the proposal is ready and will not be changed anymore. Unfortunately I will not attend the Kuala Lumpur meeting. Dave Crocker will do the presentation about this proposal and he asked me to ask you, if you could put all your questions here, so I am able to answer them in advance. That would be very helpful for us. Thank you very much and lots of fun in KL. Tobias Am 24.02.2010 01:07, schrieb Randy Bush: > Dear SIG members > > Version 3 of the proposal 'Abuse contact information' has been sent to > the Policy SIG for review. It will be presented at the Policy SIG at > APNIC 29 in Kuala Lumpur, 1-5 March 2010. > > Information about this and other policy proposals is available from: > > http://www.apnic.net/policy/proposals > > This new version of the proposal reflects feedback from the community > received on the Policy SIG mailing list: > > - The wording of section 1 has been simplified. > > - The "Summary of the current problem" in section 2 has been > rewritten. > > - Section 4.1 has been reworded slightly. > > - The last bullet point in section 5.1 has been rewritten. > > - Section 5.2 refers to the discussion on whois data accuracy that > has taken place on the Policy SIG list. > > > We encourage you to express your views on the proposal: > > - Do you support or oppose this proposal? > - Is there anything in the proposal that is not clear? > - What changes could be made to this proposal to make it more > effective? > > Randy, Ching-Heng, and Terence > > > > ________________________________________________________________________ > > prop-079-v003: Abuse contact information > ________________________________________________________________________ > > > Author: Tobias Knecht <tk at abusix dot org> > > Version: 3 > > Date: 24 February 2010 > > > > 1. Introduction > ---------------- > > This is a proposal to introduce a mandatory reference to IRT objects in > the inetnum, inet6num and aut-num objects in the APNIC Whois Database. > > The proposal aims provide a more accurate and efficient way for abuse > reports to reach the correct network contact. > > > 2. Summary of current problem > ------------------------------ > > Network owners increasingly operate dedicated abuse handling > departments, distinct from the basic operations department. > > More and more network owners and other institutions are also starting to > exchange data about abusive behavior with each other, to more quickly > allow networks to identify internal abuse, external abuse, and other > security problems. > > Currently within the APNIC region, the growing amount of abuse reports > are sent to tech-c or admin-c contacts, as encouraged on the APNIC > website.[1] These addresses are used because the APNIC Whois Database > currently has no mandatory, specialised contact object for abuse > departments. Instead, all abuse reports are sent to contact that has > broader responsibilities or different responsibilities. > > > 3. Situation in other RIRs > --------------------------- > > AfriNIC: > > There are currently no specific abuse-related fields implemented in > the AfriNIC Whois Database. However, if the current proposal is > successful in the APNIC region, the author plans to submit a > similar proposal for the AfriNIC region. > > ARIN: > > An abuse-POC exists for Organizational ID identifiers.[2] > > LACNIC: > > An abuse-c exists for aut-num, inetnum and inet6num objects.[3] > > RIPE: > > An optional IRT (Incident Response Team) object can be linked to > inetnum and inet6num objects.[4] If the current proposal is > successful in the APNIC region, the author plans to submit a > similar proposal for the RIPE region. > > > 4. Details of the proposal > --------------------------- > > It is proposed that APNIC: > > 4.1 Institute a mandatory reference to an IRT object in inetnum, > inet6num and aut-num objects. > > In terms of implementing a mandatory IRT reference, it is > suggested that this be part of two established actions: > > - The next time an organization attempts to update an existing > inetnum, inet6num or aut-num object > > - When new inetnum, inet6num or aut-num objects are added to the > database > > 4.2 Have a mandatory abuse-mailbox field in the IRT object. > > 4.3 Delete abuse-mailbox fields in all objects that do not refer to an > IRT, and delete the trouble field everywhere starting 2011. > > > 5. Advantages and disadvantages of the proposal > ------------------------------------------------ > > 5.1 Advantages > > - Networks will be able to supply their own, direct contact > information for abuse departments. > > - Abuse complaints will not be sent to the "wrong" contact any more. > > - This permits greater administrative and operational flexibility, > and faster abuse handling will be possible. > > 5.2 Disadvantages > > - Introducing a mandatory reference to the IRT Object will establish > a new object. This object, like all other existing objects, will > face the data accuracy problem. This proposal aims to address the > issue of a missing place for abuse contact information and will > not improve data accuracy in the whois database. Data accuracy > will be part of another proposal that is already being discussed > on the policy mailing list. > > > 6. Effect on APNIC members > --------------------------- > > There will be no immediate affect for APNIC members with existing > resource registrations already in the APNIC Whois Database. > > However, members will need to add a reference to the mandatory IRT > object in the following situations: > > - The first time members attempt to update an existing inetnum, > inet6num or aut-num object > > - When members add new inetnum, inet6num or aut-num objects > > > 7. Effect on NIRs > ------------------ > > It would be of benefit to the whole Internet community if NIRs were to > implement a similar abuse contact scheme in their whois databases. But > this would be another proposal. > > > 8. References > -------------- > > [1] Reporting abuse and spam http://www.apnic.net/reporting-abuse > > [2] Introduction to ARIN's Database > https://www.arin.net/knowledge/database.html#abusepoc > > [3] There is no formal documentation on abuse-c in inetnum and inet6num > objects, but for documentation on the abuse-c in ASN records, see > LACNIC Policy Manual (v1.3 - 07/11/2009) > http://lacnic.net/en/politicas/manual4.html > > [4] IRT Object FAQ > http://www.ripe.net/db/support/security/irt/faq.html > > > * sig-policy: APNIC SIG on resource management policy * > _______________________________________________ > sig-policy mailing list > sig-policy at lists dot apnic dot net > http://mailman.apnic.net/mailman/listinfo/sig-policy
Attachment:
signature.asc
Description: OpenPGP digital signature