On Mar 29, 2008, at 5:12 AM, Matt Sergeant wrote:
On 29-Mar-08, at 5:46 AM, Peter J. Holzer wrote:
So, RBL(tm) listings get listed until the problem is fixed, and
the responsible party contacts the blacklisting provider.
If this is the criterion, all you have to do to conform to 2.2.1 is
check your mailbox every 6 months. If nobody has reported that the
problem is fixed, the criterion still applies and you can extend the
listing for another 6 months. (of course the BCP contains other
recommendations, too)
Thank you - that's exactly what I was thinking.
Doug: does this make sense to you? This is in full compliance.
A draft regarding practices for black-hole lists should define the
entity able to assert network governance to be the organization
advertising the address space. How this organization is identified is
missing, which in itself is misleading. Not defining Autonomous
Systems leads one to a naive view that listings concern only
individual IP addresses, and not address ranges within space
advertisements. Black-hole list operators should have a goal of
ensuring providers enforce their own AUPs, and that their AUPs
prohibit UCEs and other forms of email abuse. Black-hole list
operators can not adequately detect and enforce AUPs, only the
organization advertising the address space and routing the traffic
have this ability. Nothing has changed over the decades in this regard.
Insurance companies rate drivers by police registered infractions,
where each likely represents many unobserved occurrences. In the
case of network abuse, the driver is the network provider, where their
ratings may be such that none of their address space is trusted. This
determination of trust could be analogous with insurance companies,
where some drivers do not warrant coverage. Listing should not expire
on their own as "Listings SHOULD Be Temporary" requires.
Rehabilitation should _always_ require an action by network
providers. Change the title to "Listings SHOULD be acted upon by
Network Providers." (Until such time, no listing SHOULD expire.)
Of course, reading a provider's response to notifications should not
be delayed, as your sentence now seems to imply. Section 2.2.1 and
2.2.3 are illogical when viewed as the network provider being listed,
and not individual IP addresses. Only the provider can be expected to
know who was granted access, and whether abuse is being curbed. An
effective black-hole list MUST function in co-operation with the
network providers. This draft must define this entity. Only network
providers are able to provide governance and effectively control
abuse. This draft should not attempt to perpetrate a myth that
network governance can be found through black-hole list automation.
Bad actors control millions of compromised systems individually. Any
automated process reveals where traffic is being detected within a
brief period. The latency for changes to campaigns in avoiding
detection has become ever shorter, which demonstrates a high degree of
automation by bad actors. Only network providers are able to assert
the required governance and ensure the efforts of the black-hole list
operators are not defeated.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg