Hi again,
This approach would be quite contrary to goals of the proposal (such as: ".. it helps all kinds of institutions to find the correct abuse contact information more easily"). Most users cannot distinguish between a CERT or an abuse department.
Also, I cannot see why implementing another object holding the same data as an IRT would make things better.
You are quite right. At the moment, but few years ago, the IRT object was not intended for abuse departments handling outbound abuse. IRT was originally intended for certs exchange information about security issues. And that is exactly what the IRT should be again, with all the security measures, that were mandatory at the very beginning and got canceled over time. Thanks, Tobias -- abusix