Hi all,

There are a couple of points to be made here, and sorry for the tardiness: 
The policy is not introducing a revolutionary concept, as many commenters 
pointed out, it is basically a representation of an established internet good 
practice where technical/admin contacts are real channels through which 
pertinent communication can easily reach whomever needs to take action. It is 
not a "security theatre",  because this is not a geopolitical discussion but 
rather a technical mean to make sure that the internet ecosystem is a bit more 
In fact, the impact analysis mentions that the RIPE NCC estimates that 10-25% 
of the current abuse contact emails seems to be technically incorrect, and the 
key aspect to take into consideration is here the technical lack of correctness 
of such addresses, which result in technical faults, such as for example the 
ultimate inability of communicating a message to the desired receiver due to a 
non-functioning, outdated, or misspelled mail address. The proposed policy 
change was drafted with this in mind, and the expectation is that it will 
likely increase the chance that an abuse report can be send to a working 
address, thus probably making a huge lot of sysadmins very happy - and not only 
This policy will not bestow upon RIPE NCC new and extraordinary powers : the 
extreme measure (and I'd like to underline the term extreme as ultima ratio 
measure) of proceeding to close an account is the very last resort, and comes 
as a consequence of a non-responsive behaviour during a significantly extended 
period of time. Internet is fast, action upon errors has to happen 
(understandingly fast) : a lack of care in this respect shows a lack of care 
for the ecosystem itself, and such behaviour should not be encouraged. 
Moreover, it reflects an existing process based on current policies and 
procedures: this particular policy change would only expose ADDITIONAL 
incorrect contact information to this process, as the RIPE NCC would be enabled 
to identify incorrect abuse contact emails proactively rather than lagging 
behind, acting retroactively when receiving an external report about it. 
On the question why only abuse-c was subject to a specific policy, the reason 
is due to the prominence such entry: surely a policy could extend beyond that.
On the claim that abuse-c checks are useless, this is a point to strongly 
object: inaccurate information is detrimental to all, leads to all kind of 
complications which can be easily solved with keeping records straight, 
channels open for communication. 
Every member can collaborate an put forward policy proposals, and it is down to 
the whole membership to promote or reject the idea, not the member, as everyone 
is equally engaged as part of the same ecosystem.
Kind regards,
Hervé & Sara

-----Original Message-----
From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of 
Alexander Isavnin
Sent: 17 February 2018 22:19
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2017-02 Review Phase Reminder

Dear Herve!

On 2018-02-17 19:00:22 CET, Herve Clement wrote:
> Alexander,
I'v stated my opinion and rationale - thank you for your respect.

Hope WG Chair will take my opinion (stated before the end of 16 Feb) in account.

> Just two things before additional answers beginning of next week: 
> - We've already explained that there's no additional "extraordinary 
> power" given to the RIPE NCC via this proposal: the very potential 
> possibility of an LIR closure exists in the current policies (cf. my 
> message dated 24th January)

I'v seen those mails. I just want to clarify - it's my beliefs (bad) against 
your beliefs (good).

If RIPE NCC Managing director have joined this discussion, clarifying 
procedures of non-financial LIR closure and/or resource revocation - i would 
agree with you. 
Otherwise "very potencial possibility" might become "exactly".
There is very well working procedure of non-payment closure. Unless there is 
exaclty well working and accepted procedure for other reasons of closure - we 
have to be very accurate with easily violatable policies. (I'v seen brand new 

> - You've the right not to agree, that's something I respect. That's not a 
> reason to judge presentations "funny" or proposals "as theater"...
Please, do not take my judgement so personal, i have reasons to not agree with 
this policy, which i'm explaning you here.
Policy that gives no significant and actual change - is a theater. 
(well, "security theater" is US definition of ineffective but demonstrative 
activities related to security) And i have another reason for stating that. 
This theater already had it's pre-premiere perfomance called "Law Enforcement 
Engagement with the RIPE Policy Development Process":
For me it looks like "propose something, just to show that LEAs are involved in 
activity related to security".

And about "funny" proposal presentation. Let's have some quotes: 
"essential part of the accountability of the RIPE community", "undermines the 
effectiveness of the policy", "Improving the trust and safety of the IP address 
space is a priority for the RIPE community","essential to ensure the 
efficiency","essential to establish a trusted and transparent environment" - 
these are so bombastic and sonorous, compared to 1 paragraph of policy change , 
which will actualy change nothing in abuse handling behavior, so i can't call 
it rather than funny.

At least you had chance to pre-validate all abuse-c contacts available now in 
database and provide stats in policy rationale. 

I will change my opinion, if Europol (or any other LEA) could provide any 
evidence, that incorrect abuse-c: which stayed in database longer than 1 year 
led to something terrible like homicid. Or not so terrible, like unpaid 
parking, at least. 

Kind regards,
Alexander Isavnin

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum


DISCLAIMER : This message is sent in confidence and is only intended for the 
named recipient. If you receive this message by mistake, you may not use, copy, 
distribute or forward this message, or any part of its contents or rely upon 
the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails 
from any computer. This message does not constitute a commitment by Europol 
unless otherwise indicated.


Reply via email to