Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Decisions ... Abuse contact

Gregoire EHOUMI gregoire.ehoumi at yahoo.fr
Wed Sep 30 12:48:18 UTC 2020



I agree with Jordi,  there is no valid objection on this policy,  it should go to last call.--Gregoire 
-------- Original message --------From: JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> Date: 2020-09-30 3:28 a.m. (GMT-05:00) To: rpd at afrinic.net Cc: Moses Serugo <moses.serugo at gmail.com> Subject: Re: [rpd] Decisions ... Abuse contact Tks Madhvi, With all this in mind, I’m formally asking to the chairs, as per CPM section 3.5, to reconsider their position regarding this proposal (AFPUB-2018-GEN-001-DRAFT06 - Abuse Contact Policy Update), which should be brought to the last call. Regarding your point c. I already clarified this in the meeting, just want to make sure that you captured it correctly. There is nothing in the CPM that affects legacy holders. In fact, even 5.7 doesn’t affect legacy holders, because 5.7.4.3 *only* affects the transferred resources, when the resources are transferred, and that means it affects the new resource holder “not the legacy holder”. It is a small clarification (not related to this proposal), but I think is key to correctly interpret this point. Regards,Jordi at jordipalet   El 30/9/20 8:20, "Madhvi Gokool" <madhvi at afrinic.net> escribió: Dear Frank/Community members a) In the Impact Assessment, staff assumed that the policy will not impact the legacy resources in the AFRINIC whois database and requested the authors to confirm that this is so.  AFRINIC staff needs to keep this in consideration at the time of implementation(myafrinic and whois business rules) - abuse-c mandatory for non-legacy resources. Staff were therefore satisfied with this confirmation and had not indicated otherwise to the co-chairs and community in the session.b) "AFRINIC is bound by the Mauritian Data Protection Act 2017 (inspired by GDPR). For more information on AFRINIC's Privacy Policy, click on the following link - https://www.afrinic.net/privacy. Thus, implementation of the abuse-c will not impact negatively on AFRINIC's data protection obligations."c) The only policy that affects the legacy resource holders is documented in Section 5.7 of the CPM  - and it regards transfers of legacy resources.  Legacy Holders are not bound by any other resource policies. Staff therefore will confirm with the authors that their policies do not affect legacy resources , especially when implementation will be done on the whois database.  This is  to ensure that the implementation does not negatively impact  how the legacy resource holders manage their resources on the whois database. d) In the Policy Implementation Experience Report during AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the CPM does not enforce a mandatory abuse contact . They also mentioned that they are having to respond to an increase in complaints regarding missing abuse contacts in the number resources in the AFRINIC whois database and that operators have warned that they will filter the resources with no abuse contacts.  Staff are therefore doing the work for the members , as they are bound to respond to any queries that are logged with the AFRINIC service desk.  This situation is not scalable in the long term & AFRINIC invites the community to also ponder on this feedback.Kind RegardsMadhvi-- Madhvi GokoolSenior IP Resources SpecialistAFRINIC Ltd.t:  +230 403 5100 | f: +230 466 6758 | w: www.afrinic.netOn 28/09/2020 8:09 PM, Frank Habicht wrote:Dear chairs, On 21/09/2020 08:32, Frank Habicht wrote:Dear chairs, On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:6.       Abuse Contact Update The proposal makes it mandatory for AFRINIC to include in each resourceregistration, a contact where network abuse from users of thoseresources will be reported.  The proposal whois DB attribute (abuse-c)to be used to publish abuse public contact information. There’s also aprocess to ensure that the recipient must receive abuse report and thatcontacts are validated by AFRINIC regularly. However, there someopposition to the proposal there are: a.                   Staff analysis on how it affects legacy holder notconclusive  (not sure why this should affect legacy holders) b.                  The proposal doesn’t state what will be theconsequences of one member fails to comply. Why are we creating theabuse contact when there is no consequence for not providing the abusecontact c.                   Abuse contact email and issues with GDPR concerningthe whois database d.                  No proper definition of the term Abuse e.                  To force members to reply to their abuse email isnot in the scope of AFRINIC. Chairs Decision: No rough consensusAbout d. "No proper definition of the term Abuse"yes, this was mentioned several times by members opposing.The proposal is about "abuse contacts". it is not about what "abuse" is.there is no need for a definition of "abuse".In my humble opinion the request for a definition of abuse is off-topic. Question: if someone makes a proposal about lame DNS servers in domainobjects for Reverse-DNS, and I object arguing that a definition of RPKIis needed - what would you do with this argument?Q2: can arguments about a proposal be irrelevant to this proposal?Q3: was that the case here? were arguments, that a definition for abuse    is required, irrelevant? I request chairs' response to Q2 and Q3.Dear chairs, requesting a response.Note: chairs said this was a point of opposition.I argue that this was an irrelevant point. About e. "To force members to reply to their abuse email is not in thescope of AFRINIC."Yes, that was mentioned several times.And also this is something the proposal does not do and does not attempt.And all the comments about (d.) above apply.How can people complain that the proposal does something, when theproposal doesn't do that?How can that be a valid objections?Chairs? If irrelevant objections are taken as valid arguments, please note thatI foresee that any future proposal can get rejected and the PDP will bestuck.  About c. "Abuse contact email and issues with GDPR concerning the whoisdatabase"- I didn't see that on the mailing list, can you remind us, or was thatonly during the live session?- there are other contact information in whois. can staff confirmwhether AfriNIC are GDPR compliant?AfriNIC staff: above is a question for you.yes, I think I know the answer, but maybe the ones arguing that this isa problem with the proposed policy don't know the answer. - would that status change if abuse contacts would be added?same... AfriNIC staff, please help.  About b. "The proposal doesn’t state what will be the consequences ofone member fails to comply. Why are we creating the abuse contact whenthere is no consequence for not providing the abuse contact"- I can imagine that AfriNIC would include in their meetingpresentations information regarding how big (in measurable terms) thisproblem is.- from that the WG can discuss and decide if more actions are necessary.Chairs, does my above answer sufficiently address the point b. ofopposition that you had listed as relevant?  About a. "Staff analysis on how it affects legacy holder not conclusive (not sure why this should affect legacy holders)"I didn't see that before, but as is tradition in my part of the world,let me respond to the question with a question:Are legacy holders subject to any for the PDWG's policies?Madhvi, please help: does any policy affect legacy holders?  Thanks,Frank  _______________________________________________RPD mailing listRPD at afrinic.nethttps://lists.afrinic.net/mailman/listinfo/rpd_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd **********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/b15a926b/attachment-0001.html>


More information about the RPD mailing list