[feedback-report] FW: Another ARF expansion request
knut at knutix.de
Sat Sep 19 09:15:23 PDT 2009
sorry for the delayed answer.
> Sounds great. Who is "we"? This sounds like something that needs
> coordination with MAAWG, since that's where you find the large ISPs.
"We" means Germany ISP Association (eco), German Ministry of Internet
Securtity (BSI), several ISPs and abusix. The draft will be done by BSI
and published for conversation. We already had the conversation at the
meeting when we worked out the things you have seen in the email by
Dietmar Braun. So the conversation should not last too long.
>> And yes there is INCH/IODEF and we decided that it's not sufficient for
>> the needs we have.
> I don't disagree, but what in particular makes IODEF insufficient, and
> why would you rather start over than add report types to IODEF?
It is too complicated.
It is not able to handle all sorts of abusive behavior, so there is need
to change, same as in ARF.
It is not commonly used. ARF is used by abuse departments and we wanna
communicated with abuse departments. IODEF is used by CERTs or mostly
network operation centers which will not be interested in spam issues.
So our opinion is, to have IODEF as a format for things that have to be
sent to CERTs or network operation centers and ARF will be used by abuse
So if we have to make changes in IODEF and in ARF, I would like to
change the format that is mostly used in abuse departments. Which is ARF.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://mipassoc.org/pipermail/abuse-feedback-report/attachments/20090919/cb6bb7c1/attachment.bin
More information about the abuse-feedback-report