RE: [db-wg] abuse-c

12 Jan 2004

      Why not simply add "abuse-address" as a MANDATORY attribute in the
maintainer object, then Ripe NCC should have to check when creating a
maintainer object that the address is valid (eg. send a mail to the address,
Ripe NCC doesn't create the maintainer until their mail has been replied).

It would be relatively simple for all LIRs to add such an attribute to their
maintainer object and then for Ripe NCC to check up on those objects missing
the attribute. The whois system would of course need to be modified to show
the abuse-address attribute when doing a whois, but I don't believe that
would be a big problem?

After seeing the other comments Im not really sure I can see any reason for
the complex authentication system implemented in the current irt object?! If
the mantainer object is changed as described above Ripe NCC will send a mail
to the abuse-address, if this is a third party (the LIR has outsourced
abuse) then this organization will probably only accept Ripe NCC's mail in
case they have actually made an agreement with the LIR trying to create the
maintainer, if not they can report this to Ripe NCC.

Med venlig hilsen/Best regards

Christian Rasmussen
Hosting manager, jay.net a/s

Smedeland 32, 2600 Glostrup, Denmark

Email: noc@jay.net
Personal email: chr@corp.jay.net
Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301

Produkter / Products:
http://hosting.jay.net
...
-----Original Message-----
From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net]On Behalf Of
Menno Pieters (Stelvio)
Sent: 12. januar 2004 12:23
Cc: db-wg@ripe.net
Subject: Re: [db-wg] abuse-c
TAYON, Julien wrote:
...
John Green <mailto:j.green@ukerna.ac.uk> wrote:
...
I have never understood what this gives you.  If "Evil Company" wants
to misdirect abuse reports (why?) they can circumvent this by making
a fake IRT object with IRT XYZ as the contact email address.
If people circumvent this they are either evil or incompetent which is
alreday a strong hint to be suspicious.
Moreover the process of creating an IRT object is controlled by the
RIPE-NCC, because it is like creating a maintainer object, or by
organisations like TI that verify all data provided by the IRT, before
inserting it in the RIPE database.
Regards,
Menno Pieters
--
Menno Pieters - Stelvio
Postbus 215, 3740 AE Baarn
phone: +31-35-5.429.324 / fax: +31-35-5.429.327
XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/