? All the problems that have arisen under - and, I believe, from - your regime, and the nothing I see being done to deal with them.) Or don't, and watch the slide downhill continue. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
perhaps this layer 12 discussion could be moved to the igf mailings lists, wherever they are. randy
On 27 Aug 2007, at 16:40, der Mouse wrote: [...]
Please let me know where I can get a copy of the document authorising IANA to regulate in this area.
Why do you need one? IANA has the authority to delegate address space (again, restricting the discussion to just address space for ease of language); where does it get that from? What compels it to so delegate without an AUP attached?
The authority is given by the RIR communities who develop the policy. The policy they drafted and agreed did not include an AUP section. I have a feeling that it might not include an AUP because it no-one wanted one. I could be wrong, though. You can propose a change to that policy through the same system. If you want to change the whole system then Randy is right and you need to take things up elsewhere, like at the IGF. Regards, Leo Vegoda
I'm not sure if you have thought through your idea very thoughtfully, Mr Brown. The internet changes every second. It is more or less impossible to maintain proper information in ripe objects for end-users. An IP address can belong to customer A for 1 minute and then be taken over by customer B 5 seconds later in our net. If you want to contact the end-user directly, the RIPE whois server is not sufficient in the current state of today. Just keep contacting the ISP instead.. j -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of der Mouse Sent: 24. august 2007 20:55 To: apwg-chairs@ripe.net; address-policy-wg@ripe.net; anti-spam-wg@ripe.net Subject: [address-policy-wg] Re: [anti-spam-wg] Fwd: Re: Re: NCC#2007083003 Fwd: DELIVERY FAILURE:
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information.
Good luck - and I mean that; I hope you succeed, though at this point I don't really expect it. I've gone a few rounds with RIPE myself on that issue; they appear to want the authority of "owning" (and being paid for the subdelegation of) address space without the concomitant responsibility. Not surprising, of course; lots of people would rather pocket the money and duck the responsibility. The real problem is that ICANN/IANA lets them get away with it, and I see that (that the top of the governance pyramid does not impose responsibility on those to whom it delegates authority - and I don't mean just RIRs; the same problem recurs with domains) as the fundamental problem that is killing today's net with abusers and abuses. Any system with mismatches between authority and responsibility grows abuses, until one of three things happens: (1) the mismatch is corrected, (2) the system collapses, or (3) in mild cases, an equilibrium is reached, with the level of abuse concomitant with the level of mismatches. In the case of Internet governance, the mismatch appears to be total, so (3) is out, and there appears to be no will whatever to do (1), so I expect the abuses to simply grow until the net collapses from them. The only reason I'm not just standing back and watching it happen is that I'd like to have a usable Internet myself in the near term - during the time it would take for the current system to collapse and shake out something less broken. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
[re-ordering message flow so it makes sense again + reformat to 80c]
Matthew Brown wrote:
I Matthew Brown, would like to request that there be some sort of action, to allow the ripe database managers to contact ISP(s) when someone reports incorrect or outdated information.
Jørgen Hovland wrote:
I'm not sure if you have thought through your idea very thoughtfully, Mr Brown. The internet changes every second. It is more or less impossible to maintain proper information in ripe objects for end-users. An IP address can belong to customer A for 1 minute and then be taken over by customer B 5 seconds later in our net. If you want to contact the end-user directly, the RIPE whois server is not sufficient in the current state of today. Just keep contacting the ISP instead..
He actually mentioned contacting the ISP, not the end-user. They are the ones responsible and they are also the ones that can act on problems. The only way the end-user would be responsible is when they are in effect the ISP. BOTH inet[6]nums and domain.tld (different story I know) should have a contactable address for technical and especially abuse issues. This contact address should simply be the ISP NOC. Indeed, I note that domain.tld should have two types of information: 'registrant', specifying who 'owns' the record. For all those whois privacy freaks you can omit that, most likely the person who registered it can't fix problems with it any way, but the Admin contact Tech can, and that one should never be hidden. Same for inet[6]nums, Tech contact should always be contactable, the inet[6]num might/should contain a short description of who it is assigned to, but most of the time it should not matter. They a hint of 'dynamic home user space' or something is appreciated by most people who actually look up whois info to try and resolve issues. Again, the tech-c should always be contactable, as that is the one who is responsible for fixing problems. This problem might be for instance that you notice that that prefix is unreachable or has other issues and just that you want to help them out. And IMHO a tech-c should always point to a role account, not to a single person. The Internet is a 24/7 hour business and nobody is awake 24/7 ;) By contact I mean three items: email + phone + street address I note 'street address' as there is bound to be an office where this ISP is located, POBOX's are just for hiding obscure companies. One should not have nothing to hide. Note that a role can be updated really easily and in one place, similar to a organization object. I would suggest that there is like an easy way to trigger a process at RIPE NCC when one could not contact a certain ISP by the means given, phone being the most important one (note that it can be a VoIP one, those have DIDs too). To limit overload of these requests, one could require that the requester is an ISP itself (eg has an inet6num/tech-c combo). Marking the data invalid can can be done when for instance the phone still doesn't get picked up after X days one is really not running a proper ISP business and certainly not taking responsibility for the networks that one should be responsible for. The sad part of course is that even when the data is marked invalid, there is no way to actually come in contact with the ISP and/or getting the ISP to fix the problems. Even a global BGP certificate setup won't help, unless the larger transits and in effect the majority will adhere to that and also allow RIRs toe revoke those certificates based on this. As ISPs and especially also enterprises will never allow a small group to have so much control over them, that will never ever happen :( Actually what this really all comes down to is inter-ISP problem reporting, which, like the above would definitely require agreement between ISPs and also good communication. The problem there of course is that the ISPs who act responsibly will cooperate in this, the ones that are not, will not. Not even forgetting of course about the nasty fact that it requires global Greets, Jeroen
participants (9)
-
BabyMatthew253 -
Dave Crocker -
der Mouse -
Florian Weimer -
Jeroen Massar -
Jørgen Hovland -
Leo Vegoda -
Randy Bush -
Wilfried Woeber, UniVie/ACOnet