Search RPD Archives
[rpd] Decisions ... Abuse contact
lucilla fornaro
lucillafornarosawamoto at gmail.com
Fri Oct 2 11:40:01 UTC 2020
Dear Jordi,
I know that the proposal is improving existing section 8, not 7.5. I said
that, in my opinion, amending the section 7.5.1 to include the mandatory
abuse-c as part of whois registration would be a better option.
regards,
Lucilla
Il giorno ven 2 ott 2020 alle ore 17:26 JORDI PALET MARTINEZ via RPD <
rpd at afrinic.net> ha scritto:
> Hi Lucilla,
>
>
>
> The proposal is not doing what you say below. Madhvi already confirmed
> that. If the staff is understanding it and the staff will be the one
> implementing it, who come it can be wrong?
>
>
>
> The subject, what is an abuse, what not, is not in scope. You just need to
> have a valid and responsible abuse contact. If you decide to respond
> automatically even without checking the content neither subject, it is just
> fine. It is up to the operator to decide and then the victims can also
> decide.
>
>
>
> Note that the proposal is improving existing section 8, not 7.5.
>
>
>
> I think it is superfluous to explain over and over. You think the proposal
> is wrong, I think is right and I justified it (see the appeal document for
> more exhaustive details, no need to repeat everything again if it is
> already very well documented), and the staff is doing the same
> interpretation as the proposal intent.
>
>
>
>
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 1/10/20 14:34, "lucilla fornaro" <lucillafornarosawamoto at gmail.com>
> escribió:
>
>
>
> Dear Jordi, dear all
>
>
>
> as you mentioned several times, the staff don’t need to assess the subject
> line, neither if it is abuse or not. Then, if having a valid contact is
> what you intend to propose, why don't you acknowledge Lamiaa’s proposal
> that aims to include abuse-c as part of whois registration under the
> section 7.5.1 "Registering contact persons" that already covers the other
> mandatory contact - admin-c or tech-c?
>
>
>
> See my comments in line:
>
>
>
>
>
> Il giorno lun 21 set 2020 alle ore 19:34 JORDI PALET MARTINEZ via RPD <
> rpd at afrinic.net> ha scritto:
>
> Hi Lucilla,
>
>
>
> The policy only needs to state **what the staff should evaluate** and
> thus, what members should do. The staff don’t need to evaluate the subject
> line, neither if it is actually an abuse or not.
>
>
>
> The staff just need to evaluate the abuse mailbox works.
>
> If you do not define or give an input
> of what abuse is, then how can you properly manage people's mailbox's subject line?
> How you define it works? You are asking them to respond to emails in
> a specific way, which is a violation of member’s rights.
>
>
>
> In fact, there is **no obligation** for the victim to know what should he
> put in the subject line. You can just put “abuse case”.
>
>
>
> In fact, if you operate a network, you will know that this is usually
> managed by a ticket system and the ticket system will replace the subject
> with a case number!
>
> It will, but the problem is how this complicated policy is trying to
> achieve something really simple but using a too intrusive method.
>
>
>
> Please, let us know how you do in the networks that you operate, so we can
> understand your perspective.
>
> Yes, if it were me, I would reply to every abuse and deal with even DMCA
> claims, however, we are discussing general policy regarding how internet
> space should be registered, not how to manage an individual network.
>
> You are keeping mixing up “best operation practice” with “internet number
> registration policy”, and you keep telling people what is BOP should be in
> the policy, and that is wrong. The policy is for proper registration only,
> for the accuracy of the database, using BOP into policy is not only
> intrusive but also potential dangers.
>
>
>
> And last, even if this has been responded several times: The proposal
> doesn’t tell AFRINIC that they should judge if it is an abuse or not!
>
>
> But you tell them to judge what email operator should reply to! That is even worse!
>
>
>
>
> And yes, it is in the scope of AFRINIC to have the contacts accurate and
> to manage correctly the resources. Please read the legal documents!
>
> No, it is not. Legal documents are made by lawyers, and it is for the
> Afrinic limited, not for community. It is the AFRINIC community which
> defines what to do.
>
>
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 21/9/20 12:00, "lucilla fornaro" <lucillafornarosawamoto at gmail.com>
> escribió:
>
>
>
> If you do not define or give an input of what abuse is, then how can you
> properly manage people's mailbox's subject line?
>
> This is a crucial element, in my opinion.
>
>
>
> More importantly, the proposal aims to supply AFRINIC of something that
> has nothing to do with its scopes. It is not up to AFRINIC to rule like a
> local court or local policy.
>
> As mentioned several times, asking AFRINIC to act as a central government
> goes against the main element that identifies the Internet:
> decentralization. The Internet is controlled by many, no one can own it,
> control it, or switch it off for everyone.
>
> AFRINIC should not evaluate how I manage MY mailbox.
>
>
>
> Lucilla
>
>
>
> Il giorno lun 21 set 2020 alle ore 14:33 Frank Habicht <geier at geier.ne.tz>
> ha scritto:
>
> Dear chairs,
>
> On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:
> > 6. Abuse Contact Update
> >
> > The proposal makes it mandatory for AFRINIC to include in each resource
> > registration, a contact where network abuse from users of those
> > resources will be reported. The proposal whois DB attribute (abuse-c)
> > to be used to publish abuse public contact information. There’s also a
> > process to ensure that the recipient must receive abuse report and that
> > contacts are validated by AFRINIC regularly. However, there some
> > opposition to the proposal there are:
> >
> > a. Staff analysis on how it affects legacy holder not
> > conclusive (not sure why this should affect legacy holders)
> >
> > b. The proposal doesn’t state what will be the
> > consequences of one member fails to comply. Why are we creating the
> > abuse contact when there is no consequence for not providing the abuse
> > contact
> >
> > c. Abuse contact email and issues with GDPR concerning
> > the whois database
> >
> > d. No proper definition of the term Abuse
> >
> > e. To force members to reply to their abuse email is
> > not in the scope of AFRINIC.
> >
> > Chairs Decision: No rough consensus
>
> About d. "No proper definition of the term Abuse"
> yes, this was mentioned several times by members opposing.
> The proposal is about "abuse contacts". it is not about what "abuse" is.
> there is no need for a definition of "abuse".
> In my humble opinion the request for a definition of abuse is off-topic.
>
> Question: if someone makes a proposal about lame DNS servers in domain
> objects for Reverse-DNS, and I object arguing that a definition of RPKI
> is needed - what would you do with this argument?
> Q2: can arguments about a proposal be irrelevant to this proposal?
> Q3: was that the case here? were arguments, that a definition for abuse
> is required, irrelevant?
>
> I request chairs' response to Q2 and Q3.
>
>
> About e. "To force members to reply to their abuse email is not in the
> scope of AFRINIC."
> Yes, that was mentioned several times.
> And also this is something the proposal does not do and does not attempt.
> And all the comments about (d.) above apply.
>
>
> If irrelevant objections are taken as valid arguments, please note that
> I foresee that any future proposal can get rejected and the PDP will be
> stuck.
>
>
> About c. "Abuse contact email and issues with GDPR concerning the whois
> database"
> - I didn't see that on the mailing list, can you remind us, or was that
> only during the live session?
> - there are other contact information in whois. can staff confirm
> whether AfriNIC are GDPR compliant?
> - would that status change if abuse contacts would be added?
>
>
> About b. "The proposal doesn’t state what will be the consequences of
> one member fails to comply. Why are we creating the abuse contact when
> there is no consequence for not providing the abuse contact"
> - I can imagine that AfriNIC would include in their meeting
> presentations information regarding how big (in measurable terms) this
> problem is.
> - from that the WG can discuss and decide if more actions are necessary.
>
>
> About a. "Staff analysis on how it affects legacy holder not conclusive
> (not sure why this should affect legacy holders)"
> I didn't see that before, but as is tradition in my part of the world,
> let me respond to the question with a question:
> Are legacy holders subject to any for the PDWG's policies?
>
>
> Thanks,
> Frank
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
> _______________________________________________ RPD mailing list
> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20201002/56d1e130/attachment-0001.html>
More information about the RPD
mailing list