Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Decisions ... Abuse contact

Jaco Kroon jaco at uls.co.za
Wed Sep 30 14:07:23 UTC 2020


Hi,

Others have stated the below too.  I too agree with Jordi, I fail to see
any valid objections to this, as per my earlier emails on the matter.


Kind Regards,
Jaco

On 2020/09/30 09:24, JORDI PALET MARTINEZ via RPD wrote:


> Tks Madhvi,

>

>  

>

> With all this in mind, I’m formally asking to the chairs, as per CPM

> section 3.5, to reconsider their position regarding this proposal

> (AFPUB-2018-GEN-001-DRAFT06 - Abuse Contact Policy Update), which

> should be brought to the last call.**

>

>  

>

> Regarding your point c. I already clarified this in the meeting, just

> want to make sure that you captured it correctly. There is nothing in

> the CPM that affects legacy holders.

>

>  

>

> In fact, even 5.7 doesn’t affect legacy holders, because 5.7.4.3

> **only** affects the transferred resources, when the resources are

> transferred, and that means it affects the new resource holder “not

> the legacy holder”. It is a small clarification (not related to this

> proposal), but I think is key to correctly interpret this point.

>

>  

>

> Regards,

>

> Jordi

>

> @jordipalet

>

>  

>

>  

>

>  

>

> El 30/9/20 8:20, "Madhvi Gokool" <madhvi at afrinic.net

> <mailto:madhvi at afrinic.net>> escribió:

>

>  

>

> Dear Frank/Community members

>

>  

>

> a) In the Impact Assessment, staff assumed that the policy will not

> impact the legacy resources in the AFRINIC whois database and

> requested the authors to confirm that this is so.  AFRINIC staff needs

> to keep this in consideration at the time of implementation(myafrinic

> and whois business rules) - abuse-c mandatory for non-legacy

> resources. Staff were therefore satisfied with this confirmation and

> had not indicated otherwise to the co-chairs and community in the session.

>

> b) "AFRINIC is bound by the Mauritian Data Protection Act 2017

> (inspired by GDPR). For more information on AFRINIC's Privacy Policy,

> click on the following link - https://www.afrinic.net/privacy. Thus,

> implementation of the abuse-c will not impact negatively on AFRINIC's

> data protection obligations."

>

> c) The only policy that affects the legacy resource holders is

> documented in Section 5.7 of the CPM  - and it regards transfers of

> legacy resources.  Legacy Holders are not bound by any other resource

> policies.

>

> Staff therefore will confirm with the authors that their policies do

> not affect legacy resources , especially when implementation will be

> done on the whois database.  This is  to ensure that the

> implementation does not negatively impact  how the legacy resource

> holders manage their resources on the whois database.

>

> d) In the Policy Implementation Experience Report during

> AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the CPM

> does not enforce a mandatory abuse contact . They also mentioned that

> they are having to respond to an increase in complaints regarding

> missing abuse contacts in the number resources in the AFRINIC whois

> database and that operators have warned that they will filter the

> resources with no abuse contacts.  Staff are therefore doing the work

> for the members , as they are bound to respond to any queries that are

> logged with the AFRINIC service desk.  This situation is not scalable

> in the long term & AFRINIC invites the community to also ponder on

> this feedback.

>

> Kind Regards

>

> Madhvi

>

> --

> Madhvi Gokool

> Senior IP Resources Specialist

> AFRINIC Ltd.

> t:  +230 403 5100 | f: +230 466 6758 |

> w: www.afrinic.net <http://www.afrinic.net>

>

> On 28/09/2020 8:09 PM, Frank Habicht wrote:

>

> Dear chairs,

>

>  

>

> On 21/09/2020 08:32, Frank Habicht wrote:

>

> Dear chairs,

>

>  

>

> On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:

>

> 6.       Abuse Contact Update

>

>  

>

> The proposal makes it mandatory for AFRINIC to include in each resource

>

> registration, a contact where network abuse from users of those

>

> resources will be reported.  The proposal whois DB attribute (abuse-c)

>

> to be used to publish abuse public contact information. There’s also a

>

> process to ensure that the recipient must receive abuse report and that

>

> contacts are validated by AFRINIC regularly. However, there some

>

> opposition to the proposal there are:

>

>  

>

> a.                   Staff analysis on how it affects legacy holder not

>

> conclusive  (not sure why this should affect legacy holders)

>

>  

>

> b.                  The proposal doesn’t state what will be the

>

> consequences of one member fails to comply. Why are we creating the

>

> abuse contact when there is no consequence for not providing the abuse

>

> contact

>

>  

>

> c.                   Abuse contact email and issues with GDPR concerning

>

> the whois database

>

>  

>

> d.                  No proper definition of the term Abuse

>

>  

>

> e.                  To force members to reply to their abuse email is

>

> not in the scope of AFRINIC.

>

>  

>

> Chairs Decision: No rough consensus

>

> About d. "No proper definition of the term Abuse"

>

> yes, this was mentioned several times by members opposing.

>

> The proposal is about "abuse contacts". it is not about what "abuse" is.

>

> there is no need for a definition of "abuse".

>

> In my humble opinion the request for a definition of abuse is off-topic.

>

>  

>

> Question: if someone makes a proposal about lame DNS servers in domain

>

> objects for Reverse-DNS, and I object arguing that a definition of RPKI

>

> is needed - what would you do with this argument?

>

> Q2: can arguments about a proposal be irrelevant to this proposal?

>

> Q3: was that the case here? were arguments, that a definition for abuse

>

>     is required, irrelevant?

>

>  

>

> I request chairs' response to Q2 and Q3.

>

> Dear chairs, requesting a response.

>

> Note: chairs said this was a point of opposition.

>

> I argue that this was an irrelevant point.

>

>  

>

> About e. "To force members to reply to their abuse email is not in the

>

> scope of AFRINIC."

>

> Yes, that was mentioned several times.

>

> And also this is something the proposal does not do and does not attempt.

>

> And all the comments about (d.) above apply.

>

> How can people complain that the proposal does something, when the

>

> proposal doesn't do that?

>

> How can that be a valid objections?

>

> Chairs?

>

>  

>

> If irrelevant objections are taken as valid arguments, please note that

>

> I foresee that any future proposal can get rejected and the PDP will be

>

> stuck.

>

>  

>

>  

>

> About c. "Abuse contact email and issues with GDPR concerning the whois

>

> database"

>

> - I didn't see that on the mailing list, can you remind us, or was that

>

> only during the live session?

>

> - there are other contact information in whois. can staff confirm

>

> whether AfriNIC are GDPR compliant?

>

> AfriNIC staff: above is a question for you.

>

> yes, I think I know the answer, but maybe the ones arguing that this is

>

> a problem with the proposed policy don't know the answer.

>

>  

>

> - would that status change if abuse contacts would be added?

>

> same... AfriNIC staff, please help.

>

>  

>

>  

>

> About b. "The proposal doesn’t state what will be the consequences of

>

> one member fails to comply. Why are we creating the abuse contact when

>

> there is no consequence for not providing the abuse contact"

>

> - I can imagine that AfriNIC would include in their meeting

>

> presentations information regarding how big (in measurable terms) this

>

> problem is.

>

> - from that the WG can discuss and decide if more actions are necessary.

>

> Chairs, does my above answer sufficiently address the point b. of

>

> opposition that you had listed as relevant?

>

>  

>

>  

>

> About a. "Staff analysis on how it affects legacy holder not conclusive

>

> (not sure why this should affect legacy holders)"

>

> I didn't see that before, but as is tradition in my part of the world,

>

> let me respond to the question with a question:

>

> Are legacy holders subject to any for the PDWG's policies?

>

> Madhvi, please help: does any policy affect legacy holders?

>

>  

>

>  

>

> Thanks,

>

> Frank

>

>  

>

>  

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

>

> _______________________________________________ RPD mailing list

> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> The IPv6 Company

>

> This electronic message contains information which may be privileged

> or confidential. The information is intended to be for the exclusive

> use of the individual(s) named above and further non-explicilty

> authorized disclosure, copying, distribution or use of the contents of

> this information, even if partially, including attached files, is

> strictly prohibited and will be considered a criminal offense. If you

> are not the intended recipient be aware that any disclosure, copying,

> distribution or use of the contents of this information, even if

> partially, including attached files, is strictly prohibited, will be

> considered a criminal offense, so you must reply to the original

> sender to inform about this communication and delete it.

>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/42aa43b3/attachment-0001.html>


More information about the RPD mailing list