<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>We can make in another way: if someone justifies and receives
resources from AfriNic but afterwards realizes something changed
and doesn't need those addresses anymore it must give the
addresses back to AfriNic so it can re-distribute it in the most
fair way to any other organization who goes though the same
justification process. Why is it difficult to think about this
fairness with all others in the region ?</p>
<p>Fernando<br>
</p>
<div class="moz-cite-prefix">On 23/09/2020 22:22, lucilla fornaro
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKJg62JioU=DgkzF=GZswKQ9T-W2kBG2yU6+UhWe6Pb1v=uS=A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div>Hello everyone,</div>
<div><br>
</div>
<div>I agree with what concerns the problem of the time limit.
Companies will refrain from such behavior because it is too
risky and indicative of possible fraud.</div>
<div><br>
</div>
<div>Jordi, Considering your example related to the customers'
loss, I think that it is adverse for the operator to wait 12
months before transferring the addresses. What is the point
in holding addresses that they will not be able to use and
deprive someone else of further resources? What if they
don’t get new customers? What if they lose even more
customers? Too many hypothetical questions, that is why I
believe it is more straightforward and more convenient for
everyone to facilitate the process.</div>
<div><br>
</div>
<div>I agree that recovery processes are expensive and
time-consuming, but we can say the same for those unused
resources.</div>
<div><br>
</div>
<div>As well as you, I would like to know the staff’s view on
this.</div>
<div><br>
</div>
<div>Regards,</div>
<div><br>
</div>
<div>Lucilla </div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Il giorno mer 23 set 2020 alle
ore 21:14 JORDI PALET MARTINEZ via RPD <<a
href="mailto:rpd@afrinic.net" moz-do-not-send="true">rpd@afrinic.net</a>>
ha scritto:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div style="word-wrap:break-word" lang="ES">
<div class="gmail-m_-7485655942899396128WordSection1">
<p class="MsoNormal"><span style="font-size:12pt"
lang="EN-US">Hi Anthony,</span></p>
<p class="MsoNormal"><span style="font-size:12pt"
lang="EN-US"> </span></p>
<div>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">I
think *<b>somehow</b>* you’re right, clearly I
overlooked this.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">We
don’t need a time limit to transfer resrources
because that will be a demonstration of the “the
need was not justified”.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">However,
the problem of this approach is that if it happens,
the staff *<b>will need to start a recovery process</b>*
which is long, costly and a big trouble.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">What
happens if the *<b>false</b>* justification for the
transfer is: I had the need 6 months ago, but then I
lost customers and now I don’t need anymore the
space, so I’m transfering it.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">What
happens if the same operator, repeat that after
another 6 months? There are ways to one and again *<b>justify
the need</b>* and it is, instead, very dificult
for the staff to act on the RSA for recovery and
member closure in those cases.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">On
the other way around, what is the “objection” if we
have that hold time? I can only see one: If the
example above (I lost customers) happens, the
operator need to wait until month 12 before
transfering the addresses. Is that really so bad? Or
it is good because he may get new customers again?</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">I
think the trade-off is to have a good balance and
ensure that we avoid this happening and requiring
the staff to invest resources in an investigation
and recovery.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">Could
the staff provide a view on this?</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">Regarding
the legacy. Yes, ARIN and RIPE don’t have it (I
think APNIC has it, LACNIC definitively has it).
AFRINIC has it right now. We are removing a very
good thing.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">Why
it is so good? Because legacy holders aren’t bound
to the RIRs RSAs, so that’s extremely bad for the
overall community. They don’t pay for *<b>services</b>*
that all the RIRs are doing for them, so all the
members are covering that part of the cost. They’re
not bound to RIR policies, so they can break the
rules of the community all the time and we have no
way to react on that.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">I
don’t agree on the point of the disputed resources,
I’ve the feeling that somehow in the process of
editing the v2, it was removed by mistake and we
should have it back. The difference in between
rightful holder and having a dispute, is depending
on who is saying that, in case of a dispute. I will
love also to have the staff opinion on that.</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">As
well, can the impact analysis be made clear? Is that
all fine for the staff after having checked with
authors each point?</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">Please,
let’s make this happen!</span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:12pt;color:black" lang="EN-US">Regards,</span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span
style="font-size:12pt;color:black" lang="EN-US">Jordi</span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span
style="font-size:12pt;color:black" lang="EN-US">@jordipalet</span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span
style="font-size:12pt;color:black" lang="EN-US"> </span></p>
</div>
<p class="MsoNormal"><span style="font-size:12pt"
lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:12pt"
lang="EN-US"> </span></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">El
21/9/20 18:10, "Anthony Ubah" <<a
href="mailto:ubah.tonyiyke@gmail.com"
target="_blank" moz-do-not-send="true">ubah.tonyiyke@gmail.com</a>>
escribió:</p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"> </p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Hello
Jordi,<br>
<br>
We can sight an instance with APNIC as a case study.
APNIC has a transfer policy that doesn’t have a time
limit for retransferring resources and time proves
to us that it works.<br>
<br>
According to APNIC, the act of buying space and
reselling it right after the purchase seems to be
highly unlikely because of two reasons.<br>
<br>
First of all, most companies buy space for their own
use, and hence a commodity trading type of business
doesn’t exist in the IP space involved.<br>
<br>
Secondly, since the buyer is required to justify the
need of a 12-month usage, if he/she engages in an
activity such as buying the space and then reselling
it right after, this indicative of fraud because it
contravenes the “NEED” which is a prerequisite for
receiving such space. This simply implies that the
so-called “NEED” which they provided was fake.
Hence, companies will refrain from engaging in such
behaviour.<br>
<br>
As for the legacy transfer, I believe both ARIN and
RIPE have the cases of a transferred legacy space
remained as a legacy. APNIC may be different, but I
think this is just a different sort of opinion and
should not be read as an objection. Also, what
matters the most is that if we follow ARIN, we can
receive space from them. Definitely this is a
significant advantage.<br>
<br>
As for the disputed resources, since AFRINIC have to
know who the rightful holder of the spaces are
before transferring them. I don’t think this would
be a concern because AFRINIC is not able to initiate
a transfer for space that is under dispute. However,
this is a legal matter and is already out of the
scope of the policy.<br>
<br>
Best Regards,</p>
<div>
<div>
<div>
<div>
<div>
<div>
<p
style="margin-left:35.4pt;line-height:150%"><b><span
style="font-size:9.5pt;line-height:150%;font-family:Garamond,serif">Anthony
Ubah</span></b></p>
<p
style="margin-left:35.4pt;line-height:150%"><span
style="font-family:Garamond,serif;color:rgb(153,153,153)">E-mail: </span><a
href="mailto:anthony.ubah@gloworld.com" target="_blank"
moz-do-not-send="true"><span
style="font-family:Garamond,serif">anthony.ubah@goldspine.com</span></a><span
style="font-family:Garamond,serif;color:rgb(153,153,153)">.ng</span></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"> </p>
</div>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"> </p>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">On
Mon, Sep 21, 2020 at 10:00 AM <<a
href="mailto:rpd-request@afrinic.net"
target="_blank" moz-do-not-send="true">rpd-request@afrinic.net</a>>
wrote:</p>
</div>
<blockquote style="border-style:none none none
solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0cm
0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal" style="margin-left:35.4pt">Send
RPD mailing list submissions to<br>
<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide
Web, visit<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
or, via email, send a message with subject or body
'help' to<br>
<a href="mailto:rpd-request@afrinic.net"
target="_blank" moz-do-not-send="true">rpd-request@afrinic.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:rpd-owner@afrinic.net"
target="_blank" moz-do-not-send="true">rpd-owner@afrinic.net</a><br>
<br>
When replying, please edit your Subject line so it
is more specific<br>
than "Re: Contents of RPD digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. AFPUB-2019-V4-003-DRAFT02 - Resource
Transfer Policy<br>
(JORDI PALET MARTINEZ)<br>
2. Re: Abuse Contact Policy (JORDI PALET
MARTINEZ)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 21 Sep 2020 10:34:13 +0200<br>
From: JORDI PALET MARTINEZ <<a
href="mailto:jordi.palet@consulintel.es"
target="_blank" moz-do-not-send="true">jordi.palet@consulintel.es</a>><br>
To: rpd List <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
Subject: [rpd] AFPUB-2019-V4-003-DRAFT02 -
Resource Transfer Policy<br>
Message-ID: <<a
href="mailto:8873E491-A0A7-4506-A490-13C6B6E67A7D@consulintel.es"
target="_blank" moz-do-not-send="true">8873E491-A0A7-4506-A490-13C6B6E67A7D@consulintel.es</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi all,<br>
<br>
<br>
<br>
I will be happy to support this proposal and
withdraw my own one, but *before* I?ve some
questions about this decision that need to be
addressed first (see below, in-line).<br>
<br>
<br>
<br>
<br>
<br>
10. Resource Transfer Policy<br>
<br>
This proposal aims to introduce Inter RIR
transfer. However, it has the following opposition
<br>
<br>
a. Issues with Legacy holder
transfer is potentially considered none-reciprocal
by ARIN<br>
<br>
b. Potential abuse of AFRINIC
free pool without the time limit of receiving an
allocation from AFRINIC.<br>
<br>
Chairs Decision: The proposal is the least
contested of all the 3 competing proposals.
However because of the community?s desire and
clear expression for the need for an Inter RIR
transfer, we, the Co-chairs, believe that in the
interest of the community we should focus on a
proposal rather than several similar ones. This
desire was clearly expressed at the AFRINIC 31
meeting in Angola. Therefore, We suggest that the
authors of this proposal make the following
amendments: <br>
<br>
? 5.7.3.2 Source entities are not
eligible to receive further IPv4 allocations or
assignments from AFRINIC for 12 months period
after the transfer.<br>
<br>
<br>
<br>
[Jordi] This is perfect, and in fact is what I?ve.
Just different timing to match phase 2 window x 2,
but not a big issue. However, we are missing
something that was also objected by the community
and I think is key to avoid abuse. Actual text in
the CPM ?5.7.3.3 Source entities must not have
received a transfer, allocation, or assignment of
IPv4 number resources from AFRINIC for the 12
months prior to the approval of transfer request.
This restriction excludes mergers and acquisitions
transfers.?. This is no longer considered by this
proposal, and in my opinion it is a MUST. Doesn?t
make any sense that someone is getting resources
from AFRINIC and being able to transfer them
immediately! Can please the chairs also address
this point.<br>
<br>
[Jordi] Can the staff explain the consequences
from their perspective if we don?t have such text
or something similar? Is even possible that the
board will not ratify the policy because that, and
we are wasting a previous time?<br>
<br>
<br>
<br>
? 5.7.4.3. Transferred legacy resources
will still be regarded as legacy resources.<br>
<br>
[Jordi] This is also a major issue. I?m not sure
if the chairs have understood what was the point
about lack of reciprocity. We can?t enforce ARIN
to accept that outgoing (to ARIN from AFRINIC)
resources will no longer be legacy. However the
actual CPM states ?5.7.4.3 Transferred IPv4 legacy
resources will no longer be regarded as legacy
resources.?. We must keep that, because we should
avoid legacy resources to keep being legacy as
much as possible, because they are NOT BIND to the
CPM. If we accept the chairs proposal, we are
going *backwards* not forward and we may be
creating a discrimination with already done
transfers within AFRINIC (Intra-RIR, according to
the current policy). The right text here must be
?Transferred incoming or within AFRINIC IPv4
legacy resources will no longer be regarded as
legacy resources?.<br>
<br>
<br>
<br>
[Jordi] Finally, there were several severe
comments from the staff that need to be addressed.
For example, resources under dispute. That?s a big
issue! There are a few others. I think here we
need to see if the staff got everything clear from
the authors inputs and if the policy can be
implemented or there will be open questions that
will not allow to be a functional policy and
again, even disallow the board to ratify it.<br>
<br>
<br>
<br>
Chairs Decision: Provided that the above are
amended, the decisions is Rough Consensus is
achieved <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
Jordi<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which
may be privileged or confidential. The information
is intended to be for the exclusive use of the
individual(s) named above and further
non-explicilty authorized disclosure, copying,
distribution or use of the contents of this
information, even if partially, including attached
files, is strictly prohibited and will be
considered a criminal offense. If you are not the
intended recipient be aware that any disclosure,
copying, distribution or use of the contents of
this information, even if partially, including
attached files, is strictly prohibited, will be
considered a criminal offense, so you must reply
to the original sender to inform about this
communication and delete it.<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a
href="https://lists.afrinic.net/pipermail/rpd/attachments/20200921/81bf3b81/attachment-0001.html"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/pipermail/rpd/attachments/20200921/81bf3b81/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 21 Sep 2020 11:00:01 +0200<br>
From: JORDI PALET MARTINEZ <<a
href="mailto:jordi.palet@consulintel.es"
target="_blank" moz-do-not-send="true">jordi.palet@consulintel.es</a>><br>
To: <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
Subject: Re: [rpd] Abuse Contact Policy<br>
Message-ID: <<a
href="mailto:491C1297-8C2D-4939-B339-EDAA80334B24@consulintel.es"
target="_blank" moz-do-not-send="true">491C1297-8C2D-4939-B339-EDAA80334B24@consulintel.es</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi Lamiaa,<br>
<br>
<br>
<br>
8.3 and 8.4 are making sure that you respond to an
abuse case, *not* that you *recognize* it as an
abuse. It is your choice to tell the ?victim ISP?,
look for me this is not an abuse, so I will not do
anything about it.<br>
<br>
<br>
<br>
AFRINIC can?t verify this automatically, because
it doesn?t make sense that AFRINIC is ?sending?
fake abuse reports to see if they get a response.<br>
<br>
<br>
<br>
AFRINIC can only send an email for the validation
of the mailbox. It is an existing mailbox? I?m
getting a response (for example, have they, once I
send the validation email, clicked the link or
went into MyAfrinic to input the validation
code?).<br>
<br>
<br>
<br>
8.4 also states the timing for the validation.<br>
<br>
<br>
<br>
8.5 is the validation itself, so I guess,
according to your response, that you?re ok with
this specific point. If we don?t have it, AFRINIC
can?t do a periodic validation.<br>
<br>
<br>
<br>
8.6. is making sure that you don?t try to fake the
validation. For instance, you could respond only
to AFRINIC validations and then discard all the
other emails. If we don?t have that, the policy
may become useless. Note also that in fact, if you
follow the RSA, *anyone* could escalate *any* lack
of CPM compliance. So this is making sure that the
policy text is honest and transparent.<br>
<br>
<br>
<br>
Or do you prefer to be filtered because you don?t
respond?<br>
<br>
<br>
<br>
Clearly this proposal is not asking AFRINIC to be
a police. Is only making sure that the parties
*can talk*. Again: AFRINIC will not be involved in
?how you handle the case?, but I least you should
be able to be contacted and respond.<br>
<br>
<br>
<br>
See this example:<br>
<br>
If AK or Moses customers are sending me spam, or
trying to intrude my network, and they have abuse
contacts, I will be able to complain to them. Then
we have two cases:<br>
<br>
1. Moses responds to me and say ?you?re right,
this is against our AUP? (is irrelevant what the
law in Moses country say, it is the contract with
customers what says what is allowed or not). Let?s
fix it. I will warn the customer, and if they
don?t stop, we will filter their email port, or
even cancel the contract (just examples, only
Moses can decide what they do).<br>
<br>
2. AK instead doesn?t care, or the mailbox is
full or bouncing emails or respond ?sorry in our
network we allow that?. Then I can take my own
decision, filter only that IP address, or the
complete AK network. I can even see if this is
allowed in his country and take legal actions
(which usually you don?t do because is costly and
more of the regulations don?t know ?anything?
about abuse or even Internet!).<br>
<br>
AFRINIC will not take any measure if AK decides
that is not an abuse. It is our problem not
AFRINIC problem. However, if the email is
bouncing, AFRINIC will revalidate the abuse-c and
make sure that it works.<br>
<br>
<br>
<br>
Is like a phone book. You have there the phones
and they must be correct, or you need to update
them every ?n? months. The phone book doesn?t tell
the purpose of each phone. If you don?t want to
accept calls related to ?ordering pizzas?, you
tell the caller ?this number is not for that?, but
at least you must pick up the phone otherwise, you
don?t know if it is somebody calling by error or
someone that you really want to talk. And this is
true for *every* whois contact.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Can you let us know how do you handle it in the
networks that you operate?<br>
<br>
<br>
<br>
Regards,<br>
<br>
Jordi<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El 21/9/20 10:00, "Lamiaa Chnayti" <<a
href="mailto:lamiaachnayti@gmail.com"
target="_blank" moz-do-not-send="true">lamiaachnayti@gmail.com</a>>
escribi?:<br>
<br>
<br>
<br>
Hi Fernando, <br>
<br>
<br>
<br>
I think you are very confused. I never said I have
a problem with people completing their
registration. Keep registration---having an abuse
contact Email in the whois, just like tech contact
or admin contact--I am perfectly fine with it, and
I think the current policy achieves 99% it, if you
want to add this contact as mandatory field I am
fine with it as well.<br>
<br>
<br>
<br>
But the problem of this policy in 8.3-8.6, is
that it requires AFRINIC to monitor the members
HOW to manage their abuse mailbox down to the
subject line, and that is out of the scope of
AFRINIC, just read my last email with logic in
mind and you will understand. I suggest this
policy should be very simple, adding one line to
the current policy-- abuse contact is mandatory,
and it's done, everything else should be deleted.<br>
<br>
<br>
<br>
And again, you are trying to use AFRINIC for
something that is not in its scope, how someone
manages their mailbox is not in the scope of
AFRINIC, it is like you go to your local church to
ask them to arrest your neighbour who plays loud
music at night when you should go to police
instead. Same thing for someone running an abusive
network, as many already stated, it is up to a
local Jury to decide if it is simply at an
annoying level or a criminal offense, but either
way please do go to your local police to report
it.<br>
<br>
<br>
<br>
As for the internet, we never tell you how to
behave--you are entirely at your rights in the
internet to behave abusively, but it is also
entirely in everyone's rights to block you, that's
how de-centralizing works, no central governing,
everyone plays nice because that's the only way
for everyone else to play with you, and this
policy here asks AFRINIC to act like a central
government even down to manage people's mailbox's
subject line and that is way beyond what internet
meant to be.<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
<br>
<br>
Le dim. 20 sept. 2020 ? 23:42, Fernando Frediani
<<a href="mailto:fhfrediani@gmail.com"
target="_blank" moz-do-not-send="true">fhfrediani@gmail.com</a>>
a ?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 19/09/2020 13:19, Lamiaa Chnayti wrote:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<clip><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
How is it in the scope of AFRINIC to decide how I
manage my abuse mailbox? If I want to reply only
to a specific subject line of my abuse box, it is
entirely in my right to do. Even if I don't want
to reply at the abuse mailbox at all, that is my
right to do so and if I think no action in my
network would be considered abuse (although
unlikely), but it is still from the internet
community point of view, entirely in my right to
do so. You might choose to block me as a network,
but that is also your right. <br>
<br>
<br>
<br>
The reason internet is called INTER-NET is because
of its decentralized nature, you have to play nice
for others to play with you, but this community
never forces anyone to play nice, it is not in the
scope of AFRINIC to decide how members reply to
their abuse mailbox, so if 8.3,8.4, 8.5 and 8.6
are deleted in its entirety, I might consider
supporting it. Also Jordi, I feel you always have
this central management type of thinking, and that
is so not internet.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
It is not in the scope of any RIR how anyone
manage people's<br>
<br>
mailboxes.<br>
<br>
<br>
Nobody exists alone in the Internet. If an
organization<br>
<br>
hypothetically doesn't care at all and refuses to
respond to abuse<br>
<br>
emails it probably should re-think its existence
in the Internet<br>
<br>
business.<br>
<br>
<br>
<br>
The Internet is what is among many reasons because
of the<br>
<br>
cooperation among its organizations, and there are
certain rules<br>
<br>
that are agreed cooperatively and must be observed
by everyone<br>
<br>
willing remain on it, otherwise it may in many
cases cause serious<br>
<br>
damage to those willing to operate in serious
manner and keep it a<br>
<br>
healthy place to most people who depend on it.<br>
<br>
<br>
<br>
<br>
This forum is about setting rules on how
registration information<br>
<br>
about resources are kept and it may be of the wish
of the<br>
<br>
community to refuse keep registration for those
who repetitively<br>
<br>
abuse of their individual rights.<br>
<br>
<br>
<br>
Fernando<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Le ven. 18 sept. 2020 ? 09:23,<br>
<br>
JORDI PALET MARTINEZ via RPD <<a
href="mailto:rpd@afrinic.net" target="_blank"
moz-do-not-send="true">rpd@afrinic.net</a>> a
?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hi Lamiaa,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I don?t agree. Internet doesn't depend on<br>
<br>
any jurisdiction; abuse is about what I (the
victim<br>
<br>
operator) consider abuse. The RFC is clear about
that,<br>
<br>
in short ?Inappropriate public behaviour? (is a<br>
<br>
mailbox so to be able to contact in case there is
a<br>
<br>
possible inappropriate behaviour in the public<br>
<br>
Internet). If you want a clearer definition, abuse
is<br>
<br>
*anything* that I don?t want to accept in my<br>
<br>
network because is in any way damaging it.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If I don?t want to accept a DoS, or spam,<br>
<br>
or phising, DMCA, or whatever, this is abuse *for<br>
<br>
me*. I?ve the right to tell you because that<br>
<br>
abuse is coming from your network. If you believe
that<br>
<br>
is not abuse (and here is your jurisdiction in
some<br>
<br>
cases, in other just doesn?t exist, but it may be
also<br>
<br>
your ?business? decision ? like operators that
don?t<br>
<br>
care if their customers do spam or intrusion<br>
<br>
attempts), you?ve the right to tell me ?sorry,
this is<br>
<br>
not abuse for us?, and then I?ve the right to
decide<br>
<br>
if I should filter your network based on your<br>
<br>
response.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Not having an abuse contact, means that<br>
<br>
I?m not able to contact you, so we can?t talk, we<br>
<br>
can?t investigate or agree if it is an abuse or
not,<br>
<br>
so you (the offender operator) don?t have the
chance<br>
<br>
to decide about it! Is bad for you, is bad for me.
In<br>
<br>
those cases, my best choice is to filter you. This<br>
<br>
create problems for your customers and my
customers.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
We can?t depend on jurisdictions, because<br>
<br>
then the policy will need to consider
inter-relations<br>
<br>
among every possible ?pairs? of country worlds,
and we<br>
<br>
will need to update the policy based on any<br>
<br>
jurisdiction change. The policy is not about that,
is<br>
<br>
about having a valid responsible contact, not
about<br>
<br>
deciding what is an abuse, which is among the two<br>
<br>
parties.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Tell me what is different from AFRINIC<br>
<br>
than the rest of the world, because none of the
RIRs<br>
<br>
have defined abuse in their policies. I even don?t<br>
<br>
recall that having appeared in the discussions!<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If<br>
<br>
you want, I?m happy to change the title of the<br>
<br>
proposal to ?supposed abuse contact?, that may be<br>
<br>
clearing your point?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Again,<br>
<br>
this is not about defining what is abuse, this is<br>
<br>
among the parties. It is about making sure that<br>
<br>
there is a valid responsible contact in case of<br>
<br>
anyone needs to report what he considers an abuse.<br>
<br>
AFRINIC will not punish anyone that believes that<br>
<br>
his customer is not doing an abuse because in his<br>
<br>
country is not an abuse.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Jordi<br>
<br>
<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El<br>
<br>
18/9/20 9:59, "Lamiaa Chnayti" <<a
href="mailto:lamiaachnayti@gmail.com"
target="_blank" moz-do-not-send="true">lamiaachnayti@gmail.com</a>><br>
<br>
escribi?:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hello<br>
<br>
Jordi,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
RFC2142<br>
<br>
only defines a tiny portion of the network abuse.
In<br>
<br>
real world operation, abuse consists of a much<br>
<br>
boarder range : DMCA(copy rights) claims,<br>
<br>
unsolicited emails , phishing websites , trade
mark<br>
<br>
disputes etc. <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
All<br>
<br>
those are legal issues that vary vastly across<br>
<br>
different juridictions in which no one but each of<br>
<br>
the juridiction?s judges can decide if it is an<br>
<br>
abuse or an illegal activity. Claiming that
RFC2142<br>
<br>
defines not even 1% of real world abuse is<br>
<br>
laughable.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Le jeu.<br>
<br>
17 sept. 2020 ? 15:51, JORDI PALET MARTINEZ via<br>
<br>
RPD <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
<br>
a ?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hi<br>
<br>
Lamiaa,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I?ve<br>
<br>
said this already. This policy doesn?t<br>
<br>
enforce abuse, it enforces that the abuse<br>
<br>
contact is there, and works.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Today<br>
<br>
AFRINIC is paying for the cost of the<br>
<br>
abuse handling because only a tiny<br>
<br>
fraction of the members has the abuse<br>
<br>
contacts in place.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If<br>
<br>
the contacts in the RIR database aren?t<br>
<br>
actual and accurate, this is a clear<br>
<br>
violation of the RSA. So what is<br>
<br>
unacceptable is not having the contacts,<br>
<br>
not on the other way around.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Abuse<br>
<br>
is not defined by the RIRs, everybody<br>
<br>
knows it and this is the reason why NONE<br>
<br>
of the RIRs have re-defined it, because it<br>
<br>
is already stated in RFC2142. Can you<br>
<br>
justify why AFRINIC is different and need<br>
<br>
a definition?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
How<br>
<br>
you define it in the networks that you<br>
<br>
operate?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Jordi<br>
<br>
<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El 17/9/20<br>
<br>
10:49, "Lamiaa Chnayti" <<a
href="mailto:lamiaachnayti@gmail.com"
target="_blank" moz-do-not-send="true">lamiaachnayti@gmail.com</a>><br>
<br>
escribi?:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hello,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I<br>
<br>
will have to agree with Lucilla on what<br>
<br>
she said and would like to add to it<br>
<br>
that :<br>
<br>
<br>
<br>
Firstly, Abuse<br>
<br>
enforcement is out of scope for RIRs.<br>
<br>
<br>
<br>
Secondly, RIRs<br>
<br>
have no ability to define what is<br>
<br>
?abuse?, one abuse or even criminal<br>
<br>
activity could be entirely a legal<br>
<br>
operation in a different jurisdiction.<br>
<br>
<br>
<br>
Finally, making<br>
<br>
a member forcefully reply to abuse<br>
<br>
contact Emails are a waste of resources<br>
<br>
and totally pointless, it is entirely up<br>
<br>
to the member to define what they think<br>
<br>
is acceptable in their network operation<br>
<br>
and how they react to it. AFRINIC has no<br>
<br>
mandate to force any member to reply to<br>
<br>
an ?abuse?, since AFRINIC doesn?t even<br>
<br>
have the ability to identify what is<br>
<br>
considered an abuse.<br>
<br>
<br>
<br>
Therefore the<br>
<br>
entire policy is out of scope for the<br>
<br>
RIR operation.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Le jeu. 17<br>
<br>
sept. 2020 ? 07:42, JORDI PALET MARTINEZ<br>
<br>
via RPD <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
<br>
a ?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hi Lucilla,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Today we already have<br>
<br>
mnt-IRT, and everybody who operate<br>
<br>
networks understand what it is an<br>
<br>
abuse. If you operate networks you<br>
<br>
know that *anything* which<br>
<br>
is a non-authorized use of a<br>
<br>
network is an abuse.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If you send spam,<br>
<br>
attack networks, try to intrude<br>
<br>
networks, etc., all those are<br>
<br>
abuse.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
What the policy ask<br>
<br>
is to make sure that in AFRINIC<br>
<br>
everybody has an abuse contact<br>
<br>
(today we have mnt-IRT, but is not<br>
<br>
mandatory, and as a results many<br>
<br>
African networks are filtered<br>
<br>
because lack of that ? and<br>
<br>
consequently they do not respond<br>
<br>
to abuse cases -, which exist in<br>
<br>
all the other regions of the<br>
<br>
world).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Not having an abuse<br>
<br>
means more chances of legal<br>
<br>
actions, more cost, for both the<br>
<br>
victims and the ISPs. Having<br>
<br>
that means that you have more<br>
<br>
chances to resolve it in<br>
<br>
goodfaith.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
One of the *most<br>
<br>
important* Afrinic<br>
<br>
missions is to have accuracy on<br>
<br>
the database, which includes<br>
<br>
accuracy on the contacts. We are<br>
<br>
not fulfilling that in this<br>
<br>
situation.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Remember that *all*<br>
<br>
the other RIRs have already this<br>
<br>
kind of policy. This one is like<br>
<br>
the one that has been<br>
<br>
implemented in APNIC, and the<br>
<br>
accuracy of the contacts is now<br>
<br>
87.5% as reported this month in<br>
<br>
the last APNIC meeting. In that<br>
<br>
report *none* of the<br>
<br>
members indicated any of the<br>
<br>
issues that you indicated<br>
<br>
(didn't happened as well in the<br>
<br>
other regions).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
You know who is<br>
<br>
interested in not having abuse<br>
<br>
contacts? Those that use their<br>
<br>
networks for doing abuse<br>
<br>
(hijacking, spam, DoS,<br>
<br>
intrusions, etc.).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Can you explain if<br>
<br>
the network that you operate has<br>
<br>
an abuse contact an how if one<br>
<br>
of your customes is trying to<br>
<br>
penetrate my network or do a<br>
<br>
DoS, I will be able to contact<br>
<br>
you and if you will do anything<br>
<br>
or just ignore it?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Jordi<br>
<br>
<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El<br>
<br>
17/9/20 2:21, "lucilla fornaro"<br>
<br>
<<a
href="mailto:lucillafornarosawamoto@gmail.com"
target="_blank" moz-do-not-send="true">lucillafornarosawamoto@gmail.com</a>><br>
<br>
escribi?:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Dear<br>
<br>
all,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I<br>
<br>
have some concerns about the<br>
<br>
?Abuse Contact Policy?.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
First<br>
<br>
of all, it does not offer a<br>
<br>
specific and regulated<br>
<br>
description of the term<br>
<br>
?abuse? and this opens the<br>
<br>
door to potentially bigger<br>
<br>
problems: a surplus of<br>
<br>
reports, discrimination/legal<br>
<br>
issues, and a waste of<br>
<br>
resources. Around the world,<br>
<br>
we can perceive what abuse is<br>
<br>
in very different ways.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Afrinic<br>
<br>
is not entitled to force<br>
<br>
members to report abuses and<br>
<br>
most importantly, this<br>
<br>
proposal does not represent<br>
<br>
Afrinic?s purpose.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I,<br>
<br>
therefore, oppose this policy.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Thank<br>
<br>
you,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lucilla <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
RPD mailing list <a href="mailto:RPD@afrinic.net"
target="_blank" moz-do-not-send="true">RPD@afrinic.net</a>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
<br>
<br>
IPv4 is over<br>
<br>
<br>
Are you ready for the new Internet ?<br>
<br>
<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
<br>
<br>
The IPv6 Company<br>
<br>
<br>
<br>
<br>
<br>
This electronic message contains<br>
<br>
information which may be privileged or<br>
<br>
confidential. The information is<br>
<br>
intended to be for the exclusive use<br>
<br>
of the individual(s) named above and<br>
<br>
further non-explicilty authorized<br>
<br>
disclosure, copying, distribution or<br>
<br>
use of the contents of this<br>
<br>
information, even if partially,<br>
<br>
including attached files, is strictly<br>
<br>
prohibited and will be considered a<br>
<br>
criminal offense. If you are not the<br>
<br>
intended recipient be aware that any<br>
<br>
disclosure, copying, distribution or<br>
<br>
use of the contents of this<br>
<br>
information, even if partially,<br>
<br>
including attached files, is strictly<br>
<br>
prohibited, will be considered a<br>
<br>
criminal offense, so you must reply to<br>
<br>
the original sender to inform about<br>
<br>
this communication and delete it.<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
<br>
RPD mailing list<br>
<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
<br>
<br>
<br>
<br>
<br>
IPv4 is over<br>
<br>
<br>
<br>
<br>
<br>
Are you ready for the new Internet ?<br>
<br>
<br>
<br>
<br>
<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
<br>
<br>
<br>
<br>
<br>
The IPv6 Company<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
This electronic message contains information<br>
<br>
which may be privileged or confidential. The<br>
<br>
information is intended to be for the<br>
<br>
exclusive use of the individual(s) named above<br>
<br>
and further non-explicilty authorized<br>
<br>
disclosure, copying, distribution or use of<br>
<br>
the contents of this information, even if<br>
<br>
partially, including attached files, is<br>
<br>
strictly prohibited and will be considered a<br>
<br>
criminal offense. If you are not the intended<br>
<br>
recipient be aware that any disclosure,<br>
<br>
copying, distribution or use of the contents<br>
<br>
of this information, even if partially,<br>
<br>
including attached files, is strictly<br>
<br>
prohibited, will be considered a criminal<br>
<br>
offense, so you must reply to the original<br>
<br>
sender to inform about this communication and<br>
<br>
delete it.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
<br>
<br>
<br>
<br>
RPD mailing list<br>
<br>
<br>
<br>
<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<br>
<br>
<br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Le jeu.<br>
<br>
17 sept. 2020 ? 15:49, JORDI PALET MARTINEZ via<br>
<br>
RPD <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
<br>
a ?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hi<br>
<br>
Lamiaa,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I?ve<br>
<br>
said this already. This policy doesn?t<br>
<br>
enforce abuse, it enforces that the abuse<br>
<br>
contact is there, and works.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Today<br>
<br>
AFRINIC is paying for the cost of the abuse<br>
<br>
handling because only a tiny fraction of the<br>
<br>
members has the abuse contacts in place.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If the<br>
<br>
contacts in the RIR database aren?t actual<br>
<br>
and accurate, this is a clear violation of<br>
<br>
the RSA. So what is unacceptable is not<br>
<br>
having the contacts, not on the other way<br>
<br>
around.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Abuse is<br>
<br>
not defined by the RIRs, everybody knows it<br>
<br>
and this is the reason why NONE of the RIRs<br>
<br>
have re-defined it, because it is already<br>
<br>
stated in RFC2142. Can you justify why<br>
<br>
AFRINIC is different and need a definition?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
How you<br>
<br>
define it in the networks that you operate?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Jordi<br>
<br>
<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El 17/9/20<br>
<br>
10:49, "Lamiaa Chnayti" <<a
href="mailto:lamiaachnayti@gmail.com"
target="_blank" moz-do-not-send="true">lamiaachnayti@gmail.com</a>><br>
<br>
escribi?:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hello,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I<br>
<br>
will have to agree with Lucilla on what<br>
<br>
she said and would like to add to it that<br>
<br>
:<br>
<br>
<br>
<br>
Firstly, Abuse<br>
<br>
enforcement is out of scope for RIRs.<br>
<br>
<br>
<br>
Secondly, RIRs<br>
<br>
have no ability to define what is ?abuse?,<br>
<br>
one abuse or even criminal activity could<br>
<br>
be entirely a legal operation in a<br>
<br>
different jurisdiction.<br>
<br>
<br>
<br>
Finally, making<br>
<br>
a member forcefully reply to abuse contact<br>
<br>
Emails are a waste of resources and<br>
<br>
totally pointless, it is entirely up to<br>
<br>
the member to define what they think is<br>
<br>
acceptable in their network operation and<br>
<br>
how they react to it. AFRINIC has no<br>
<br>
mandate to force any member to reply to an<br>
<br>
?abuse?, since AFRINIC doesn?t even have<br>
<br>
the ability to identify what is considered<br>
<br>
an abuse.<br>
<br>
<br>
<br>
Therefore the<br>
<br>
entire policy is out of scope for the RIR<br>
<br>
operation.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Le jeu. 17<br>
<br>
sept. 2020 ? 07:42, JORDI PALET MARTINEZ<br>
<br>
via RPD <<a href="mailto:rpd@afrinic.net"
target="_blank" moz-do-not-send="true">rpd@afrinic.net</a>><br>
<br>
a ?crit :<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hi<br>
<br>
Lucilla,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Today<br>
<br>
we already have mnt-IRT, and<br>
<br>
everybody who operate networks<br>
<br>
understand what it is an abuse. If<br>
<br>
you operate networks you know that *anything*<br>
<br>
which is a non-authorized use of a<br>
<br>
network is an abuse.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
If<br>
<br>
you send spam, attack networks, try<br>
<br>
to intrude networks, etc., all those<br>
<br>
are abuse.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
What<br>
<br>
the policy ask is to make sure that<br>
<br>
in AFRINIC everybody has an abuse<br>
<br>
contact (today we have mnt-IRT, but<br>
<br>
is not mandatory, and as a results<br>
<br>
many African networks are filtered<br>
<br>
because lack of that ? and<br>
<br>
consequently they do not respond to<br>
<br>
abuse cases -, which exist in all<br>
<br>
the other regions of the world).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Not having an abuse<br>
<br>
means more chances of legal<br>
<br>
actions, more cost, for both the<br>
<br>
victims and the ISPs. Having that<br>
<br>
means that you have more chances<br>
<br>
to resolve it in goodfaith.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
One of the *most<br>
<br>
important* Afrinic missions<br>
<br>
is to have accuracy on the<br>
<br>
database, which includes accuracy<br>
<br>
on the contacts. We are not<br>
<br>
fulfilling that in this situation.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Remember that *all*<br>
<br>
the other RIRs have already this<br>
<br>
kind of policy. This one is like<br>
<br>
the one that has been implemented<br>
<br>
in APNIC, and the accuracy of the<br>
<br>
contacts is now 87.5% as reported<br>
<br>
this month in the last APNIC<br>
<br>
meeting. In that report *none*<br>
<br>
of the members indicated any of<br>
<br>
the issues that you indicated<br>
<br>
(didn't happened as well in the<br>
<br>
other regions).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
You know who is<br>
<br>
interested in not having abuse<br>
<br>
contacts? Those that use their<br>
<br>
networks for doing abuse<br>
<br>
(hijacking, spam, DoS, intrusions,<br>
<br>
etc.).<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Can you explain if<br>
<br>
the network that you operate has<br>
<br>
an abuse contact an how if one of<br>
<br>
your customes is trying to<br>
<br>
penetrate my network or do a DoS,<br>
<br>
I will be able to contact you and<br>
<br>
if you will do anything or just<br>
<br>
ignore it?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
Jordi<br>
<br>
<br>
<br>
@jordipalet<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
El<br>
<br>
17/9/20 2:21, "lucilla fornaro"<br>
<br>
<<a
href="mailto:lucillafornarosawamoto@gmail.com"
target="_blank" moz-do-not-send="true">lucillafornarosawamoto@gmail.com</a>><br>
<br>
escribi?:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Dear<br>
<br>
all,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I<br>
<br>
have some concerns about the<br>
<br>
?Abuse Contact Policy?.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
First<br>
<br>
of all, it does not offer a<br>
<br>
specific and regulated<br>
<br>
description of the term ?abuse?<br>
<br>
and this opens the door to<br>
<br>
potentially bigger problems: a<br>
<br>
surplus of reports,<br>
<br>
discrimination/legal issues, and<br>
<br>
a waste of resources. Around the<br>
<br>
world, we can perceive what<br>
<br>
abuse is in very different ways.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Afrinic<br>
<br>
is not entitled to force members<br>
<br>
to report abuses and most<br>
<br>
importantly, this proposal does<br>
<br>
not represent Afrinic?s purpose.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
I,<br>
<br>
therefore, oppose this policy.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Thank<br>
<br>
you,<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lucilla <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
RPD mailing list <a href="mailto:RPD@afrinic.net"
target="_blank" moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
<br>
<br>
IPv4 is over<br>
<br>
<br>
Are you ready for the new Internet ?<br>
<br>
<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
<br>
<br>
The IPv6 Company<br>
<br>
<br>
<br>
<br>
<br>
This electronic message contains<br>
<br>
information which may be privileged or<br>
<br>
confidential. The information is<br>
<br>
intended to be for the exclusive use of<br>
<br>
the individual(s) named above and<br>
<br>
further non-explicilty authorized<br>
<br>
disclosure, copying, distribution or use<br>
<br>
of the contents of this information,<br>
<br>
even if partially, including attached<br>
<br>
files, is strictly prohibited and will<br>
<br>
be considered a criminal offense. If you<br>
<br>
are not the intended recipient be aware<br>
<br>
that any disclosure, copying,<br>
<br>
distribution or use of the contents of<br>
<br>
this information, even if partially,<br>
<br>
including attached files, is strictly<br>
<br>
prohibited, will be considered a<br>
<br>
criminal offense, so you must reply to<br>
<br>
the original sender to inform about this<br>
<br>
communication and delete it.<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
<br>
RPD mailing list<br>
<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
IPv4 is over<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Are you ready for the new Internet ?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
The IPv6 Company<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
This electronic message contains information<br>
<br>
which may be privileged or confidential. The<br>
<br>
information is intended to be for the exclusive<br>
<br>
use of the individual(s) named above and further<br>
<br>
non-explicilty authorized disclosure, copying,<br>
<br>
distribution or use of the contents of this<br>
<br>
information, even if partially, including<br>
<br>
attached files, is strictly prohibited and will<br>
<br>
be considered a criminal offense. If you are not<br>
<br>
the intended recipient be aware that any<br>
<br>
disclosure, copying, distribution or use of the<br>
<br>
contents of this information, even if partially,<br>
<br>
including attached files, is strictly<br>
<br>
prohibited, will be considered a criminal<br>
<br>
offense, so you must reply to the original<br>
<br>
sender to inform about this communication and<br>
<br>
delete it.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
<br>
<br>
<br>
<br>
RPD mailing list<br>
<br>
<br>
<br>
<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<br>
<br>
<br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
-- <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Lamiaa<br>
<br>
CHNAYTI<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
**********************************************<br>
<br>
<br>
IPv4 is over<br>
<br>
<br>
Are you ready for the new Internet ?<br>
<br>
<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
<br>
<br>
The IPv6 Company<br>
<br>
<br>
<br>
<br>
<br>
This electronic message contains information which
may be<br>
<br>
privileged or confidential. The information is
intended to<br>
<br>
be for the exclusive use of the individual(s)
named above<br>
<br>
and further non-explicilty authorized disclosure,
copying,<br>
<br>
distribution or use of the contents of this
information,<br>
<br>
even if partially, including attached files, is
strictly<br>
<br>
prohibited and will be considered a criminal
offense. If you<br>
<br>
are not the intended recipient be aware that any
disclosure,<br>
<br>
copying, distribution or use of the contents of
this<br>
<br>
information, even if partially, including attached
files, is<br>
<br>
strictly prohibited, will be considered a criminal
offense,<br>
<br>
so you must reply to the original sender to inform
about<br>
<br>
this communication and delete it.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
<br>
RPD mailing list<br>
<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
RPD mailing list<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
RPD mailing list<br>
<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
-- <br>
<br>
Lamiaa CHNAYTI<br>
<br>
<br>
<br>
_______________________________________________
RPD mailing list <a href="mailto:RPD@afrinic.net"
target="_blank" moz-do-not-send="true">RPD@afrinic.net</a>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a>
<br>
<br>
<br>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which
may be privileged or confidential. The information
is intended to be for the exclusive use of the
individual(s) named above and further
non-explicilty authorized disclosure, copying,
distribution or use of the contents of this
information, even if partially, including attached
files, is strictly prohibited and will be
considered a criminal offense. If you are not the
intended recipient be aware that any disclosure,
copying, distribution or use of the contents of
this information, even if partially, including
attached files, is strictly prohibited, will be
considered a criminal offense, so you must reply
to the original sender to inform about this
communication and delete it.<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a
href="https://lists.afrinic.net/pipermail/rpd/attachments/20200921/38d79b2f/attachment.html"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/pipermail/rpd/attachments/20200921/38d79b2f/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd"
target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
<br>
<br>
------------------------------<br>
<br>
End of RPD Digest, Vol 168, Issue 143<br>
*************************************</p>
</blockquote>
</div>
</div>
</div>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com" target="_blank"
moz-do-not-send="true">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be
privileged or confidential. The information is intended to
be for the exclusive use of the individual(s) named above
and further non-explicilty authorized disclosure, copying,
distribution or use of the contents of this information,
even if partially, including attached files, is strictly
prohibited and will be considered a criminal offense. If you
are not the intended recipient be aware that any disclosure,
copying, distribution or use of the contents of this
information, even if partially, including attached files, is
strictly prohibited, will be considered a criminal offense,
so you must reply to the original sender to inform about
this communication and delete it.<br>
<br>
</div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
RPD mailing list
<a class="moz-txt-link-abbreviated" href="mailto:RPD@afrinic.net">RPD@afrinic.net</a>
<a class="moz-txt-link-freetext" href="https://lists.afrinic.net/mailman/listinfo/rpd">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</body>
</html>