There are a couple of points to be made here, and sorry for the tardiness:
The policy is not introducing a revolutionary concept, as many commenters
pointed out, it is basically a representation of an established internet good
practice where technical/admin contacts are real channels through which
pertinent communication can easily reach whomever needs to take action. It is
not a "security theatre", because this is not a geopolitical discussion but
rather a technical mean to make sure that the internet ecosystem is a bit more
In fact, the impact analysis mentions that the RIPE NCC estimates that 10-25%
of the current abuse contact emails seems to be technically incorrect, and the
key aspect to take into consideration is here the technical lack of correctness
of such addresses, which result in technical faults, such as for example the
ultimate inability of communicating a message to the desired receiver due to a
non-functioning, outdated, or misspelled mail address. The proposed policy
change was drafted with this in mind, and the expectation is that it will
likely increase the chance that an abuse report can be send to a working
address, thus probably making a huge lot of sysadmins very happy - and not only
This policy will not bestow upon RIPE NCC new and extraordinary powers : the
extreme measure (and I'd like to underline the term extreme as ultima ratio
measure) of proceeding to close an account is the very last resort, and comes
as a consequence of a non-responsive behaviour during a significantly extended
period of time. Internet is fast, action upon errors has to happen
(understandingly fast) : a lack of care in this respect shows a lack of care
for the ecosystem itself, and such behaviour should not be encouraged.
Moreover, it reflects an existing process based on current policies and
procedures: this particular policy change would only expose ADDITIONAL
incorrect contact information to this process, as the RIPE NCC would be enabled
to identify incorrect abuse contact emails proactively rather than lagging
behind, acting retroactively when receiving an external report about it.
On the question why only abuse-c was subject to a specific policy, the reason
is due to the prominence such entry: surely a policy could extend beyond that.
On the claim that abuse-c checks are useless, this is a point to strongly
object: inaccurate information is detrimental to all, leads to all kind of
complications which can be easily solved with keeping records straight,
channels open for communication.
Every member can collaborate an put forward policy proposals, and it is down to
the whole membership to promote or reject the idea, not the member, as everyone
is equally engaged as part of the same ecosystem.
Hervé & Sara
From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of
Sent: 17 February 2018 22:19
Subject: Re: [anti-abuse-wg] 2017-02 Review Phase Reminder
On 2018-02-17 19:00:22 CET, Herve Clement wrote:
I'v stated my opinion and rationale - thank you for your respect.
Hope WG Chair will take my opinion (stated before the end of 16 Feb) in account.
> Just two things before additional answers beginning of next week:
> - We've already explained that there's no additional "extraordinary
> power" given to the RIPE NCC via this proposal: the very potential
> possibility of an LIR closure exists in the current policies (cf. my
> message dated 24th January)
I'v seen those mails. I just want to clarify - it's my beliefs (bad) against
your beliefs (good).
If RIPE NCC Managing director have joined this discussion, clarifying
procedures of non-financial LIR closure and/or resource revocation - i would
agree with you.
Otherwise "very potencial possibility" might become "exactly".
There is very well working procedure of non-payment closure. Unless there is
exaclty well working and accepted procedure for other reasons of closure - we
have to be very accurate with easily violatable policies. (I'v seen brand new
> - You've the right not to agree, that's something I respect. That's not a
> reason to judge presentations "funny" or proposals "as theater"...
Please, do not take my judgement so personal, i have reasons to not agree with
this policy, which i'm explaning you here.
Policy that gives no significant and actual change - is a theater.
(well, "security theater" is US definition of ineffective but demonstrative
activities related to security) And i have another reason for stating that.
This theater already had it's pre-premiere perfomance called "Law Enforcement
Engagement with the RIPE Policy Development Process":
For me it looks like "propose something, just to show that LEAs are involved in
activity related to security".
And about "funny" proposal presentation. Let's have some quotes:
"essential part of the accountability of the RIPE community", "undermines the
effectiveness of the policy", "Improving the trust and safety of the IP address
space is a priority for the RIPE community","essential to ensure the
efficiency","essential to establish a trusted and transparent environment" -
these are so bombastic and sonorous, compared to 1 paragraph of policy change ,
which will actualy change nothing in abuse handling behavior, so i can't call
it rather than funny.
At least you had chance to pre-validate all abuse-c contacts available now in
database and provide stats in policy rationale.
I will change my opinion, if Europol (or any other LEA) could provide any
evidence, that incorrect abuse-c: which stayed in database longer than 1 year
led to something terrible like homicid. Or not so terrible, like unpaid
parking, at least.
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
DISCLAIMER : This message is sent in confidence and is only intended for the
named recipient. If you receive this message by mistake, you may not use, copy,
distribute or forward this message, or any part of its contents or rely upon
the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails
from any computer. This message does not constitute a commitment by Europol
unless otherwise indicated.