Anti?abuse Working Group, Thursday, 18th November 2010, 2:00 p.m.:

CHAIR: Hello. Nice thing to wake you up after lunch. So, if I could welcome you all to the RIPE 61 anti?abuse Working Group and I am hoping you are all ??

So, welcome all to the anti?abuse Working Group. My name is Brian Nisbet. I have apologies from my co?chair Richard Cox, he unfortunately can't be here this week ??

AUDIENCE SPEAKER: James Blessing concerned Internet citizen. While it's good that we have an active co?chair, it seems that the reputation of the Working Group is being impacted by the other co?chair. I would like to add to the agenda some discussion around that, if possible.

CHAIR: Okay, you are happy if we put it under any other business. We'll get to that in the end so in that case.

So, thank you very much to the RIPE NCC and all of the support they give the Working Group. Our wonderful scribe, Jabber, all of these wonderful gentleman over here; and indeed thank you to our awesome stenographers, and I don't just say that out of a sense of national pride.

Go on the Paddies.

If we do have a point to make, we have a perfect chance. If you could state who you are and where you come from when you speak at the microphone. That would be great.

So, first off, approve the minutes from RIPE 60. They were published, there were some queries which I think we worked out. Unless anybody has any points to raise right now, I think that that's ?? that we can decide that they are passed. We can decide that they are passed and I am going to hit the elect earn in a very authority I have manner.

The agenda, we have made some changes we are largely expansions on the original agenda, barring obviously removing Richard's item from that as he isn't here. We have a lot more input from the RIPE NCC, both on the closure and deregistration draft and indeed on the database and the registry cleaning up and all part of that process. So we will work through that and we have an increased amount of information about the three policies which we have in place at the moment, which we have had a lot of discussions this week between the various stakeholders about that, so we will get to all of that as well.

But unless, on top of the one item we have had added there any other additions to the agenda that anyone would like to make. I think we will move on from there.

So, first off, we have the recent list discussion of which there has been a lot. Now, a lot of this comes down to the three policies and we'll be discussing them separately in a moment or two, but we had an amount on reporting fraud, database issues and indeed on the time stamps and the use of minus B and WHOIS queries. So, I think a lot of this is connarrated into the policy discussion and into the information we have on the database cleanup and what we'll be talking about later. I am not sure if anyone has any specific points they wish to raise on foot of that list discussion. I think we had the reiteration of the anti?abuse is not the correct place to report incidents of network abuse, rather there are a myriad of other places going from the LIR to law enforcement and on beyond that. But the the mailing list is not that place, as was pointed out recently. There have been various questions to whom you should report fraud but again I think this comes into the policies. And as a useful reminder, WHOIS minus B will give you the date of the last update. If anyone doesn't know that, please note it down for future reference as database issues we'll touch on later.

So the rest of the updates section is updates from various parts of the community and one of the things that it's very easy for us to sit here with our purely our numbers, is to forget the various elements and names which are intertwined with our address allocation and I think it's worthwhile, now and again, discussing the problems that registrars have because they are all interlinked. So I have asked Michele Neylon from Blacknight in Ireland, again with the National Pride, to come along and give us an update on some registrar issues and some of the things this they are seeing which is all tied in with all of our items. So...

MICHELE NEYLON: Good afternoon. Thanks Brian for the introduction. This is the first time attending a RIPE meeting so you have have to excuse me if I manage to pitch this completely wrong and you all run away thinking I am a total idiot.

This presentation I just put together, it covers a few things that are kind of salient issues that companies such as ourselves are dealing with and I think there is some kind of crossover between the kind of issues that we are dealing with and a lot of other operators would have to deal with.

Firstly, of course, is, we are a registrar and from talking to some of the people here at the RIPE meeting I know you are all really really good with networks and routers and IPv6 and various other things. But I thought just to make sure everybody knows what we are talking about, that I'd at least give you some kind of a definition what a registrar actually does and doesn't do.

As I put up there, domain registrars ?? registration services often combined with host and and other e?mail, not always. Some companies you run across they are not going to have the same kind of issues and views as others. A lot of registrars would be members of RIPE or ARIN or the other regionals where some would not be. And more often than not the registrars are going to be accredited as bodies such as ICANN, NomiNet or various other ccTLD registries.

Why it is relevant to you guys? It impacts your members because often or not either the registrars are members of RIPE or other organisations or your members are providing services to them and if something goes a bit wrong on our end, it's going to have an impact on you as some point along the way and of course also say that some you might be offering similar thing. Of course it's all interconnected.

What is actually the registrar's perspective on it? What are we doing? What are we seeing? In general terms, split abuse into two basic buckets. You have got genuine abuse, which is something that is ?? it's actually abuse of some kind and then you have got people who are miss propose ating your abuse mailbox to send you all sorts of interesting essays about life recollect the universe and everything else and how they feel that company X has done something terribly nasty but it's not really an abuse query, it's something this they could take up with a consumer agency, or a law court or something else. And just so that it's all nice and clear, we are not all evil. We are all members of the same community. Some of us may not be as active and as present in organisations such as RIPE. But, you know, we are all trying to get a long nicely and hopefully make plenty of money in the process.

So, coming down to abuse desks. The reality is, abuse desks cost money. They don't generate any actual income. I'd love it if they did but they don't. So, the problem for a lot of us is we may be seen possibly to be not as responsive as you would like when you are reporting an issue to us. But of course, the thing is, all registrars and hosting providers should probably look at doing something about running an efficient abuse desk, about making sure that people can report issues to them if and when they arise because unfortunately, no matter MoU good or how bad you may like to run things, you are still going to run into issues because there are some nice charming people out there who will do all sorts of interesting things, given half an opportunity to do so.

It was interesting listening to one of the talks earlier this week, when talking about abuse and reputation and maybe that's something that we should all be more conscious of. That if you you are not careful you could end up as being flagged as being a spammer friendly registrar, that your network, as a company, you can be seen or perceived to be including, as it were, with criminals and other another do wells. Now, another thing I'll come to afterwards is the pressures that are now being put on registrars from various other agencies and these are things that we all have to take very, very seriously.

What kind of abuse are we seeing? Probably not that different to what you are seeing if you are running ISPs and providing connectivity. We are seeing plenty of of spam. We are seeing it coming in and going out. The fishing fraud is a continual problem. It keeps going up and up and up and you hear people talking about oh, you know, technology X will stop this particular type of problem. The reality is no, it won't. They'll just move the goal posts. The types of phishing fraud that we are seeing are more and more complex and no matter what you do, there'll still be more of it.

Unfortunately the problem of course is that in many cases, the phishing isn't be being done on the domain it's self. They are compromising an existing install. So one of the biggest problem we see on our own network would be compromised installs of CMSes such as DOMLA, WordPress, those kinds of things, where somebody is able to get in and take over an entire subdirectory and they are pretty sneaky. Credit card fraud is a huge issue. On our side, we have had to implement all sorts of crazy anti?fraud checks, said to stop people from getting into the system because what we were finding was that they would go through, pass through a legitimate, what looked like a legitimate order or an order of quite a low value. Get past the fraud checks and then next thing is either start using a fraudulent credit card to buy products and services from us, or use a VPS or a dedicated server or something like that on our side to launch an attack against somebody else. Which is quite worrying. Identity theft, again, this one is I find particularly scary. We have seen situations where they have, criminals have taken a person's entire identity, everything from the credit cards, the pay pal accounts, they have controlled the e?mail addresses and they are not afraid to give you telephone numbers, all the contact details that you want. They'll even ring you up and query why you are stopping them, why you have actually shut down their hosting account. I have had these people on the phone screaming in my ear. It's have very, very serious issue and it's not an easy one to fix. More and more ?? it's become more and more prevalent. How many of you here have had your credit card skimmed or your PayPal account attacked? Just looking around the room there is a fair few hands. And I'd say most of us would probably consider our ourselves to be relatively savvy. I have had my own credit card skimmed in the last nine months. It's worrying, it's very, very worrying and there is no simple easy solution for it.

A lot of this stuff I think is going to be down to more cooperation. So, for example with the network operators here, talking through the Working Group to see what it is that you want to report. How you want to report it or maybe improving that. I think Brian will be talking further about the proposals later. The impact of abuse for everybody, I think this is where it starts to kind of get interesting, is when it comes to the representation in PR which I mentioned previously. If you are following the kind of updates within the security community, you will have seen over the last twelve months as being more and more focus being put on certain companies and their activities. And so the companies like that, they are feeling the pain. So, some of those companies will have reacted and will have changed their policies and procedures and will be working more to kind of curb the abuse on their network. But the thing is that, you know, ultimately the reputational side of things is something that just to be very, very conscious of. It's something that any, I think any serious registrar or hosting provider would take very seriously, because if newer network gets that reputation, it's going to become a problem in terms of e?mail delivery both in and out.

Security issues as well of course, a lot of the time you are seeing people's websites being defaced and more often than not they blame the registrar, the hosting provider trying to make out that they are at fault, their systems are insecure, whereas we commonly find people with interesting passwords like let me in 123, which was a password we found last week. We locked their account down and they promptly changed it back to let me in 123 afterwards which confused our technical support staff no end.

What about the tangible costs. The bottom line. Basically, it comes back again to these ?? if your network is constantly being abused you are going to end up losing sales. If people cannot get e?mail, if there is constant issues related to the SEO side of things, Google might flag in websites adds possible malware this kind of thing, it has a knock?on effect.

Mail load ?? that's the same thing again obviously.

The kind of things that people can do to track it. A lot of the large mail companies, AOL, MSN and various others, they provide a mechanism for people to get some kind of feedback on what their users are doing. You can get realtime reports of abusive e?mails coming from your AS number. Unfortunately for the ?? some of the smaller companies wouldn't have their own AS and I see somebody shaking their head, they wouldn't have their own AS, but if you are the ?? control the AS, and you know you have a client who has a lot of mail servers and everything else, do you want to be dealing with their abuse reports? I know we don't. So, you know, it's easy enough for to you enable them to get those reports.

Other things ?? it's going to be pretty obvious. If a mail server, if the load in a mail server is queued suddenly spike, it's usually worth looking at. The same with the bandwidth usage. Servers that might be doing 256k constant, suddenly spike to 20 mega, you might kind of stop and ask, hold on a second, is it that: A) they have done something that's got really really popular or B) which is probably more likely, somebody has managed to break in? Now, sometimes you'll discover that, yeah, they actually have got very, very popular. I mean we had one client that suddenly went from doing, there was 1 megabit to out at 1 hundred mega port in the space of 24 hours, that's because they were doing TV advertising, but more often than not it's because somebody cracked the box.

One tool which, those of you regardless of what area you are in you should really have a look at, it's very, very cool and useful, is Google safe browsing alerts which they launched a couple of weeks back. Very, very interesting and very useful. You can plug in your AS numbers and they will send you e?mails with details of any sites or IPs on your network that have been compromised. So you can get a nice simple report with a list of the hosts, the host names or the actual URLs and you can go off and investigate and take action. It's a hell of a lot cheaper than paying net craft or somebody to do it for you.

There is the back channels. Talking to people that you have met at RIPE meetings and other such events. Actually a bit of communication, hey Brian, how is it going, did you realise that one of your users is spamming my network to death? Okay, thanks. I might shut them off. Okay, everybody is happy.

Stuff that doesn't help is what I call the non abuse reports that are completely spurious. Big ones we see a lot of is where people are trying to sort out a civil issue by making out that it's an abuse you issue. He stole my whatever, he stole my Joao Damas, he stole my content, he stole my image, he stole my cat, and they send you in an abuse report. If you are going to send in an abuse report, keep it simple. Legal mumbo jumbo at the beginning of an abuse report is a pain in the neck and nobody wants to read it.

Another one which drives me spare personally is where you get the same report from the same organisation 15 times in the space of 20 minutes. If you are doing automated reporting, people, please, please a bit of sanity, for God's sake. By the way mail scanner dot info for those of you who are using these automated things, it is not a source of e?mail, Yours sincerely not a phishing site. We get about 150 reports of that every three months. The other one which I find highly amusing is incorrect report where you send people reports about stuff that has absolutely nothing to do with them. Not on their network, not on they are accreditation, not on anything. Again, keep it simple. If you are going to send a report in to somebody, you want them to act on it. Keep it clear, keep it simple. Cut to the chase. Do I want to know ?? a report going on about the all the legal ramifications of this, that and the other? Probably not, no. My legal department might be interested, but I'm not.

What is it? What type of abuse do you think it is? And by type of abuse please use simple terms. We got a report in one time and it was we are noticing strange traffic on port 25.

You mean the spam coming from a network? Yes, why didn't you say that?

We are noticing strange traffic on port something else, it's like, what the helm I meant to do with that? The location, the source, the IP address, the type of abuse, what it is, clear simple and everybody is happy. As we have already said, nobody is making any money from running an abuse desk. We want to just get through it.

Now, the big thing works which of course is coming through is this lovely thing where all the governments around the world and there is probably some of them sitting here in the audience, they woke up about a year?and?a?half pro years ago and realised there was this thing called the Internet and they were a little bit scared because they don't have very much regulation and control over it as they might like. At the ICANN level, all ICANN accredited registrars are bound by this contract called the registrar accreditation agreement. Both the governments and law enforcement agencies are now putting pressure on ICANN to make changes to that so that certain things will appear in a future version of it. Some of the stuff is pretty straightforward. Other things maybe not. And you can expect a lot of backwards and forwards about that over the next couple of years. The US and other governments are getting a lot of pressure from internally social networking sites and everything else, they are causing a lot of headaches. You are seeing people worried about fraudulent goods and other things.

But, of course, one of the big things at the moment is a pharmaceutical, from the pharmaceutical side of things. There was a meeting recently in Washington between most of the major registrars, registries and the white house. The registries themselves, they are now ?? a lot of them are now reporting abuse or possible abuse to the registrars directly, so even if you don't host the domain, if it's on your accreditation, you might get an e?mail from NomiNet or from one of the other registries saying hey, domain X is reported as being the source of whatever. Law enforcement, I mention them again because they are talking to registrars and they are putting pressure on us. They want us to do certain things and they want us to do it in a particular fashion. And hopefully, we'll be able to with them.

Self?regulation side of things. If there is anybody here who offers hosting or is involved in that area at all or is an ISP and is not involved with the equivalent of you're I say pay, please get involved, because if you don't eventually governments are going to tart forcing the stuff down you.

That's my details and thank you very much.


CHAIR: So, do we have any questions?

AUDIENCE SPEAKER: I'm Laura from the RIPE NCC. I have several comments and questions on the Jabber chat channel.

First one is from. ... and he says: How should all these things be reported in a machine in human readable format?

CHAIR: Is that the question?


CHAIR: I don't know what that means. Being read abuse ?? we get automated reports, we get manual reports, the key thing is if it's going to be automated or done by a human, there is no reason why you can't pro provide is in a particular order, especially in you are programming it. The other thing is that every abuse report that you get, you are going to have to investigate it. You are going to have to look at it. You are going to have to make sure what's being asked is reasonable, that you are not being asked to shut down something that's going to have a massive imimpact on hundreds if not thousands of innocent users.

AUDIENCE SPEAKER: Second comment is from Constant..., Constant asks: In the recent increase in BotNets, when spam is sent through the port TCP 80 HTTP via e?mail systems such as hotmail, what can I do? Close port 80 to these sites? I do not have the right to do that.

MICHELE NEYLON: Report it to hotmail? I don't know.

BRIAN NISBET: I think, I mean, there is a number of just things to kind of raise there I suppose.

When spam is sent via any of the large we object mail providers, they have almost all of them certainly got very, very good at dealing with spam even those who don't release those little useful details like originating IP are generally pretty good. But I mean if it comes from the website, they are really only the people you can get back to unless there are other IP addresses listed in which case please report them to the, you know, to the X originaling IP if that's available and Google please make the X originating IP available.

AUDIENCE SPEAKER: A final comment at the moment on the channel is from Jill Massen from Restaina foundation. And he says that considering that abusers are moving fast, how would you react to them efficiently while still protecting the innocent and providing such annoying things like the right to defend yourself?

MICHELE NEYLON: By very carefully evaluating each and every abuse report that you receive. I mean the thing is not to have the kind of a knee jerk response. If somebody is abusing, you know, blahblahblah.TLD/whatever, then maybe removing or disabling the forward /, whatever, will stop that abuse rather than shutting down the entire domain which could have a very nasty side effect.

AUDIENCE SPEAKER: David Friedman. I have a question. I see some strange traffic on port 25 ?? no ?? my question is actual eye to do with what kind of proactive work do you do here? I mean, why do we wait for abuse reports to come in why are people not doing anomaly detection on the networks and just looking for traffic patterns that usually indicative that there is abuse going on? Spam runs when they can be made really slowly and they are difficult to detect from a network perspective, sometimes they are made really fast because, you know, they don't have use of the IP for long and they want to get the most they can out of it.

MICHELE NEYLON: The answer so that is twofold: In many instances a lot of registrars and hosting providers don't have full control of the network. They are using your network. I mean Clara, for example, I know owns several hosting providers who would have lots of resellers and I think I even had a server on one of them at one stage just to test something.

AUDIENCE SPEAKER: And they worked with us and they get alerts from the network when these sorts of things happen.

MICHELE NEYLON: That's the thing. I mean it's all very well. I can say what we do. I have no way of knowing or enforcing what other people can do. The kind of thing that I would love to see is coming out of the Anti?Abuse Group would be possibly, you know, best practices for network operators to implement.

AUDIENCE SPEAKER: The thing is ??

MICHELE NEYLON: Which is why I would say to you, if you are not a member of the anti?abuse group join it it.

BRIAN NISBET: I will say, and I'll say this now it's not something that's on the agenda. The matter of best practice has obviously come up here before, we don't have it on the agenda today. It is something we fail to do and I really want to re invigorate that and get that published and I am trying to figure out the best way of doing that. If anyone for the rest of the day has any questions about pest practice, best policy documents, best practice documents, yes, it is an action item for the Working Group. We are not ?? I am not going to have an answer for you today but I am very much hoping over the next relatively short while we will have a plan to get people to work on that and to put that out.

AUDIENCE SPEAKER: Hi, I am pretty much covered by Brian for his answer. I have a question regarding Google tool you presented earlier. Of course it's not yours, it's Google's but since you provided it.

MICHELE NEYLON: I mentioned it. Google safe browsing alerts.

AUDIENCE SPEAKER: It reports abuse cases originateed from your network, is that correct?

MICHELE NEYLON: It will report malware sites mainly. So ??



BRIAN NISBET: What it does is if Google finds a site that you are hosting that has malware in the way they detect these things, Google will let you know.

AUDIENCE SPEAKER: For an ISP in order to take an action on this customer, I need to have specific samples of the abuse ??



MICHELE NEYLON: I would disagree with you, in the case of a website that is ?? okay, originally I would have probably agreed with you. Probably. Not entirely. We used to take a kind of reactive stance on this in that we would wait until such time as somebody complained to us specifically about this kind of thing because a lot of malware or ?? they are malware but they are not the worst, some are just redirects or whatever. We wait until something happened then you let them know and say you need to clean this up. But we changed our policy on that because it was becoming such a big problem. It wasn't a case of one or two reports per week, it was becoming 50 a day. So, we have now taken a more proactive approach on this and are more likely to contact the customer as soon as we spot it and then if we get reports from other parties, then maybe we might act and just say fix this and we will reenable it.

AUDIENCE SPEAKER: You contact your customer based on just report received by Google with no other evidence ??

MICHELE NEYLON: No, but it shows you what you need. If you look at the ?? if you look at the report, if you look at the report and you go to the URL in the report and you are not running Windows on your machine, because if you do it using a Windows machine and it explodes, please don't blame me ?? you will see pretty quickly the issue. And most of it is the same. It's kind of ?? it's HEXen coded Java script rubbish with all sorts of other charming things.

AUDIENCE SPEAKER: Andy Davidson. I will keep this briefly. It's an answer I think to the question on Jabber a moment ago from constant insomebody who asked about preventing web mail abuse. The best way to do this I have seen is a tool that university in the UK developed an open source so you can roll this out if you have a web mail system you want to protect. Kochil, K?O?C?H?I?L. It looks at outbound mail for evidence that somebody has been phished. So the systems maintenance please verify your details reply is where people reply using their own password and it also goes and unlocks the accounts of people who have been phished. So that the person has to go and do something to get them unblocked again. So if you are interested in preventing web mail abuse do that. You can read that on the U ??

BRIAN NISBET: Could you send the URL possibly to the mailing list. Is that something you that could do. There doesn't seem to be anyone else at the microphones, so ??

AUDIENCE SPEAKER: James blessing. The one thing that was missing from your keep it simple stuff. Was make sure you include the time stamp of when the abuse occurred and the correct time zone.

MICHELE NEYLON: Yes thank you. I took "keep it simple" a little too simple possibly.

BRIAN NISBET: Thank you.

So now, we are going to move on and. So, next up we have Athina from the RIPE NCC to talk about the draft LIR closure and deregistration document.

SPEAKER: Hello, my name is Athina Fragkouli, I am from the RIPE NCC. Yesterday in the NCC Services Working Group, I presented the new draft procedural document about the closure of an LIR and deregistration of resources. Today I am going to highlight some aspects of this document that are more relevant to the anti?abuse Working Group.

So this is a document. This document has been shared with the community both through the NCC Services Working Group and the anti?abuse Working Group mailing list. We would appreciate your feedback on this draft until the end of this month, so we can have some time to work on it and to go public as soon as possible.

So, the new procedural document is an all?in?one document as much as possible. It includes all possible reasons and procedures, all RIPE documents. So it has everything concentrated together in one document. And it also includes implied reasons. Reasons that were not written anywhere but we all agreed that there were reasons for closure and deregistration.

It is a manual for same procedures. It has an index that leads directly to scenario's and its scenario has all the relevant information. So if you try to read it from the beginning to the end, you will find many sections repeating but actually it's not meant to be read from the beginning to the end. So, well we wanted to avoid cross references and each also ?? they have specific sections for specific users, different sections for contributors and different for end users.

It consists of two sections. The first section is about the closure of LIRs or more formally about the termination of the standard service agreement that the RIPE NCC signs with the contributors, this is how we call the LIRs in the standard service agreement. This is how we are going to call them in the document.

The second section is about the deregistration of resources. Now, in the first section, we present the reasons for a termination and the procedures as well as the consequences of a termination of standard service agreement, but today I will focus on the reasons only for termination.

So the standard service agreement can be terminated by the contributor with a three month notice period, we don't care for what reasonses, and by the RIPE NCC for specific reasons. We have three categories. First category is a violation of the RIPE policies and RIPE NCC procedures and more specifically, unresponsiveness from the contractor or assignments against the RIPE policies or incorrect registration, which I think is very interesting for this Working Group, because we have three new proposals about the correct registration in RIPE database. We all want a correct registration in the RIPE database. So, in this document, we specify what we consider as correct registration. We have three points. And one of these points are also the contact details of the maintain err. So, one of these points are the correct contact details of the maintainer of a registration.

The second category is the implied reasons I was talking about. The provision of untruthful information. We do trust our members, but we don't want them to abuse the trust. So if we receive falsified or incorrect information, fraudulent requests, we think this is a reason for us to terminate the agreement. Of course we will with double check first, because mistakes happen and we don't want to close an LIR just because by accident the incorrect information was submitted.

The third category of reason has to do about Internet governance, so I am going to skip it.

Now, the RIPE NCC can also terminate the standard service agreement with immediate effect for specific reasons that are written in the standard terms and conditions. But I would like to focus on the fourth reason "The contributor fails to observe any rule of applicable law." Well, this provision was subject of long discussions internally and externally with experts, legal experts and so on. Because, we realised it was too vague that we were afraid we will not be able to apply it.

So, what was the problem with that? The RIPE NCC is not a court. We do not know if a contributor indeed fails to observe any rule of applicable law. So, we do not have the knowledge to evaluate any information that can be submitted. And, what is applicable law? The law of which country? We should keep in mind that the RIPE NCC service region is a broad service region, and it includes countries with different legislation, different traditions. So, we wanted to be sure we are equal and neutral words to our members. So, unless we receive a Dutch court order, ordering us the termination of the standard service agreement, well, this is the reason actually for the termination of the standard service agreement. Because the standard service agreement is under Dutch law. The RIPE NCC is an association under Dutch law. So we thought that would be the fair thing to do.

Now, the second section is about the reregistration of resources. Again, well, in this section, we present the reasons for the registration and the procedures. I went through this yesterday. Today I will focus on the reasons of the deregistration. We have for big categories of resources. PA, by PA we mean allocations. PI, so independent resources for an LIR's own network. PI independent resources for an end users through a sponsoring LIR. And independent resources for direct assignment users, for users that have a contract directly with the RIPE NCC. The three first categories are the contributor's responsibility. So, some reasons for deregistration are related to the contributor's activities.

So, here I would like to focus on the invalidity of originalcation or assignment criteria. Again, incorrect registration. Again, these three point I was talking about, one of them is the correct contact detail of the maintainer. The falsified and incorrect information and again the fraudulent requests. Again we will double check with the contributor to make sure there are no mistakes. And the Dutch court order, again the RIPE NCC is a Dutch association and we have to comply with Dutch court orders.

And the same reasons, more or less, also apply for independent resources for direct assignment users. And having said that, I think I highlighted the anti?abuse aspects of this document and please, questions?

BRIAN NISBET: Thank you.

AUDIENCE SPEAKER: James Blessing. Two things. The only thing that can be affected under law is the full termination of the service agreement?

SPEAKER: Well we also have the deregistration of are resources and if we receive a Dutch court order, that orders us to deregister the resources also we will comply.

AUDIENCE SPEAKER: So you'll comply with a Dutch court order no matter what the court order says?

SPEAKER: We have to. We have no option in that.

AUDIENCE SPEAKER: Just checking that. What about other types of resources? You have mentioned PI AS number for example?

SPEAKER: Yes. Sorry, with PI, I meant all independent resources, but independent resources was so long a termination that debenture feed in my boxes so I said PI.

AUDIENCE SPEAKER: David Freedman, excellent presentation. I have a question which is perhaps a bit more fundamental than just the process here. And it's really to do with what you are telling us is that one day that resources will be there and then the next day resources will be gone. And not at all ?? no, no ?? okay, I say day, it's an abstract concept because the resources go from being there to not being there at some point, yeah?

SPEAKER: What do you mean by being there?

AUDIENCE SPEAKER: Being in the database one day and then the next day the resources aren't in the database any more, you have deregistered them, they are gone. So my question is, is there no intermediary here, is there no way for people to know that the resources are being in the process of being deregistered if another not the resource owner?

SPEAKER: Definitely. I didn't mention that, we also intend to add a comment let's say ??

AUDIENCE SPEAKER: Excellent, that's the bit I wanted to know.

BRIAN NISBET: It should be made clear that there is about another half that have presentation, which is viewable from the NCC Services, it was given yesterday, but I asked Athina to come back and give some specific information today, but it is there on the meeting pages under the NCC Services Working Group and doubt the video stream of this, the archive will be made available at late ear point.

AUDIENCE SPEAKER: Thanks. Rudiger Google. Can you please provide some provide come example of court order which would be suitable for termination of allocation? And if possible, example of what sort of conditions cause this court order to be released?

SPEAKER: Well, we haven't received yet such a court order. This is one thing. But, we will obey to a court order, ordering us deregistration of this resource ?? this is something, you know, we have to comply with the order so...

AUDIENCE SPEAKER: Yes, but I guess it's very difficult to get the Court order from Dutch court.

SPEAKER: That's true.

AUDIENCE SPEAKER: And I don't want somebody to end up in a situation where going through this long and painful process to get this court order, brought it to RIPE and RIPE look atit and say it doesn't look right.

SPEAKER: Are you talking now about the Dutch court orders or any?

AUDIENCE SPEAKER: Yes, so what should be in this court order that it will be what you are looking for?

SPEAKER: Well, we are working to ?? well, we have contact with the national authorities anyway, so we are working on this thing, so what should be ordering and why and under which circumstances and so on, because maybe a court order won't be the solution on their problems.

BRIAN NISBET: Could I just cut across. Would it be fair to ask for the Working Group to ask the NCC after you have had the discussions with the Dutch legal system, to feedback to the community with what would be on that kind of court order, what kind of information the NCC C would be looking for, is that pretty much what you are asking for then?

SPEAKER: The thing is right now the Dutch authorities do not see that coming, do not see how a court order to deregister the resources would be the resolution to their problems right now. They don't see that.

BRIAN NISBET: I think that's part of the ongoing interaction with the legal system.

WILFRED: This is very much to the same broad aspect. I still have to read the, I hope available draft, and really look at the language. I am worried with regard to two aspects. First of all, what whatever will be put into that piece of text eventually might give people sort of a clue how to use this ?? how to use these provisions, so we want to get it right. And we want to sort of defendant the message across as soon as possible, like what is reasonable and what is probably a bad idea. But I am already hearing that you are at that.

And the second issue is, I have some feeling down the bottom of my spine here that we might have ?? we might not have the gran you'll art in these format provision to say react reasonably, like as already brought up yesterday, I mean just expecting that we will get a full blow like terminate the service agreement, this might happen, but then we might want to have some room to move within our own procedures to do the right thing. If we sort of set it in stone that as soon as we get such an order, we are going to do without any exception A, B, C, D, E, we shoot everyone. This might actually be sort of over reacting. As I brought it already up yesterday, this might though effect PI stuff and it might go into the direction that deregistering, sort of terminating the service agreement. I would, at first glance, not take the clue out of this fact that I also have to deregister stuff. If I get a court order to deregister a particular assignment element, then of course I have to do it. But if someone tells me shut down the contract with this bakery, I can still use my bread at home. Yeah? And sort of, over re acting and that's just a bad term for T over reacting is first of all maybe having colateral damage done which was not intended at all and secondly as it have said already, it destroys sort of the history.

SPEAKER: Well recollect the closure of an LIR, the termination of the agreement has a consequence, the stop of the services. We won't provide any service. So one of the services is the deregistration of the resources distributed. Maybe Rob wants to add something?

BRIAN NISBET: I don't really want to get into the full nitty gritty of this as there is another few weeks of the consultation on the draft document, but Rob if you have any final points to make.

ROB BLOKZIJL: Just for clarification. Since two or three years, the RIPE NCC meets regularly with legal enforcement agencies from all over Europe and beyond and it may come as a surprise to you, but the police is very doubtful whether they will ever feel the need to tell the RIPE NCC to terminate a contract or to deregister things. Their interest lies in finding and arresting criminals and I think that at the end of the day, all the information they can get, they need, and they have no interest in having information removed from the registry. Their interest lies in going after criminals and this is not only the law enforcement agencies, the police, but we are also in regular contact with other Dutch legal authorities like the office of the public prosecutor, and they are also very doubtful whether this would be a tool that would be useful in reaching the goal that you want to reach. So, it is a very grey area where there is no clear cut consensus among the legal authorities what they really want. Is that, Athina, ect?

SPEAKER: Well, we are trying to find a solution, let's say, together. What really we can, you know, how can we help and what they really want from us, so, we can find a solution together, yes.

ROB BLOKZIJL: So there are two sides of this coin. There is the RIPE NCC being a membership association under Dutch law of course has to comply with Dutch law and that includes court orders issued by a Dutch court. There is no discussion there.

Secondly, there is cooperation with law enforcement agencies in their work and one should not confuse the two. And the law enforcement agencies have their own opinion about the usefulness of deregistration.

BRIAN NISBET: Thank you. And I think ?? thank you very much Athina. Obviously if you have any further discussion, I think we want discussion on this, well there is information in the document about where discussion should take place on that. But obviously the NCC Services Working Group is the location for this as it is an NCC draft.

Okay. Moving on from there, we have Franz from the NCC on the survey on improving database quality.

SPEAKER: Franz: My name is Franz Charbuke from the RIPE NCC. And I'd like to talk to you about a survey we carried out on improving the quality and the accuracy of the RIPE database and the database data. And the goal we had in mind is keeping the RIPE database accurate in the future. With the exhaustion of IPv4 addresses the RIPE NCC will no longer perform audits when allocating new ?? when making new IPv4 allocations. So, this actually could mean that the quality of the RIPE database, the quality of the data in the RIPE database could decrease. And another goal we had is not to lose the EIX that we have in making these audits in actually controlling the quality of the data.

And if you want to know with data in the RIPE database is up to date, then the only way you can do that is you can actually look at the optional change line in every database object. And the issue here is that this change line is optional for one, and for another it is, it doesn't really specify which lines in an object have been updated and when they have been updated. So, what we propose, and this is just a first idea, to add new attributes into database objects in the RIPE database, and one of these attributes, the first one of these attributes we could all it just reg rep for the time being, would show the quality of the data ?? would show the quality of the object based on two sortses. Bun source would be confirmation by the LIRs themselves, so it could be like periodical confirmation of the accuracy of the data, let's say if you created and object ten years ago and you haven't updated it, you might ?? others might think, okay, this object is not up to date. But if you periodically you confirm that data, then you can show that yes, this object is up to date. So one input into this new attribute could be confirmation by the LIRs themselves. And the other input could be audits by the RIPE NCC. So the RIPE NCC could audit these objects. That's one thing.

The other attribute that was proposed as a first idea would be reg history, and this is much more straightforward. This would be generated automatically and would show when each line in an object was updated. So it's like an audit trail with time and date.

And as I said, I have to stress this again. This is just a first idea. This is just in order to start cycle of brainstorming around feedback. And with this idea, we did the survey. So what we did is ?? these are are just sample illustrations of these additional attributes just to show because this could contain quite a lot of information that you probably wouldn't see it directly in the database, in the database query results, but what you would see is some kind of parser button and then you could see some more information.

Anyway, what we did is with this original idea or proposal, we wanted to test the waters and what we did is we did a survey and we did it in the months of July and August of 2010. We surveyed 176 attendees at RIPE NCC training courses. You see the other number there because 13 of them said they never use the RIPE database so we decided right we are not going to use your opinion this this survey. So that was 10 training courses in two months and what we did is we had a 15 minutes presentation somewhere in the training course. They filled out the questionnaire about these subjects and after that, we also had a group discussion just to get more input, more information from them. We also had one to one discussions, so people who were more into this and wanted to give more feedback, we could, during lunch or afterwards, had all kinds of discussions and they would come back with feedback or additional suggestions and all this we put together. And I just want to show you very briefly the results of all this.

So this was the questionnaire. It was actually a bit longer but basically this was the kind of information we asked.

We asked them how often do you use the RIPE database? And have you ever been affected buyout dated information? Or have you been affected by information where you didn't know, is it up to date or not?

Then we said okay, this idea, proposal, reg history, what do you think about that? What is your opinion. We did the same for reg?rep and the two parts of reg?rep, one which would involve periodical confirmation of the registries, of their data, and the other one was about the audit that the RIPE NCC would do on this data. And we also asked them, so what do you think about that? What is your opinion on that? Yes or no? And do you have any other suggestions?

We also asked here, if we do this audit, should it be across the board or should it be just optional? And if we do it, what about an additional fee? Does that justify an additional fee? And as I said, we left space under each questions for additional comments and we have 16 A 4s of comments and feedback on all this. So it's quite an extensive survey.

And this is the results to the first question: How often do you use the RIPE database? This is after we have eliminated the 8% who never use the RIPE database from these 163 people, 17 of them said they use the RIPE database daily, weekly, monthly and yearly. So that's the answer to the first question.

Then to the rest of the questions, these are the answers: Affected buyout dated information? No, that is 59% of them said no. And still a sizable minority, 41%, said yes. REG?HIST, so showing the history of all the updates within that object, the majority was in favour of that. REG?REP, the LIR confirm its data for accuracy on a periodic basis, again a majority, it's about 60 something, I don't know the exact figure by heart, said yes. Auditing? Yes. Again, that's about 70%. Make it then across the board? Yes. And addtional fee? Definitely not. So those were the answers.


Now, we were interested in those who said no, what were the main reasons? So, if you say no, I don't want this. What are the main reasons? So we had quite a lot of discussions and room for comments in these surveys, and we found out for REG?REP, for confirming periodically the accuracy of the data in the database, well, first thing was work over load. I have 10,000 objects, or whatever number, I really don't feel like confirming it once a year. Or, they have 10,000 objects, if they confirm it once a year, I am not really sure I can trust it. Because they might just confirm it. So that was one thing.
LIR keeps important objects updated anyway. This is of course assuming that it would apply to all objects, but as I said this is just the first proposal, so it could be that we'll aim for just let's say the organisational object and the allocation object and that's that. Then you don't have this issue anyway.

Then those who said no to REG?HIST, not needed not useful not relevant, massive amounts of data, I update some objects every week, that's too much. Confidentiality, I don't want others to see that I updated which line when and in which order. And then we also had quite a lot of comments, as I said, 16 pages of all kinds of comments about this. And quite a lot of these comments were yeah, a good idea, but make sure if you do it, that you do it in this particular way.

For example, if you ask me to confirm my data periodically, make sure that it only takes me a few minutes. So that the interfaces is intuitive and I don't really have to bother about that and there was like a whole list of what we should take into consideration, which I am to the going to show here because of time restraints.

Search by confirmation date, automated validation of e?mail addresses, so these were some of the suggestions, just so that you see what kind of feedback we got.

Then, for REG?HIST tree, which would be just a history of all the updates to an object, use time stamps not only a date; make sure you show not only when it was updated but who updated it or at least which maintainer was used to do the update if several maintainers protect this object; and make it searchable by time period or attribute; and quite a lot of this comment we did get, I definitely don't want others to see this so make this confidential if you decide to do that. And perhaps have something automatically generated or not just to show when the last update was made.

And what we also had ASN alternative proposal that came back quite a lot is to flag incorrect objects by the community. So a bit like in YouTube when you can flag all kinds of comments. And make that some kind of not anonymous to avoid any abuse so that people have to identify themselves if they flag something and make it removable by the LIR.

Well, this is just a bit of a philosophical thing about what does a question mean, but we seem to have gotten pretty consistent results. Also when we did sub groups of more frequent users and half?way through and we also saw that when people were definitely against something, they really did show it quite clearly, like for example, additional fee? No, definitely not.

And a parting thought that came through also very clearly: Don't make the database more complicated. And yes, database accuracy, and maintain database accuracy is very important for us.

That's all, I just wanted to show that you we are working on this. We are still on the stage of gathering feedback and brainstorming on that feedback and we would very welcome more feedback on these ideas from the community. Thank you. Nesbitt Nesbitt if people wish to give you feedback, how should they do so

SPEAKER: That's a regood question which means I haven't thought of that. I suppose the mailing list in this Working Group and the database mailing list would be a very good place where you could send your feedback.

BRIAN NISBET: I think possibly the database would be a better single point if Wilifred would nod at me, which he is doing. The database Working Group mailing list in that case. I think there is lots ?? I don't think there is any ?? I don't think there is any questions you but I think we'll move on. We have a fair amount to get through and there is lots of feedback to give there. So thank you very much.

So, we have three policies, which have been raised on the mailing list. This will not take as long as it might initially appear from the fact that we have three policies up on the mailing list. What I am going to do is first off, through the wonder of the Internet, is call to bias who is the proposer of 2010?08 on Skype and see if that works.

(Ring ring ring ring ring ring ring)

BRIAN NISBET: So, 2010?08 which was circulated a week and a bit ago as Emelio kind of had me going, "please, out," before the RIPE meeting. I am sure I was his favourite person although there is always Sander and Gert for that, relates to abuse contact information which boils down to the proposal, the snippet of the proposal we have there which is to add a mandatory reference to IRT objects in the INET 6 and ought ENUM and objects in the RIPE database.

Now, we have had some discussion about this and indeed myself and to bias have had some discussion about this and we have discussed this with the database folks, both the Working Group and the NCC people, and some changes have been recommended already to this proposal, which is the removal of the implementation details of how it actually fits into the database, because the database folks have suggested a number of other ways of going about it which might be better than those initially specified in the policy. So there will definitely be a redraft, what I'd like to ask now if there are any comments that people would like to make here and now, that they haven't already made on the mailing list or aren't going to, in relation to having a mandatory IRT object for abuse contact details?

MICHELE NEYLON: Michele Neylon from Blacknight in Ireland. Just with respect to this entire thing the abuse contact information, I think there seems to be a kind of a misunderstanding about what's being proposed, because some people seem to be confusing the introduction of a mandatory contact point with fixing all the world's evils and turning non responsive network operators into responsible citizens overnight. It would be helpful if either yourself or toe bias could speak to that a bit. I can see this getting derailed by people trying to extend the spirit of this proposal to be far more broad and broad sweeping than it really was intended originally.

TOBIAS: Hello everybody, I see on the mailing list that there is a lot of discussions about the mandatory assets. It's not always about having a single point of contact. It's all about the mandatoriness of the single point of contact and yeah, I Leo Vegoda had discussions about that. I think there is no truth of if it should make it mandatory, I can understand what Leo is saying, I think our opinion making it mandatory which makes, or which gives us more pressure is somebody is not having this object like we can say ?? policy ignorant ISP or network or not. I think it's clear it's kind of a decision everyone has to make for themselves and I think nobody can prove the right concept in that way if it's better to do mandatory or if not. So I think I am open to stop doing it in a mandatory way. We have that at AfriNIC as well so I think that's something that we have to discuss and I think that's something we have to call and just ask the members what they think what is the right thing to do.

BRIAN NISBET: Okay. Does that ?? well, it is a response, we'll take some of their points.

AUDIENCE SPEAKER: James Blessing, it's a nice idea. There is an awful lot of objects that are going to be referenced by that and I have got this sort of vague recollection that we are just about to do a process for deregistering things that don't have accurate details. So, introducing this policy with would mean in about three months time when those members who don't realise they have to do it have to change stuff, will find all their objects deleted.

BRIAN NISBET: I am going to stop you there. The deregistration policy does not happen in the blink of an eye. Even if it was to be applied to this and that's a matter for discussion, it is a process of engagement with the LIR to discuss. But I mean, absolutely, but it isn't an, oh, wait, they haven't got an IRT object, we'll just switch them off. So, I mean, noted and I think that is one of the things which would have to be taken as this because it would be details potentially in the database for an LIR, but we'd have figure out what the, what happened with that.

AUDIENCE SPEAKER: Peter Koch, DENIC, I am missing a clear problem statement here and that's probably why at least in my perception the discussion on the mailing list was running in circles. If the problem at hand is that people sending abuse reports or complaints don't see a reaction, then I fail to see what making a mandatory link, making a link mandatory would help there because the link would still be dangling. So what the proponent really wants is a right to respond and that's probably beyond what the RIPE community can actually achieve. If the problem is that people are sending reports that they are going to the wrong destination, and they are getting that feedback, then I'd like to see evidence to that fact.

TOBIAS: The intention of this proposal is that there are too many options in the database, we can publish your abuse contact information, so what we see from the feedback coming back to companies we are working together with is that people are confused about the place where they should publish the abuse contact information. So it's not about asking for a response. I think you are absolutely right, we will never be able to ask ISPs or network owners and how try to get a response from them by doing something mandatory. The main intention is getting one single place where everybody knows he has to publish his contact information and everybody else knows that he can find the contact information at this place. And the second one is that's something what we were talking about before, in the presentation before, is the data accuracy about that. So today we have three mark fields, we've buy a distributes and all kind of handles. We have the IRT object, we have the IRT object and the mailbox field. We have so many place where is this can be published so it's getting confusing more and more, so the intent is to get one single place.

BRIAN NISBET: Does that answer question for the moment?

AUDIENCE SPEAKER: Not really. Tobias actually added a third to my either/or, which is it's an education problem. In that case I fail to see why making ?? while fiddling with the database policies would help rather than expanding on the efforts that we have seen so far and that the RIPE NCC has published on the RIPE Labs I guess which is the abuse finder tool or educating users or if the failure is not so much on the side of the resitient but on the publisher side, go reach out to the LIR/maintainers to well encourage the right publication mechanism. I disagree there are too many already.

TOBIAS: Just you mentioned the abuse finder tool from RIPE Labs, and they are saying something about 150 queries to get an abuse address within the RIPE database and I know even people from RIPE say that's something ?? it's a little bit scary to do 150 queries to get one abuse address or one single IP address. So I think if you want to educate people, you have to make it ?? POA. There is no ?? I think it makes no sense to tell them you have these 15 types of possibilities and try to educate them on one of these 15. So, you have to make clear that it's one way, that this is the place and then you can educate them and I am absolutely okay with educating the ISPs. But I think it's just confusing and I know a lot of ISPs in Germany, they don't have RTs, they don't have publishers, they don't know how to publish contact information in a good way in the RIPE database.

SHANE KERR: So, we already have references to RT objects in INET NUM and INET 6 ENUM objects ??

BRIAN NISBET: I am going to stop you, if this is implementation ?? the question, the implementation part of it ?? soryy before you go any further, the implementation part is going to be excised from the policy as is stands at the moment so we are looking at ?? what we are looking at is a mandatory single contact. How that fits into the database will be part of the discussion.

SHANE KERR: That was going to be my next question. If we agree that it's okay to make it optional, then I am not sure what we are agreeing on here. Like ??

BRIAN NISBET: Well, that's and that thing, I think that's a point for, the whole point of this is admittedly yes as I see it, is a mandatory contact point if it becomes optional, then there is nothing behind the policy because there are lots of optional abuse details at the moment.

SHANE KERR: Is seems like we actually have two separate proposals here. One is the mandatory proposal and one is the simplification, right?

TOBIAS: The idea of that was we were using the ?? first of all APNIC had decided to RT object which makes the things easier if APNIC and RIPE and probably AfriNIC is ?? what you say object. The other idea of that was that we say use the RT object because it's there, we can use it, it's easy to implement for RIPE. But as Brian said, people from RIPE NCC said there might be another better way of doing it so I am absolutely happy, so for us ?? I think it's just important that every member knows how to do it exactly one way and all the other people, the users know where they can find the information. So everything else is absolutely okay for changing and for suggestions and ideas.


AUDIENCE SPEAKER: Hi, I am Sasha wills from the German Internet provider association Echo, and we also have a trusted network of service providers talking about this issue and I just wanted to support Tobias with his proposal, because I want to pick up a point mentioned by Michaela before, self?regulation. We think that this is a very important step in self?regulation to make such a thing mandatory, because it's going to show the willingness for self?regulation and to tackle the abuse problem. Of course it's not going to solve everything, but I think a mandatory issue is what is going to be useful to everybody. Thanks.

WILFRED WOEBER: One of the co?chair of the database Working Group and also one of the co?architects of the IRT object, so just to set the stage. I have quite a bit of sympathy with the statements here that what we have on the table right now is pretty complicated. And it leaves quite a bit of choices where the involved parties can choose solution A, solution B or even sometimes a combination. So, as long as we, for the moment decouple the issue of mandatory options, whatever the meaning is and whatever the checking S I think sitting down and trying to simplify the whole thing for everyone involved does have merit. Thank you.

BRIAN NISBET: Before you speak, this may also answer your point and if it doesn't absolutely. So, Tobias, based on that, would you be okay and would the Working Group be okay if we sat down an along with obviously along with Emelio and looked with this again and redrafted the proposal almost from the ground up and we submitted it, would that be something that ??

TOBIAS: Absolutely.

BRIAN NISBET: Obviously with the same bits you are looking for it and Streamline it a bit and make it clear to everyone what we are talking about.

TOBIAS: Absolutely from my point, yes.

SHANE KERR: I don't think necessarily that addresses it. I think as I said before, I think there are two separate aspects here, one is the simplecation, and making it easier for both the people publishing and the people reading, looking up this information. I think you'd be hard pressed to find anyone who would be opposed to that. Of course the devil is in the details. But I think the bigger issue, the second issue is the mandatory issue and I think that's ?? this came up in the Working Group Chair's list as to where to have this discussion and I actually proposed the Address Policy because I think this is something that affects LIRs quite seriously. I think if you are going to say we insist that you publish information where abuse, people that are experiencing abuse can contact you, it has to mean something and if it means something, that means there has to be checking of some sort, automated or by people, and if people don't do it, you can't just say well, okay, well it's in the database because that doesn't actually solve any problems. There has to be a stick.

BRIAN NISBET: And we will be addressing, at least some of that in a moment, but... that's fair enough. Thanks. I am just conscious of time Peter.

AUDIENCE SPEAKER: Peter Koch again, I just want to state again, it's of course a lot of goal to have this attribute in every object. It's just that making something mandatory in the database has real operational and database design implications and I question that this is the right tool to achieve the political goal. And I am not saying I disagree or agree with the political goal here. It's just the matter of how to apply the technology.

BRIAN NISBET: Okay. Thank you. I think there is a lot there. I think what we'll do is we'll go away and look at that and we'll discuss that and then we'll see about a new draft and again, where that ends up being discussed or what happens with that we'll obviously have to see. I think there is a lot of useful stuff there and obviously the conversation will continue on the mailing list. There was a mail a couple of days ago from Opta in relation to this and we'll have to look at that and consider that as well.

We are going to eat into your coffee break, I apologise but we have some fairly important stuff to go through so I hope you'll bear with me. I am going to keep you on the line for a moment longer Tobias but I think that's the discussion on 2010?08. 2010?09, which is the frequent update request, which is not unlike the ARIN policy that we were discussing earlier in the week (9) in relation to regularly contacting all current RIPE database object holders with resources in the RIPE database to ask them to actively check they are details are up to date. It touched on the points we mentioned. It's something we discussed with the database people in the NCC and the database Working Group and both this, and he says clicking on to 2010?10, which is a change to RIPE 452, "Add a reference to sponsoring LIR in INET NUM, Inet6num and aut?num objects to increase the possibly of abuse tracking and handling" are two huge, huge proposals when one looks at them, the policy proposals when one looks into the detail. I am going to mention 2007?01 contracts and then move swiftly along. So I know Peter is here and obviously Tobias is on the line. We have discussed boast of them with them. And I'd like to minute it now that they have agreed to withdraw these policies at least temporarily on foot of a taskforce which will be set up, a right taskforce which will be set up imminently, which will feature obviously people from database and anti?abuse and possibly others, depending, to look at improving the registry, improving the database, the information that's in there, the way it's verified. Because as I said in NCC Services yesterday, I think there is a lot of inputs from the community and we want to consult with the NCC to see what the best way we can all come to rather than firing proposal after proposal at it, we can all come to to do that for the community.

So, with that in mind, and unless either Tobias or Peter wants to tell me I have misquoted or misinterpreted what they have said, I am going ?? proposers are going to withdraw those two policies for the moment with the knowledge that if what we do with the taskforce doesn't ?? if there is nothing happening there that they can obviously be proposed again at a later point in time. So, neither of them is saying anything, so I am going to move on from there then.

And I am also going to hang up crueley now on you Tobias.

So, a couple of other things to cover off. And thank you for your patience. Already covered a lot of this. The Working Groups, we have had a lot of interaction over a last while both with database and NCC Services. As I said the question which was raised in the NCC Services Working Group yesterday and which was brought up in a meeting earlier this week, has now, is now transforming into a RIPE taskforce which will be set up to deal with this particular issue and obviously we'll feedback and we'll set the parameters of that and the goals of that and indeed the participants and we'll feedback from there and both here in the database Working Group and no doubt the NCC Services Working Group will be eager to hear about our actions.

The other large interaction that this Working Group has is with the CC W P, which is the cybercrime working party, which is a group chaired by which willen a there's and with support and obviously a large amount of interaction provided from the NCC, which involves interactions between the community and law enforcement. We had our most recent meeting of this group and which, as previously mentioned, the chairs of the anti?abuse Working Group are the community representatives. We had our most recent meeting of this group this morning, and there are a number of inputs, or rather hopeful new outputs from this group largely centering around cross training of the group. So effectively the community giving more information to laws enforcement both on technical and especially in this instance policy interaction are the RIRs and the L E As helping the NCC and the community with the identification of what I shall loosely refer to as slightly dubious potential registrations or information and how to better detect those, which is a very important facet of all of this.

The group is meeting probably about four times a year at the moment, and we have ?? certainly from my point of view, it's been extremely positive to see the point of view from the, what I shall loosely refer to, as the other side of the table, from the law enforcement and from the EC's side of the table and I think we will continue to be very, be very useful and fruitful and I think we have a whole bunch of list of items from this morning's meeting. And if there are any points you wish to raise words to that or if there is any information or further detail you wish from that interaction in that there are occasionally things that we can't put into the open but the vast majority of it we try to keep as open as possible, then come to speak to me or especially Jacim the NCC.

The RIPE NCC and LEA interactions have been dealt with exhaustively both in cooperation and in NCC Services by Paul Rendek, so I don't propose to go into them again now. So unless there are any questions on that.

AOB. James, for those you cast your minds back 90 minutes, if you would like to make your point.

AUDIENCE SPEAKER: This is concerned Internet citizen. This isn't representing any organisation. I don't necessarily always get to every single one of these events. I ten to watch online and they tend to lurk a lot more than get involved. I have been noticing an increasing trend for the chair of this Working Group, not your good self, Brian, either not to be here or take less part in stuff except where it seems to criticise RIPE itself. I do not believe that a chair of a Working Group should be, what's the word, quite so hostile to RIPE and the way RIPE behaves. And I would like it discussed further within the Working Group as to whether they are the correct person to be the chair. Simple as that.

BRIAN NISBET: Okay. This did not come as a complete surprise to me. There have been some points, and I would certainly invite comments from the floor in a moment but for full disclosure I contacted Richard earlier this week, Tuesday morning we spoke for sometime on this matter, and I asked him to respond to comments that had been made prior to the Working Group today as of this point in time I have received no further information from him or any further update on the points that were raised. And yes, so that's the situation from that point of view. Jim?

JIM REID: This is a rather delicate issue, and although James pointed out that the chair of this Working Group has said things that are critical of RIPE, I don't think that of itself is necessarily a bad thing if the complaints are justified. My personal view is in this case Richard has crossed the line because of the comments he has made are actually unfair an unjustified. And that's not at all helpful. He has also made one or two statements which have actually confused the RIPE community with the RIPE NCC. And that's also not been helpful either. So, I would say that if a RIPE Chairman or anybody else that's involved with RIPE has got valid criticisms to make, by all means they are welcome to make them, even criticise their own Working Group. That's perfectly fair, provided what they are saying is reasonable and sensible. I do think that Richard's comments recently haven't been either of those things and they are actually damaging the reputation of both the NCC and RIPE and this Working Group.

ROB BLOKZIJL: I am the Chairman of RIPE. This is a very delicate thing. I think it's the first time in the history of RIPE that we had such a situation. I want to provide a little bit of additional information.

A little while ago, but not too long ago, the Chairman of RIPE, the Chairman of the RIPE NCC executive board and the General Manager of the RIPE NCC have held a private meeting with Richard Cox where we tried to explain some of the misunderstandings as we identified them at that time. And I think I can speak on behalf of all three of us to say that we are deeply disappointed that after that meeting, where we thought that the air had cleared up, that there were no longer any misunderstandings, that we did not see that reflected in publicised material by Richard Cox on block sites, websites in public, so we feel that we have a very awkward situation where the Chairman of a RIPE Working Group goes around agitating against RIPE or the RIPE NCC, it is never very clear what the target is. I do believe in free speech, but I think if you have been elected by the community to chair a Working Group, that you have a certain responsibility towards the community, and that is RIPE, words to the secretariat, which is the RIPE NCC and which is in last instance controlled by a major part of the community by electing the executive board. So I personally think that it would be much clearer if Richard Cox would step down, discontinue his role as Chairman of this Working Group. That would make it much clearer that when he speaks, he speaks for himself.

BRIAN NISBET: Thank you, Rob.

AUDIENCE SPEAKER: I am going to also do something that's slightly sensitive and I am actually going to read out the paragraph in question from the blog post just to give people some context on what was actually said and allow them to make up their own minds and I should be as quick as possible.

It says "RIPE, the Regional Internet Registry, or number address coordinating body for Europe and the Middle East is one of the bodies shouting loudest for the principle that Internet crime is not their concern. But the governance of RIPE appears to be under control of less of 1,000 self?appointing individuals who bear zero responsibility to anyone other than themselves for the impact of their actions. That was fine for as long as their actions only impacted on each other. But with recent developments in the forms of subterfuge employed by the transnational organised criminals being specifically enabled by a weakness in RIPE's operating structure, a weakness specifically absent from the other four regional Internet Registries, SPAMHAUS has to question whether RIPE's form of Internet governance is anywhere near fit for purpose."

BRIAN NISBET: Yes. That is indeed the blog post which was part and parcel of this. This is extremely delicate as you pointed out. There is no procedure for this. Rob is walking quickly back towards a microphone. He may be about to correct me.

ROB BLOKZIJL: Yes and no. But I think if we all have accepted in the last 20 years that it's the responsibility of the community to appoint Chairs, it is, in my view, implicit that it's the same responsibility for the community if they are not happy with the Chair, to correct that situation.

BRIAN NISBET: This is what I was about to follow up with. Both Richard and I were appointed to the Working Group co?chairs upon the retirement of Rodney Tilton, still and I have a number of reasons for this, but I still can't remember the number of the meeting in Telin, and speaking as myself, I don't particularly wish to have a long and protracted conversation on the mailing list. From my point of view, I have spoken to Richard. I have explained the situation. I have asked him to ?? I have given him a number of options and obviously doing nothing is very definitely one of those options. But, I had asked him to consider his position. And as I said, I have had no feedback. I can check my mail again now, but as there wasn't any up to the beginning of ?? up until I stood up here again to discuss the policies, I don't think anything has suddenly appeared.

So, I suppose the question is, is there anyone here or attending remotely who feels that this is the wrong course of action, who feels that we should deal with this in a different way, or do we feel that the Working Group here assembled after the remarks that have been made and the comments by the various people, that perhaps it is the Working Group's decision that Richard should no longer be a co?chair or do people, you know, does the community wish to deal with it in a different way? I'd really prefer if people had comments to make that they made them.

AUDIENCE SPEAKER: I can appreciate that this is rather delicate and it is unfortunate that there isn't a formal policy or process in order to handle this more smoothly. Ultimately, from my own personal perspective and from dealings in other organisations such as ICANN, if the chair is, how can I word this? If the chair has a conflict of interest with the work that the group is doing or has a conflict with the organisation with which, in which they are doing that, and that cause problems for the Working Group, personally I think the anti?abuse Working Group could do a lot if one member ?? if that person happens to be a co?chair or not, it's largely irrelevant, but if one individual is causing a disproportionate headache for other people, then it may be appropriate for that person to move on. And that is no disrespect to Richard, because I personally respect the man. But I think in this context, it is something has to be done decisively, I suppose.

ROB BLOKZIJL: I realise that we don't have a smooth process. Removing people, elected people, from office never is a smooth process. And so maybe something coming a bit closer to a smooth process is if this Working Group decides that they want to elect a new chairmanship at the next meeting, ask the current Chairs to step down and ask Brian to be the interim Chair to run this Working Group till the next meeting where new co?chairs will be elected. Thank you Wilifred for inspiring me here. I am not saying that this is the way forward. I am just offering it as a possible way where I think, as much as possible, sensitivities might be spared to people. But, my range from is nuclear physicist, of the simple way is this Working Group decides, Richard Cox is longer a chair and we will elect a co?chair at the next meeting. No, he is not a physicist.

Anyway, thank you, Rob. Peter.

AUDIENCE SPEAKER: Peter Koch, I am not going to take a position on the question on the table. I would just like to observe that we are under any other business, 15 minutes beyond the official closure of the meeting, so this is no matter what process we are going to apply, I strongly suggest that this is not the right one and would urge the Chair not to ask the question of recalling or reelecting or anything like that.

BRIAN NISBET: So what are you suggesting?

PETER KOCH: This is not the right time and position on the agenda to deal with this delicate issue. The rest it left to the wisdom of the chair.

JIM REID: Peter is right and wrong. I also disagree with Peter as a matter of principle. He is right in a sense that this is perhaps not the right way in which to go about this and this is perhaps the wrong time.

BRIAN NISBET: If I could very briefly interact. I would love it not to be going in this particular direction as well.

JIM REID: I appreciate that Brian. This is fundamentally a decision that will have it go to be taken on the mailing list pretty much because that's how all our Working Groups do their stuff. I think what we are really talking about here is changes of Working Group co?chairs happen for all sorts of reasons from time to time, it's just a natural process. It looks as if we have come to the end of the road with Richard's particular involvement as co?chair of this Working Group. He is of course free to participate in the work of this Working Group just as everybody else is. And I think that's how things should be handled.


ROB BLOKZIJL: I short reminder, I do realise we are running into coffee time, but I think this is more important then a cup of coffee.

Secondly, I want to remind you, if we do nothing, then we have six months of potential damage ahead of us, that is damage not only on the RIPE NCC and the good people who work there, it's damage that reflects on the community and that is you, that is us. And I would urge you to take action now today.


SANDER STEFFANN: I want to make one comment. I think you can only be a Working Group Chair if there is full support from the community for that. I think if there is any doubt about the functioning of a Working Group Chair, he should just step down. I don't see any other possibility.

BRIAN NISBET: Shane, do you wish or not?

SHANE KERR: I do see that this may be a reflection of the wider disconnect between the anti?abuse community in general and the ISPs. Basically, there is ?? I find the anti?abuse a nutty group, no offence to this entire Working Group. They have aims and goals which are awfully extremely disconnected from, I think, mainstream Internet folks. And I think that this may just be a reflection of a disconnect between these two communities and I think, perhaps, making the decision to evict a member of the Anti?Abuse community from the RIPE community, which is basically what we are talking do it.

BRIAN NISBET: No, no, sorry, I will stop you there. That's not what we are saying. We are saying that as co?chair of a Working Group, he may not be suitable. There is nothing suggested ?? as Jim said, that he is not able to interact as everybody is, in the community and in the Working Group. They are two very distinct things.

SHANE KERR: All right, I know we are way over time. I'll just go for it. I think the Anti?Abuse group ?? probably from what I sense in the past, they feel they have no voice. Their demands, I tall them demands, are never listened to and this will just be another thing where they all say look, here we are, the people running these address registries have no idea what's going on, they are doing a bad job and they won't listen to somebody who has a lick of sense. I am not ?? I am not saying ?? that doesn't actually propose any way forward. I apologize for that but I think that's just something that needed to be said.


NICK HILLIARD: Can I explicitly point to the elephant in the room and ask what contingency plans there are in place if Mr. Cox declines to resign his co?chairmanship?

BRIAN NISBET: Well, in that case, it's a question of whether ?? this is the question now, is the Working Group saying that they no longer wish to have him as a co?chair?

NICK HILLIARD: This seems to be a very difficult question to answer and I am not sure if within the terms of RIPE that simply because you have lost the faith of the Working Group that that mandates that you have to resign. I am not trying to stir, you know, but there is a distinct lack of process with regard to the forcible termination of co?chair positions or of chair positions within Working Groups and I think it behoves the RIPE community to address this problem as a matter of some urgency.

AUDIENCE SPEAKER: James Blessing. I think I started this and it needed doing. Can I make a suggestion? First of all, it's clear that there is less than 100% support for his continued chairmanship. Therefore, I suggest that, I don't know whether it's valid, we can suspend his chairmanship till it can be formally ratified. Or we can do something like that. There has to be some process where we can make it clear that the actions of the Chair are not supported and the situation needs resolving. I am not the person that knows the details.

BRIAN NISBET: Rob, you are nodding, you weren't nodding?

ROB BLOKZIJL: I think, yeah, if people are are afraid to take the responsibility. They have elected a person where they are now not happy with his actions, well, elect another person in that place. It's not for Richard to decide that he represents the community. It's for the community to decide. So, make a decision. But if you don't make a decision, we will have six difficult months in this particular field ahead of us, which reflects on us. I don't mind what Richard publishes, as long as it is disconnected from this community and the connection is his chairmanship. That's all.

BRIAN NISBET: I mean ?? so, okay, Remco. Probably the last comment before, you know, Wilifred tries to have a Working Group in here in a moment or two.

REMCO: If this Working Group cannot come to a decision, maybe we should have the Plenary decide to disband this Working Group and reinitiate it and reappoint new chairs.

BRIAN NISBET: This is a little bit more extreme than I was considering, it must be said.

ROB BLOKZIJL: It is a valid option. As long as you get the Chairman of RIPE behind your proposal.

BRIAN NISBET: Well I mean, I have heard one comment, I mean Peter's comment was kind of, to a certain extent was the only one against Richard no long err being a Working Group Chair. I mean ?? wait, sorry... PETER KOCH no way I didn't say that, I want him to step down, I am just saying this is not proper /PRO*ES and now you can go on.

BRIAN NISBET: I don't know if there is a proper process. This is the thing.

ROB BLOKZIJL: I am happy to take the recommendation from our esteemed board member, Remco. I propose that since this room it booked in four minutes from now, and since we could not come, this community could not come to a quick conclusion, that you have till tomorrow at the last Plenary Session where this can be brought up, because it is of importance for all the Working Groups for the whole community to realise that sometimes these situations arise and that we have a responsibility to resolve it. Is that acceptable?

BRIAN NISBET: Well I mean, the one other flip side that have is nobody, and process and procedure aside, nobody has stood up and said they wish Richard to remain a Chair of this Working Group.

ROB BLOKZIJL: Exactly. But everybody is afraid to push the button.


ROB BLOKZIJL: Have a good party tonight and maybe tomorrow...

BRIAN NISBET: Okay. This is the thing, we are really, you know, really over this. Are we saying that that's what we want to do?

AUDIENCE SPEAKER: James Blessing. Show me the button, I'll push it. I am trying to work within what is a system that doesn't have the ability for us to formally remove the Chair. If the room wants to remove the Chair, say ?? make a noise now. Is that good enough?

BRIAN NISBET: I would take that as consensus, Rob?

JIM REID: Brian, here is what I suggest we need to do to get around Peter's concerns around process. This is fundamentally a decision that has to be taken on the mailing list. So I suggest somebody post something to the list now, which says I have no confidence in Richard Cox's ability to continue as Chair of this Working Group and then see who responds to that.

BRIAN NISBET: From a process point of view I disagree as the chairs were pointed adds a meeting. They had nothing to do with the mailing list so I feel personally and I have discussed this with Rob that the meeting has the ability to say no.


BRIAN NISBET: So unless there is actually anyone willing to stand up at the microphone now and object, I think we have consensus in the room on this? And yes, I am kind of going really ?? can we make a decision on this? So...

ROB BLOKZIJL: I will, after consultation with you about the format, I will report this tomorrow morning at the closing session.

BRIAN NISBET: Thank you Rob and what we will do at that point in time, without unseeming haste, is, because I very much would like a co?chair, and if you are interested in such a thing, we will start looking words to very definitely having a co?chair in place for RIPE 62 in Amsterdam and now I am going to go before Wilifred gets very upset with me for eating into his time which I am about to do. Thank you all very much for your patience.