Search RPD Archives
[rpd] Opposing the last call made on the review policy
Paschal Ochang
pascosoft at gmail.com
Tue Dec 4 17:55:54 UTC 2018
Yes Owen clearly speaking a two way verification process has to be
initiated whereby the allegations made by the accuser has to be verified
and the targeted organisation also has to be investigated. Penalties for
false accusations also needs to be factored in.
It will also like to even know the timeline to achieve this process as
obviously it will be huge on the target organisation and Afrinic as a whole
and I think this is worrisome.
On Tuesday, December 4, 2018, Owen DeLong <owen at delong.com> wrote:
> The random process is a concern as well, but I have less concern with it
> (assuming it is truly random and I somewhat trust AfriNIC staff to be fair
> in implementing a technology based randomization process). My bigger
> problem is with the ability for an arbitrary third party to, under this
> proposal, make an accusation with no basis in fact and no supporting
> evidence triggering a huge amount of work on the part of both AfriNIC and
> the target organization.
>
> Essentially this opens up a new gaping vector for a form of denial of
> service attack that can be exploited by persons or organizations who wish t
> cause difficulty for an AfriNIC resource holder.
>
> Owen
>
>
> On Dec 4, 2018, at 03:08 , Paschal Ochang <pascosoft at gmail.com> wrote:
>
> This problem is indirectly tied to my concern about this policy which I
> raised in Dakar and Hammamet as well. I have always pointed out that the
> selection process adopted by the policy for auditing allows room for witch
> hunting and the algorithm is not clear on how all companies can be selected
> at random and still get all of them audited. Secondly a member can target
> another member without major cause and the consequences for doing so
> incorrectly is not explicit.
>
> On Tuesday, December 4, 2018, Frank Habicht <geier at geier.ne.tz> wrote:
>
>> Hi,
>>
>> On 04/12/2018 02:30, Owen DeLong wrote:
>>
>>> The review in the RSA does not allow for any random party to force
>>> AfriNIC to initiate such a costly and burdensome process against any
>>> particular member without probable cause to do so. The proposed policy does.
>>>
>>
>> Yes. That is my main problem with the proposal. Thanks, Owen, for putting
>> it that clearly.
>>
>> a) have the authors accepted this as a valid problem with the proposal?
>> b) if yes, was it addressed?
>> c) if no, why not?
>>
>> silence from authors will be interpreted as non-cooperation regarding
>> valid concerns.
>>
>> Thanks,
>>
>> Frank
>>
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
>>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20181204/c8da2cd9/attachment.html>
More information about the RPD
mailing list