Search RPD Archives
[rpd] Decisions ... Abuse contact
Patrick Okui
pokui at psg.com
Wed Sep 30 17:21:01 UTC 2020
Hi Gabby, all,
The issue as I see it is people keep regurgitating the same complaints
without addressing the counter arguments from the authors or supporters
of the proposal. Case in point, you may agree that points C and D have
been dealt with but within minutes of your email I see them being raised
without addressing the posts that have dealt with those points.
For example, when operators give examples and ask for examples that show
otherwise, the person disagreeing seems to take offence and simply
states they don’t have to be an operator to give an opinion.
I’ll add my input to points B and E as you have raised them, and
I’ll be glad to hear your counter arguments.
### B: consequences for non compliance. (paraphrased)
This is no different in my opinion from not providing contacts for other
required whois contacts. Someone posted the text for admin-c and tech-c.
For new applicants if you don’t provide say an admin-c it could mean
you do not get resources. That would be the same for no abuse contacts.
For existing holders you could lose your resources etc. I do not see the
need to provide extra penalties for this. Note that this is just contact
information. Not penalties for “abuse”.
I’ll be happy to hear why in light of this you think it is relevant.
### E: To force members to reply to their abuse email is not in the
scope of AFRINIC. (paraphrased)
The requirement is for AFRINIC to check that the email is a valid one.
i.e not something that doesn’t exist. Or bounces etc. I think that is
within the scope of AFRINIC as a registrar. It is up to us to define the
limits of each contact. Note that for admin-c AFRINIC checks that the
contact is resident within the AS. For abuse it is important that the
mailbox is attended to. It is not relevant in this case for example to
check that the abuse contact is resident within the AS.
The alternative (as AFRINIC has stated) is that from their point of view
they have to respond to abuse complaints on behalf of the members.
Surely this is operations (not in their scope) as opposed to keeping the
*contact* data correct. With a valid abuse contact all AFRINIC say if
contacted, is XYZ resources have the abuse contact ABC as listed in our
database. Have you contacted them?
To be clear, if they contacted ABC, but were not happy with the response
ABC gave, AFRINIC has *no role* in mediating that.
Kindly explain where I’m missing your point on this.
On 30 Sep 2020, at 17:13 EAT, Gaby Giner wrote:
> Hi Noah, Jordi, everyone,
>
> I am confused. Everyone is raising the claim that there are "invalid"
> objections and though I do not reject that statement, it seems like
> it's being used here to automatically dismiss the objections raised by
> the community as for this policy. It was kindly summarized for us by
> the Co-chairs, and just to get everyone up to speed, here are THE
> objections to this policy:
>
> 6. Abuse Contact Update
>
> a. *Staff analysis on how it affects legacy holder not conclusive
> (not sure why this should affect legacy holders)*
>
> *b. The proposal doesn’t state what will be the consequences of one
> member
> fails to comply. Why are we creating the abuse contact when there is
> no consequence for not providing the abuse contact*
>
> *c. Abuse contact email and issues with GDPR concerning the whois
> database.*
>
> *d. No proper definition of the term Abuse*
>
> *e. To force members to reply to their abuse email is not in the scope
> of
> AFRINIC.*
> Okay, people have addressed several concerns such as A, C, D but I
> think B and E deserve to be raised up as well because (and maybe it is
> just me being overwhelmed with the barrage of emails lately) I haven't
> read enough rebuttal for these points. Even if one were to consider
> that they are not valid objections, one could not steamroll the policy
> into last call immediately without addressing the entirety of the
> summarized objections from the community discussion by saying that
> every objection is invalid.
>
> Gaby
>
>
> On Wed, Sep 30, 2020 at 9:23 PM Noah <noah at neo.co.tz> wrote:
>
>>
>> On Wed, Sep 30, 2020 at 9:20 AM Madhvi Gokool <madhvi at afrinic.net>
>> wrote:
>>
>>> Dear Frank/Community members
>>>
>>>
>>> a) In the Impact Assessment, staff assumed that the policy will not
>>> impact the legacy resources in the AFRINIC whois database and
>>> requested the
>>> authors to confirm that this is so. AFRINIC staff needs to keep
>>> this in
>>> consideration at the time of implementation(myafrinic and whois
>>> business
>>> rules) - abuse-c mandatory for non-legacy resources. Staff were
>>> therefore
>>> satisfied with this confirmation and had not indicated otherwise to
>>> the
>>> co-chairs and community in the session.
>>>
>>> b) "AFRINIC is bound by the Mauritian Data Protection Act 2017
>>> (inspired
>>> by GDPR). For more information on AFRINIC's Privacy Policy, click on
>>> the
>>> following link - https://www.afrinic.net/privacy. Thus,
>>> implementation
>>> of the abuse-c will not impact negatively on AFRINIC's data
>>> protection
>>> obligations."
>>>
>>> c) The only policy that affects the legacy resource holders is
>>> documented
>>> in Section 5.7 of the CPM - and it regards transfers of legacy
>>> resources.
>>> Legacy Holders are not bound by any other resource policies.
>>>
>>> Staff therefore will confirm with the authors that their policies do
>>> not
>>> affect legacy resources , especially when implementation will be
>>> done on
>>> the whois database. This is to ensure that the implementation does
>>> not
>>> negatively impact how the legacy resource holders manage their
>>> resources
>>> on the whois database.
>>>
>>> d) In the Policy Implementation Experience Report during
>>> AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the CPM
>>> does
>>> not enforce a mandatory abuse contact . They also mentioned that
>>> they are
>>> having to respond to an increase in complaints regarding missing
>>> abuse
>>> contacts in the number resources in the AFRINIC whois database and
>>> that
>>> operators have warned that they will filter the resources with no
>>> abuse
>>> contacts. Staff are therefore doing the work for the members , as
>>> they are
>>> bound to respond to any queries that are logged with the AFRINIC
>>> service
>>> desk. This situation is not scalable in the long term & AFRINIC
>>> invites
>>> the community to also ponder on this feedback.
>>>
>>
>> Madhvi thanks for all the clarifications beyond the staff assessment.
>>
>> Clearly this proposal had no valid objections, yet it was tossed back
>> to
>> the list based on invalid definitions arguments as though we are all
>> not
>> internet folk to understand what *abuse-c* really means.
>>
>> Can we move forward to the last call now.
>>
>> Cheers,
>> Noah
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
>>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
--
patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/f91fa668/attachment.html>
More information about the RPD
mailing list