On Mon, Jul 16, 2012 at 10:02:29AM +0100, Brian Nisbet wrote:
would ask if members could raise any points that they are still uncertain about and state as clearly as possible, their current opinion on the proposal.
I have read version 3.0 of 2011-06 and the NCC's impact analysis. While I agree with some of the goals of 2011-06, I object to the proposal in its current form. In fact, I think it is not even ready for the Review Phase, even though I understand that was the way to invoke the NCC impact analysis. Here's already one reason to object: the proposal itself is hardly comprehensible without said impact analysis but since the latter is not part of the proposal it can only be considered transient. Without even remotely suggesting the NCC was driving policy here, I must say with both hesitance and regret that I am not comfortable with the role the NCC has been dragged into w.r.t 2011-06. o The proposal and impact analysis are unclear about the aspects of data protection issues for the "abuse-mailbox:" attribute. It appears it is intended to "by definition" avoid PII here. How would that work for address space allocated (or, more importantly, assigned) to a natural person? That said, the proposal is also unclear whether the abuse-c: would apply to PI space, as well. o The proposal uses unclear language w.r.t. the mandatory nature of the "abuse-c:" attribute: ``This policy introduces a new contact attribute named "abuse-c:", that can be included in inetnum, inet6num and aut-num objects. '' vs. ``The role objects used for abuse contact information will be required to contain a single "abuse-mailbox:" attribute which is intended for receiving automatic and manual reports about abusive behavior originating in the resource holders' networks.'' o The second paragraph quoted above expresses an expectation regarding the handling of submitted email reports (what else would it mean to be prepared for "receiving automatic and manual reports"?) o The purpose of the "e-mail:" attribute is given with "other". I do not understand that. I would suggest to separate the targets for 'manual' and 'machine readable' reports. It is natural for any object in the RIPE DB to use the 'email:' attribute for email communication. {this is listed for completeness; i have read the longthread on the topic and don't suggest to rehash. The proposal, in summary, has bigger problems.} o The proposal is unclear at least about the future of irt: objects. o Finally, and most importantly, I object to the mandatory nature of the attribute. Neither the impact analysis nor the counter arguments section assess the impact of presence of an abuse (role) object and the resulting actions on maintainers/... LIRs/NCC members. -Peter