Search RPD Archives
[rpd] Decisions ... Abuse contact
Mark Elkins
mje at posix.co.za
Wed Sep 30 17:02:46 UTC 2020
I also agree with Jordi, I fail to see any valid objections to this.
In South Africa, many members are also members of ISPA. Periodically,
ISPA will send an e-mail to the (mandatory) abuse email contact for each
member - and it's a competition to see who replies first!
On 2020/09/30 09:24, JORDI PALET MARTINEZ via RPD wrote:
> Tks Madhvi,
>
> With all this in mind, I’m formally asking to the chairs, as per CPM
> section 3.5, to reconsider their position regarding this proposal
> (AFPUB-2018-GEN-001-DRAFT06 - Abuse Contact Policy Update), which
> should be brought to the last call.**
>
> Regarding your point c. I already clarified this in the meeting, just
> want to make sure that you captured it correctly. There is nothing in
> the CPM that affects legacy holders.
>
> In fact, even 5.7 doesn’t affect legacy holders, because 5.7.4.3
> **only** affects the transferred resources, when the resources are
> transferred, and that means it affects the new resource holder “not
> the legacy holder”. It is a small clarification (not related to this
> proposal), but I think is key to correctly interpret this point.
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 30/9/20 8:20, "Madhvi Gokool" <madhvi at afrinic.net
> <mailto:madhvi at afrinic.net>> escribió:
>
> Dear Frank/Community members
>
> a) In the Impact Assessment, staff assumed that the policy will not
> impact the legacy resources in the AFRINIC whois database and
> requested the authors to confirm that this is so. AFRINIC staff needs
> to keep this in consideration at the time of implementation(myafrinic
> and whois business rules) - abuse-c mandatory for non-legacy
> resources. Staff were therefore satisfied with this confirmation and
> had not indicated otherwise to the co-chairs and community in the session.
>
> b) "AFRINIC is bound by the Mauritian Data Protection Act 2017
> (inspired by GDPR). For more information on AFRINIC's Privacy Policy,
> click on the following link - https://www.afrinic.net/privacy. Thus,
> implementation of the abuse-c will not impact negatively on AFRINIC's
> data protection obligations."
>
> c) The only policy that affects the legacy resource holders is
> documented in Section 5.7 of the CPM - and it regards transfers of
> legacy resources. Legacy Holders are not bound by any other resource
> policies.
>
> Staff therefore will confirm with the authors that their policies do
> not affect legacy resources , especially when implementation will be
> done on the whois database. This is to ensure that the
> implementation does not negatively impact how the legacy resource
> holders manage their resources on the whois database.
>
> d) In the Policy Implementation Experience Report during
> AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the CPM
> does not enforce a mandatory abuse contact . They also mentioned that
> they are having to respond to an increase in complaints regarding
> missing abuse contacts in the number resources in the AFRINIC whois
> database and that operators have warned that they will filter the
> resources with no abuse contacts. Staff are therefore doing the work
> for the members , as they are bound to respond to any queries that are
> logged with the AFRINIC service desk. This situation is not scalable
> in the long term & AFRINIC invites the community to also ponder on
> this feedback.
>
> Kind Regards
>
> Madhvi
>
> --
> Madhvi Gokool
> Senior IP Resources Specialist
> AFRINIC Ltd.
> t: +230 403 5100 | f: +230 466 6758 |
> w:www.afrinic.net <http://www.afrinic.net>
>
> On 28/09/2020 8:09 PM, Frank Habicht wrote:
>
> Dear chairs,
>
> On 21/09/2020 08:32, Frank Habicht wrote:
>
> Dear chairs,
>
> On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:
>
> 6. Abuse Contact Update
>
> The proposal makes it mandatory for AFRINIC to include in each resource
>
> registration, a contact where network abuse from users of those
>
> resources will be reported. The proposal whois DB attribute (abuse-c)
>
> to be used to publish abuse public contact information. There’s also a
>
> process to ensure that the recipient must receive abuse report and that
>
> contacts are validated by AFRINIC regularly. However, there some
>
> opposition to the proposal there are:
>
> a. Staff analysis on how it affects legacy holder not
>
> conclusive (not sure why this should affect legacy holders)
>
> b. The proposal doesn’t state what will be the
>
> consequences of one member fails to comply. Why are we creating the
>
> abuse contact when there is no consequence for not providing the abuse
>
> contact
>
> c. Abuse contact email and issues with GDPR concerning
>
> the whois database
>
> d. No proper definition of the term Abuse
>
> e. To force members to reply to their abuse email is
>
> not in the scope of AFRINIC.
>
> Chairs Decision: No rough consensus
>
> About d. "No proper definition of the term Abuse"
>
> yes, this was mentioned several times by members opposing.
>
> The proposal is about "abuse contacts". it is not about what "abuse" is.
>
> there is no need for a definition of "abuse".
>
> In my humble opinion the request for a definition of abuse is off-topic.
>
> Question: if someone makes a proposal about lame DNS servers in domain
>
> objects for Reverse-DNS, and I object arguing that a definition of RPKI
>
> is needed - what would you do with this argument?
>
> Q2: can arguments about a proposal be irrelevant to this proposal?
>
> Q3: was that the case here? were arguments, that a definition for abuse
>
> is required, irrelevant?
>
> I request chairs' response to Q2 and Q3.
>
> Dear chairs, requesting a response.
>
> Note: chairs said this was a point of opposition.
>
> I argue that this was an irrelevant point.
>
> About e. "To force members to reply to their abuse email is not in the
>
> scope of AFRINIC."
>
> Yes, that was mentioned several times.
>
> And also this is something the proposal does not do and does not attempt.
>
> And all the comments about (d.) above apply.
>
> How can people complain that the proposal does something, when the
>
> proposal doesn't do that?
>
> How can that be a valid objections?
>
> Chairs?
>
> If irrelevant objections are taken as valid arguments, please note that
>
> I foresee that any future proposal can get rejected and the PDP will be
>
> stuck.
>
> About c. "Abuse contact email and issues with GDPR concerning the whois
>
> database"
>
> - I didn't see that on the mailing list, can you remind us, or was that
>
> only during the live session?
>
> - there are other contact information in whois. can staff confirm
>
> whether AfriNIC are GDPR compliant?
>
> AfriNIC staff: above is a question for you.
>
> yes, I think I know the answer, but maybe the ones arguing that this is
>
> a problem with the proposed policy don't know the answer.
>
> - would that status change if abuse contacts would be added?
>
> same... AfriNIC staff, please help.
>
> About b. "The proposal doesn’t state what will be the consequences of
>
> one member fails to comply. Why are we creating the abuse contact when
>
> there is no consequence for not providing the abuse contact"
>
> - I can imagine that AfriNIC would include in their meeting
>
> presentations information regarding how big (in measurable terms) this
>
> problem is.
>
> - from that the WG can discuss and decide if more actions are necessary.
>
> Chairs, does my above answer sufficiently address the point b. of
>
> opposition that you had listed as relevant?
>
> About a. "Staff analysis on how it affects legacy holder not conclusive
>
> (not sure why this should affect legacy holders)"
>
> I didn't see that before, but as is tradition in my part of the world,
>
> let me respond to the question with a question:
>
> Are legacy holders subject to any for the PDWG's policies?
>
> Madhvi, please help: does any policy affect legacy holders?
>
> Thanks,
>
> Frank
>
> _______________________________________________
>
> RPD mailing list
>
> RPD at afrinic.net <mailto:RPD at afrinic.net>
>
> https://lists.afrinic.net/mailman/listinfo/rpd
>
> _______________________________________________ RPD mailing list
> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged
> or confidential. The information is intended to be for the exclusive
> use of the individual(s) named above and further non-explicilty
> authorized disclosure, copying, distribution or use of the contents of
> this information, even if partially, including attached files, is
> strictly prohibited and will be considered a criminal offense. If you
> are not the intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even if
> partially, including attached files, is strictly prohibited, will be
> considered a criminal offense, so you must reply to the original
> sender to inform about this communication and delete it.
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Posix SystemsVCARD for MJ Elkins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/a2116ef9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abessive_logo.jpg
Type: image/jpeg
Size: 6410 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/a2116ef9/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: QR-MJElkins.png
Type: image/png
Size: 2163 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/a2116ef9/attachment-0001.png>
More information about the RPD
mailing list