Search RPD Archives
[rpd] Decisions ... Abuse contact
lucilla fornaro
lucillafornarosawamoto at gmail.com
Thu Oct 1 12:34:07 UTC 2020
Dear Jordi, dear all
as you mentioned several times, the staff don’t need to assess the subject
line, neither if it is abuse or not. Then, if having a valid contact is
what you intend to propose, why don't you acknowledge Lamiaa’s proposal
that aims to include abuse-c as part of whois registration under the
section 7.5.1 "Registering contact persons" that already covers the other
mandatory contact - admin-c or tech-c?
See my comments in line:
Il giorno lun 21 set 2020 alle ore 19:34 JORDI PALET MARTINEZ via RPD <
rpd at afrinic.net> ha scritto:
> Hi Lucilla,
>
>
>
> The policy only needs to state **what the staff should evaluate** and
> thus, what members should do. The staff don’t need to evaluate the subject
> line, neither if it is actually an abuse or not.
>
>
>
> The staff just need to evaluate the abuse mailbox works.
>
If you do not define or give an input of what abuse is, then how can you
properly manage people's mailbox's subject line? How you define it works?
You are asking them to respond to emails in a specific way, which is a
violation of member’s rights.
>
> In fact, there is **no obligation** for the victim to know what should he
> put in the subject line. You can just put “abuse case”.
>
>
>
> In fact, if you operate a network, you will know that this is usually
> managed by a ticket system and the ticket system will replace the subject
> with a case number!
>
It will, but the problem is how this complicated policy is trying to
achieve something really simple but using a too intrusive method.
>
> Please, let us know how you do in the networks that you operate, so we can
> understand your perspective.
>
Yes, if it were me, I would reply to every abuse and deal with even DMCA
claims, however, we are discussing general policy regarding how internet
space should be registered, not how to manage an individual network.
You are keeping mixing up “best operation practice” with “internet number
registration policy”, and you keep telling people what is BOP should be in
the policy, and that is wrong. The policy is for proper registration only,
for the accuracy of the database, using BOP into policy is not only
intrusive but also potential dangers.
>
>
And last, even if this has been responded several times: The proposal
> doesn’t tell AFRINIC that they should judge if it is an abuse or not!
>
But you tell them to judge what email operator should reply to! That is even
worse!
>
> And yes, it is in the scope of AFRINIC to have the contacts accurate and
> to manage correctly the resources. Please read the legal documents!
>
No, it is not. Legal documents are made by lawyers, and it is for the
Afrinic limited, not for community. It is the AFRINIC community which
defines what to do.
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 21/9/20 12:00, "lucilla fornaro" <lucillafornarosawamoto at gmail.com>
> escribió:
>
>
>
> If you do not define or give an input of what abuse is, then how can you
> properly manage people's mailbox's subject line?
>
> This is a crucial element, in my opinion.
>
>
>
> More importantly, the proposal aims to supply AFRINIC of something that
> has nothing to do with its scopes. It is not up to AFRINIC to rule like a
> local court or local policy.
>
> As mentioned several times, asking AFRINIC to act as a central government
> goes against the main element that identifies the Internet:
> decentralization. The Internet is controlled by many, no one can own it,
> control it, or switch it off for everyone.
>
> AFRINIC should not evaluate how I manage MY mailbox.
>
>
>
> Lucilla
>
>
>
> Il giorno lun 21 set 2020 alle ore 14:33 Frank Habicht <geier at geier.ne.tz>
> ha scritto:
>
> Dear chairs,
>
> On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:
> > 6. Abuse Contact Update
> >
> > The proposal makes it mandatory for AFRINIC to include in each resource
> > registration, a contact where network abuse from users of those
> > resources will be reported. The proposal whois DB attribute (abuse-c)
> > to be used to publish abuse public contact information. There’s also a
> > process to ensure that the recipient must receive abuse report and that
> > contacts are validated by AFRINIC regularly. However, there some
> > opposition to the proposal there are:
> >
> > a. Staff analysis on how it affects legacy holder not
> > conclusive (not sure why this should affect legacy holders)
> >
> > b. The proposal doesn’t state what will be the
> > consequences of one member fails to comply. Why are we creating the
> > abuse contact when there is no consequence for not providing the abuse
> > contact
> >
> > c. Abuse contact email and issues with GDPR concerning
> > the whois database
> >
> > d. No proper definition of the term Abuse
> >
> > e. To force members to reply to their abuse email is
> > not in the scope of AFRINIC.
> >
> > Chairs Decision: No rough consensus
>
> About d. "No proper definition of the term Abuse"
> yes, this was mentioned several times by members opposing.
> The proposal is about "abuse contacts". it is not about what "abuse" is.
> there is no need for a definition of "abuse".
> In my humble opinion the request for a definition of abuse is off-topic.
>
> Question: if someone makes a proposal about lame DNS servers in domain
> objects for Reverse-DNS, and I object arguing that a definition of RPKI
> is needed - what would you do with this argument?
> Q2: can arguments about a proposal be irrelevant to this proposal?
> Q3: was that the case here? were arguments, that a definition for abuse
> is required, irrelevant?
>
> I request chairs' response to Q2 and Q3.
>
>
> About e. "To force members to reply to their abuse email is not in the
> scope of AFRINIC."
> Yes, that was mentioned several times.
> And also this is something the proposal does not do and does not attempt.
> And all the comments about (d.) above apply.
>
>
> If irrelevant objections are taken as valid arguments, please note that
> I foresee that any future proposal can get rejected and the PDP will be
> stuck.
>
>
> About c. "Abuse contact email and issues with GDPR concerning the whois
> database"
> - I didn't see that on the mailing list, can you remind us, or was that
> only during the live session?
> - there are other contact information in whois. can staff confirm
> whether AfriNIC are GDPR compliant?
> - would that status change if abuse contacts would be added?
>
>
> About b. "The proposal doesn’t state what will be the consequences of
> one member fails to comply. Why are we creating the abuse contact when
> there is no consequence for not providing the abuse contact"
> - I can imagine that AfriNIC would include in their meeting
> presentations information regarding how big (in measurable terms) this
> problem is.
> - from that the WG can discuss and decide if more actions are necessary.
>
>
> About a. "Staff analysis on how it affects legacy holder not conclusive
> (not sure why this should affect legacy holders)"
> I didn't see that before, but as is tradition in my part of the world,
> let me respond to the question with a question:
> Are legacy holders subject to any for the PDWG's policies?
>
>
> Thanks,
> Frank
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
> _______________________________________________ RPD mailing list
> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20201001/dc0ed4a0/attachment-0001.html>
More information about the RPD
mailing list