here's what i learned about a white-hat registry. nobody cares. this is perceived as an assymetric benefit, where the costs (even if there's no money, there's still effort in registering initial and new address space or AS#'s or whatever) are borne by the network owner and the benefits are felt by victims of various forms of abuse (spam, ddos, virus, whatever.) now, anyone who thinks this through will realize that the benefit is NOT assymetric. this is a tide (storm) that can lift (destroy) all boats. a network owner who deals swiftly with abuse becomes an anathema for abusers and thus has lower overall abuse costs. and a network of network-owners who all behaved that way would make abuse rare enough to be worth tracking again. however, from a marketing/perception standpoint, the benefit appears to be assymetric, and in this economy, network owners don't feel generous. so the first task isn't upgrading incidents.org or mail-abuse.org to handle white-hat network owner registration, but rather, convincing network owners that it's in their own selfish best interests to receive rapid and reliable complaints when abuse comes from/through their customer. and frankly, if that were possible, the abuse@${MOST_ISPS} would not be a blackhole with robothanks at the door. so, i'm not hopeful that the internet's immune system is simply in need of better incident reporting. we need a "sea change" in network-owner attitudes. if you're feeling holier than thou for any reason, find out if your peering agreements require your peers to permanently disconnect repeat abuse sources, and to temporarily disconnect first time abuse sources. assuming that $YOU do these things, but that $YOUR_PEERS do not, then what have you really accomplished? -- Paul Vixie