John Green <mailto:j.green@ukerna.ac.uk> wrote:
I have never understood what this gives you. If "Evil Company" wants to misdirect abuse reports (why?) they can circumvent this by making a fake IRT object with IRT XYZ as the contact email address.
If people circumvent this they are either evil or incompetent which is alreday a strong hint to be suspicious. Julien Tayon LDCOM networks BU DATA- +33 1 70 18 14 45 1 square Chaptal , 92309 Levallois Cedex
TAYON, Julien wrote:
John Green <mailto:j.green@ukerna.ac.uk> wrote:
I have never understood what this gives you. If "Evil Company" wants to misdirect abuse reports (why?) they can circumvent this by making a fake IRT object with IRT XYZ as the contact email address.
If people circumvent this they are either evil or incompetent which is alreday a strong hint to be suspicious.
Moreover the process of creating an IRT object is controlled by the RIPE-NCC, because it is like creating a maintainer object, or by organisations like TI that verify all data provided by the IRT, before inserting it in the RIPE database. Regards, Menno Pieters -- Menno Pieters - Stelvio Postbus 215, 3740 AE Baarn phone: +31-35-5.429.324 / fax: +31-35-5.429.327 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
Why not simply add "abuse-address" as a MANDATORY attribute in the maintainer object, then Ripe NCC should have to check when creating a maintainer object that the address is valid (eg. send a mail to the address, Ripe NCC doesn't create the maintainer until their mail has been replied). It would be relatively simple for all LIRs to add such an attribute to their maintainer object and then for Ripe NCC to check up on those objects missing the attribute. The whois system would of course need to be modified to show the abuse-address attribute when doing a whois, but I don't believe that would be a big problem? After seeing the other comments Im not really sure I can see any reason for the complex authentication system implemented in the current irt object?! If the mantainer object is changed as described above Ripe NCC will send a mail to the abuse-address, if this is a third party (the LIR has outsourced abuse) then this organization will probably only accept Ripe NCC's mail in case they have actually made an agreement with the LIR trying to create the maintainer, if not they can report this to Ripe NCC. Med venlig hilsen/Best regards Christian Rasmussen Hosting manager, jay.net a/s Smedeland 32, 2600 Glostrup, Denmark Email: noc@jay.net Personal email: chr@corp.jay.net Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301 Produkter / Products: http://hosting.jay.net
-----Original Message----- From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net]On Behalf Of Menno Pieters (Stelvio) Sent: 12. januar 2004 12:23 Cc: db-wg@ripe.net Subject: Re: [db-wg] abuse-c
TAYON, Julien wrote:
John Green <mailto:j.green@ukerna.ac.uk> wrote:
I have never understood what this gives you. If "Evil Company" wants to misdirect abuse reports (why?) they can circumvent this by making a fake IRT object with IRT XYZ as the contact email address.
If people circumvent this they are either evil or incompetent which is alreday a strong hint to be suspicious.
Moreover the process of creating an IRT object is controlled by the RIPE-NCC, because it is like creating a maintainer object, or by organisations like TI that verify all data provided by the IRT, before inserting it in the RIPE database.
Regards,
Menno Pieters
-- Menno Pieters - Stelvio Postbus 215, 3740 AE Baarn phone: +31-35-5.429.324 / fax: +31-35-5.429.327 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
On Mon, Jan 12, 2004 at 12:56:53PM +0100, Christian Rasmussen wrote:
Why not simply add "abuse-address" as a MANDATORY attribute in the maintainer object, then Ripe NCC should have to check when creating a maintainer object that the address is valid (eg. send a mail to the address, Ripe NCC doesn't create the maintainer until their mail has been replied).
It would be relatively simple for all LIRs to add such an attribute to their maintainer object and then for Ripe NCC to check up on those objects missing the attribute. The whois system would of course need to be modified to show the abuse-address attribute when doing a whois, but I don't believe that would be a big problem?
I have some inetnum objects where I would like to get a seperate entry for the abuse address, thus allowing other people (the customer) to handle the 'frontline" abuse things or at least get copied on them. I think Daniel's proposal handles this nicely, use the abuse-address on the inetnum or where it fails the one on the maintainer object. I certainly don't want to create an extra maintainer the moment I want to delegate abuse handling to another partie or direct it to a seperate mailbox. Grtx, MarcoH
Hi Marco, Okay, I can understand the need for a seperate abuse address for some inetnum objects, I agree it would work best if there was an optional abuse-address on the inetnum object which had first priority, if its missing an abuse-address as I proposed will be used. This means that everybody must add an abuse address to their maintainer object, but in case a different address is prefered for some inetnum objects, that address is simply added to those inetnum objects. It would however be really nice if it could somehow be transparent for the whois database user, meaning a specific field of the output always contains the abuse address whether its from the maintainer or inetnum. I have a lot of inetnum objects which I need the same abuse address for so I would REALLY appriciate not having to change each and everyone of them!.. :) Med venlig hilsen/Best regards Christian Rasmussen Hosting manager, jay.net a/s Smedeland 32, 2600 Glostrup, Denmark Email: noc@jay.net Personal email: chr@corp.jay.net Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301 Produkter / Products: http://hosting.jay.net
-----Original Message----- From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net]On Behalf Of MarcoH Sent: 12. januar 2004 14:51 To: db-wg@ripe.net Subject: Re: [db-wg] abuse-c
Why not simply add "abuse-address" as a MANDATORY attribute in the maintainer object, then Ripe NCC should have to check when creating a maintainer object that the address is valid (eg. send a mail to
On Mon, Jan 12, 2004 at 12:56:53PM +0100, Christian Rasmussen wrote: the address,
Ripe NCC doesn't create the maintainer until their mail has been replied).
It would be relatively simple for all LIRs to add such an attribute to their maintainer object and then for Ripe NCC to check up on those objects missing the attribute. The whois system would of course need to be modified to show the abuse-address attribute when doing a whois, but I don't believe that would be a big problem?
I have some inetnum objects where I would like to get a seperate entry for the abuse address, thus allowing other people (the customer) to handle the 'frontline" abuse things or at least get copied on them.
I think Daniel's proposal handles this nicely, use the abuse-address on the inetnum or where it fails the one on the maintainer object.
I certainly don't want to create an extra maintainer the moment I want to delegate abuse handling to another partie or direct it to a seperate mailbox.
Grtx,
MarcoH
participants (4)
-
Christian Rasmussen -
MarcoH -
Menno Pieters (Stelvio) -
TAYON, Julien