--On Thursday, 11 December, 2008 16:36 -0800 Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org> wrote:
On Dec 11, 2008, at 1:51 PM, John C Klensin wrote:
As soon as one starts talking about a registry of
"legitimate" sources, one opens up the question of how
...
Perhaps I should not have used the word legitimate. The
concept of registry should engender a concept of
accountability.
...
Counter to this, much of the email abuse has been squelched by
third-parties who allow network providers a means to indicate
what traffic of which they are accountable. This is done in
part by the assignment of address ranges as belonging to
dynamically assigned users. It does seem as though a more
formalized method though a registry support by provider fees
would prove extremely beneficial at reducing the scale of the
IP address range problem raised by IPv6. By formalizing a
registration of accountable use, along with some type of
reporting structure or clearinghouse, IPv6 would have a better
chance of gaining acceptance. It would also empower providers
to say what potentially abused uses they which to support.
Again, while it is possibly that we are using different
vocabularies or not communicating for other reasons, as soon as
you say "support by provider fees", I hear "purchase a license
to be able to send mail". I can imagine a number of
organizations who would be happy to operate such a system and
collect those fees. None of them make me very happy, especially
if they are unregulated, and some would raise grave privacy
concerns.
...
A registry of accountable use in conjunction with some type of
reporting structure seems a necessity if one hopes to ensure a
player can obtain the access that they expect. In other
words, not all things will be possible from just any IP
address. Providers should first assure the Internet what they
are willing to monitor for abuse, where trust can be
established upon this promise. Not all providers will be
making the same promise of stewardship. Those providers that
provide the necessary stewardship for the desired use should
find both greater acceptance and demand. Such demand may help
avoid an inevitable race to the bottom.
Doug, we've got a worked example of a system that was intended
to provide protection against abuse by qualifying and certifying
providers in return for a fee. The system was developed as the
result of a consensus process among those who could convince
others that they were stakeholders, not merely by a few
providers making rules for others, so it should have been off to
a good start. That system is ICANN's registrar accreditation
process. It has been, IMO, effective at two things: (i)
fattening ICANN's coffers and (ii) encouraging and developing a
whole new industry of bottom-feeders, including many of those
who contribute to the spam problem by supplying domain names to
phishers and promoters of other kinds of fraud and helping to
hide to ownership of those names.
Unless you have a plausible theory about how a registration
system can be run without falling victim to ICANN-like problems,
I can't consider the idea very credible.
john
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf