Jacob Slater via db-wg wrote on 29/07/2019 06:25:
In this context, RIPE's published guidelines on due diligence
(https://www.ripe.net/publications/docs/ripe-700) cover what exactly is
checked. From my experience, the guidelines are always enforced as written.
As you mention, due to a variety of factors (based primarily on
differences in jurisdiction), this process isn't always perfect. I'm
sure the NCC deals with at least some of fraudulent activity as a result
of the flaws you mention. Unfortunately, short of drastic measures (such
as prohibiting certain jurisdictions from requesting resources), I can't
see an easy way to improve the current situation.
Do you have a suggestion for how the process could be improved?
Would it be feasible for the RIPE NCC to add a read-only record to org:
objects which provided the date of the last due diligence check? E.g.
something like
organisation: ORG-FNL99-RIPE
org-name: Foo Networks Limited
org-type: LIR
[...]
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
abuse-c: FOO2000-RIPE
created: 2019-01-01T01:01:01Z
last-modified: 2019-01-01T01:01:01Z
due-diligence: 2019-07-01T12:00:00Z
source: RIPE
Otherwise it doesn't look like it's easy to heuristically work out
whether due diligence has been carried out on a particular object or not.
Nick
