Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] abuse contact information in whois database (AFPUB-2010-GEN-002)

Tobias Knecht tk at abusix.com
Thu Jun 17 02:47:06 UTC 2010 

> Because an IRT object has so much extra information in it it needs to
> be carefully parsed before the information can be used. Your new
> proposal for a far simpler protocol would not require that extra data
> and so would not require an IRT object. For instance:
> 
> QUERY: 192.0.2.18 RESPONSE: abuse at example.net

It would require any kind of abuse-c, IRT, dedicated object.

My fear with this is, that the same thing will happen, that happened at
RIPE. We decide today to use abuse-c and in a few years there will be
certs coming and asking for the IRT and than there will be other people
asking for another way because the existing is to whatever.

The IRT Object has everything that is used and needed at RIPE today.
APNIC will do the same and forces people to use it. I can live with a
non mandatory IRT Object (with a mandatory abuse-mailbox attribute).

And that way we should be all set for future. And if there might be
changes, those could be discussed in a community decision between APNIC,
RIPE and AfriNIC.


The next proposal which I'm working on at the moment with the APNIC
policy office is the Frequent Update Request for Objects, which was
brought up while the discussion was ongoing about the IRT in the APNIC
policy list.

This will ask APNIC to send a yearly reminder to members and ask them to
update or verify their object data. Not to force them to do so, just to
remind them.


The third one will be the DNS Based Frontend. This depends a little bit
on what RIPE is doing with the abuse-finder which in my eyes is a really
cool thing, but may be to complicated, because there are easier ways.


This just as a little outlook.



> You don't need to extract the e-mail address from the object in the
> response. Instead, you just make sure that it is a valid address. Far
> simpler.

Yes but, it is not only about a address to send automatic notifications.
It is about an address for personal contact. and phone number, fax
number, what ever. The Full information should be stored in the whois
and therefore we are asking for a full object.

And I just using a address found in the whois makes things more bizarre
for members, because then they will be completely confused on what is
happening.

> I suspect the problem here is not the complexity of the protocol but
> in getting agreement from all the relevant IRs to implement it.

Do you mean RIRs? Yes might be, but if 2 or 3 start doing it and make
good experience with it, why should the others don't do it. And at the
end there will be such a service (abusix) not as good as a RIR can do,
because the SQL query is much easier and cheaper than loads of whois
queries, but this will be an alternative for non cooperating RIRs.


Thanks,

Tobias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20100617/bce571da/attachment.sig>

More information about the RPD mailing list