Creative forgery engaged in by fraudulent resource holders is good, it lets
people use that forgery first as an indication of badness and second as a way
to search for more of the same.
Hiding it would be counter productive to the extreme especially as we may not
be able to trust the LIR in at
Hi Angel
On Tue, 7 Jun 2022 at 03:09, Ángel González Berdasco
wrote:
>
> denis wrote:
> In a previous mail you mentioned:
> > When these people apply to be a member I am sure the RIPE NCC requires
> > proof of identity and proof of address.
>
> but -being slightly more skeptic- I would like to
Gert Doering wrote:
> Hi,
>
> "whois, as in 'this particular way users interface with the DB'" :-)
>
> (I'm aware it's the server doing this - which makes changing the
> implementation easier, as it's "just one place" - but in the end,
> "it needs to be done" which was the point I tried to make
Cynthia Revström writes:
> I think this sounds like a good idea as someone who is also very much
> interested in security.
>
>
> However I think the implementation details should be discussed in the
> db-wg as opposed to the aa-wg.
>
>
> -Cynthia
It affects both anti-abuse and db-wg. If
Hi,
On Tue, Jun 07, 2022 at 06:07:13PM +, Ángel González Berdasco wrote:
> > "whois" would need some help (as it today only returns one abuse e-
> > mail), but that's implementation
> >
> > $ whois 195.30.0.1
> > % Abuse contact for '195.30.0.0 - 195.30.0.255' is 'ab...@space.net'
>
>
Gert Doering writes:
> Hi,
>
> On Tue, Jun 07, 2022 at 12:36:10PM +, Ángel González Berdasco via
> anti-abuse-wg wrote:
> > abuse-c: GROBECKER-ABUSE
> >
> > and the GROBECKER-ABUSE object:
> > abuse-mailbox: gene...@abuse.grobecker.info
> > abuse-mailbox-vulnerable:
> >
Colleagues,
I believe that the current conversation on "personal data in the RIPE Database"
has reached a point of a lot more heat than light. I would ask that people step
away from the topic and consider how to engage with the proposal, rather than
the people involved in the conversation.
If
I think this sounds like a good idea as someone who is also very much
interested in security.
However I think the implementation details should be discussed in the db-wg
as opposed to the aa-wg.
-Cynthia
On Tue, Jun 7, 2022, 13:46 Gert Doering wrote:
> Hi,
>
> On Tue, Jun 07, 2022 at
Hi,
On Tue, Jun 07, 2022 at 12:36:10PM +, Ángel González Berdasco via
anti-abuse-wg wrote:
> abuse-c: GROBECKER-ABUSE
>
> and the GROBECKER-ABUSE object:
> abuse-mailbox: gene...@abuse.grobecker.info
> abuse-mailbox-vulnerable: vulnerability-repo...@abuse.grobecker.info
>
El mar, 07-06-2022 a las 13:14 +0200, Gert Doering escribió:
> Hi,
>
> On Tue, Jun 07, 2022 at 11:02:19AM +, Ángel González Berdasco via
> anti-abuse-wg wrote:
> > I don't think the problem would be to add a new attribute if
> needed.
> > The problem would be to *define* what should go there
This is correct but additionally, I don’t see how adding a separate security
contact resolves the problem of outdated or misdirected (as in, not from your
network) compromise incident reports.
You don’t have to break into your customers offices to patch their machines.
You can just as well acl
> On 7 Jun 2022, at 12:14, Gert Doering wrote:
>
> Hi,
>
> On Tue, Jun 07, 2022 at 11:02:19AM +, Ángel González Berdasco via
> anti-abuse-wg wrote:
>> I don't think the problem would be to add a new attribute if needed.
>> The problem would be to *define* what should go there (and then
Hi,
On Tue, Jun 07, 2022 at 11:02:19AM +, Ángel González Berdasco via
anti-abuse-wg wrote:
> I don't think the problem would be to add a new attribute if needed.
> The problem would be to *define* what should go there (and then get
> everyone downstream to use that new attribute)
This...
On 07-06-2022 12:42 +0200, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 07, 2022 at 12:35:47PM +0200, denis walker wrote:
> > You could add an optional attribute "security-mailbox:" alongside
> > the
> > "abuse-mailbox:". If present it could be returned in a query with
> > the
> > abuse-mailbox
Hi,
On Tue, Jun 07, 2022 at 12:35:47PM +0200, denis walker wrote:
> You could add an optional attribute "security-mailbox:" alongside the
> "abuse-mailbox:". If present it could be returned in a query with the
> abuse-mailbox address by default, or with a specific query. Or
> reference it
Hi Guys
You could add an optional attribute "security-mailbox:" alongside the
"abuse-mailbox:". If present it could be returned in a query with the
abuse-mailbox address by default, or with a specific query. Or
reference it separately with a "sec-c:" attribute.
cheers
denis
co-chair DB-WG
On
Hi,
On Tue, Jun 07, 2022 at 11:45:05AM +0200, Max Grobecker wrote:
> TL;DR:
> Should there be an optional contact for sending security information to (i.e.
> about vulnerable services),
> which can be different from the abuse contact?
I see the problem, and maybe we need to re-think the
Moin-Moin and hello,
TL;DR:
Should there be an optional contact for sending security information to (i.e.
about vulnerable services),
which can be different from the abuse contact?
Background:
We get a reasonable amount of security information sent to our abuse mailbox
about
things like
On Tue, 7 Jun 2022 at 03:32, Ronald F. Guilmette wrote:
>
> In message
>
> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= wrote:
>
> >AFAIK the "org-name" attribute on the organisation object does get
> >verified if the organisation is a LIR or an end user that has received
> >resources directly from the
Hi Suresh
On Tue, 7 Jun 2022 at 10:06, Suresh Ramasubramanian wrote:
>
> This tirade about Ronald is if anything, quite overblown
The only thing that is overblown is his attitude. If he cut out all
the personal insults and attempts to bully people to agree with him we
might have a better
This tirade about Ronald is if anything, quite overblown
Various csirt reps for example, and Richard Clayton, have raised valid concerns
with your proposal.
It is still quite likely to pass, like many such proposals in the past, because
of the old boy network that passes for rough consensus
On Tue, 7 Jun 2022 at 01:45, Ronald F. Guilmette wrote:
>
> In message
>
> denis walker wrote:
>
> >The bottom line is that there are honest, law abiding people who are,
> >or would like to be, resource holders but are exposed to considerable
> >personal danger by making their name and address
22 matches
Mail list logo