Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Decisions ... Abuse contact

Frank Habicht geier at geier.ne.tz
Mon Sep 21 05:32:34 UTC 2020


Dear chairs,

On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:

> 6.       Abuse Contact Update

>

> The proposal makes it mandatory for AFRINIC to include in each resource

> registration, a contact where network abuse from users of those

> resources will be reported.  The proposal whois DB attribute (abuse-c)

> to be used to publish abuse public contact information. There’s also a

> process to ensure that the recipient must receive abuse report and that

> contacts are validated by AFRINIC regularly. However, there some

> opposition to the proposal there are:

>

> a.                   Staff analysis on how it affects legacy holder not

> conclusive  (not sure why this should affect legacy holders)

>

> b.                  The proposal doesn’t state what will be the

> consequences of one member fails to comply. Why are we creating the

> abuse contact when there is no consequence for not providing the abuse

> contact

>

> c.                   Abuse contact email and issues with GDPR concerning

> the whois database

>

> d.                  No proper definition of the term Abuse

>

> e.                  To force members to reply to their abuse email is

> not in the scope of AFRINIC.

>

> Chairs Decision: No rough consensus


About d. "No proper definition of the term Abuse"
yes, this was mentioned several times by members opposing.
The proposal is about "abuse contacts". it is not about what "abuse" is.
there is no need for a definition of "abuse".
In my humble opinion the request for a definition of abuse is off-topic.

Question: if someone makes a proposal about lame DNS servers in domain
objects for Reverse-DNS, and I object arguing that a definition of RPKI
is needed - what would you do with this argument?
Q2: can arguments about a proposal be irrelevant to this proposal?
Q3: was that the case here? were arguments, that a definition for abuse
is required, irrelevant?

I request chairs' response to Q2 and Q3.


About e. "To force members to reply to their abuse email is not in the
scope of AFRINIC."
Yes, that was mentioned several times.
And also this is something the proposal does not do and does not attempt.
And all the comments about (d.) above apply.


If irrelevant objections are taken as valid arguments, please note that
I foresee that any future proposal can get rejected and the PDP will be
stuck.


About c. "Abuse contact email and issues with GDPR concerning the whois
database"
- I didn't see that on the mailing list, can you remind us, or was that
only during the live session?
- there are other contact information in whois. can staff confirm
whether AfriNIC are GDPR compliant?
- would that status change if abuse contacts would be added?


About b. "The proposal doesn’t state what will be the consequences of
one member fails to comply. Why are we creating the abuse contact when
there is no consequence for not providing the abuse contact"
- I can imagine that AfriNIC would include in their meeting
presentations information regarding how big (in measurable terms) this
problem is.
- from that the WG can discuss and decide if more actions are necessary.


About a. "Staff analysis on how it affects legacy holder not conclusive
(not sure why this should affect legacy holders)"
I didn't see that before, but as is tradition in my part of the world,
let me respond to the question with a question:
Are legacy holders subject to any for the PDWG's policies?


Thanks,
Frank



More information about the RPD mailing list