Stupid Question: Network Abuse RFC?

Sean Donelan sean at donelan.com
Sun Jan 13 19:09:08 UTC 2008


On Sun, 13 Jan 2008, Paul Ferguson wrote:
> In addition to RFC2142, it would appear that these are largely
> ignored just as much as any other operational IETF documents.
>
> That's a shame.

The IETF (and other groups) developing "Best Common Practices" seem to 
sometimes forget

   1. Is it a practice?
   2. Is it a common practice?
   3. Is it a best common practice?

If no one is doing it, and they are largely ignored, did the IETF
really do its job of consulting with the operational community to
identify practices that are common and considered best?  It is the
organizational version of "running code."

It seemed like many of the Internet "operational" people stopped going to 
the IETF in the 1990's and I don't know those people have really settled 
down anywhere else. NANOG/MERIT deliberately decided not to get into the 
standards development or publishing business.  RIPE does publish 
somethings.  NRIC has the same problem as the IETF and published a
ton of "Best Practices" that no one practiced, and I think tended to cause
operations people to start ignoring NRIC.

Instead often what you get is a group of people from one industry writing 
what they wish a group of people in another industry would practice.

For example, the financial industry writing what they wish merchants would 
do for security.  Or the e-mail industry writing what they wish networks
would do for security.  Or the music industry writing what they wish
universities would do for security.

Although you need a some overlap, I think you get much better "buy-in"
when people from the same industry are developing their operational 
standards.



More information about the NANOG mailing list