Hi, > I raise question to services WG: > > How it's possible that an employees of RIPE NCC interprets standard > terminology in such strange way and bends the written rules in the direction > they are not written? > > Who approved the blocking of the entire subnet, when even AUP exactly says > that IP addresses should be blocked in case of violation? Who is responsible > for this creativity? > > I would like to hear the answers, because it seems that there is anarchy in > NCC and the developers implements what they want, not what they should (with > respect to published rules/documents).
I think this could be phrased a little more constructively. I believe it is pretty common to rate-limit based on the /32 for IPv4 and the /64 for IPv6, this isn’t something the NCC has invented. Personally I think pragmatism might win out against literal interpretation — especially as this doesn’t appear to be something that many users are noticing. We could have an endless discussion on why IP addresses are locators rather than identifiers, so poor metrics for preventing abuse, but without enforcing a login to query the database, they’re all we’ve got. The AUP states that an individual IP address cannot request > 1,000 personal data sets in 24 hours. It does not state that every IP address can query up to 1,000 personal data sets. In my opinion, that doesn’t prohibit the database from proactively defending itself by blocking a larger related prefix, especially referring to the footnote in the AUP on the basis of ‘reasonable use.' The subsequent discussion appears to have two ways forward: 1. Making ‘-r’ the default so personal data is not returned by default. 2. Tweaking the rate limiting so that the /128 is blocked initially, but blocking the /64 if there are more rapid queries from the same /64. Both of those seem like items that could become NWIs if the DB-WG agrees to them, noting that Ed has commented that the latter could involve a greater amount of work, so other things might have higher priority. Cheers, Rob [Speaking for myself, but paying attention because the NCC Services WG was tagged.] ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
