[arin-discuss] Privacy of Reassignment Information

Fair enough... I was responding to a thread on the discuss list.

Owen


--On April 8, 2006 1:19:48 PM -0400 Member Services <memsvcs at arin.net>
wrote:

> Owen,
> 
> As this is a policy issue, please forward this discussion onto the Public
> Policy Mailing List, ppml at arin.net.
> For those of you on arin-discuss not subscribed to ppml, you can find
> subscription instructions at::
> http://www.arin.net/mailing_lists/index.html.
> PPML is open to the general public and provides a forum to raise and
> discuss policy-related ideas and issues surrounding existing and proposed
> ARIN policies.
> 
> Regards,
> 
> Susan Hamlin
> Director, Member Services
> 
>  
> Owen DeLong wrote:
> 
>> Actually, no, I don't like being solicited.  I'm as annoyed by SPAM as
>> anyone.  Phishing is little more than SPAM in my experience, since it's
>> usually pretty easy to identify and I know better than to provide my
>> personal information to URLs that don't look right.
>> 
>> Education is the answer to phishing.  Hiding private information doesn't
>> actually help.  The reality is that I can't recall ever receiving a
>> phishing attempt that used information from whois.  The phishers
>> don't generally bother.  For one thing, there isn't a high enough
>> percentage of targets with whois entries.
>> 
>> My opinions on this subject have nothing to do with being affiliated or
>> not with a service provider or with the fact that I also work as a
>> consultant.
>> 
>> My opinions are based exactly on the fact, as I stated, that IP addresses
>> are a resource assigned from the public trust.  If you obtain the use of
>> federal land, that use permit is a matter of public record.  I don't see
>> any reason IP address assignments should be treated any differently.
>> Resource allocations in the public trust should be a matter of public
>> record.
>> 
>> Owen
>> 
>> 
>> --On April 8, 2006 10:38:19 AM -0400 Eric Kagan <ekagan at axsne.com> wrote:
>> 
>>  
>> 
>>> David, 
>>>  
>>> I fully support and agree with the privacy policy you speak of below.
>>> In this day and age of deception (spam, phishing, fraud and a number of
>>> other things) I feel having any information publically accessible that
>>> could help defraud an individual or enterprise is neglegent.  I feel the
>>> Con's far out-weigh the Pro's in this area. I get constant push back
>>> from internal resources as well as private enterprise on releasing their
>>> information.  (Solely in regards to reassignments, not reallocations).
>>> The service providers info should be public and accurate and all
>>> communications should come to the service provider and dealt with
>>> privately to their customers.  Thats a responsibility and part of
>>> business of being a service provider. (If space is assigned downstream,
>>> the reallocated service provider info should be publically posted.) 
>>>  
>>> Lets realize that domain registrars have allowed private registrations
>>> for some time.  Can anyone on this list say they have *never* received
>>> inappropriate communications (via email, mail, phone call) that used
>>> this certain public information ? I know Owen mentioned he is
>>> registered with his info, but if he's on this list and a "consultant"
>>> he is closely tied to the service provider world and maybe even likes
>>> that he can be solicitied.  I am sure most business in the private
>>> sector would not feel the same way. 
>>>  
>>> Unfirtnuately I am unable to attend the Montreal event, but I am willing
>>> to assist or backup the private policy effort in any way possible.  I
>>> will welcome online or offline responses and ideas as well. 
>>>  
>>> Thank you 
>>> Eric 
>>>  
>>> Eric Kagan 
>>> CTO 
>>> Access Northeast/ASN 17113 
>>> Direct 508-281-7626 
>>> ekagan at axsne.com 
>>>  
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: arin-discuss-bounces at arin.net
>>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Divins, David
>>> Sent: Saturday, April 08, 2006 1:26 AM
>>> To: Owen DeLong; ARIN-discuss at arin.net
>>> Subject: Re: [arin-discuss] Privacy of Reassignment Information
>>> 
>>> 
>>> 
>>> All IP Allocations are done based upon trust.  If an ISP just wanted to
>>> obscure a reassignment they could simply make up a customer. 
>>> 
>>> Allowing ISP's to enter into NDA type status for reassignments and
>>> representing these reassignments as private in public servers should
>>> provide the registrar with more accurate information-- as that is the
>>> basis for the reassignment policy.  Additionally, this provides much
>>> needed privacy for companies that must adhere to ever more restrictive
>>> privacy laws.  This allows a valid mechanism. 
>>> 
>>> Why is a corporate entities right to privacy any less than an
>>> individuals (when it comes to IP space-- and remember not all companies
>>> are public)? 
>>> 
>>> Why is there a need to know what company owns a block provided there is
>>> a valid contact provided? This probably brings the question of how can
>>> we ensure a valid contact.  Since all assignments are done based on
>>> trust, there must be some base assumption that for the most part ISP's
>>> act according to ARIN rules--  I am not aware of any ARIN
>>> para-military-esque auditing arm that checks ISP corporate accounting
>>> against IP assignments to see who skirts the rules. 
>>> 
>>> Honestly, I would be content to see a policy that allows an ISP to go
>>> full NDA with ARIN and provide reassignment information to ARIN on a
>>> private basis.  Under this condition, the ISP would need to maintain
>>> valid contact (abuse/noc) for all address space it has been assigned and
>>> not publicly reassigned. 
>>> 
>>> I firmly believe that this issue will not be going away. 
>>> 
>>> -dsd 
>>> 
>>> David Divins 
>>> Principal Engineer 
>>> ServerVault Corp. 
>>> (703) 652-5955 
>>> 
>>> _____________________________________________ 
>>> From:   Owen DeLong [mailto:owen at delong.com] 
>>> Sent:   Friday, April 07, 2006 11:56 PM 
>>> To:     Divins, David; ARIN-discuss at arin.net 
>>> Subject:        Re: [arin-discuss] Privacy of Reassignment Information 
>>> 
>>> * PGP Signed by an unknown key: 04/07/2006 at 11:55PM 
>>> 
>>> 
>>> --On April 7, 2006 10:25:11 PM -0400 "Divins, David"
>>> <dsd at servervault.com> 
>>> wrote: 
>>> 
>>>    
>>> 
>>>> All, 
>>>> 
>>>> Provided an ISP, or other direct assignment recipient, supplies valid 
>>>> and responsive (24x7) Abuse, NOC, and other pertinent contact 
>>>> information, a reassignment should be allowed to remain private. 
>>>> 
>>>>      
>>>> 
>>> First, a direct assignment recipient cannot reassign, so, this would 
>>> not apply to a direct assignment recipient. 
>>> 
>>> Second, the policy was abandoned fairly recently due to lack of 
>>> support by the community and lack of consensus to move forward. 
>>> 
>>> IP resources are an element of public trust.  It is common and
>>> widespread  practice to disclose as a matter of public record
>>> possessory interest  in public resources.  The public interest in an
>>> open and equitable  system of resource assignments and allocations
>>> overrides ISPs 
>>> interest in hiding the identities of their customers. 
>>> 
>>>    
>>> 
>>>> The ability for an ISP to selectively and voluntarily make an
>>>> assignment  private will still allow ARIN to have accurate
>>>> reassignment information  as the assignments will be provided to ARIN
>>>> privately whenever address  utilization must be determined. 
>>>> 
>>>>      
>>>> 
>>> ARIN is a stewardship organization.  The IP addresses are no more owned 
>>> by ARIN than by any recipient organization.  They are administered by 
>>> ARIN and the ISPs in the public trust.  They are public resources. 
>>> 
>>>    
>>> 
>>>> The private designation in no way relieves the ISP of its
>>>> responsibility  to the Internet community.  In fact, a private
>>>> reassignment expands this  responsibility as the ISP actually must
>>>> take on the responsibility  providing valid 24x7 point of contact. 
>>>> 
>>>>      
>>>> 
>>> The community vehemently opposed adding such a requirement to the
>>> previous 
>>> attempt at such a policy. 
>>> 
>>>    
>>> 
>>>> If an ISP is unable or unwilling to provide a responsive NOC/abuse 
>>>> contact, then they may not designate any reassignments as private. 
>>>> 
>>>>      
>>>> 
>>> How would you propose to prevent ISPs from ignoring this requirement? 
>>> 
>>> Owen 
>>> 
>>> -- 
>>> If it wasn't crypto-signed, it probably didn't come from me. 
>>> 
>>> * Unknown Key 
>>> * 0x0FE2AA3D - unknown 
>>> 
>>>    
>>> 
>> 
>> 
>> 
>>  
>> 
>> ------------------------------------------------------------------------
>> 
>> _______________________________________________
>> ARIN-discuss mailing list
>> ARIN-discuss at arin.net
>> http://lists.arin.net/mailman/listinfo/arin-discuss
>>  
>> 



-- 
If it wasn't crypto-signed, it probably didn't come from me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.arin.net/pipermail/arin-discuss/attachments/20060408/c09eec79/attachment.bin