Send db-wg mailing list submissions to
        db-wg@ripe.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.ripe.net/mailman/listinfo/db-wg
or, via email, send a message with subject or body 'help' to
        db-wg-request@ripe.net

You can reach the person managing the list at
        db-wg-owner@ripe.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of db-wg digest..."


Today's Topics:

   1. Re: IRT object postal address (denis walker)


----------------------------------------------------------------------

Message: 1
Date: Thu, 21 Jul 2022 15:41:58 +0200
From: denis walker <ripedenis@gmail.com>
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc: Database WG <db-wg@ripe.net>
Subject: Re: [db-wg] IRT object postal address
Message-ID:
        <CAKvLzuE+RoNgGXL8TU3r4E5dOtOd3uweB9UzFJhgnOmpBruU+g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

Ronald

(For those who don't read long emails...) The bottom line is that this
proposal recommends to remove postal addresses of contacts, not
publish the 'full' postal address of natural persons holding
resources, replace personal data with business data and generally
bring the contents of the RIPE Database into line with the defined
purposes.

---
Now to answer Ronald's points...

You have your own (hidden) agenda Ronald, which is fine. But don't
expect everyone to fall into line behind you. Most people know your
tactics. Repeat the same nonsense and conspiratorial theories over and
over and over again until people believe they must be true. You lock
onto a phrase or even a word and create an entire fear mongering story
around it. Then keep asking the same irrelevant questions and
demanding answers. This is not how to have a professional discussion,
it is a Trump/Johnson style campaign.

Let's kill off some of your fear stories. I am NOT against
accountability, NOT helping cybercriminals, NOT proposing anonymity,
NOT obfuscating half the database, NOT proposing secrecy and NOT
avoiding transparency.

As for GDPR, the only person obsessed with it is you Ronald. It is not
even mentioned in the proposed policy text. You use it to confuse all
discussions on the content of the database. GDPR is only one of the
factors concerning the content of the RIPE Database. There are defined
purposes for the database. As the RIPE Database Task Force pointed
out, we should minimise the amount of data needed to fulfil those
defined purposes. That is the overriding principle governing what
should go into the database and what remains in the database.

Most people did accept that in order to resolve internet operational
issues (one of the main purposes of the database) no one is going to
visit or post a letter to a contact in the RIPE Database. Therefore
contacts don't need postal addresses. Whilst you may feel there is a
need for a postal address for a contact for an IRT object, as Nick
said, the opinions of CSIRT teams are more relevant.

You have said yourself many times that the database is full of
garbage. When you demand irrelevant data and force people to enter
information they prefer not to provide which is not even covered by
the database purposes, you increase the chances of some people
entering false or misleading information. The only 'crusade' I am on
is to bring the contents of the RIPE Database into line with the
minimum information required to fulfil the defined purposes of the
database and any legal requirements. We can have a healthy discussion
on interpretations of that minimum information, but we should not be
arguing over the principle. Forcing people (with mandatory attributes)
to enter 'interesting' but not relevant information leads to a corrupt
and diluted database that is less useful to anyone. Even optional
attributes that are not relevant, dilute the important information.

You can wish for any information you like to be in the RIPE Database
Ronald, but if it is not essential for the defined purposes, it is not
going to be there. Feel free to propose your own policies to change
the purposes of the database and store certified photos of all
contacts and their families if you believe that is necessary for your
use of the database...or set up your own database.

cheers
denis
proposal author

On Thu, 21 Jul 2022 at 06:01, Ronald F. Guilmette via db-wg
<db-wg@ripe.net> wrote:
>
> In message <CAKw1M3MEHHC63+BfS7P365F0Cw6hcGuOKKq0ZaTS+evtdiZDoQ@mail.gmail.com>
> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <me@cynthia.re> wrote:
>
> >> *)  Why is the hiding of information even a priority?
> >
> >Hiding information is good from a privacy standpoint so you have to
> >weigh the benefit of having the data public against the privacy
> >implications of publishing it. (and consider any potential legal
> >issues/requirements)
>
> Transparency is good from an accountability standpoint.  And in my opinion,
> we have far far too little accountability on the Internet.  Practically
> every day now one can find stories about "hackers" and "cybercriminals"
> and everyone just shrugs and goes back to work as if this is the way that
> thing have to be, or that they are supposed to be.
>
> My position is simple:  If youy want to be anonymous, then get yourself a
> pseudonym account on Twitter, or Facebook, or YouTube, or whatever, and
> then blast away.  Or alternatively, get yourself a domain name with all
> of the WHOIS data redacted and then arrange wweb site hosting for that,
> either on one IP of one hosting company, or several.  But somewhere up
> the chain there needs to be accountability, always.  It is *not* a God-
> given right to have an IP address block or an ASN.  It is a privilege.
> And that special privilege should be reserved for those who are willing
> to be held accountable for what goes on upon their networks.
>
> You and Denis are trying to _remove_ accountability from the equation, and
> I remain steadfast in asserting that this will only benefit criminals.
>
> >> *)  Are these deliberate obfsucation steps still being justified on the
> >> basis of GDPR, or do you now accept as fact that GDPR is irrelevant in
> >> the context of the RIPE data base, and that it does not currently compel
> >> RIPE to make any changes to the public WHOIS data base whatsoever?
> >
> >Denis has already mentioned in an email regarding 2022-01 that he will
> >not address any more GDPR issues until there has been a legal review
> >as many of us are not lawyers.
>
> I'm sure that I saw someone post here quite recently that he had checked with
> RIPE legal already, and had already been assured that RIPE is _not_ facing
> any current or imminent legal jeopardy with the status quo as it now exists,
> either in relation to GDPR or in relation to any other applicable law or
> regulation.  If you need me to do so, I will find that posting in the archives
> and I'll copy it here.
>
> >While I can't speak for Denis, you have not convinced me that GDPR is
> >somehow irrelevant
>
> I don't see how or why it should be incumbant upon either me or anyone else
> to persuade either you or Denis that no change needs to be made.  You and he
> are putting forward and supporting this proposal for a _change_ in the
> current status quo.  It is thus necessary for you folks to make a persuasive
> case that a change _is_ needed, rather than for me or anyone else to make a
> case that it isn't.
>
> >> *)  If the goal is to hide information, then why not just take the entire
> >> RIPE WHOIS data base offline and hide the whole thing behind some sort of
> >> permission-wall that can only be pierced with a legal warrant?
> >>
> >> (That last question is, of course, the essential point, since that endpoint
> >> seems rather clearly to be the direction in which this is all headed.)
> >
> >This question is not really an "essential point" in my opinion as
> >there is a big difference between hiding postal addresses and hiding
> >abuse email addresses and route(6) objects.
>
> You are doing just what Denis has done so far in relation to this whole
> thing... You are evading the question.  If transparency is "bad" and
> secrecy is "good" then why not take that general principal to its final
> and logical conclusion?  Why not just take the whole WHOIS data base
> offline entirely?
>
> It's a simple question.  I'd like to see either you or Denis answer it,
> rather than evade it.
>
>
> Regards,
> rfg
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg



------------------------------

Subject: Digest Footer

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg


------------------------------

End of db-wg Digest, Vol 131, Issue 14
**************************************