[anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sander Steffann
sander at steffann.nl
Sun Jan 20 22:37:44 CET 2013
Hi Ronald, > As regards my reluntance to engage with RIPE NCC on any kind of a formal > basis, although that too may be unforgivable, allow me to point out > what I feel is a relevant point, specifically that the free flow of > information is, as we here in the states would say, a two-way street... > or should be anyway. > > Since my original post on this matter, a RIPE NCC staff member has reached > out to me, and in an informal manner I have appraised her throughly of > the various lines of evidence that formed the basis of my suspicions > about these specific 18 ASNs. In a follow-up to this, I inquired as > to how much I might be told, and when, with regards to RIPE NCC's > investigation of this matter, stating up-front that I understood > that RIPR NCC staff might possibly labor under some of the same con- > straints as ARIN staff do with regards to this kind of investigation, > and their ability for be forthcoming, either publically or privately, > about either investigation results, or actions taken. I was then > politely informed that yes indeed, RIPE secrecy rules are not materially > different from those of ARIN with respect to these kinds of investigations. > > In short, it appears that none of us will ever know anything, either > about how this happened, why it happened, who was responsible (within > Romania) for causing it to happen, or what actions, if any, RIPE NCC > will take in response to this matter. (I sort of feel like I want to > use the term "this incident" rather than "this matter", but it appears > that this has not been so much an "event" as it has been a process. > The data seem to indicate that the fraudlent scheme I reported on has > been ongoing for over two years now.) > > Anyway, it may come as no surprise when I say that this information > flow "one way street" is less than satisfying. In fact that would > be an understatement. And if one thinks about it, this cloak of > secrecy that hides all... all noble actions and all skullduggery, > without discrimination... may be a part of the reason that other > people of generosity and good intent, unlike me, do not waste their > time on looking to deeply into funny stuff on this Internet, let > alone reporting any such. Why bother when it is a forgone conclusion > that the whole thing will be hushed up in the end anyway, and, as > far as anyone of the outside knows, neither any drop of justice > nor any dollop of disipline is ever dispensed. Now *this* is something that might be solved by a policy proposal. How about a policy that states that a list of all resources reclaimed by/returned to/delegated to the RIPE NCC must be published? I don't know about the legal implications of also publishing the company name etc of the last holder, but how about a list containing: - Resource - Reclaimed date - Reason (received from IANA, returned by holder, violation of policy, bankruptcy, court order, non-payment, fraud/untruthful information, etc) - Returned to pool date I am trying to find the balance between avoiding legal trouble for the RIPE NCC (IANAL etc, so I don't know what is acceptable under Dutch law) and giving feedback and showing the community what is being done. The NCC already publishes the resources it allocates/assigns (output list). What I propose is that they also publish what they receive (input list). Showing both sides of the story would be part of good stewardship etc. /me looks at the worms crawling out of the can... What do you (=AAWG) think? Sander
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]