[ppml] Whois & privacy related changes - ideas for future

william(at)elan.net william at elan.net
Tue Oct 19 19:03:26 EDT 2004 

Personally I'm not happy about 2004-6 or 2004-7 text and think larger changes
are needed on how whois is used by arin and users, but I could never quite
put it into normative text. But as we're discussing all this today, please
read below on my ideas and maybe this is something that AC can work on
later and can come up with text for a proposal.

First here is what I see as a problem
 1. ARIN database seems overwhelmed by amount of small assignments whois data
 2. Current ARIN privacy policy for residential customers is already abused
    and having "private customers" seems like waste of database space (what
    use is it to see "private customer/private residence' record in whois) 
 3. Researches don't want addresses of customers completely hidden because 
    they use that to establish geographical mapping of the net
 4. Those doing abuse investigations don't want names hidden (especially
    for any large block).
 5. Residential and small business customers want privacy for their records

So here are my ideas on what could be done:
 1. Change policy to require full reassignment SWIP if its > 128 ips or 
    possibly > 254 ips
 2. For smaller reassignments do not require all of then to be 
    reported as individual reassignment and create instead new form
    of multi-reassignment SWIP which would list number of reassignments
    of each size without actually listing each customer name and address.
    The actual physical address listed under SWIP would have to correspond 
    to same geographical area as all customers in that larger swip and
    maybe something like address of CO or datacenter or company city office.
 3. Get rid of current residential customer privacy policy.

Here is why I think this is good and would be ok for most of what we want:
 1. The amount of data being entered and maintained in database would
    decrease dramaticaly because currently > 75% of it are those small
    < /24 reassignment SWIPs. This is easier both for ARIN and for ISPs.
 2. Residential customers and small business who desire privacy get it
    as their info is not reported any more
 3. Researches are still able to get all the info about geographical 
    location, in fact it even becomes easier when this data for number
    of small blocks is aggregated together
 4. Based on what I've seen almost all spammers with directly assigned 
    blocks have > /24 (usually around /21 or /22) of ip space. It appears
    the big ones have very serious operations that smaller space would not
    work for them and smaller ones go for dedicated servers with few ips 
    and many/most dedicated server companies don't report those ips in 
    swips anyway. So dropping info on small blocks would probably not
    cause serious issues for abuse investigations.

Question remains if this is ok with ARIN as instead of getting actual
list of customers with exact ip blocks they use, ARIN info would now be
just number of reassignments of different sizes - but I have feeling that 
maye exactly what ARIN wants and uses when determening utilization anyway...
Plus if they need more info, they can always ask.

So if you think this is worth it, feel free to discuss it more and maybe
an exact proposal can be created based on the above ideas.

-- 
William Leibzon
Elan Networks
william at elan.net

More information about the ARIN-PPML mailing list