Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Decisions ... Abuse contact

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Wed Sep 30 07:24:59 UTC 2020


Tks Madhvi,



With all this in mind, I’m formally asking to the chairs, as per CPM section 3.5, to reconsider their position regarding this proposal (AFPUB-2018-GEN-001-DRAFT06 - Abuse Contact Policy Update), which should be brought to the last call.



Regarding your point c. I already clarified this in the meeting, just want to make sure that you captured it correctly. There is nothing in the CPM that affects legacy holders.



In fact, even 5.7 doesn’t affect legacy holders, because 5.7.4.3 *only* affects the transferred resources, when the resources are transferred, and that means it affects the new resource holder “not the legacy holder”. It is a small clarification (not related to this proposal), but I think is key to correctly interpret this point.



Regards,

Jordi

@jordipalet







El 30/9/20 8:20, "Madhvi Gokool" <madhvi at afrinic.net> escribió:



Dear Frank/Community members



a) In the Impact Assessment, staff assumed that the policy will not impact the legacy resources in the AFRINIC whois database and requested the authors to confirm that this is so. AFRINIC staff needs to keep this in consideration at the time of implementation(myafrinic and whois business rules) - abuse-c mandatory for non-legacy resources. Staff were therefore satisfied with this confirmation and had not indicated otherwise to the co-chairs and community in the session.

b) "AFRINIC is bound by the Mauritian Data Protection Act 2017 (inspired by GDPR). For more information on AFRINIC's Privacy Policy, click on the following link - https://www.afrinic.net/privacy. Thus, implementation of the abuse-c will not impact negatively on AFRINIC's data protection obligations."

c) The only policy that affects the legacy resource holders is documented in Section 5.7 of the CPM - and it regards transfers of legacy resources. Legacy Holders are not bound by any other resource policies.

Staff therefore will confirm with the authors that their policies do not affect legacy resources , especially when implementation will be done on the whois database. This is to ensure that the implementation does not negatively impact how the legacy resource holders manage their resources on the whois database.

d) In the Policy Implementation Experience Report during AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the CPM does not enforce a mandatory abuse contact . They also mentioned that they are having to respond to an increase in complaints regarding missing abuse contacts in the number resources in the AFRINIC whois database and that operators have warned that they will filter the resources with no abuse contacts. Staff are therefore doing the work for the members , as they are bound to respond to any queries that are logged with the AFRINIC service desk. This situation is not scalable in the long term & AFRINIC invites the community to also ponder on this feedback.

Kind Regards

Madhvi
--
Madhvi Gokool
Senior IP Resources Specialist
AFRINIC Ltd.
t:  +230 403 5100 | f: +230 466 6758 |
w: www.afrinic.net
On 28/09/2020 8:09 PM, Frank Habicht wrote:
Dear chairs,

On 21/09/2020 08:32, Frank Habicht wrote:
Dear chairs,

On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:
6. Abuse Contact Update

The proposal makes it mandatory for AFRINIC to include in each resource
registration, a contact where network abuse from users of those
resources will be reported. The proposal whois DB attribute (abuse-c)
to be used to publish abuse public contact information. There’s also a
process to ensure that the recipient must receive abuse report and that
contacts are validated by AFRINIC regularly. However, there some
opposition to the proposal there are:

a. Staff analysis on how it affects legacy holder not
conclusive (not sure why this should affect legacy holders)

b. The proposal doesn’t state what will be the
consequences of one member fails to comply. Why are we creating the
abuse contact when there is no consequence for not providing the abuse
contact

c. Abuse contact email and issues with GDPR concerning
the whois database

d. No proper definition of the term Abuse

e. To force members to reply to their abuse email is
not in the scope of AFRINIC.

Chairs Decision: No rough consensus
About d. "No proper definition of the term Abuse"
yes, this was mentioned several times by members opposing.
The proposal is about "abuse contacts". it is not about what "abuse" is.
there is no need for a definition of "abuse".
In my humble opinion the request for a definition of abuse is off-topic.

Question: if someone makes a proposal about lame DNS servers in domain
objects for Reverse-DNS, and I object arguing that a definition of RPKI
is needed - what would you do with this argument?
Q2: can arguments about a proposal be irrelevant to this proposal?
Q3: was that the case here? were arguments, that a definition for abuse
    is required, irrelevant?

I request chairs' response to Q2 and Q3.
Dear chairs, requesting a response.
Note: chairs said this was a point of opposition.
I argue that this was an irrelevant point.

About e. "To force members to reply to their abuse email is not in the
scope of AFRINIC."
Yes, that was mentioned several times.
And also this is something the proposal does not do and does not attempt.
And all the comments about (d.) above apply.
How can people complain that the proposal does something, when the
proposal doesn't do that?
How can that be a valid objections?
Chairs?

If irrelevant objections are taken as valid arguments, please note that
I foresee that any future proposal can get rejected and the PDP will be
stuck.


About c. "Abuse contact email and issues with GDPR concerning the whois
database"
- I didn't see that on the mailing list, can you remind us, or was that
only during the live session?
- there are other contact information in whois. can staff confirm
whether AfriNIC are GDPR compliant?
AfriNIC staff: above is a question for you.
yes, I think I know the answer, but maybe the ones arguing that this is
a problem with the proposed policy don't know the answer.

- would that status change if abuse contacts would be added?
same... AfriNIC staff, please help.


About b. "The proposal doesn’t state what will be the consequences of
one member fails to comply. Why are we creating the abuse contact when
there is no consequence for not providing the abuse contact"
- I can imagine that AfriNIC would include in their meeting
presentations information regarding how big (in measurable terms) this
problem is.
- from that the WG can discuss and decide if more actions are necessary.
Chairs, does my above answer sufficiently address the point b. of
opposition that you had listed as relevant?


About a. "Staff analysis on how it affects legacy holder not conclusive
(not sure why this should affect legacy holders)"
I didn't see that before, but as is tradition in my part of the world,
let me respond to the question with a question:
Are legacy holders subject to any for the PDWG's policies?
Madhvi, please help: does any policy affect legacy holders?


Thanks,
Frank


_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/aedc26aa/attachment-0001.html>


More information about the RPD mailing list