<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Dear Frank/Community members</p>
<p><br>
</p>
<p>a) In the Impact Assessment, staff assumed that the policy will
not impact the legacy resources in the AFRINIC whois database and
requested the authors to confirm that this is so. AFRINIC staff
needs to keep this in consideration at the time of
implementation(myafrinic and whois business rules) - abuse-c
mandatory for non-legacy resources. Staff were therefore satisfied
with this confirmation and had not indicated otherwise to the
co-chairs and community in the session.<br>
</p>
<p>b) "AFRINIC is bound by the Mauritian Data Protection Act 2017
(inspired by GDPR). For more information on AFRINIC's Privacy
Policy, click on the following link - <font color="#000000"><a
class="moz-txt-link-freetext"
href="https://www.afrinic.net/privacy">https://www.afrinic.net/privacy</a>.
Thus, implementation of the abuse-c will not impact negatively
on AFRINIC's data protection obligations."</font></p>
<p>c) The only policy that affects the legacy resource holders is
documented in Section 5.7 of the CPM - and it regards transfers
of legacy resources. Legacy Holders are not bound by any other
resource policies. <br>
</p>
<p>Staff therefore will confirm with the authors that their policies
do not affect legacy resources , especially when implementation
will be done on the whois database. This is to ensure that the
implementation does not negatively impact how the legacy resource
holders manage their resources on the whois database. <br>
</p>
<p>d) In the Policy Implementation Experience Report during
AFRINIC-32/AIS'20 , staff have pointed out that Section 8 of the
CPM does not enforce a mandatory abuse contact . They also
mentioned that they are having to respond to an increase in
complaints regarding missing abuse contacts in the number
resources in the AFRINIC whois database and that operators have
warned that they will filter the resources with no abuse
contacts. Staff are therefore doing the work for the members , as
they are bound to respond to any queries that are logged with the
AFRINIC service desk. This situation is not scalable in the long
term & AFRINIC invites the community to also ponder on this
feedback.</p>
<p>Kind Regards</p>
<p>Madhvi</p>
<pre class="moz-signature" cols="72">--
Madhvi Gokool
Senior IP Resources Specialist
AFRINIC Ltd.
t: +230 403 5100 | f: +230 466 6758 |
w: <a class="moz-txt-link-abbreviated" href="http://www.afrinic.net">www.afrinic.net</a></pre>
<p> </p>
<div class="moz-cite-prefix">On 28/09/2020 8:09 PM, Frank Habicht
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1d9397d3-57db-b13b-a3bf-f812d685da3a@geier.ne.tz">
<pre class="moz-quote-pre" wrap="">Dear chairs,
On 21/09/2020 08:32, Frank Habicht wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Dear chairs,
On 21/09/2020 03:04, ABDULKARIM OLOYEDE wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">6. Abuse Contact Update
The proposal makes it mandatory for AFRINIC to include in each resource
registration, a contact where network abuse from users of those
resources will be reported. The proposal whois DB attribute (abuse-c)
to be used to publish abuse public contact information. There’s also a
process to ensure that the recipient must receive abuse report and that
contacts are validated by AFRINIC regularly. However, there some
opposition to the proposal there are:
a. Staff analysis on how it affects legacy holder not
conclusive (not sure why this should affect legacy holders)
b. The proposal doesn’t state what will be the
consequences of one member fails to comply. Why are we creating the
abuse contact when there is no consequence for not providing the abuse
contact
c. Abuse contact email and issues with GDPR concerning
the whois database
d. No proper definition of the term Abuse
e. To force members to reply to their abuse email is
not in the scope of AFRINIC.
Chairs Decision: No rough consensus
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
About d. "No proper definition of the term Abuse"
yes, this was mentioned several times by members opposing.
The proposal is about "abuse contacts". it is not about what "abuse" is.
there is no need for a definition of "abuse".
In my humble opinion the request for a definition of abuse is off-topic.
Question: if someone makes a proposal about lame DNS servers in domain
objects for Reverse-DNS, and I object arguing that a definition of RPKI
is needed - what would you do with this argument?
Q2: can arguments about a proposal be irrelevant to this proposal?
Q3: was that the case here? were arguments, that a definition for abuse
is required, irrelevant?
I request chairs' response to Q2 and Q3.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Dear chairs, requesting a response.
Note: chairs said this was a point of opposition.
I argue that this was an irrelevant point.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">About e. "To force members to reply to their abuse email is not in the
scope of AFRINIC."
Yes, that was mentioned several times.
And also this is something the proposal does not do and does not attempt.
And all the comments about (d.) above apply.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
How can people complain that the proposal does something, when the
proposal doesn't do that?
How can that be a valid objections?
Chairs?
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">If irrelevant objections are taken as valid arguments, please note that
I foresee that any future proposal can get rejected and the PDP will be
stuck.
About c. "Abuse contact email and issues with GDPR concerning the whois
database"
- I didn't see that on the mailing list, can you remind us, or was that
only during the live session?
- there are other contact information in whois. can staff confirm
whether AfriNIC are GDPR compliant?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
AfriNIC staff: above is a question for you.
yes, I think I know the answer, but maybe the ones arguing that this is
a problem with the proposed policy don't know the answer.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">- would that status change if abuse contacts would be added?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
same... AfriNIC staff, please help.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">About b. "The proposal doesn’t state what will be the consequences of
one member fails to comply. Why are we creating the abuse contact when
there is no consequence for not providing the abuse contact"
- I can imagine that AfriNIC would include in their meeting
presentations information regarding how big (in measurable terms) this
problem is.
- from that the WG can discuss and decide if more actions are necessary.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Chairs, does my above answer sufficiently address the point b. of
opposition that you had listed as relevant?
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">About a. "Staff analysis on how it affects legacy holder not conclusive
(not sure why this should affect legacy holders)"
I didn't see that before, but as is tradition in my part of the world,
let me respond to the question with a question:
Are legacy holders subject to any for the PDWG's policies?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Madhvi, please help: does any policy affect legacy holders?
Thanks,
Frank
_______________________________________________
RPD mailing list
<a class="moz-txt-link-abbreviated" href="mailto:RPD@afrinic.net">RPD@afrinic.net</a>
<a class="moz-txt-link-freetext" href="https://lists.afrinic.net/mailman/listinfo/rpd">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>