Jacob Slater via db-wg wrote on 29/07/2019 06:25:
In this context, RIPE's published guidelines on due diligence (https://www.ripe.net/publications/docs/ripe-700) cover what exactly is checked. From my experience, the guidelines are always enforced as written. As you mention, due to a variety of factors (based primarily on differences in jurisdiction), this process isn't always perfect. I'm sure the NCC deals with at least some of fraudulent activity as a result of the flaws you mention. Unfortunately, short of drastic measures (such as prohibiting certain jurisdictions from requesting resources), I can't see an easy way to improve the current situation. Do you have a suggestion for how the process could be improved?
Would it be feasible for the RIPE NCC to add a read-only record to org: objects which provided the date of the last due diligence check? E.g. something like organisation: ORG-FNL99-RIPE org-name: Foo Networks Limited org-type: LIR [...] mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT abuse-c: FOO2000-RIPE created: 2019-01-01T01:01:01Z last-modified: 2019-01-01T01:01:01Z due-diligence: 2019-07-01T12:00:00Z source: RIPE Otherwise it doesn't look like it's easy to heuristically work out whether due diligence has been carried out on a particular object or not. Nick