From iljitsch at muada.com Wed Jan 2 10:14:29 2008 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Wed, 2 Jan 2008 16:14:29 +0100 Subject: [ppml] 2007 IPv4 Address Use Report Message-ID: <68701135-09F9-416B-91F6-7DE8E2E24391@muada.com> 2007 IPv4 Address Use Report In 2007, the number of available IPv4 addresses went down from 1300.65 million to 1122.85 million, a difference of 177.8 million addresses. The number of usable addresses is 3706.65 million, so on January 1, 2007 we were at 64.9% utilization and a year later we're at 69.7%. These figures are derived from the records published on the FTP servers of the five Regional Internet Registries (RIRs): AfriNIC, which gives out address space in Africa, APNIC (Asia-Pacific region), ARIN (North America), LACNIC (Latin American and the Caribbean) and the RIPE NCC (Europe, the former Soviet Union and the Middle East). There are two other ways to interpret the same data. The first is simply add up all the address space with a date indicating that it was given out in 2007. That number is 186.93 million addresses. The third method is to compensate for ARIN's record keeping peculiarities (see this Internet Protocol Journal article). This brings the total for 2007 to no less than 196.77 million, the highest number ever. The second-highest was 1991 with 189 million addresses. The 196.77 million figure is approxmately 19% higher than the 2005 and 2006 numbers, which were largely the same. All numbers only include addresses that are still in use. For the first time in many years, in 2007 one of the old class A blocks was returned to IANA: block 46.0.0.0/8, 16.78 million addresses in size, is now part of the global pool of free address space. This accounts for most of the difference between the 177.8 and 196.77 numbers. The status of the 221 usable blocks of 16.78 million address is now as follows: Delegated to Blocks +/- 2007 Addresses (millions) AfriNIC 2 +1 33.55 APNIC 26 +7 436.21 ARIN 27 452.98 LACNIC 6 +2 100.66 RIPE NCC 26 +4 436.21 Various 49 -1 822.08 End-user 42 -1 704.64 Available 43 -12 721.42 In addition to the 43 unused blocks (721.42 million addresses) that IANA holds, there is additional free space in the form of addresses delegated from IANA to the regional internet registries, but not yet further delegated by the RIR in question to an ISP or end-user. 2006-01-01 2007-01-01 delegated delegated free delegated delegated free TO BY TO BY AfriNIC 16.78 6.39 10.39 33.55 11.97 21.58 APNIC 318.77 297.23 21.54 436.21 366.87 69.34 ARIN 452.98 350.48 102.50 452.98 394.08 58.90 LACNIC 67.11 42.71 24.40 100.66 57.52 43.14 RIPE NCC 369.10 317.62 51.48 436.21 378.35 57.86 Total RIRs 1224.74 1014.43 210.31 1459.61 1208.79 250.82 Various 838.86 671.26 167.60 822.08 671.48 150.60 End-user 721.42 704.64 16.78 704.64 671.09 33.55 Available 922.74 16.78 905.96 721.42 16.78 704.64 Total 3707.76 2407.11 1300.65 3707.75 2568.14 1139.61 This view uncovers two inconsistencies: block 7.0.0.0/8 that is part of the free space according to the IANA IPv4 address space overview shows up as delegated to the US Department of Defense in ARIN's records. Net 14.0.0.0/8 is for the "public data net" (see RFCs 3330 and 1700) so it's not part of the regular delegation system. 43.0.0.0/8 is delegated to "Japan Inet" by IANA. Those delegations used to be registered in ARIN's database but this block was transferred to APNIC in 2007, where it does show up in the whois service, but not as part of the delegated address space in the files on the FTP server. The total of 3707.76 (or 3707.75) million addresses is slightly different from the 3706.65 maximum mentioned earlier because the latter excludes all RFC 1918 private address space, the former still includes 192.168.0.0/16 and 172.16.0.0/12. The size of address blocks given out was increasing until 2005, but now shows a downturn. The table below shows the number of delegations for a certain range of block sizes (equal or higher than the first, lower than the second value). (2005 and earlier values from 2006-01-01 data, 2006 and 2007 values from 2007-01-01 data. No correction for the ARIN accounting method.) 2001 2002 2003 2004 2005 2006 2007 < 1000 474 547 745 1022 1309 1507 1830 1000 - 8000 1176 897 1009 1516 1891 2265 2839 8000 - 64k 868 822 1014 1100 1039 1192 1015 64k - 500k 262 163 215 404 309 419 395 500k - 2M 39 29 46 61 60 57 62 > 2M 5 5 6 7 18 17 24 The increase in large blocks has a very dramatic effect while the small blocks are insignificant, when looking at the millions of addresses involved: 2001 2002 2003 2004 2005 2006 2007 < 1000 0.16 0.18 0.25 0.35 0.44 0.51 0.63 1000 - 8000 4.47 3.23 3.45 4.49 5.07 5.83 6.93 8000 - 64k 12.81 11.35 14.00 15.99 15.46 18.01 15.67 64k - 500k 32.19 20.28 25.51 42.01 34.23 50.86 50.83 500k - 2M 24.64 21.30 31.98 44.63 41.63 46.69 45.50 > 2M 14.68 12.58 12.58 20.97 68.62 52.43 67.37 Despite the strong increase in the number of 2 million+ blocks and the amount of address space given out in these blocks, the average block size has been going down because of the very large growth in the numbers of smaller blocks: Year Blocks Addresses (M) Average block size 2000 2794 78.35 28043 2001 2824 88.95 31497 2002 2463 68.93 27985 2003 3035 87.77 28921 2004 4110 128.45 31252 2005 4626 165.45 35765 2006 5457 174.32 31945 2007 6165 186.92 30320 The 2568.14 million addresses currently in use aren't very evenly distributed over the countries in the world. The current top 15 is: 2007-01-01 2007-01-01 change Country 1 - US 1408.15 M 1366.53 M +3% United States 2 - JP 141.47 M 151.27 M -6% Japan 3 (4) CN 135.31 M 98.02 M +38% China 4 (3) EU 120.35 M 115.83 M +4% Multi-country in Europe 5 - GB 83.50 M 93.91 M -11% United Kingdom 6 - CA 73.20 M 71.32 M +3% Canada 7 - DE 72.46 M 61.59 M +18% Germany 8 - FR 67.79 M 58.23 M +16% France 9 - KR 58.86 M 51.13 M +15% Korea 10 - AU 33.43 M 30.64 M +9% Australia 11 (12) IT 24.04 M 19.14 M +26% Italy 12 (11) BR 23.46 M 19.27 M +22% Brazil 13 (16) MX 21.50 M 16.26 M +32% Mexico 14 (13) ES 20.42 M 18.69 M +9% Spain 15 - NL 19.89 M 18.08 M +10% Netherlands The -6% and -11% figures for the UK and Japan are once again anomalies: the former is the missing 43.0.0.0/8 net and in the latter case, ARIN and RIPE both had a record for 25.0.0.0/8 in the 2007-01-01 data, but this was cleared up in the 2008-01-01 data. Although the US still added more than 40 million new addresses to its immense existing stockpile, its growth was modest percentage-wise and it now holds 55% of the IPv4 address space in use, down from 57%. All of the other countries in the top 15 except for Canada and "EU" saw their address use grow faster than the 7% average. This brings the total for the top 15 excluding the US to 35%, up from 34%. The rest of the world gets the remaining 10%, up from 9%. See http://www.bgpexpert.com/addrspace2007.php for a copy of this report and links to the versions for 2006 and 2005. From ROSSIRJ at SLU.EDU Wed Jan 2 11:56:16 2008 From: ROSSIRJ at SLU.EDU (ROSSIRJ at SLU.EDU) Date: Wed, 02 Jan 2008 10:56:16 -0600 (CST) Subject: [ppml] Out of Office Message-ID: <01MPM5M9CJXE8YF18Q@SLU.EDU> Thank you for your message. I am currently out of the office and will not be checking e-mail. Your message has been saved and will be read upon my return. From info at arin.net Thu Jan 3 12:01:08 2008 From: info at arin.net (Member Services) Date: Thu, 03 Jan 2008 12:01:08 -0500 Subject: [ppml] Board adopts two policy proposals Message-ID: <477D14D4.3060808@arin.net> On 11 December 2007 the ARIN Board of Trustees adopted two policy proposals: 2007-19: IANA Policy for Allocation of ASN Blocks to RIRs. This is a global policy proposal which will be implemented after ratification by the ICANN Board of Directors. 2007-25: IPv6 Policy Housekeeping. This policy will be implemented no later than 15 February 2008. The ARIN Board of Trustees remanded two proposals to the Advisory Council (AC): 2007-21: PIv6 for legacy holders with RSA and efficient use, to facilitate further discussion regarding the policy text. 2007-22: Expand timeframe of Additional Requests, for further consideration and evaluation with respect to the public policy process. Policy proposal texts are available at the Policy Proposal Archive which can be found at: http://www.arin.net/policy/proposal_archive.html Regards, Member Services Department American Registry for Internet Numbers (ARIN) From arin-contact at dirtside.com Thu Jan 3 12:26:56 2008 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 3 Jan 2008 12:26:56 -0500 Subject: [ppml] Board adopts two policy proposals In-Reply-To: <477D14D4.3060808@arin.net> References: <477D14D4.3060808@arin.net> Message-ID: <3c3e3fca0801030926g11aed9dby5f32566ce2fda3df@mail.gmail.com> On Jan 3, 2008 12:01 PM, Member Services wrote: > The ARIN Board of Trustees remanded two proposals to the Advisory > Council (AC): > > 2007-21: PIv6 for legacy holders with RSA and efficient use, to > facilitate further discussion regarding the policy text. Hi folks, What "further discussion regarding the policy text" is requested? Thanks, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From info at arin.net Tue Jan 8 13:07:40 2008 From: info at arin.net (Member Services) Date: Tue, 08 Jan 2008 13:07:40 -0500 Subject: [ppml] Deadline for Policy Proposals - 7 February 2008 Message-ID: <4783BBEC.1090102@arin.net> The ARIN XXI Public Policy Meeting will take place 7-8 April 2008 in Denver. New policy proposals must be submitted by 23:59 EST, 7 February 2008, in order to be considered by the ARIN Advisory Council for possible inclusion on the ARIN XXI agenda. The ARIN Internet Resource Policy Evaluation Process requires that proposed policies must be submitted at least 60 days prior to the meeting. Those who wish to propose new ARIN number resource policies or modifications to existing policies must submit a Policy Proposal Template. Send the template via e-mail to policy at arin.net. The Policy Proposal Template can be found at: http://www.arin.net/policy/irpep_template.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) From dsd at servervault.com Tue Jan 8 16:23:37 2008 From: dsd at servervault.com (Divins, David) Date: Tue, 8 Jan 2008 16:23:37 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <4780F26B.3000104@chl.com><20080108031404.GA52362@ussenterprise.ufp.org> Message-ID: I think it is clear from these discussions that SWIP is unnecessary. Down with SWIP and RWHOIS! -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak Sent: Tuesday, January 08, 2008 6:31 AM To: arin-discuss at arin.net Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN SWIP whois This discussion needs to move to the ppml as it concerns a policy and its merits and rationale. Ray > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss- > bounces at arin.net] On Behalf Of Leo Bicknell > Sent: Monday, January 07, 2008 10:14 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois > > In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe > Maimon wrote: > > Is there any overriding reason to limit ARIN swip to /29 or bigger? > > I will point out (in IPv4): > > /32 assignment (e.g. dial up, DSL, etc) is by definition 100% utilized. > > In terms of subnets, which only make sense if you have two more more > devices (router + one or more hosts): > > /31 subnet by definition is 100% used. > /30 subnet by definition is 100% used (router, host, network, > broadcast). > /29 subnet is at minimum 50% used (router, host, network, broadcast). > If we further assume this was done because a /30 was not large > enough (e.g. people are doing the right thing) there must be at > least 5/8's, or 62.5% in use. Also, while the standard may be 80% > utilization, which would require 7 of the 8 IP's to be in use; > that leaves an interesting corner case where 5/8 and 6/8 can't > fit in a /30, but don't meet 80%. Thus it makes sense to count > 5/8 and 6/8 as fully utilized, making it all but impossible to > have an underutilized /29. > > Now, one of ARIN's primary uses for the data is to insure assignments > were made in accordance with ARIN's rules when someone requests more > space. There's no reason to review a /30, /31, or 32, as there's no > chance those assignments were under-utilized. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - > tmbg-list-request at tmbg.org, www.tmbg.org _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From drc at virtualized.org Tue Jan 8 16:56:00 2008 From: drc at virtualized.org (David Conrad) Date: Tue, 8 Jan 2008 13:56:00 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <4780F26B.3000104@chl.com><20080108031404.GA52362@ussenterprise.ufp.org> Message-ID: <0930A346-97CE-4328-BEA9-EAC883184749@virtualized.org> If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be able to determine utilization? Regards, -drc On Jan 8, 2008, at 1:23 PM, Divins, David wrote: > I think it is clear from these discussions that SWIP is unnecessary. > > Down with SWIP and RWHOIS! > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak > Sent: Tuesday, January 08, 2008 6:31 AM > To: arin-discuss at arin.net > Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN > SWIP > whois > > This discussion needs to move to the ppml as it concerns a policy and > its merits and rationale. > > Ray > >> -----Original Message----- >> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >> bounces at arin.net] On Behalf Of Leo Bicknell >> Sent: Monday, January 07, 2008 10:14 PM >> To: arin-discuss at arin.net >> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >> >> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >> Maimon wrote: >>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >> >> I will point out (in IPv4): >> >> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >> utilized. >> >> In terms of subnets, which only make sense if you have two more more >> devices (router + one or more hosts): >> >> /31 subnet by definition is 100% used. >> /30 subnet by definition is 100% used (router, host, network, >> broadcast). >> /29 subnet is at minimum 50% used (router, host, network, broadcast). >> If we further assume this was done because a /30 was not large >> enough (e.g. people are doing the right thing) there must be at >> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >> utilization, which would require 7 of the 8 IP's to be in use; >> that leaves an interesting corner case where 5/8 and 6/8 can't >> fit in a /30, but don't meet 80%. Thus it makes sense to count >> 5/8 and 6/8 as fully utilized, making it all but impossible to >> have an underutilized /29. >> >> Now, one of ARIN's primary uses for the data is to insure assignments >> were made in accordance with ARIN's rules when someone requests more >> space. There's no reason to review a /30, /31, or 32, as there's no >> chance those assignments were under-utilized. >> >> -- >> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >> tmbg-list-request at tmbg.org, www.tmbg.org From ipgoddess at gmail.com Tue Jan 8 16:59:10 2008 From: ipgoddess at gmail.com (Stacy Taylor) Date: Tue, 8 Jan 2008 13:59:10 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <4780F26B.3000104@chl.com> <20080108031404.GA52362@ussenterprise.ufp.org> Message-ID: <1c16a4870801081359m5b12819ak55dad7f5b28bce7@mail.gmail.com> Hi Everyone,So, Joe - did you want to change it so that /28 and shorter prefix lengths should be swipped, and that the /29s are trivial? What is it you'd like us to look at? Thanks, Stacy Taylor ---------- Forwarded message ---------- From: Ray Plzak Date: Jan 8, 2008 3:31 AM Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois To: "arin-discuss at arin.net" This discussion needs to move to the ppml as it concerns a policy and its merits and rationale. Ray > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss- > bounces at arin.net] On Behalf Of Leo Bicknell > Sent: Monday, January 07, 2008 10:14 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois > > In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe > Maimon wrote: > > Is there any overriding reason to limit ARIN swip to /29 or bigger? > > I will point out (in IPv4): > > /32 assignment (e.g. dial up, DSL, etc) is by definition 100% utilized. > > In terms of subnets, which only make sense if you have two more more > devices (router + one or more hosts): > > /31 subnet by definition is 100% used. > /30 subnet by definition is 100% used (router, host, network, > broadcast). > /29 subnet is at minimum 50% used (router, host, network, broadcast). > If we further assume this was done because a /30 was not large > enough (e.g. people are doing the right thing) there must be at > least 5/8's, or 62.5% in use. Also, while the standard may be 80% > utilization, which would require 7 of the 8 IP's to be in use; > that leaves an interesting corner case where 5/8 and 6/8 can't > fit in a /30, but don't meet 80%. Thus it makes sense to count > 5/8 and 6/8 as fully utilized, making it all but impossible to > have an underutilized /29. > > Now, one of ARIN's primary uses for the data is to insure assignments > were made in accordance with ARIN's rules when someone requests more > space. There's no reason to review a /30, /31, or 32, as there's no > chance those assignments were under-utilized. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - > tmbg-list-request at tmbg.org, www.tmbg.org _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -- :):) /S -------------- next part -------------- An HTML attachment was scrubbed... URL: From dsd at servervault.com Tue Jan 8 17:00:22 2008 From: dsd at servervault.com (Divins, David) Date: Tue, 8 Jan 2008 17:00:22 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <0930A346-97CE-4328-BEA9-EAC883184749@virtualized.org> References: <4780F26B.3000104@chl.com><20080108031404.GA52362@ussenterprise.ufp.org> <0930A346-97CE-4328-BEA9-EAC883184749@virtualized.org> Message-ID: I have no problem sharing that information with my RIR at any tie. I do take issue with the full amount of information required being available to any one who wants it. My position is if I provide valid technical and abuse contac for an address space, the specific end-entity it is in use by and their physical address is irrelevant. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: David Conrad [mailto:drc at virtualized.org] Sent: Tuesday, January 08, 2008 4:56 PM To: Divins, David Cc: Public Policy Mailing List Subject: Re: [ppml] /29 limit for ARIN SWIP whois If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be able to determine utilization? Regards, -drc On Jan 8, 2008, at 1:23 PM, Divins, David wrote: > I think it is clear from these discussions that SWIP is unnecessary. > > Down with SWIP and RWHOIS! > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak > Sent: Tuesday, January 08, 2008 6:31 AM > To: arin-discuss at arin.net > Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN > SWIP whois > > This discussion needs to move to the ppml as it concerns a policy and > its merits and rationale. > > Ray > >> -----Original Message----- >> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >> bounces at arin.net] On Behalf Of Leo Bicknell >> Sent: Monday, January 07, 2008 10:14 PM >> To: arin-discuss at arin.net >> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >> >> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >> Maimon wrote: >>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >> >> I will point out (in IPv4): >> >> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >> utilized. >> >> In terms of subnets, which only make sense if you have two more more >> devices (router + one or more hosts): >> >> /31 subnet by definition is 100% used. >> /30 subnet by definition is 100% used (router, host, network, >> broadcast). >> /29 subnet is at minimum 50% used (router, host, network, broadcast). >> If we further assume this was done because a /30 was not large >> enough (e.g. people are doing the right thing) there must be at >> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >> utilization, which would require 7 of the 8 IP's to be in use; >> that leaves an interesting corner case where 5/8 and 6/8 can't >> fit in a /30, but don't meet 80%. Thus it makes sense to count >> 5/8 and 6/8 as fully utilized, making it all but impossible to >> have an underutilized /29. >> >> Now, one of ARIN's primary uses for the data is to insure assignments >> were made in accordance with ARIN's rules when someone requests more >> space. There's no reason to review a /30, /31, or 32, as there's no >> chance those assignments were under-utilized. >> >> -- >> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >> tmbg-list-request at tmbg.org, www.tmbg.org From drc at virtualized.org Tue Jan 8 17:24:46 2008 From: drc at virtualized.org (David Conrad) Date: Tue, 8 Jan 2008 14:24:46 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <4780F26B.3000104@chl.com><20080108031404.GA52362@ussenterprise.ufp.org> <0930A346-97CE-4328-BEA9-EAC883184749@virtualized.org> Message-ID: Oh. That's different. "Down with SWIP and RWHOIS" is an unfortunate shorthand for "Whois data publication policy should be revised." Opinions vary. No doubt we'll hear most of them repeated with vigor. Regards, -drc On Jan 8, 2008, at 2:00 PM, Divins, David wrote: > I have no problem sharing that information with my RIR at any tie. > > I do take issue with the full amount of information required being > available to any one who wants it. My position is if I provide valid > technical and abuse contac for an address space, the specific end- > entity > it is in use by and their physical address is irrelevant. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > > -----Original Message----- > From: David Conrad [mailto:drc at virtualized.org] > Sent: Tuesday, January 08, 2008 4:56 PM > To: Divins, David > Cc: Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be > able to determine utilization? > > Regards, > -drc > > On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >> I think it is clear from these discussions that SWIP is unnecessary. >> >> Down with SWIP and RWHOIS! >> >> -dsd >> >> David Divins >> Principal Engineer >> ServerVault Corp. >> >> -----Original Message----- >> From: arin-discuss-bounces at arin.net >> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >> Sent: Tuesday, January 08, 2008 6:31 AM >> To: arin-discuss at arin.net >> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >> SWIP whois >> >> This discussion needs to move to the ppml as it concerns a policy and >> its merits and rationale. >> >> Ray >> >>> -----Original Message----- >>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>> bounces at arin.net] On Behalf Of Leo Bicknell >>> Sent: Monday, January 07, 2008 10:14 PM >>> To: arin-discuss at arin.net >>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>> >>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>> Maimon wrote: >>>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >>> >>> I will point out (in IPv4): >>> >>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>> utilized. >>> >>> In terms of subnets, which only make sense if you have two more more >>> devices (router + one or more hosts): >>> >>> /31 subnet by definition is 100% used. >>> /30 subnet by definition is 100% used (router, host, network, >>> broadcast). >>> /29 subnet is at minimum 50% used (router, host, network, >>> broadcast). >>> If we further assume this was done because a /30 was not large >>> enough (e.g. people are doing the right thing) there must be at >>> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >>> utilization, which would require 7 of the 8 IP's to be in use; >>> that leaves an interesting corner case where 5/8 and 6/8 can't >>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>> have an underutilized /29. >>> >>> Now, one of ARIN's primary uses for the data is to insure >>> assignments > >>> were made in accordance with ARIN's rules when someone requests more >>> space. There's no reason to review a /30, /31, or 32, as there's no >>> chance those assignments were under-utilized. >>> >>> -- >>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>> tmbg-list-request at tmbg.org, www.tmbg.org > > > From tedm at ipinc.net Tue Jan 8 19:00:14 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 8 Jan 2008 16:00:14 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: OK so I guess let me summarize the points of view: 1) SWIP is a valuable and much-needed tool that allows network administrators on the Internet to quickly find and report spammers, and other network miscreants. The current limit of /29 is obsolete since lots of entities today are assigned /32s under DSL, and that does not allow for disclosure of every entity assigned an IP address. 2) SWIP is an evil thing that allows my competitors to rape me of my customer base and spam the hell out of people. I think it's pretty clear that David Divins is in the #2 camp. My comment to this is that I think it pointless to set policy to make the #2 camp happy. They won't be happy until the entire Internet is just one big anonymous network that allows spammers, child predators and other miscreants to wreak havoc with no oversight or any way to track them down. It is pointless to make the claim that a single technical and abuse contact is all that is necessary for a netblock assignment of tens of thousands of IPv4 numbers, and potentially millions of IPv6 numbers. That is the thrust of the "I provide valid POC for my netblock, and my customers are none of your business" people. A single POC for that many entities merely means a single mailbox that is overflowing with complaints that are ignored. I think we ALL have had the experience of sending a spam complaint to abuse at aol.com and seeing how useful it is to getting the spammer shut down. That's the morally bankrupt result of the #2 camp logic. So please, let's ignore their input on SWIP policy. If we mandate /32 SWIPS they are just going to ignore them, the way they are currently ignoring /29 SWIPS. So, to hell with them. For the rest of us who have a modicum of responsibility, in the #1 camp, clearly SWIPS aren't doing the job. I will point out that they aren't even doing the job for the RIR. If they were, then the RIR would not allow people to submit spreadsheets and such as evidence of utilization. Ted >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >David Conrad >Sent: Tuesday, January 08, 2008 2:25 PM >To: Divins, David >Cc: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Oh. > >That's different. "Down with SWIP and RWHOIS" is an unfortunate >shorthand for "Whois data publication policy should be revised." > >Opinions vary. No doubt we'll hear most of them repeated with vigor. > >Regards, >-drc > >On Jan 8, 2008, at 2:00 PM, Divins, David wrote: >> I have no problem sharing that information with my RIR at any tie. >> >> I do take issue with the full amount of information required being >> available to any one who wants it. My position is if I provide valid >> technical and abuse contac for an address space, the specific end- >> entity >> it is in use by and their physical address is irrelevant. >> >> -dsd >> >> David Divins >> Principal Engineer >> ServerVault Corp. >> >> -----Original Message----- >> From: David Conrad [mailto:drc at virtualized.org] >> Sent: Tuesday, January 08, 2008 4:56 PM >> To: Divins, David >> Cc: Public Policy Mailing List >> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >> >> If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be >> able to determine utilization? >> >> Regards, >> -drc >> >> On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >>> I think it is clear from these discussions that SWIP is unnecessary. >>> >>> Down with SWIP and RWHOIS! >>> >>> -dsd >>> >>> David Divins >>> Principal Engineer >>> ServerVault Corp. >>> >>> -----Original Message----- >>> From: arin-discuss-bounces at arin.net >>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >>> Sent: Tuesday, January 08, 2008 6:31 AM >>> To: arin-discuss at arin.net >>> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >>> SWIP whois >>> >>> This discussion needs to move to the ppml as it concerns a policy and >>> its merits and rationale. >>> >>> Ray >>> >>>> -----Original Message----- >>>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>>> bounces at arin.net] On Behalf Of Leo Bicknell >>>> Sent: Monday, January 07, 2008 10:14 PM >>>> To: arin-discuss at arin.net >>>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>>> >>>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>>> Maimon wrote: >>>>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >>>> >>>> I will point out (in IPv4): >>>> >>>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>>> utilized. >>>> >>>> In terms of subnets, which only make sense if you have two more more >>>> devices (router + one or more hosts): >>>> >>>> /31 subnet by definition is 100% used. >>>> /30 subnet by definition is 100% used (router, host, network, >>>> broadcast). >>>> /29 subnet is at minimum 50% used (router, host, network, >>>> broadcast). >>>> If we further assume this was done because a /30 was not large >>>> enough (e.g. people are doing the right thing) there must be at >>>> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >>>> utilization, which would require 7 of the 8 IP's to be in use; >>>> that leaves an interesting corner case where 5/8 and 6/8 can't >>>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>>> have an underutilized /29. >>>> >>>> Now, one of ARIN's primary uses for the data is to insure >>>> assignments >> >>>> were made in accordance with ARIN's rules when someone requests more >>>> space. There's no reason to review a /30, /31, or 32, as there's no >>>> chance those assignments were under-utilized. >>>> >>>> -- >>>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>>> tmbg-list-request at tmbg.org, www.tmbg.org >> >> >> > >_______________________________________________ >PPML >You are receiving this message because you are subscribed to the >ARIN Public Policy >Mailing List (PPML at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml >Please contact the ARIN Member Services Help Desk at info at arin.net >if you experience any issues. > From tedm at ipinc.net Tue Jan 8 19:10:44 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 8 Jan 2008 16:10:44 -0800 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080108031404.GA52362@ussenterprise.ufp.org> Message-ID: >-----Original Message----- >From: arin-discuss-bounces at arin.net >[mailto:arin-discuss-bounces at arin.net]On Behalf Of Leo Bicknell >Sent: Monday, January 07, 2008 7:14 PM >To: arin-discuss at arin.net >Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois > > >Now, one of ARIN's primary uses for the data is to insure assignments >were made in accordance with ARIN's rules when someone requests >more space. That may be one of ARIN's primary uses, but it is not the primary use of the rest of the Internet for SWIP data. SWIP is how you find out who's router is misconfigured and causing trouble, and who to knock on the head to get them to stop doing it. Your argument is kind of like arguing that there's no need for license plates on the back of passenger cars, because they can only seat 4 people, that the only vehicles that need license plates are trucks and buses. In short, it's interesting and I found it amusing, but not realistic. Followups to the ppl list, please. Ted From bicknell at ufp.org Tue Jan 8 20:01:27 2008 From: bicknell at ufp.org (Leo Bicknell) Date: Tue, 8 Jan 2008 20:01:27 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: <20080108031404.GA52362@ussenterprise.ufp.org> Message-ID: <20080109010127.GA64266@ussenterprise.ufp.org> In a message written on Tue, Jan 08, 2008 at 04:10:44PM -0800, Ted Mittelstaedt wrote: > Your argument is kind of like arguing that there's no need for license > plates on the back of passenger cars, because they can only seat 4 > people, that the only vehicles that need license plates are trucks > and buses. In short, it's interesting and I found it amusing, but not > realistic. No. My argument is that there's no need for everyone to put their name, address and phone number on the back of their car. If you see a car run a red light you don't get to show up at Bob's home with a baseball bat and beat him up; you get to call authorities and give them the license plate number, which they can look up and track down. If someone is comitting a crime from an IP address the right thing to do is call the police, not make the information available for a self-appointed lynch mob to show up at the person's door. Every packet already has a license plate, an "IP Address". It's a nice, unique identifier. Law enforcement does not need Whois to be publically accessable to track down who owns that IP address; but they do like the convenience. All making that information available to the public does is lead to vigilante justice. I suspect when someone is murdered because their computer was spamming and someone looked up their address in whois and went over and killed them that law enforcement may start to see the value in having the database not be public. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From jrhett at svcolo.com Wed Jan 9 01:54:38 2008 From: jrhett at svcolo.com (Jo Rhett) Date: Tue, 8 Jan 2008 22:54:38 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <1F848E7A-87DE-4B3F-9FB4-1A9DDB24BD36@svcolo.com> I'm not trying to be rude to either camp here... but anything of a / 29 or less isn't really relevant for either. You're going to want the larger provider to enforce their ToS or help/shut-down their customer. Knowing who owns the /32 just isn't going to help with either #1 or #2. On Jan 8, 2008, at 4:00 PM, Ted Mittelstaedt wrote: > OK so I guess let me summarize the points of view: > > 1) SWIP is a valuable and much-needed tool that allows > network administrators on the Internet to quickly find and > report spammers, and other network miscreants. The current > limit of /29 is obsolete since lots of entities today are > assigned /32s under DSL, and that does not allow for disclosure > of every entity assigned an IP address. > > 2) SWIP is an evil thing that allows my competitors to > rape me of my customer base and spam the hell out of > people. > > > I think it's pretty clear that David Divins is in the #2 camp. > My comment to this is that I think it pointless to set policy > to make the #2 camp happy. They won't be happy until the entire > Internet is just one big anonymous network that allows spammers, > child predators and other miscreants to wreak havoc with no oversight > or any way to track them down. > > It is pointless to make the claim that a single technical and abuse > contact is all that is necessary for a netblock assignment of > tens of thousands of IPv4 numbers, and potentially millions of IPv6 > numbers. That is the thrust of the "I provide valid POC for my > netblock, and my customers are none of your business" people. A single > POC for that many entities merely means a single mailbox that > is overflowing with complaints that are ignored. > > I think we ALL have had the experience of sending a spam complaint > to abuse at aol.com and seeing how useful it is to getting the spammer > shut down. That's the morally bankrupt result of the #2 camp logic. > So please, let's ignore their input on SWIP policy. If we > mandate /32 SWIPS they are > just going to ignore them, the way they are currently ignoring > /29 SWIPS. So, to hell with them. > > For the rest of us who have a modicum of responsibility, in the > #1 camp, clearly SWIPS aren't doing the job. I will point out that > they aren't even doing the job for the RIR. If they were, then > the RIR would not allow people to submit spreadsheets and such > as evidence of utilization. > > Ted > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >> Behalf Of >> David Conrad >> Sent: Tuesday, January 08, 2008 2:25 PM >> To: Divins, David >> Cc: Public Policy Mailing List >> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >> >> >> Oh. >> >> That's different. "Down with SWIP and RWHOIS" is an unfortunate >> shorthand for "Whois data publication policy should be revised." >> >> Opinions vary. No doubt we'll hear most of them repeated with vigor. >> >> Regards, >> -drc >> >> On Jan 8, 2008, at 2:00 PM, Divins, David wrote: >>> I have no problem sharing that information with my RIR at any tie. >>> >>> I do take issue with the full amount of information required being >>> available to any one who wants it. My position is if I provide >>> valid >>> technical and abuse contac for an address space, the specific end- >>> entity >>> it is in use by and their physical address is irrelevant. >>> >>> -dsd >>> >>> David Divins >>> Principal Engineer >>> ServerVault Corp. >>> >>> -----Original Message----- >>> From: David Conrad [mailto:drc at virtualized.org] >>> Sent: Tuesday, January 08, 2008 4:56 PM >>> To: Divins, David >>> Cc: Public Policy Mailing List >>> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >>> >>> If you don't have SWIP, Rwhois, or its equivalent, how would an >>> RIR be >>> able to determine utilization? >>> >>> Regards, >>> -drc >>> >>> On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >>>> I think it is clear from these discussions that SWIP is >>>> unnecessary. >>>> >>>> Down with SWIP and RWHOIS! >>>> >>>> -dsd >>>> >>>> David Divins >>>> Principal Engineer >>>> ServerVault Corp. >>>> >>>> -----Original Message----- >>>> From: arin-discuss-bounces at arin.net >>>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >>>> Sent: Tuesday, January 08, 2008 6:31 AM >>>> To: arin-discuss at arin.net >>>> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >>>> SWIP whois >>>> >>>> This discussion needs to move to the ppml as it concerns a >>>> policy and >>>> its merits and rationale. >>>> >>>> Ray >>>> >>>>> -----Original Message----- >>>>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>>>> bounces at arin.net] On Behalf Of Leo Bicknell >>>>> Sent: Monday, January 07, 2008 10:14 PM >>>>> To: arin-discuss at arin.net >>>>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>>>> >>>>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>>>> Maimon wrote: >>>>>> Is there any overriding reason to limit ARIN swip to /29 or >>>>>> bigger? >>>>> >>>>> I will point out (in IPv4): >>>>> >>>>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>>>> utilized. >>>>> >>>>> In terms of subnets, which only make sense if you have two more >>>>> more >>>>> devices (router + one or more hosts): >>>>> >>>>> /31 subnet by definition is 100% used. >>>>> /30 subnet by definition is 100% used (router, host, network, >>>>> broadcast). >>>>> /29 subnet is at minimum 50% used (router, host, network, >>>>> broadcast). >>>>> If we further assume this was done because a /30 was not large >>>>> enough (e.g. people are doing the right thing) there must be at >>>>> least 5/8's, or 62.5% in use. Also, while the standard may >>>>> be 80% >>>>> utilization, which would require 7 of the 8 IP's to be in use; >>>>> that leaves an interesting corner case where 5/8 and 6/8 can't >>>>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>>>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>>>> have an underutilized /29. >>>>> >>>>> Now, one of ARIN's primary uses for the data is to insure >>>>> assignments >>> >>>>> were made in accordance with ARIN's rules when someone requests >>>>> more >>>>> space. There's no reason to review a /30, /31, or 32, as >>>>> there's no >>>>> chance those assignments were under-utilized. >>>>> >>>>> -- >>>>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>>>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>>>> tmbg-list-request at tmbg.org, www.tmbg.org >>> >>> >>> >> >> _______________________________________________ >> PPML >> You are receiving this message because you are subscribed to the >> ARIN Public Policy >> Mailing List (PPML at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> Please contact the ARIN Member Services Help Desk at info at arin.net >> if you experience any issues. >> > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the > ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. -- Jo Rhett senior geek Silicon Valley Colocation Support Phone: 408-400-0550 From michael.dillon at bt.com Wed Jan 9 03:40:58 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jan 2008 08:40:58 -0000 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: > That's the morally bankrupt result of the #2 camp logic. > So please, let's ignore their input on SWIP policy. Did you, by chance, read the sentence where David said: My position is if I provide valid technical and abuse contac for an address space, the specific end- entity it is in use by and their physical address is irrelevant. Is it bad for David to take full responsibility for traffic emanating from his address space? > For the rest of us who have a modicum of responsibility, in the > #1 camp, clearly SWIPS aren't doing the job. I will point out that > they aren't even doing the job for the RIR. If they were, then > the RIR would not allow people to submit spreadsheets and such > as evidence of utilization. I agree. SWIP (Shared WHOIS Information Project) is broken. WHOIS itself is broken. RWHOIS (Remote WHOIS) is broken. In the past, I have proposed a step to fix this problem but I see no proposal from you. --Michael Dillon From dsd at servervault.com Wed Jan 9 07:20:02 2008 From: dsd at servervault.com (Divins, David) Date: Wed, 9 Jan 2008 07:20:02 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: Mr. Conrad is correct that I have overstated my desire to rid the world of these tools and what I really want is a policy revamp of information required. I do take exception to the idea that I want the internet to be full of child predators and spammers-- I hate spammers. However, my point is as long as an address has the appropraite contact info (be it my abuse desk or a reassigned abuse desk) I feel there is no reason that end user info and physical address information needs to be published. Despite what many believe, for me, it is not because I don't want my customer base "raped". I am secure enough in my service delivery that my customers will stay even if targeted by others. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: Ted Mittelstaedt [mailto:tedm at ipinc.net] Sent: Tuesday, January 08, 2008 7:00 PM To: David Conrad; Divins, David Cc: Public Policy Mailing List Subject: ***POSSIBLE SPAM*** RE: [ppml] /29 limit for ARIN SWIP whois OK so I guess let me summarize the points of view: 1) SWIP is a valuable and much-needed tool that allows network administrators on the Internet to quickly find and report spammers, and other network miscreants. The current limit of /29 is obsolete since lots of entities today are assigned /32s under DSL, and that does not allow for disclosure of every entity assigned an IP address. 2) SWIP is an evil thing that allows my competitors to rape me of my customer base and spam the hell out of people. I think it's pretty clear that David Divins is in the #2 camp. My comment to this is that I think it pointless to set policy to make the #2 camp happy. They won't be happy until the entire Internet is just one big anonymous network that allows spammers, child predators and other miscreants to wreak havoc with no oversight or any way to track them down. It is pointless to make the claim that a single technical and abuse contact is all that is necessary for a netblock assignment of tens of thousands of IPv4 numbers, and potentially millions of IPv6 numbers. That is the thrust of the "I provide valid POC for my netblock, and my customers are none of your business" people. A single POC for that many entities merely means a single mailbox that is overflowing with complaints that are ignored. I think we ALL have had the experience of sending a spam complaint to abuse at aol.com and seeing how useful it is to getting the spammer shut down. That's the morally bankrupt result of the #2 camp logic. So please, let's ignore their input on SWIP policy. If we mandate /32 SWIPS they are just going to ignore them, the way they are currently ignoring /29 SWIPS. So, to hell with them. For the rest of us who have a modicum of responsibility, in the #1 camp, clearly SWIPS aren't doing the job. I will point out that they aren't even doing the job for the RIR. If they were, then the RIR would not allow people to submit spreadsheets and such as evidence of utilization. Ted >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >David Conrad >Sent: Tuesday, January 08, 2008 2:25 PM >To: Divins, David >Cc: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Oh. > >That's different. "Down with SWIP and RWHOIS" is an unfortunate >shorthand for "Whois data publication policy should be revised." > >Opinions vary. No doubt we'll hear most of them repeated with vigor. > >Regards, >-drc > >On Jan 8, 2008, at 2:00 PM, Divins, David wrote: >> I have no problem sharing that information with my RIR at any tie. >> >> I do take issue with the full amount of information required being >> available to any one who wants it. My position is if I provide valid >> technical and abuse contac for an address space, the specific end- >> entity >> it is in use by and their physical address is irrelevant. >> >> -dsd >> >> David Divins >> Principal Engineer >> ServerVault Corp. >> >> -----Original Message----- >> From: David Conrad [mailto:drc at virtualized.org] >> Sent: Tuesday, January 08, 2008 4:56 PM >> To: Divins, David >> Cc: Public Policy Mailing List >> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >> >> If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be >> able to determine utilization? >> >> Regards, >> -drc >> >> On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >>> I think it is clear from these discussions that SWIP is unnecessary. >>> >>> Down with SWIP and RWHOIS! >>> >>> -dsd >>> >>> David Divins >>> Principal Engineer >>> ServerVault Corp. >>> >>> -----Original Message----- >>> From: arin-discuss-bounces at arin.net >>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >>> Sent: Tuesday, January 08, 2008 6:31 AM >>> To: arin-discuss at arin.net >>> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >>> SWIP whois >>> >>> This discussion needs to move to the ppml as it concerns a policy and >>> its merits and rationale. >>> >>> Ray >>> >>>> -----Original Message----- >>>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>>> bounces at arin.net] On Behalf Of Leo Bicknell >>>> Sent: Monday, January 07, 2008 10:14 PM >>>> To: arin-discuss at arin.net >>>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>>> >>>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>>> Maimon wrote: >>>>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >>>> >>>> I will point out (in IPv4): >>>> >>>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>>> utilized. >>>> >>>> In terms of subnets, which only make sense if you have two more more >>>> devices (router + one or more hosts): >>>> >>>> /31 subnet by definition is 100% used. >>>> /30 subnet by definition is 100% used (router, host, network, >>>> broadcast). >>>> /29 subnet is at minimum 50% used (router, host, network, >>>> broadcast). >>>> If we further assume this was done because a /30 was not large >>>> enough (e.g. people are doing the right thing) there must be at >>>> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >>>> utilization, which would require 7 of the 8 IP's to be in use; >>>> that leaves an interesting corner case where 5/8 and 6/8 can't >>>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>>> have an underutilized /29. >>>> >>>> Now, one of ARIN's primary uses for the data is to insure >>>> assignments >> >>>> were made in accordance with ARIN's rules when someone requests more >>>> space. There's no reason to review a /30, /31, or 32, as there's no >>>> chance those assignments were under-utilized. >>>> >>>> -- >>>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>>> tmbg-list-request at tmbg.org, www.tmbg.org >> >> >> > >_______________________________________________ >PPML >You are receiving this message because you are subscribed to the >ARIN Public Policy >Mailing List (PPML at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml >Please contact the ARIN Member Services Help Desk at info at arin.net >if you experience any issues. > From steve at blighty.com Wed Jan 9 12:24:56 2008 From: steve at blighty.com (Steve Atkins) Date: Wed, 9 Jan 2008 09:24:56 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> On Jan 9, 2008, at 4:20 AM, Divins, David wrote: > Mr. Conrad is correct that I have overstated my desire to rid the > world > of these tools and what I really want is a policy revamp of > information > required. > > I do take exception to the idea that I want the internet to be full of > child predators and spammers-- I hate spammers. > > However, my point is as long as an address has the appropraite contact > info (be it my abuse desk or a reassigned abuse desk) I feel there > is no > reason that end user info and physical address information needs to be > published. Despite what many believe, for me, it is not because I > don't > want my customer base "raped". I am secure enough in my service > delivery that my customers will stay even if targeted by others. One problem is that bad actors often have dozens of /29s and /28s at many different hosting providers, many of them not as on the ball as servervault. Being able to identify all those as "the same entity" leads to entirely different approachs to mitigation than simply blaming each provider for the malign traffic. Ones that the providers are likely to prefer. Cheers, Steve From michael.dillon at bt.com Wed Jan 9 12:58:06 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jan 2008 17:58:06 -0000 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> References: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> Message-ID: > One problem is that bad actors often have dozens of /29s and > /28s at many different hosting providers, many of them not as > on the ball as servervault. > > Being able to identify all those as "the same entity" leads > to entirely different approachs to mitigation than simply > blaming each provider for the malign traffic. Ones that the > providers are likely to prefer. Yes. It leads the bad actors to registering each bit of their infrastructure under a different fake name or DBA. This is a game of technical one-upmanship that the bad actors have proven to be expert at winning. The smart approach is to attack them where and when they least expect it. For instance, suppose we no longer publish any whois info at all for people who have reassigned addresses. None at all. This lulls the bad actors into a false sense of security and then, when they are not expecting it, the law pounces on them and uses the reasonably accurate records of their 20 hosting providers as evidence in a court of law. We replace the technical attack vector with a legal one. After all these bad actors are not just network undesirables, they are LAWBREAKERS and the system, outside of ARIN, already has processes to deal with lawbreakers. A smart bad actor already knows all of this and he prefers that ARIN require ISPs to publish detailled whois info so that he can cover his tracks and let the unskilled bad actors, many of whom are customers of his "bad actor toolkits" to take the heat. I believe that society, and law enforcement agencies, would be better served by getting rid of most whois information. Only organizations with a direct, contractual, relationship with ARIN would be in the whois directory. ISPs with an ARIN allocation would be forced to either bear the costs of managing abuse reports for their customer base, or publish their own whois directory if they so wish. --Michael Dillon From steve at blighty.com Wed Jan 9 13:07:13 2008 From: steve at blighty.com (Steve Atkins) Date: Wed, 9 Jan 2008 10:07:13 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> Message-ID: <50C7DFD2-35C7-4E26-8318-5B183F3DEEFC@blighty.com> On Jan 9, 2008, at 9:58 AM, wrote: > For instance, suppose we no longer publish any whois info > at all for people who have reassigned addresses. None at > all. This lulls the bad actors into a false sense of > security and then, when they are not expecting it, the > law pounces on them and uses the reasonably accurate > records of their 20 hosting providers as evidence in > a court of law. We replace the technical attack vector > with a legal one. After all these bad actors are not > just network undesirables, they are LAWBREAKERS and the > system, outside of ARIN, already has processes to deal > with lawbreakers. No, they're usually not. The majority of bad traffic is legal or grey area. Spam is perfectly legal, for instance, in most places. > A smart bad actor already knows all of this and he > prefers that ARIN require ISPs to publish detailled > whois info so that he can cover his tracks and let > the unskilled bad actors, many of whom are customers > of his "bad actor toolkits" to take the heat. Sometimes, yes. > I believe that society, and law enforcement agencies, > would be better served by getting rid of most whois > information. Only organizations with a direct, contractual, > relationship with ARIN would be in the whois directory. > ISPs with an ARIN allocation would be forced to either > bear the costs of managing abuse reports for their > customer base, or publish their own whois directory > if they so wish. It's a tempting idea in some respects, certainly. If you want your entire address space to have the same reputation as the worst of your customers (either current or within the previous year or so) that would be one approach. (That's a generic "you" - I'm not attempting to discuss BT's reputation or history here.) I can see the attraction of doing that, but I also see the disadvantages. Cheers, Steve From mcr at xdsinc.net Wed Jan 9 13:17:21 2008 From: mcr at xdsinc.net (mcr at xdsinc.net) Date: Wed, 09 Jan 2008 13:17:21 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080109010127.GA64266@ussenterprise.ufp.org> References: <20080108031404.GA52362@ussenterprise.ufp.org> <20080109010127.GA64266@ussenterprise.ufp.org> Message-ID: <20080109181727.879F514465A@smtp2.arin.net> >>>>> "Leo" == Leo Bicknell writes: Leo> No. My argument is that there's no need for everyone to put Leo> their name, address and phone number on the back of their car. Leo> If you see a car run a red light you don't get to show up at Leo> Bob's home with a baseball bat and beat him up; you get to call Leo> authorities and give them the license plate number, which they Leo> can look up and track down. Leo> If someone is comitting a crime from an IP address the right Leo> thing to do is call the police, not make the information Leo> available for a self-appointed lynch mob to show up at the Leo> person's door. Cool. So, will this policy change identify: a) which police I call. b) what are the infractions. (is lack of a reverse an infraction? Is failing to observe my SLA with my transit ISP an infraction?) c) who these police are going to funded. d) will there be an open market for providing these "police" services e) who do I get IP-police credentials anyway? -- Michael Richardson XDS Inc, Ottawa, ON Personal: http://www.sandelman.ca/mcr/ From dsd at servervault.com Wed Jan 9 13:18:04 2008 From: dsd at servervault.com (Divins, David) Date: Wed, 9 Jan 2008 13:18:04 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <50C7DFD2-35C7-4E26-8318-5B183F3DEEFC@blighty.com> References: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> <50C7DFD2-35C7-4E26-8318-5B183F3DEEFC@blighty.com> Message-ID: I recognize that people use SWIP and RWHOIS information for a variety of different things. I also acknowledge that I probably will never get my way but that does not make the question not worth raising. I think Leo Bicknell has provided many great presentations on the accuracy and breakdown of this information (thanks Leo!). As for "Bad Actors", I believe they can get around any restrictions we try and pose on them and chances are the abuse/technical contact info is a bit bucket which violates my "as long as I provide valid info" clause. For many bad actors you end up having to go up a branch to complain anyway. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Steve Atkins Sent: Wednesday, January 09, 2008 1:07 PM To: Public Policy Mailing List Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois On Jan 9, 2008, at 9:58 AM, wrote: > For instance, suppose we no longer publish any whois info at all for > people who have reassigned addresses. None at all. This lulls the bad > actors into a false sense of security and then, when they are not > expecting it, the law pounces on them and uses the reasonably accurate > records of their 20 hosting providers as evidence in a court of law. > We replace the technical attack vector with a legal one. After all > these bad actors are not just network undesirables, they are > LAWBREAKERS and the system, outside of ARIN, already has processes to > deal with lawbreakers. No, they're usually not. The majority of bad traffic is legal or grey area. Spam is perfectly legal, for instance, in most places. > A smart bad actor already knows all of this and he prefers that ARIN > require ISPs to publish detailled whois info so that he can cover his > tracks and let the unskilled bad actors, many of whom are customers of > his "bad actor toolkits" to take the heat. Sometimes, yes. > I believe that society, and law enforcement agencies, would be better > served by getting rid of most whois information. Only organizations > with a direct, contractual, relationship with ARIN would be in the > whois directory. > ISPs with an ARIN allocation would be forced to either bear the costs > of managing abuse reports for their customer base, or publish their > own whois directory if they so wish. It's a tempting idea in some respects, certainly. If you want your entire address space to have the same reputation as the worst of your customers (either current or within the previous year or so) that would be one approach. (That's a generic "you" - I'm not attempting to discuss BT's reputation or history here.) I can see the attraction of doing that, but I also see the disadvantages. Cheers, Steve _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From michael.dillon at bt.com Wed Jan 9 13:36:25 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jan 2008 18:36:25 -0000 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <50C7DFD2-35C7-4E26-8318-5B183F3DEEFC@blighty.com> References: <4C5C78CE-1BBC-41A7-AE54-DDF8DA6E8636@blighty.com> <50C7DFD2-35C7-4E26-8318-5B183F3DEEFC@blighty.com> Message-ID: > If you want your entire address space to have the same > reputation as the worst of your customers (either current or > within the previous year or so) that would be one approach. Most ISPs have AUPs which let them get rid of such customers in fairly short order so that they DON'T get a bad reputation. Some, like us, are more proactive and have tools which seek out bad actors and block their traffic before it causes costly abuse reports to come in. By publishing the WHOIS directory, ARIN is foisting the cost of dealing with bad actors onto their victims. --Michael Dillon From tedm at ipinc.net Wed Jan 9 13:36:25 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 10:36:25 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >michael.dillon at bt.com >Sent: Wednesday, January 09, 2008 12:41 AM >To: ppml at arin.net >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Is it bad for David to take full responsibility for traffic >emanating from his address space? > No. However, experience has shown that the majority of ISP's that don't publish detailed SWIPS also don't take responsibility for their network blocks. David may be perfectly willing to read and respond to all complaints for his entire netblock. But will his successor? You see, the reason we have laws and policies in place is that there's 3 general types of people in the world: 1) Those who understand the intent of a thing and go over and beyond the stated requirements to satisfy the intent. For example if I purchase something at Sak's Fifth Avenue and a couple months later I have a problem with it, I have no doubt that Saks will go well beyond the legal requirements to make sure I'm happy with it. 2) Those who understand the intent of the thing but will only bestir themselves to do the minimum that is required. For example, the accounting student who is angry that he got a 75% score on his CPA exam, because 75% is 5% more than the minimum needed to pass - and he is upset that he had to do the extra work that got him the 5% 3) Those who may or may not understand the intent of the thing but are selfish and don't give a rat's ass about what the rest of the world thinks, or how their own actions may inconvenience the rest of the people in the world, and are just going to do whatever they want - and if it's illegal, they are going to figure out a way to hide the fact they are doing it. For example, the guy that downloads pirated DVD's and rationalizes to himself that the movie studios have lots of money, so what he's doing isn't stealing. Or, for example, the ISP that publishes only a single POC for his netblocks, then dumps all the complaints to that address into /dev/null because he's too busy to respond to them. No policy in the world will make the folks in camp #3 do the right thing. David may be in camp #1, but we have to write policy for camp #2, we can't write it for camp #1. >> For the rest of us who have a modicum of responsibility, in the >> #1 camp, clearly SWIPS aren't doing the job. I will point out that >> they aren't even doing the job for the RIR. If they were, then >> the RIR would not allow people to submit spreadsheets and such >> as evidence of utilization. > >I agree. SWIP (Shared WHOIS Information Project) is broken. >WHOIS itself is broken. RWHOIS (Remote WHOIS) is broken. >In the past, I have proposed a step to fix this problem >but I see no proposal from you. > I don't see any point of a policy change. The current /29 is quite obviously now a political compromise between the people who want to do the right thing, and the people who have to be prodded to do the right thing, regardless of whatever it started out to be. The people who are in camp #1 have already gone into the over and above effort to field their own rwhois servers and make the /32 allocations available for perusal, they aren't being constrained by the SWIP limitations. Ted From michael.dillon at bt.com Wed Jan 9 13:43:53 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jan 2008 18:43:53 -0000 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080109181727.879F514465A@smtp2.arin.net> References: <20080108031404.GA52362@ussenterprise.ufp.org><20080109010127.GA64266@ussenterprise.ufp.org> <20080109181727.879F514465A@smtp2.arin.net> Message-ID: > Cool. So, will this policy change identify: > a) which police I call. > b) what are the infractions. > (is lack of a reverse an infraction? > Is failing to observe my SLA with my transit ISP an > infraction?) > c) who these police are going to funded. > d) will there be an open market for providing these > "police" services > e) who do I get IP-police credentials anyway? If we only publish whois info for organizations with a direct ARIN relationship, then we could extend the whois directory to contain the phone number of the local police Commercial Crime department at the organization's headquarters location, the fax number and postal address at which to serve sub-poenas and so on. Police funding is out of scope for ARIN. As for credentials, you seem to be making fun of the idea of a special IP police force. Don't you realize that this is the state of affairs today? There is a special, self-appointed vigilante IP police force which uses various forms of intimidation as a regular part of their arsenal. These IP police have no credentials and are not regulated by anyone at all. If we shift to a model where the responsibility for responding to "bad actors" lies with the ISP from whose address space the abuse originates from, then we will end up with a model where real-life law enforcement, and normal commercial contract-law, cleans up the bad actors. The first step is to remove all whois information that is not for an organization with a direct relationship with ARIN. --Michael Dillon From bicknell at ufp.org Wed Jan 9 13:40:53 2008 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 9 Jan 2008 13:40:53 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080109181727.879F514465A@smtp2.arin.net> References: <20080108031404.GA52362@ussenterprise.ufp.org> <20080109010127.GA64266@ussenterprise.ufp.org> <20080109181727.879F514465A@smtp2.arin.net> Message-ID: <20080109184053.GA25995@ussenterprise.ufp.org> In a message written on Wed, Jan 09, 2008 at 01:17:21PM -0500, mcr at xdsinc.net wrote: > Cool. So, will this policy change identify: > a) which police I call. I suggest using your local phone book for, City, County, and State Police/Sherrif/Constables, and FBI offices near you. Your local district attorneys may also be interested. > b) what are the infractions. > (is lack of a reverse an infraction? > Is failing to observe my SLA with my transit ISP an infraction?) I suggest you contact your lawyer on what may constitute criminal and/or civil actions. > c) who these police are going to funded. Funding for these people are already in place via a mechanism favorable to the local government, typically taxes. > d) will there be an open market for providing these "police" services No, these police are given special powers as a matter of law. If you want others to have these powers you will have to change the law. For that I would point you to your local legislature. > e) who do I get IP-police credentials anyway? If you want to be part of the police force I believe they all have information on how to submit a job application, or volunteer. Each agency has it's own rules, you should contact them. In the long run, I suspect having scammers convicted of fraud, spammers convicted of violation of the CAN SPAM act, and child molesters guilty of COPA violations (or worse) and putting them in prision will do far more to solve the problem than having vigilanties work on getting them booted off a particular ISP only to have them appear wack-a-mole style on 10 more. All we're managing to do now is to train them how to hide from whois by using disposable accounts, providers who use DHCP, and other mechanisms, all the while invading the privacy of millions of people by posting name, address, and phone number details they probably aren't even aware are online. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From tedm at ipinc.net Wed Jan 9 14:00:07 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 11:00:07 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Divins, David >Sent: Wednesday, January 09, 2008 4:20 AM >Cc: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Mr. Conrad is correct that I have overstated my desire to rid the world >of these tools and what I really want is a policy revamp of information >required. > >I do take exception to the idea that I want the internet to be full of >child predators and spammers-- I hate spammers. > >However, my point is as long as an address has the appropraite contact >info (be it my abuse desk or a reassigned abuse desk) I feel there is no >reason that end user info and physical address information needs to be >published. Then field your own rwhois server and you can then determine what fields of information you want to have displayed. My concern here is that since it is so easy to circumvent the existing SWIP requirements for disclosure (All you have to do is replace the address info with "Not Available - refer to Wonkulating Gronkulator ISP if you feel the need to obscure the data) that watering them down to only requiring, say, name, rank, and serial number, is equivalent to not requiring anything at all. It's kind of like the 55Mph speed limit. Nobody follows the double nickle - but having it sets a baseline for behavior, that is, everyone will happily drive 60, most people will drive 65, some people will drive 70, few people will drive 75, and so on. Similarly, while everyone currently supplies at least POC, not everyone supplies complete name and street accress info, fewer make sure it's accurate for the netblocks, fewer still make sure the POC is even reachable, even fewer actually respond to it. If you change SWIP requirements to only require POC then your changing the baseline so now your going to not have everyone even supplying POC much less the rest of the data, and almost nobody will bother responding to it. As for the privacy aspects of the thing, there is a very simple answer for this. If the IP customer has a public listing of their name in either the White or the Yellow Pages, or if they have an operating webserver on the IP address that publishes their contact info, then they must disclose full data via SWIP. Only the customers who have unlisted telephone book data are permitted to publish a "Not Available - Refer to ISP" kind of listing. They can't have it both ways. >Despite what many believe, for me, it is not because I don't >want my customer base "raped". I am secure enough in my service >delivery that my customers will stay even if targeted by others. > The only reason I said that is to throw it out on the table - I've seen enough of these discussions in the past to know that this is a primary motivator for some folks - but they will never admit it unless someone else does first because deep down they know it's a baloney reason. (Cue here for the puffed-up crumb to enter stage right spluttering about how concealing customer data on the Internet is vital for them to stay in business) Ted From ptimmins at clearrate.com Wed Jan 9 14:01:19 2008 From: ptimmins at clearrate.com (Paul G. Timmins) Date: Wed, 9 Jan 2008 14:01:19 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: <9FD0320F0D53A3459C007305FA2902044E7AAB@Computerroom.corp.clearrate.net> There are legitimate reasons for whois that an abuse desk doesn't cover. I've had quite a few badly written spiders hammer websites I control, and they don't use the User-Agent header properly. Since blocking them gets annoying after a while, I hit whois, find the contact info for whatever little llc out of someone's home hoping to be google someday, or sometimes a badly written internal crawler that starts searching my pages because my site was linked from their intranet, etc. In fact, I used it a few weeks ago to contact a technical person at a well known (unnamed) regional grocery chain here in the midwest, who had a malfunctioning server that sent me 140 copies of their online weekly circular over the course of 3-4 days. Because they had a tech POC, I was able to get a hold of them right away, and they were able to stop it in hours. I'm thinking that if they didn't have that, I'd probably have had to build a procmail rule, and they probably would have been annoying other customers with it too, many not smart enough to use whois or procmail. I'm not sure what their upstream's abuse POC would have done in the above circumstances, but I'm glad they populated whois. -Paul -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Divins, David Sent: Wednesday, January 09, 2008 7:20 AM Cc: Public Policy Mailing List Subject: Re: [ppml] /29 limit for ARIN SWIP whois Mr. Conrad is correct that I have overstated my desire to rid the world of these tools and what I really want is a policy revamp of information required. I do take exception to the idea that I want the internet to be full of child predators and spammers-- I hate spammers. However, my point is as long as an address has the appropraite contact info (be it my abuse desk or a reassigned abuse desk) I feel there is no reason that end user info and physical address information needs to be published. Despite what many believe, for me, it is not because I don't want my customer base "raped". I am secure enough in my service delivery that my customers will stay even if targeted by others. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: Ted Mittelstaedt [mailto:tedm at ipinc.net] Sent: Tuesday, January 08, 2008 7:00 PM To: David Conrad; Divins, David Cc: Public Policy Mailing List Subject: ***POSSIBLE SPAM*** RE: [ppml] /29 limit for ARIN SWIP whois OK so I guess let me summarize the points of view: 1) SWIP is a valuable and much-needed tool that allows network administrators on the Internet to quickly find and report spammers, and other network miscreants. The current limit of /29 is obsolete since lots of entities today are assigned /32s under DSL, and that does not allow for disclosure of every entity assigned an IP address. 2) SWIP is an evil thing that allows my competitors to rape me of my customer base and spam the hell out of people. I think it's pretty clear that David Divins is in the #2 camp. My comment to this is that I think it pointless to set policy to make the #2 camp happy. They won't be happy until the entire Internet is just one big anonymous network that allows spammers, child predators and other miscreants to wreak havoc with no oversight or any way to track them down. It is pointless to make the claim that a single technical and abuse contact is all that is necessary for a netblock assignment of tens of thousands of IPv4 numbers, and potentially millions of IPv6 numbers. That is the thrust of the "I provide valid POC for my netblock, and my customers are none of your business" people. A single POC for that many entities merely means a single mailbox that is overflowing with complaints that are ignored. I think we ALL have had the experience of sending a spam complaint to abuse at aol.com and seeing how useful it is to getting the spammer shut down. That's the morally bankrupt result of the #2 camp logic. So please, let's ignore their input on SWIP policy. If we mandate /32 SWIPS they are just going to ignore them, the way they are currently ignoring /29 SWIPS. So, to hell with them. For the rest of us who have a modicum of responsibility, in the #1 camp, clearly SWIPS aren't doing the job. I will point out that they aren't even doing the job for the RIR. If they were, then the RIR would not allow people to submit spreadsheets and such as evidence of utilization. Ted >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >David Conrad >Sent: Tuesday, January 08, 2008 2:25 PM >To: Divins, David >Cc: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Oh. > >That's different. "Down with SWIP and RWHOIS" is an unfortunate >shorthand for "Whois data publication policy should be revised." > >Opinions vary. No doubt we'll hear most of them repeated with vigor. > >Regards, >-drc > >On Jan 8, 2008, at 2:00 PM, Divins, David wrote: >> I have no problem sharing that information with my RIR at any tie. >> >> I do take issue with the full amount of information required being >> available to any one who wants it. My position is if I provide valid >> technical and abuse contac for an address space, the specific end- >> entity >> it is in use by and their physical address is irrelevant. >> >> -dsd >> >> David Divins >> Principal Engineer >> ServerVault Corp. >> >> -----Original Message----- >> From: David Conrad [mailto:drc at virtualized.org] >> Sent: Tuesday, January 08, 2008 4:56 PM >> To: Divins, David >> Cc: Public Policy Mailing List >> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >> >> If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be >> able to determine utilization? >> >> Regards, >> -drc >> >> On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >>> I think it is clear from these discussions that SWIP is unnecessary. >>> >>> Down with SWIP and RWHOIS! >>> >>> -dsd >>> >>> David Divins >>> Principal Engineer >>> ServerVault Corp. >>> >>> -----Original Message----- >>> From: arin-discuss-bounces at arin.net >>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >>> Sent: Tuesday, January 08, 2008 6:31 AM >>> To: arin-discuss at arin.net >>> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >>> SWIP whois >>> >>> This discussion needs to move to the ppml as it concerns a policy and >>> its merits and rationale. >>> >>> Ray >>> >>>> -----Original Message----- >>>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>>> bounces at arin.net] On Behalf Of Leo Bicknell >>>> Sent: Monday, January 07, 2008 10:14 PM >>>> To: arin-discuss at arin.net >>>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>>> >>>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>>> Maimon wrote: >>>>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >>>> >>>> I will point out (in IPv4): >>>> >>>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>>> utilized. >>>> >>>> In terms of subnets, which only make sense if you have two more more >>>> devices (router + one or more hosts): >>>> >>>> /31 subnet by definition is 100% used. >>>> /30 subnet by definition is 100% used (router, host, network, >>>> broadcast). >>>> /29 subnet is at minimum 50% used (router, host, network, >>>> broadcast). >>>> If we further assume this was done because a /30 was not large >>>> enough (e.g. people are doing the right thing) there must be at >>>> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >>>> utilization, which would require 7 of the 8 IP's to be in use; >>>> that leaves an interesting corner case where 5/8 and 6/8 can't >>>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>>> have an underutilized /29. >>>> >>>> Now, one of ARIN's primary uses for the data is to insure >>>> assignments >> >>>> were made in accordance with ARIN's rules when someone requests more >>>> space. There's no reason to review a /30, /31, or 32, as there's no >>>> chance those assignments were under-utilized. >>>> >>>> -- >>>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>>> tmbg-list-request at tmbg.org, www.tmbg.org >> >> >> > >_______________________________________________ >PPML >You are receiving this message because you are subscribed to the >ARIN Public Policy >Mailing List (PPML at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml >Please contact the ARIN Member Services Help Desk at info at arin.net >if you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From tedm at ipinc.net Wed Jan 9 14:03:57 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 11:03:57 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >michael.dillon at bt.com >Sent: Wednesday, January 09, 2008 10:36 AM >To: ppml at arin.net >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >By publishing the WHOIS directory, ARIN is foisting the cost >of dealing with bad actors onto their victims. I'm a network administrator but I'm also a victim. I would prefer to have the choice to pay those costs of dealing with bad actors. You see, I have more confidence that I'll get results for something I'm paying for directly, than something I'm paying someone else to do for me. By taking away RWHOIS your taking away my choice to pay those costs. Ted From tedm at ipinc.net Wed Jan 9 14:11:34 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 11:11:34 -0800 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >michael.dillon at bt.com >Sent: Wednesday, January 09, 2008 10:44 AM >To: ppml at arin.net >Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois > > >Police funding is out of scope for ARIN. As for credentials, >you seem to be making fun of the idea of a special IP police >force. Don't you realize that this is the state of affairs >today? There is a special, self-appointed vigilante IP >police force which uses various forms of intimidation as >a regular part of their arsenal. These IP police have no >credentials and are not regulated by anyone at all. > I understand this is the way it is today. There is a very good reason for it being this way. (well, very bad reason from one point of view) And it is not going to change anytime soon. >If we shift to a model where the responsibility for >responding to "bad actors" lies with the ISP from whose >address space the abuse originates from, then we will >end up with a model where real-life law enforcement, >and normal commercial contract-law, cleans up the bad actors. > I would suggest you do some research on how effective the United Nations Security Council is in "cleaning up" bad actors like North Korea. We don't have an Internet police force because the Internet is global, and we do not have a global police force. If you can figure out a way to get the world's governments to all agree on setting up a single world police force, then this issue will be solved. Until the, the "vigilanties" on the Internet work exactly like the "vigilanties" of the world, such as the United States (Iraq invasion) Israel, US, Russia (kidnapping of people they don't like in other countries) Iran (killing of people they don't like in other countries) etc. etc. etc. Ted From dsd at servervault.com Wed Jan 9 14:13:00 2008 From: dsd at servervault.com (Divins, David) Date: Wed, 9 Jan 2008 14:13:00 -0500 Subject: [ppml] ***POSSIBLE SPAM*** RE: /29 limit for ARIN SWIP whois In-Reply-To: <9FD0320F0D53A3459C007305FA2902044E7AAB@Computerroom.corp.clearrate.net> References: <9FD0320F0D53A3459C007305FA2902044E7AAB@Computerroom.corp.clearrate.net> Message-ID: As stated in my earlier messages, I think RWHOIS should only REQUIRE valid Technical and Abuse contact. You are more than welcome to add as much info as you want (Ted, this way you have the option of passing the buck to downstreams). The example below requires a tech contact, so does my desire. Did you benefit from having the Grocery stores physical address? Or even care that the grocery store was SWIPed. No you wanted a tech contact for ServerX, which I agree with. -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: Paul G. Timmins [mailto:ptimmins at clearrate.com] Sent: Wednesday, January 09, 2008 2:01 PM To: Divins, David Cc: Public Policy Mailing List Subject: ***POSSIBLE SPAM*** RE: [ppml] /29 limit for ARIN SWIP whois There are legitimate reasons for whois that an abuse desk doesn't cover. I've had quite a few badly written spiders hammer websites I control, and they don't use the User-Agent header properly. Since blocking them gets annoying after a while, I hit whois, find the contact info for whatever little llc out of someone's home hoping to be google someday, or sometimes a badly written internal crawler that starts searching my pages because my site was linked from their intranet, etc. In fact, I used it a few weeks ago to contact a technical person at a well known (unnamed) regional grocery chain here in the midwest, who had a malfunctioning server that sent me 140 copies of their online weekly circular over the course of 3-4 days. Because they had a tech POC, I was able to get a hold of them right away, and they were able to stop it in hours. I'm thinking that if they didn't have that, I'd probably have had to build a procmail rule, and they probably would have been annoying other customers with it too, many not smart enough to use whois or procmail. I'm not sure what their upstream's abuse POC would have done in the above circumstances, but I'm glad they populated whois. -Paul -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Divins, David Sent: Wednesday, January 09, 2008 7:20 AM Cc: Public Policy Mailing List Subject: Re: [ppml] /29 limit for ARIN SWIP whois Mr. Conrad is correct that I have overstated my desire to rid the world of these tools and what I really want is a policy revamp of information required. I do take exception to the idea that I want the internet to be full of child predators and spammers-- I hate spammers. However, my point is as long as an address has the appropraite contact info (be it my abuse desk or a reassigned abuse desk) I feel there is no reason that end user info and physical address information needs to be published. Despite what many believe, for me, it is not because I don't want my customer base "raped". I am secure enough in my service delivery that my customers will stay even if targeted by others. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: Ted Mittelstaedt [mailto:tedm at ipinc.net] Sent: Tuesday, January 08, 2008 7:00 PM To: David Conrad; Divins, David Cc: Public Policy Mailing List Subject: ***POSSIBLE SPAM*** RE: [ppml] /29 limit for ARIN SWIP whois OK so I guess let me summarize the points of view: 1) SWIP is a valuable and much-needed tool that allows network administrators on the Internet to quickly find and report spammers, and other network miscreants. The current limit of /29 is obsolete since lots of entities today are assigned /32s under DSL, and that does not allow for disclosure of every entity assigned an IP address. 2) SWIP is an evil thing that allows my competitors to rape me of my customer base and spam the hell out of people. I think it's pretty clear that David Divins is in the #2 camp. My comment to this is that I think it pointless to set policy to make the #2 camp happy. They won't be happy until the entire Internet is just one big anonymous network that allows spammers, child predators and other miscreants to wreak havoc with no oversight or any way to track them down. It is pointless to make the claim that a single technical and abuse contact is all that is necessary for a netblock assignment of tens of thousands of IPv4 numbers, and potentially millions of IPv6 numbers. That is the thrust of the "I provide valid POC for my netblock, and my customers are none of your business" people. A single POC for that many entities merely means a single mailbox that is overflowing with complaints that are ignored. I think we ALL have had the experience of sending a spam complaint to abuse at aol.com and seeing how useful it is to getting the spammer shut down. That's the morally bankrupt result of the #2 camp logic. So please, let's ignore their input on SWIP policy. If we mandate /32 SWIPS they are just going to ignore them, the way they are currently ignoring /29 SWIPS. So, to hell with them. For the rest of us who have a modicum of responsibility, in the #1 camp, clearly SWIPS aren't doing the job. I will point out that they aren't even doing the job for the RIR. If they were, then the RIR would not allow people to submit spreadsheets and such as evidence of utilization. Ted >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >David Conrad >Sent: Tuesday, January 08, 2008 2:25 PM >To: Divins, David >Cc: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >Oh. > >That's different. "Down with SWIP and RWHOIS" is an unfortunate >shorthand for "Whois data publication policy should be revised." > >Opinions vary. No doubt we'll hear most of them repeated with vigor. > >Regards, >-drc > >On Jan 8, 2008, at 2:00 PM, Divins, David wrote: >> I have no problem sharing that information with my RIR at any tie. >> >> I do take issue with the full amount of information required being >> available to any one who wants it. My position is if I provide valid >> technical and abuse contac for an address space, the specific end- >> entity it is in use by and their physical address is irrelevant. >> >> -dsd >> >> David Divins >> Principal Engineer >> ServerVault Corp. >> >> -----Original Message----- >> From: David Conrad [mailto:drc at virtualized.org] >> Sent: Tuesday, January 08, 2008 4:56 PM >> To: Divins, David >> Cc: Public Policy Mailing List >> Subject: Re: [ppml] /29 limit for ARIN SWIP whois >> >> If you don't have SWIP, Rwhois, or its equivalent, how would an RIR be >> able to determine utilization? >> >> Regards, >> -drc >> >> On Jan 8, 2008, at 1:23 PM, Divins, David wrote: >>> I think it is clear from these discussions that SWIP is unnecessary. >>> >>> Down with SWIP and RWHOIS! >>> >>> -dsd >>> >>> David Divins >>> Principal Engineer >>> ServerVault Corp. >>> >>> -----Original Message----- >>> From: arin-discuss-bounces at arin.net >>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Ray Plzak >>> Sent: Tuesday, January 08, 2008 6:31 AM >>> To: arin-discuss at arin.net >>> Subject: ***POSSIBLE SPAM*** Re: [arin-discuss] /29 limit for ARIN >>> SWIP whois >>> >>> This discussion needs to move to the ppml as it concerns a policy and >>> its merits and rationale. >>> >>> Ray >>> >>>> -----Original Message----- >>>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >>>> bounces at arin.net] On Behalf Of Leo Bicknell >>>> Sent: Monday, January 07, 2008 10:14 PM >>>> To: arin-discuss at arin.net >>>> Subject: Re: [arin-discuss] /29 limit for ARIN SWIP whois >>>> >>>> In a message written on Sun, Jan 06, 2008 at 10:23:23AM -0500, Joe >>>> Maimon wrote: >>>>> Is there any overriding reason to limit ARIN swip to /29 or bigger? >>>> >>>> I will point out (in IPv4): >>>> >>>> /32 assignment (e.g. dial up, DSL, etc) is by definition 100% >>>> utilized. >>>> >>>> In terms of subnets, which only make sense if you have two more more >>>> devices (router + one or more hosts): >>>> >>>> /31 subnet by definition is 100% used. >>>> /30 subnet by definition is 100% used (router, host, network, >>>> broadcast). >>>> /29 subnet is at minimum 50% used (router, host, network, >>>> broadcast). >>>> If we further assume this was done because a /30 was not large >>>> enough (e.g. people are doing the right thing) there must be at >>>> least 5/8's, or 62.5% in use. Also, while the standard may be 80% >>>> utilization, which would require 7 of the 8 IP's to be in use; >>>> that leaves an interesting corner case where 5/8 and 6/8 can't >>>> fit in a /30, but don't meet 80%. Thus it makes sense to count >>>> 5/8 and 6/8 as fully utilized, making it all but impossible to >>>> have an underutilized /29. >>>> >>>> Now, one of ARIN's primary uses for the data is to insure >>>> assignments >> >>>> were made in accordance with ARIN's rules when someone requests more >>>> space. There's no reason to review a /30, /31, or 32, as there's no >>>> chance those assignments were under-utilized. >>>> >>>> -- >>>> Leo Bicknell - bicknell at ufp.org - CCIE 3440 >>>> PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - >>>> tmbg-list-request at tmbg.org, www.tmbg.org >> >> >> > >_______________________________________________ >PPML >You are receiving this message because you are subscribed to the ARIN >Public Policy Mailing List (PPML at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml >Please contact the ARIN Member Services Help Desk at info at arin.net if >you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From bicknell at ufp.org Wed Jan 9 14:16:34 2008 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 9 Jan 2008 14:16:34 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <9FD0320F0D53A3459C007305FA2902044E7AAB@Computerroom.corp.clearrate.net> References: <9FD0320F0D53A3459C007305FA2902044E7AAB@Computerroom.corp.clearrate.net> Message-ID: <20080109191634.GA28524@ussenterprise.ufp.org> In a message written on Wed, Jan 09, 2008 at 02:01:19PM -0500, Paul G. Timmins wrote: > I'm not sure what their upstream's abuse POC would have done in the > above circumstances, but I'm glad they populated whois. Note, I know of at least two ISP's that switched from rwhois to SWIP solely so their customers information would be visible to the general public. They preferred to have the customer contacted directly first, rather than have their abuse desk deal with all complaints. That's a business model choice. I don't advocate removing that choice. If an ISP wants to publish down to the /32 level, more power to them. Indeed, if you look at RIPE's whois server, not only can you publish that level of detail, but the end ISP is given "remarks" fields where they can populate information like how to contact them, what their BGP communities mean and all sorts of other information. It would be valuable if ARIN had that sort of facility. RIPE proves that such optional fields would be used by many ISP's. However, while I think ISP's should have the option of putting more data in whois, via more interfaces (web, api, e-mail templates) I am strongly opposed to requireing any data beyond who arin made an assignment or allocation to public. We should not have to "out" grandma because she bought a DSL line. There should not be a privacy divide between static and DHCP addresses. Saying you can't have a "unlisted" IP address without having an unlisted phone number is silly. Moreover, if Grandma's computer is taken over by a bot is it better to have random people on the internet e-mailing her, calling her, showing up at her door with pitchforks in hand yelling "stop scum!" or is it better for her ISP to be notified; someone she is paying for support and has technicians who can walk her through installing AV software (that many ISP's provide for free)? If a computer is run by a real bad actor, a criminal enterprise making millions of dollars off of spam would you rather have them simply kicked off a provider only to reappear on another, or would you rather have them put in prision? Mob justice only accomplishes the former, and makes it harder for law enforcement to do the latter as peole are not working with them to get them the information they need, and the result of sending them underground is the information is harder to collect. It may be satisifing to e-mail some bozo who sent you spam and say "you're an idiot". It may seem useful to put them on some black list somewhere and match them up. However, all you're doing is training a better spammer. We've had 10 years of people taking these sorts of actions and spam has grown year over year. Vigilante justice doesn't work in the real world or the cyber world, no matter how good it makes people feel. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From bicknell at ufp.org Wed Jan 9 14:22:21 2008 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 9 Jan 2008 14:22:21 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <20080109192221.GB28524@ussenterprise.ufp.org> In a message written on Wed, Jan 09, 2008 at 11:11:34AM -0800, Ted Mittelstaedt wrote: > I would suggest you do some research on how effective the > United Nations Security Council is in "cleaning up" bad > actors like North Korea. Ah, but if Ted Mittelstaedt had Kim Jong iL's home address and phone number it would all be better, right? You could do something about it, right? You and your band of merry men could stop him from spamming, or launching cyber terror attacks, right? I'm sure you could get him booted from his ISP. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From tedm at ipinc.net Wed Jan 9 14:49:27 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 11:49:27 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <20080109191634.GA28524@ussenterprise.ufp.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Leo Bicknell >Sent: Wednesday, January 09, 2008 11:17 AM >To: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > >In a message written on Wed, Jan 09, 2008 at 02:01:19PM -0500, >Paul G. Timmins wrote: >> I'm not sure what their upstream's abuse POC would have done in the >> above circumstances, but I'm glad they populated whois. > >Note, I know of at least two ISP's that switched from rwhois to >SWIP solely so their customers information would be visible to the >general public. They preferred to have the customer contacted >directly first, rather than have their abuse desk deal with all >complaints. That's a business model choice. > You can publish this in an rwhois org object that is trivial to lookup. You can in fact publish both SWIPs and run an rwhois server. >I don't advocate removing that choice. If an ISP wants to publish >down to the /32 level, more power to them. Indeed, if you look at >RIPE's whois server, not only can you publish that level of detail, >but the end ISP is given "remarks" fields where they can populate >information like how to contact them, what their BGP communities >mean and all sorts of other information. It would be valuable if >ARIN had that sort of facility. RIPE proves that such optional >fields would be used by many ISP's. > We have that with rwhois now. >However, while I think ISP's should have the option of putting more >data in whois, via more interfaces (web, api, e-mail templates) I >am strongly opposed to requireing any data beyond who arin made an >assignment or allocation to public. We should not have to "out" >grandma because she bought a DSL line. Then propose a "residential" exception similar to what was done with domain names. I won't support it, but if you really were concerned about Grandma this would work for it. >There should not be a privacy >divide between static and DHCP addresses. Saying you can't have a >"unlisted" IP address without having an unlisted phone number is >silly. > Why is it silly? I think your only calling it silly because you cannot think of a reasonable and logical argument against it. >Moreover, if Grandma's computer is taken over by a bot is it better >to have random people on the internet e-mailing her, calling her, >showing up at her door with pitchforks in hand yelling "stop scum!" >or is it better for her ISP to be notified; someone she is paying >for support and has technicians who can walk her through installing >AV software (that many ISP's provide for free)? > If Grandma owns a car and gets into her car and drives it, and runs over a pedestrian, should we not publish the accident in the newspaper over privacy concerns? Your advocating Internet usage without identification, which is the root problem that is what has led to spam and identity theft. If Grandma cannot deal with the possibility that someone might show up with a pitchfork, she should not be on the Internet. In any case, your showing your bigotry. Given a choice between being at your house when the angry mob comes, and being at Grandma's house, I'd choose Grandma over you any day. I'll bet money that most Grandmas out there could handle an angry mob better than you could. >If a computer is run by a real bad actor, a criminal enterprise >making millions of dollars off of spam would you rather have them >simply kicked off a provider only to reappear on another, or would >you rather have them put in prision? Mob justice only accomplishes >the former, and makes it harder for law enforcement to do the latter >as peole are not working with them to get them the information they >need, and the result of sending them underground is the information >is harder to collect. > I'm sure the law enforcement in my country really gives a rat's ass about a spammer in the PRC. >It may be satisifing to e-mail some bozo who sent you spam and say >"you're an idiot". It may seem useful to put them on some black >list somewhere and match them up. However, all you're doing is >training a better spammer. We've had 10 years of people taking >these sorts of actions and spam has grown year over year. Vigilante >justice doesn't work in the real world or the cyber world, no matter >how good it makes people feel. This depends on your definition of "works" I think that clearly, spam control HAS worked, it's worked very well in fact. I do not see legitimate companies these days supporting spammers, or arguing (as the direct mail association used to do a few years ago in the US) that we shouldn't pass laws against spammers because it might affect a legitimate businesses ability to use direct mail. Instead, what the vigilanties have done is turned spam into a very black and white issue. They have made the entire issue of bulk mail so politically touchy that legitimate businesses stay away from it, unless it's an opt-in address, and in fact, interest in those is also declining. The legitimate businesses now are looking more into blogs and such for information dissemination. The reason that there's lots more spam today is because since every spammer is now automatically considered by everyone to be a criminal, very few people are now actually buying the weight-loss pills, penis enlargers, baldness cures and such that used to be hawked by spammers. Spam has become less and less effective at getting money in the door so the criminals have to send more and more of it. This is the law of diminishing returns in action. Eventually, spam will be so useless as a means of getting money in the door that the spammers will give it up. This would never be possible if legitimate businesses had embraced spamming as a viable business model. Ted From tedm at ipinc.net Wed Jan 9 14:51:11 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 11:51:11 -0800 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080109192221.GB28524@ussenterprise.ufp.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Leo Bicknell >Sent: Wednesday, January 09, 2008 11:22 AM >To: ppml at arin.net >Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois > > >In a message written on Wed, Jan 09, 2008 at 11:11:34AM -0800, Ted >Mittelstaedt wrote: >> I would suggest you do some research on how effective the >> United Nations Security Council is in "cleaning up" bad >> actors like North Korea. > >Ah, but if Ted Mittelstaedt had Kim Jong iL's home address and phone >number it would all be better, right? You could do something about >it, right? You and your band of merry men could stop him from >spamming, or launching cyber terror attacks, right? I'm sure you >could get him booted from his ISP. If I has the home address for Osama Bin Laden, I assure you that the US military would make things "all better" Ted From kreg at directcom.com Wed Jan 9 15:26:04 2008 From: kreg at directcom.com (kreg) Date: Wed, 09 Jan 2008 13:26:04 -0700 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <47852DDC.2030001@directcom.com> Wow, this is like that movie. What was it called again.... Oh ya, "The Never Ending Story" j/k -Kreg Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >> Leo Bicknell >> Sent: Wednesday, January 09, 2008 11:22 AM >> To: ppml at arin.net >> Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois >> >> >> In a message written on Wed, Jan 09, 2008 at 11:11:34AM -0800, Ted >> Mittelstaedt wrote: >> >>> I would suggest you do some research on how effective the >>> United Nations Security Council is in "cleaning up" bad >>> actors like North Korea. >>> >> Ah, but if Ted Mittelstaedt had Kim Jong iL's home address and phone >> number it would all be better, right? You could do something about >> it, right? You and your band of merry men could stop him from >> spamming, or launching cyber terror attacks, right? I'm sure you >> could get him booted from his ISP. >> > > If I has the home address for Osama Bin Laden, I assure you that > the US military would make things "all better" > > Ted > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > -- Kreg Roenfeldt Systems Administrator ---------------------------------------- p 208.548.2345 f 208.548.9911 e kreg at directcom.com ---------------------------------------- 150 South Main P.O. Box 270 Rockland, ID 83271-0270 Direct Communications -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logo.png Type: image/png Size: 1396 bytes Desc: not available URL: From tedm at ipinc.net Wed Jan 9 15:44:09 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 12:44:09 -0800 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <47852DDC.2030001@directcom.com> Message-ID: -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of kreg Sent: Wednesday, January 09, 2008 12:26 PM To: ppml at arin.net Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois > Wow, this is like that movie. What was it called again.... Oh ya, "The Never Ending Story" Naw, http://www.nbc.com/Passions/ Ted From kreg at directcom.com Wed Jan 9 15:45:08 2008 From: kreg at directcom.com (kreg) Date: Wed, 09 Jan 2008 13:45:08 -0700 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <47853254.6030502@directcom.com> >: D Ted Mittelstaedt wrote: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of kreg > Sent: Wednesday, January 09, 2008 12:26 PM > To: ppml at arin.net > Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois > > > >> Wow, this is like that movie. What was it called again.... Oh ya, "The >> > Never Ending Story" > > Naw, > > http://www.nbc.com/Passions/ > > Ted > > -- Kreg Roenfeldt Systems Administrator ---------------------------------------- p 208.548.2345 f 208.548.9911 e kreg at directcom.com ---------------------------------------- 150 South Main P.O. Box 270 Rockland, ID 83271-0270 Direct Communications -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logo.png Type: image/png Size: 1396 bytes Desc: not available URL: From stephen.spencer at civicwifi.com Wed Jan 9 15:50:50 2008 From: stephen.spencer at civicwifi.com (Stephen D. Spencer) Date: Wed, 09 Jan 2008 14:50:50 -0600 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: Message-ID: <478533AA.9090806@civicwifi.com> Ted Mittelstaedt wrote: > > [...] > If I has the home address for Osama Bin Laden, I assure you that > the US military would make things "all better" > > Ted > http://en.wikipedia.org/wiki/Hitler_rule Not quite, but a valiant effort nonetheless. -- Stephen Spencer Network Administrator Community Wireless Communications/Lawrence Freenet Lawrence, KS From tedm at ipinc.net Wed Jan 9 16:08:39 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 13:08:39 -0800 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <478533AA.9090806@civicwifi.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Stephen D. Spencer >Sent: Wednesday, January 09, 2008 12:51 PM >To: ppml at arin.net >Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois > > >Ted Mittelstaedt wrote: >> >> [...] >> If I has the home address for Osama Bin Laden, I assure you that >> the US military would make things "all better" >> >> Ted >> >http://en.wikipedia.org/wiki/Hitler_rule > >Not quite, but a valiant effort nonetheless. > "not quite" only counts in horseshoes and hand grenades. Ted From bruce.eastman at twcable.com Wed Jan 9 17:15:35 2008 From: bruce.eastman at twcable.com (Eastman, Bruce) Date: Wed, 9 Jan 2008 17:15:35 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <20080109191634.GA28524@ussenterprise.ufp.org> Message-ID: <11F27DF1F3EC9940BEEC496676F94D0502156B76@PRVPVSMAIL06.corp.twcable.com> >Moreover, if Grandma's computer is taken over by a bot is it better >to have random people on the internet e-mailing her, calling her, >showing up at her door with pitchforks in hand yelling "stop scum!" >or is it better for her ISP to be notified; someone she is paying >for support and has technicians who can walk her through installing >AV software (that many ISP's provide for free)? >If a computer is run by a real bad actor, a criminal enterprise >making millions of dollars off of spam would you rather have them >simply kicked off a provider only to reappear on another, or would >you rather have them put in prision? Mob justice only accomplishes >the former, and makes it harder for law enforcement to do the latter >as peole are not working with them to get them the information they >need, and the result of sending them underground is the information >is harder to collect. Leo, I don't mean this to be insulting by any means, but I have seen you mention Lynch mobs and vigilante justice on here a few different times, I am just curious to know if there have ever been any documented instances where vigilante justice has taken place over the issue of spamming, and if so, was the victim actually found by information provided in the whois data base? Thank You, Bruce Eastman IP Capacity Engineer Time Warner Cable - ATG This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. From michael.dillon at bt.com Wed Jan 9 18:14:12 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jan 2008 23:14:12 -0000 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: <20080109192221.GB28524@ussenterprise.ufp.org> Message-ID: > If I has the home address for Osama Bin Laden, I assure you > that the US military would make things "all better" Not really. The US military had the home address of Saddam Hussein and proceeded to bomb the crap out of them, killing some of his associates in the process. But they didn't get Saddam. There are no guarantees that Osama will be home when the US Military comes calling, and more importantly, Osama is a powerless irrelevant figure who no longer has any substantial command and control over the people who perpetrate terrorist attacks in his name. Not to mention the martyr effect which is likely 180 degrees from what you really want. I'll bet that 50 years from now, secret CIA archives will be opened and we discover that they have known where Osama was years ago, and have conciously followed a program of chasing him so that he can't settle down, without any intent to actually attack him and cause hime any personal harm. So can we drop the knee-jerk thinking and the platitudes and get serious about what belongs in an ARIN policy and what doesn't? As you have pointed out, any ISP that doesn't want to handle abuse desk calls is free to publish a list of their customers with phone number and email address, any time they want. They could use RWHOIS, they could use the web. The question is, what is the SCOPE OF ARIN's RESPONSIBILITY in this area. --Michael Dillon From kdoyle at peak5.com Wed Jan 9 18:10:07 2008 From: kdoyle at peak5.com (Kevin Doyle) Date: Wed, 9 Jan 2008 16:10:07 -0700 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <47852DDC.2030001@directcom.com> References: <47852DDC.2030001@directcom.com> Message-ID: A technical question... When we are referring to "bad actors" is that the crew of the "Love Boat"? Kevin ________________________________ From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of kreg Sent: Wednesday, January 09, 2008 1:26 PM To: ppml at arin.net Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois Wow, this is like that movie. What was it called again.... Oh ya, "The Never Ending Story" j/k -Kreg Ted Mittelstaedt wrote: -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of Leo Bicknell Sent: Wednesday, January 09, 2008 11:22 AM To: ppml at arin.net Subject: Re: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In a message written on Wed, Jan 09, 2008 at 11:11:34AM -0800, Ted Mittelstaedt wrote: I would suggest you do some research on how effective the United Nations Security Council is in "cleaning up" bad actors like North Korea. Ah, but if Ted Mittelstaedt had Kim Jong iL's home address and phone number it would all be better, right? You could do something about it, right? You and your band of merry men could stop him from spamming, or launching cyber terror attacks, right? I'm sure you could get him booted from his ISP. If I has the home address for Osama Bin Laden, I assure you that the US military would make things "all better" Ted _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -- Kreg Roenfeldt Systems Administrator ---------------------------------------- p 208.548.2345 f 208.548.9911 e kreg at directcom.com ---------------------------------------- 150 South Main P.O. Box 270 Rockland, ID 83271-0270 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1872 bytes Desc: image001.gif URL: From bicknell at ufp.org Wed Jan 9 18:49:40 2008 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 9 Jan 2008 18:49:40 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <11F27DF1F3EC9940BEEC496676F94D0502156B76@PRVPVSMAIL06.corp.twcable.com> References: <20080109191634.GA28524@ussenterprise.ufp.org> <11F27DF1F3EC9940BEEC496676F94D0502156B76@PRVPVSMAIL06.corp.twcable.com> Message-ID: <20080109234940.GA43764@ussenterprise.ufp.org> In a message written on Wed, Jan 09, 2008 at 05:15:35PM -0500, Eastman, Bruce wrote: > I don't mean this to be insulting by any means, but I have seen you > mention Lynch mobs and vigilante justice on here a few different times, > I am just curious to know if there have ever been any documented > instances where vigilante justice has taken place over the issue of > spamming, and if so, was the victim actually found by information > provided in the whois data base? If you're looking for direct evidence of someone murdering a spammer and then standing up and saying "I used ARIN's whois database to find them" then no, I can provide no direct evidence. I also want to stress the issue is not just vigilante mobs going against spammers though. All the reasons people hate each other apply in the cyber world as well. And it's not just vigilante mobs, it's also lone individual harasser. Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. Has there ever been a case where a predator used whois data to help locate a victim? When a battered woman moves across country and signs up for new internet access is there adequate disclosure from the provider her name address and phone number may be listed in a global, public database? If her ex finds her through that information and kills her, is the ISP, or even ARIN partially liable? To bring back a golden oldie: McGruff.org has "stay safe online" recommendations: http://www.mcgruff.org/Advice/online_safety.php "Never give out personal information like your name, telephone number, address, email, or school name." How many kids are giving out their name, address, and telephone number just by surfing the web from an IP with fairly specific whois information? Who's using that information, and for what purpose? The sad part of all of this is the victims aren't going to speak up. Spammers who have people come to their house and make a death threat aren't going to go to the police. Battered women who need to remain anonymous to stay away from their ex aren't going to write front page articles on CNN about how their privacy was compromised. Child predators aren't going to let the world know whois is a goldmine for them. What percentage of people who buy service from a provide who lists their details in whois know that is the case? I can buy a phone line for home and have it be unlisted. I can buy 5 phone lines for home and have them be unlisted. I can buy 500 phone lines for home and have them be unlisted. Yet, to participate in the Internet at anything more than a basic level I must provide my information to the entire world? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From tedm at ipinc.net Wed Jan 9 20:35:21 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 9 Jan 2008 17:35:21 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <20080109234940.GA43764@ussenterprise.ufp.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Leo Bicknell >Sent: Wednesday, January 09, 2008 3:50 PM >To: Public Policy Mailing List >Subject: Re: [ppml] /29 limit for ARIN SWIP whois > >I also want to stress the issue is not just vigilante mobs going >against spammers though. All the reasons people hate each other >apply in the cyber world as well. And it's not just vigilante mobs, >it's also lone individual harasser. > >Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. >Has there ever been a case where a predator used whois data to help >locate a victim? When a battered woman moves across country and >signs up for new internet access is there adequate disclosure from >the provider her name address and phone number may be listed in a >global, public database? If the litmus test was if the woman's number was unlisted, then are battered women who move across the country going to not have unlisted phone numbers? There are even many "Mittelstaedt's" in the country and that's a pretty rare name. >If her ex finds her through that information >and kills her, is the ISP, or even ARIN partially liable? > No more than if her ex finds her through the telephone company's white pages. >To bring back a golden oldie: McGruff.org has "stay safe online" >recommendations: http://www.mcgruff.org/Advice/online_safety.php > > "Never give out personal information like your name, telephone number, > address, email, or school name." > OK so why is it not OK to give that out online, but OK to give it out in the telephone directory? >How many kids are giving out their name, address, and telephone >number just by surfing the web from an IP with fairly specific whois >information? Who's using that information, and for what purpose? > Children are not of legal age to consent to ANYTHING including the AUP of the ISP they are using, and parents who let children surf the web unattended, without adequate training, ought to be shot. >The sad part of all of this is the victims aren't going to speak >up. Spammers who have people come to their house and make a death >threat aren't going to go to the police. Criminals selling drugs aren't going to go to the police either. That is an occupational risk of engaging in selling drugs. As it is for spamming, also in the US an illegal activity. As a taxpayer who supports both state and federal police, I frankly do not want those organizations spending time making life safer for drug dealers and spammers. Obviously if a spammer or drug dealer actually gets murdered, then I want the cops to toss the murderer in jail for a long long time. But, until that happens, the drug dealers and spammers can take the advice of the old doctor joke and "Don't do that" >Battered women who need >to remain anonymous to stay away from their ex aren't going to write >front page articles on CNN about how their privacy was compromised. >Child predators aren't going to let the world know whois is a >goldmine for them. > Your examples are just not realistic. I've been using my own real name online since around 1982 and I've never had a problem. Your using your real name (I assume) on this forum, have you had a problem? These things your bringing up are marginal, border examples that are outweighed by societies need for tracking and identifying people using the Internet. (not applications on the Internet, the Internet itself) >What percentage of people who buy service from a provide who lists >their details in whois know that is the case? > That is really a different issue - and it is not that it's invalid, quite the contrary. It is that ARIN cannot set policy that makes an ISP fully disclose to it's customers what is and isn't published. I agree customers should be informed. I just don't think that gutting SWIPs usefulness is a way of solving the problem with ISP's that don't inform their customers. >I can buy a phone line for home and have it be unlisted. I can buy >5 phone lines for home and have them be unlisted. I can buy 500 >phone lines for home and have them be unlisted. Yet, to participate >in the Internet at anything more than a basic level I must provide >my information to the entire world? You can buy a domain name and get it "unlisted" through a privacy guard mechanism by many registrars. I don't see a problem with ISP's offering that. I do see a problem with ARIN mandating that they offer that. Ted From bonomi at mail.r-bonomi.com Wed Jan 9 21:13:45 2008 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Wed, 9 Jan 2008 20:13:45 -0600 (CST) Subject: [ppml] /29 limit for ARIN SWIP whois Message-ID: <200801100213.m0A2Djd2002358@mail.r-bonomi.com> > To: "Public Policy Mailing List" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > I don't mean this to be insulting by any means, but I have seen you > mention Lynch mobs and vigilante justice on here a few different times, > I am just curious to know if there have ever been any documented > instances where vigilante justice has taken place over the issue of > spamming, and if so, was the victim actually found by information > provided in the whois data base? A number of more blatent spammers -- e.g. Al Ralsky, Sanford Wallace, Rizler, Walt Rhines, Scott Richter, to name a few -- have been subjected to 'personal' vengence stuff (mass subscriptions to snail-mailed publications, all-hours phone calls, notes left on the car/house door, etc.). Initial home/office address info usually was gleaned from WHOIS listings, supplemented/verified by additional public records searches (e.g., property ownership records, corp. ownership records). From ptimmins at clearrate.com Thu Jan 10 09:36:25 2008 From: ptimmins at clearrate.com (Paul G. Timmins) Date: Thu, 10 Jan 2008 09:36:25 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <20080109234940.GA43764@ussenterprise.ufp.org> Message-ID: <9FD0320F0D53A3459C007305FA2902044E7AB9@Computerroom.corp.clearrate.net> Where are all these battered wives and grandmas who are getting /29s from their upstreams? I'm still trying to figure this out. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Leo Bicknell Sent: Wednesday, January 09, 2008 6:50 PM To: Public Policy Mailing List Subject: Re: [ppml] /29 limit for ARIN SWIP whois In a message written on Wed, Jan 09, 2008 at 05:15:35PM -0500, Eastman, Bruce wrote: > I don't mean this to be insulting by any means, but I have seen you > mention Lynch mobs and vigilante justice on here a few different times, > I am just curious to know if there have ever been any documented > instances where vigilante justice has taken place over the issue of > spamming, and if so, was the victim actually found by information > provided in the whois data base? If you're looking for direct evidence of someone murdering a spammer and then standing up and saying "I used ARIN's whois database to find them" then no, I can provide no direct evidence. I also want to stress the issue is not just vigilante mobs going against spammers though. All the reasons people hate each other apply in the cyber world as well. And it's not just vigilante mobs, it's also lone individual harasser. Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. Has there ever been a case where a predator used whois data to help locate a victim? When a battered woman moves across country and signs up for new internet access is there adequate disclosure from the provider her name address and phone number may be listed in a global, public database? If her ex finds her through that information and kills her, is the ISP, or even ARIN partially liable? To bring back a golden oldie: McGruff.org has "stay safe online" recommendations: http://www.mcgruff.org/Advice/online_safety.php "Never give out personal information like your name, telephone number, address, email, or school name." How many kids are giving out their name, address, and telephone number just by surfing the web from an IP with fairly specific whois information? Who's using that information, and for what purpose? The sad part of all of this is the victims aren't going to speak up. Spammers who have people come to their house and make a death threat aren't going to go to the police. Battered women who need to remain anonymous to stay away from their ex aren't going to write front page articles on CNN about how their privacy was compromised. Child predators aren't going to let the world know whois is a goldmine for them. What percentage of people who buy service from a provide who lists their details in whois know that is the case? I can buy a phone line for home and have it be unlisted. I can buy 5 phone lines for home and have them be unlisted. I can buy 500 phone lines for home and have them be unlisted. Yet, to participate in the Internet at anything more than a basic level I must provide my information to the entire world? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org From kkargel at polartel.com Thu Jan 10 10:05:34 2008 From: kkargel at polartel.com (Kevin Kargel) Date: Thu, 10 Jan 2008 09:05:34 -0600 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <9FD0320F0D53A3459C007305FA2902044E7AB9@Computerroom.corp.clearrate.net> References: <20080109234940.GA43764@ussenterprise.ufp.org> <9FD0320F0D53A3459C007305FA2902044E7AB9@Computerroom.corp.clearrate.net> Message-ID: <70DE64CEFD6E9A4EB7FAF3A0631410660104F19C@mail> in.re. battered women and other fugitives.. The only traceable thing absolutely required for a SWIP POC is a working email address, and you can even use a hotmail account for that. Under US law (as an example and because I am even more ignorant of other law) there is nothing illegal about supplying an alias for registrations like this so long as you are not trying to defraud. You can give the POC any mailing address in the world, it doesn't have to be your place of residence or the service site, and the telephone number is not a required field. Nobody says you have to have telephone service to use the internet (and yes, there are still people in the world who are unable to or choose not to have telephone service). I don't think anyone will deny that there are lawful people who are also odd, eccentric and/or paranoid using the internet. I fully support a persons right to be odd, eccentric or paranoid (for obvious reasons that will hopefully remain unstated.. lol). Anonymity can be maintained even if you do utilize SWIP registration. The current IP registration system is very anarchist friendly, and IMHO that is a very good thing. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Paul G. Timmins > Sent: Thursday, January 10, 2008 8:36 AM > To: Leo Bicknell; Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Where are all these battered wives and grandmas who are > getting /29s from their upstreams? I'm still trying to figure > this out. > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Leo Bicknell > Sent: Wednesday, January 09, 2008 6:50 PM > To: Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > -0500, Eastman, Bruce wrote: > > I don't mean this to be insulting by any means, but I have seen you > > mention Lynch mobs and vigilante justice on here a few different > times, > > I am just curious to know if there have ever been any documented > > instances where vigilante justice has taken place over the issue of > > spamming, and if so, was the victim actually found by information > > provided in the whois data base? > > If you're looking for direct evidence of someone murdering a > spammer and then standing up and saying "I used ARIN's whois > database to find them" then no, I can provide no direct evidence. > > I also want to stress the issue is not just vigilante mobs > going against spammers though. All the reasons people hate > each other apply in the cyber world as well. And it's not > just vigilante mobs, it's also lone individual harasser. > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > Has there ever been a case where a predator used whois data > to help locate a victim? When a battered woman moves across > country and signs up for new internet access is there > adequate disclosure from the provider her name address and > phone number may be listed in a global, public database? If > her ex finds her through that information and kills her, is > the ISP, or even ARIN partially liable? > > To bring back a golden oldie: McGruff.org has "stay safe online" > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > "Never give out personal information like your name, > telephone number, > address, email, or school name." > > How many kids are giving out their name, address, and > telephone number just by surfing the web from an IP with > fairly specific whois information? Who's using that > information, and for what purpose? > > The sad part of all of this is the victims aren't going to > speak up. Spammers who have people come to their house and > make a death threat aren't going to go to the police. > Battered women who need to remain anonymous to stay away from > their ex aren't going to write front page articles on CNN > about how their privacy was compromised. > Child predators aren't going to let the world know whois is a > goldmine for them. > > What percentage of people who buy service from a provide who > lists their details in whois know that is the case? > > I can buy a phone line for home and have it be unlisted. I can buy > 5 phone lines for home and have them be unlisted. I can buy > 500 phone lines for home and have them be unlisted. Yet, to > participate in the Internet at anything more than a basic > level I must provide my information to the entire world? > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > List - tmbg-list-request at tmbg.org, www.tmbg.org > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > From ptimmins at clearrate.com Thu Jan 10 10:11:14 2008 From: ptimmins at clearrate.com (Paul G. Timmins) Date: Thu, 10 Jan 2008 10:11:14 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410660104F19C@mail> Message-ID: <9FD0320F0D53A3459C007305FA2902044E7ABC@Computerroom.corp.clearrate.net> Furthermore, residential customers already have a way of being anonymous in SWIP: http://www.arin.net/policy/nrpm.html#four2376 4.2.3.7.6. Residential Customer Privacy To maintain the privacy of their residential customers, an organization with downstream residential customers may substitute that organization's name for the customer's name, e.g. 'Private Customer - XYZ Network', and the customer's street address may read 'Private Residence'. Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs visible on the WHOIS record for that block. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Kevin Kargel Sent: Thursday, January 10, 2008 10:06 AM To: ppml at arin.net Subject: Re: [ppml] /29 limit for ARIN SWIP whois in.re. battered women and other fugitives.. The only traceable thing absolutely required for a SWIP POC is a working email address, and you can even use a hotmail account for that. Under US law (as an example and because I am even more ignorant of other law) there is nothing illegal about supplying an alias for registrations like this so long as you are not trying to defraud. You can give the POC any mailing address in the world, it doesn't have to be your place of residence or the service site, and the telephone number is not a required field. Nobody says you have to have telephone service to use the internet (and yes, there are still people in the world who are unable to or choose not to have telephone service). I don't think anyone will deny that there are lawful people who are also odd, eccentric and/or paranoid using the internet. I fully support a persons right to be odd, eccentric or paranoid (for obvious reasons that will hopefully remain unstated.. lol). Anonymity can be maintained even if you do utilize SWIP registration. The current IP registration system is very anarchist friendly, and IMHO that is a very good thing. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Paul G. Timmins > Sent: Thursday, January 10, 2008 8:36 AM > To: Leo Bicknell; Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Where are all these battered wives and grandmas who are > getting /29s from their upstreams? I'm still trying to figure > this out. > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Leo Bicknell > Sent: Wednesday, January 09, 2008 6:50 PM > To: Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > -0500, Eastman, Bruce wrote: > > I don't mean this to be insulting by any means, but I have seen you > > mention Lynch mobs and vigilante justice on here a few different > times, > > I am just curious to know if there have ever been any documented > > instances where vigilante justice has taken place over the issue of > > spamming, and if so, was the victim actually found by information > > provided in the whois data base? > > If you're looking for direct evidence of someone murdering a > spammer and then standing up and saying "I used ARIN's whois > database to find them" then no, I can provide no direct evidence. > > I also want to stress the issue is not just vigilante mobs > going against spammers though. All the reasons people hate > each other apply in the cyber world as well. And it's not > just vigilante mobs, it's also lone individual harasser. > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > Has there ever been a case where a predator used whois data > to help locate a victim? When a battered woman moves across > country and signs up for new internet access is there > adequate disclosure from the provider her name address and > phone number may be listed in a global, public database? If > her ex finds her through that information and kills her, is > the ISP, or even ARIN partially liable? > > To bring back a golden oldie: McGruff.org has "stay safe online" > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > "Never give out personal information like your name, > telephone number, > address, email, or school name." > > How many kids are giving out their name, address, and > telephone number just by surfing the web from an IP with > fairly specific whois information? Who's using that > information, and for what purpose? > > The sad part of all of this is the victims aren't going to > speak up. Spammers who have people come to their house and > make a death threat aren't going to go to the police. > Battered women who need to remain anonymous to stay away from > their ex aren't going to write front page articles on CNN > about how their privacy was compromised. > Child predators aren't going to let the world know whois is a > goldmine for them. > > What percentage of people who buy service from a provide who > lists their details in whois know that is the case? > > I can buy a phone line for home and have it be unlisted. I can buy > 5 phone lines for home and have them be unlisted. I can buy > 500 phone lines for home and have them be unlisted. Yet, to > participate in the Internet at anything more than a basic > level I must provide my information to the entire world? > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > List - tmbg-list-request at tmbg.org, www.tmbg.org > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From Keith at jcc.com Thu Jan 10 10:21:06 2008 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 10 Jan 2008 10:21:06 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois Message-ID: <893076a660f66ef5769235fdf5e693a9478637ec@jcc.com> After all this discussion and hyperbole, is there an actual proposal to change the current ARIN SWIP whois policy? Keith From dsd at servervault.com Thu Jan 10 15:36:45 2008 From: dsd at servervault.com (Divins, David) Date: Thu, 10 Jan 2008 15:36:45 -0500 Subject: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410660104F19C@mail> References: <20080109234940.GA43764@ussenterprise.ufp.org><9FD0320F0D53A3459C007305FA2902044E7AB9@Computerroom.corp.clearrate.net> <70DE64CEFD6E9A4EB7FAF3A0631410660104F19C@mail> Message-ID: ARIN requires re-assignment name and address in addition to POC e-mail for reassignments. You can leave them blank but then you are non-ARIN compliant per RSA. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Kevin Kargel Sent: Thursday, January 10, 2008 10:06 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois in.re. battered women and other fugitives.. The only traceable thing absolutely required for a SWIP POC is a working email address, and you can even use a hotmail account for that. Under US law (as an example and because I am even more ignorant of other law) there is nothing illegal about supplying an alias for registrations like this so long as you are not trying to defraud. You can give the POC any mailing address in the world, it doesn't have to be your place of residence or the service site, and the telephone number is not a required field. Nobody says you have to have telephone service to use the internet (and yes, there are still people in the world who are unable to or choose not to have telephone service). I don't think anyone will deny that there are lawful people who are also odd, eccentric and/or paranoid using the internet. I fully support a persons right to be odd, eccentric or paranoid (for obvious reasons that will hopefully remain unstated.. lol). Anonymity can be maintained even if you do utilize SWIP registration. The current IP registration system is very anarchist friendly, and IMHO that is a very good thing. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf > Of Paul G. Timmins > Sent: Thursday, January 10, 2008 8:36 AM > To: Leo Bicknell; Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Where are all these battered wives and grandmas who are getting /29s > from their upstreams? I'm still trying to figure this out. > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Leo Bicknell > Sent: Wednesday, January 09, 2008 6:50 PM > To: Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > -0500, Eastman, Bruce wrote: > > I don't mean this to be insulting by any means, but I have seen you > > mention Lynch mobs and vigilante justice on here a few different > times, > > I am just curious to know if there have ever been any documented > > instances where vigilante justice has taken place over the issue of > > spamming, and if so, was the victim actually found by information > > provided in the whois data base? > > If you're looking for direct evidence of someone murdering a > spammer and then standing up and saying "I used ARIN's whois > database to find them" then no, I can provide no direct evidence. > > I also want to stress the issue is not just vigilante mobs > going against spammers though. All the reasons people hate > each other apply in the cyber world as well. And it's not > just vigilante mobs, it's also lone individual harasser. > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > Has there ever been a case where a predator used whois data > to help locate a victim? When a battered woman moves across > country and signs up for new internet access is there > adequate disclosure from the provider her name address and > phone number may be listed in a global, public database? If > her ex finds her through that information and kills her, is > the ISP, or even ARIN partially liable? > > To bring back a golden oldie: McGruff.org has "stay safe online" > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > "Never give out personal information like your name, > telephone number, > address, email, or school name." > > How many kids are giving out their name, address, and > telephone number just by surfing the web from an IP with > fairly specific whois information? Who's using that > information, and for what purpose? > > The sad part of all of this is the victims aren't going to > speak up. Spammers who have people come to their house and > make a death threat aren't going to go to the police. > Battered women who need to remain anonymous to stay away from > their ex aren't going to write front page articles on CNN > about how their privacy was compromised. > Child predators aren't going to let the world know whois is a > goldmine for them. > > What percentage of people who buy service from a provide who > lists their details in whois know that is the case? > > I can buy a phone line for home and have it be unlisted. I can buy > 5 phone lines for home and have them be unlisted. I can buy > 500 phone lines for home and have them be unlisted. Yet, to > participate in the Internet at anything more than a basic > level I must provide my information to the entire world? > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > List - tmbg-list-request at tmbg.org, www.tmbg.org > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From dsd at servervault.com Thu Jan 10 15:37:52 2008 From: dsd at servervault.com (Divins, David) Date: Thu, 10 Jan 2008 15:37:52 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <893076a660f66ef5769235fdf5e693a9478637ec@jcc.com> References: <893076a660f66ef5769235fdf5e693a9478637ec@jcc.com> Message-ID: Would you support a proposal to change current ARIN SWIP policy (in general)? If more than the 4 or 5 that have shown support chime in, I may draft a proposal. -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Keith W. Hare Sent: Thursday, January 10, 2008 10:21 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois After all this discussion and hyperbole, is there an actual proposal to change the current ARIN SWIP whois policy? Keith _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From Keith at jcc.com Thu Jan 10 16:36:21 2008 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 10 Jan 2008 16:36:21 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois Message-ID: <3381b21cdc7c5467cc06dc4909fcb7be47868fdb@jcc.com> David, The advantage of a proposal is it would put the proposed change, the existing stuff, and the logic for the change in one place. This would make it easier to have a real discussion of the the technical merits/issues. In the absence of real knowledge, my current opinion is that it doesn't make sense to change this for IPv4, but it might for IPv6. However, I reserve the right to change my mind. Keith -----Original Message----- From: Divins, David [mailto:dsd at servervault.com] Sent: Thursday, January 10, 2008 3:38 PM To: Keith W. Hare; ppml at arin.net Subject: Re: [ppml] /29 limit for ARIN SWIP whois Would you support a proposal to change current ARIN SWIP policy (in general)? If more than the 4 or 5 that have shown support chime in, I may draft a proposal. -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Keith W. Hare Sent: Thursday, January 10, 2008 10:21 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois After all this discussion and hyperbole, is there an actual proposal to change the current ARIN SWIP whois policy? Keith _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From dsd at servervault.com Fri Jan 11 06:57:06 2008 From: dsd at servervault.com (Divins, David) Date: Fri, 11 Jan 2008 06:57:06 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <478702C6.6030803@ttec.com> References: <893076a660f66ef5769235fdf5e693a9478637ec@jcc.com> <478702C6.6030803@ttec.com> Message-ID: Joe, In your ideal world, what would your bit boundry be? And then what about your compromise world :-) Thanks, dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: Joe Maimon [mailto:jmaimon at ttec.com] Sent: Friday, January 11, 2008 12:47 AM To: Divins, David Cc: Keith W. Hare; ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois If the proposal was to remove or change the bit limits for SWIP, without changing any of the current requirements, yes. In fact I was considering trying my hand at drafting such myself. Divins, David wrote: > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I may draft > a proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf > Of Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual proposal > to change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > > From dave at onxinc.com Fri Jan 11 16:10:40 2008 From: dave at onxinc.com (Dave Heritage) Date: Fri, 11 Jan 2008 15:10:40 -0600 Subject: [ppml] /29 limit for ARIN SWIP whois References: Message-ID: <5482781EE04CDF4FA4DB365A0D6354AA515AA3@exchange.onx.cc> Couldn't the policy be revised such that 'just like in the case of a residential customer' the Address and name of record are 'Customer#147387 in care of ISP'? That way the basis of anonymity on a wide scale is intact while those at ARIN could request non-public data for justification if necessary (from the ISP doing the sub-alloc). Obviously the user of the IP space is going to have given over more specific details of the entity for billing purposes. It seems to me it would affect both directions of the transaction. The published data would be of little use to a would-be harmer but people who needed to actually contact the owner would have a known good go-between. Dave -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of ppml-request at arin.net Sent: Friday, January 11, 2008 11:00 AM To: ppml at arin.net Subject: PPML Digest, Vol 31, Issue 12 Send PPML mailing list submissions to ppml at arin.net To subscribe or unsubscribe via the World Wide Web, visit http://lists.arin.net/mailman/listinfo/ppml or, via email, send a message with subject or body 'help' to ppml-request at arin.net You can reach the person managing the list at ppml-owner at arin.net When replying, please edit your Subject line so it is more specific than "Re: Contents of PPML digest..." Today's Topics: 1. Re: ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois (Divins, David) 2. Re: /29 limit for ARIN SWIP whois (Divins, David) 3. Re: /29 limit for ARIN SWIP whois (Keith W. Hare) 4. Re: /29 limit for ARIN SWIP whois (Divins, David) ---------------------------------------------------------------------- Message: 1 Date: Thu, 10 Jan 2008 15:36:45 -0500 From: "Divins, David" Subject: Re: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois To: "Kevin Kargel" , Message-ID: Content-Type: text/plain; charset="us-ascii" ARIN requires re-assignment name and address in addition to POC e-mail for reassignments. You can leave them blank but then you are non-ARIN compliant per RSA. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Kevin Kargel Sent: Thursday, January 10, 2008 10:06 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois in.re. battered women and other fugitives.. The only traceable thing absolutely required for a SWIP POC is a working email address, and you can even use a hotmail account for that. Under US law (as an example and because I am even more ignorant of other law) there is nothing illegal about supplying an alias for registrations like this so long as you are not trying to defraud. You can give the POC any mailing address in the world, it doesn't have to be your place of residence or the service site, and the telephone number is not a required field. Nobody says you have to have telephone service to use the internet (and yes, there are still people in the world who are unable to or choose not to have telephone service). I don't think anyone will deny that there are lawful people who are also odd, eccentric and/or paranoid using the internet. I fully support a persons right to be odd, eccentric or paranoid (for obvious reasons that will hopefully remain unstated.. lol). Anonymity can be maintained even if you do utilize SWIP registration. The current IP registration system is very anarchist friendly, and IMHO that is a very good thing. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf > Of Paul G. Timmins > Sent: Thursday, January 10, 2008 8:36 AM > To: Leo Bicknell; Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Where are all these battered wives and grandmas who are getting /29s > from their upstreams? I'm still trying to figure this out. > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Leo Bicknell > Sent: Wednesday, January 09, 2008 6:50 PM > To: Public Policy Mailing List > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > -0500, Eastman, Bruce wrote: > > I don't mean this to be insulting by any means, but I have seen you > > mention Lynch mobs and vigilante justice on here a few different > times, > > I am just curious to know if there have ever been any documented > > instances where vigilante justice has taken place over the issue of > > spamming, and if so, was the victim actually found by information > > provided in the whois data base? > > If you're looking for direct evidence of someone murdering a > spammer and then standing up and saying "I used ARIN's whois > database to find them" then no, I can provide no direct evidence. > > I also want to stress the issue is not just vigilante mobs > going against spammers though. All the reasons people hate > each other apply in the cyber world as well. And it's not > just vigilante mobs, it's also lone individual harasser. > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > Has there ever been a case where a predator used whois data > to help locate a victim? When a battered woman moves across > country and signs up for new internet access is there > adequate disclosure from the provider her name address and > phone number may be listed in a global, public database? If > her ex finds her through that information and kills her, is > the ISP, or even ARIN partially liable? > > To bring back a golden oldie: McGruff.org has "stay safe online" > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > "Never give out personal information like your name, > telephone number, > address, email, or school name." > > How many kids are giving out their name, address, and > telephone number just by surfing the web from an IP with > fairly specific whois information? Who's using that > information, and for what purpose? > > The sad part of all of this is the victims aren't going to > speak up. Spammers who have people come to their house and > make a death threat aren't going to go to the police. > Battered women who need to remain anonymous to stay away from > their ex aren't going to write front page articles on CNN > about how their privacy was compromised. > Child predators aren't going to let the world know whois is a > goldmine for them. > > What percentage of people who buy service from a provide who > lists their details in whois know that is the case? > > I can buy a phone line for home and have it be unlisted. I can buy > 5 phone lines for home and have them be unlisted. I can buy > 500 phone lines for home and have them be unlisted. Yet, to > participate in the Internet at anything more than a basic > level I must provide my information to the entire world? > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > List - tmbg-list-request at tmbg.org, www.tmbg.org > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. ------------------------------ Message: 2 Date: Thu, 10 Jan 2008 15:37:52 -0500 From: "Divins, David" Subject: Re: [ppml] /29 limit for ARIN SWIP whois To: "Keith W. Hare" , Message-ID: Content-Type: text/plain; charset="us-ascii" Would you support a proposal to change current ARIN SWIP policy (in general)? If more than the 4 or 5 that have shown support chime in, I may draft a proposal. -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Keith W. Hare Sent: Thursday, January 10, 2008 10:21 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois After all this discussion and hyperbole, is there an actual proposal to change the current ARIN SWIP whois policy? Keith _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. ------------------------------ Message: 3 Date: Thu, 10 Jan 2008 16:36:21 -0500 From: "Keith W. Hare" Subject: Re: [ppml] /29 limit for ARIN SWIP whois To: "Divins, David" , Cc: "Keith W. Hare" Message-ID: <3381b21cdc7c5467cc06dc4909fcb7be47868fdb at jcc.com> Content-Type: text/plain; charset="us-ascii" David, The advantage of a proposal is it would put the proposed change, the existing stuff, and the logic for the change in one place. This would make it easier to have a real discussion of the the technical merits/issues. In the absence of real knowledge, my current opinion is that it doesn't make sense to change this for IPv4, but it might for IPv6. However, I reserve the right to change my mind. Keith -----Original Message----- From: Divins, David [mailto:dsd at servervault.com] Sent: Thursday, January 10, 2008 3:38 PM To: Keith W. Hare; ppml at arin.net Subject: Re: [ppml] /29 limit for ARIN SWIP whois Would you support a proposal to change current ARIN SWIP policy (in general)? If more than the 4 or 5 that have shown support chime in, I may draft a proposal. -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Keith W. Hare Sent: Thursday, January 10, 2008 10:21 AM To: ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois After all this discussion and hyperbole, is there an actual proposal to change the current ARIN SWIP whois policy? Keith _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. ------------------------------ Message: 4 Date: Fri, 11 Jan 2008 06:57:06 -0500 From: "Divins, David" Subject: Re: [ppml] /29 limit for ARIN SWIP whois To: "Joe Maimon" Cc: ppml at arin.net Message-ID: Content-Type: text/plain; charset="us-ascii" Joe, In your ideal world, what would your bit boundry be? And then what about your compromise world :-) Thanks, dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: Joe Maimon [mailto:jmaimon at ttec.com] Sent: Friday, January 11, 2008 12:47 AM To: Divins, David Cc: Keith W. Hare; ppml at arin.net Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois If the proposal was to remove or change the bit limits for SWIP, without changing any of the current requirements, yes. In fact I was considering trying my hand at drafting such myself. Divins, David wrote: > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I may draft > a proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf > Of Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual proposal > to change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > > ------------------------------ _______________________________________________ PPML mailing list PPML at arin.net http://lists.arin.net/mailman/listinfo/ppml End of PPML Digest, Vol 31, Issue 12 ************************************ From dean at av8.com Sun Jan 13 18:51:27 2008 From: dean at av8.com (Dean Anderson) Date: Sun, 13 Jan 2008 18:51:27 -0500 (EST) Subject: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois In-Reply-To: Message-ID: I've always been dubious of the need for SWIP. At best, its a great way to find the customers of your competitors. At worst, for your competitors to find your customers. While I'm not against SWIP as an optional service for those who _want_ to provide such information, I'm against it as a requirement. I don't see any need for ARIN to require SWIP. While ARIN may have a legitimate interest in this information to establish usage for further allocation, that information really should be kept strictly confidential--not even board members should see it. In contrast, SWIP is public. BTW, Legacy block's don't have to comply with the RSA. "No SWIP" is just one of the many rights that one loses under the Legacy RSA. Don't sign the Legacy RSA. Contact me, instead. --Dean On Thu, 10 Jan 2008, Divins, David wrote: > ARIN requires re-assignment name and address in addition to POC e-mail > for reassignments. You can leave them blank but then you are non-ARIN > compliant per RSA. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From mcr at xdsinc.net Sun Jan 13 22:01:57 2008 From: mcr at xdsinc.net (mcr at xdsinc.net) Date: Sun, 13 Jan 2008 22:01:57 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: References: <20080108031404.GA52362@ussenterprise.ufp.org><20080109010127.GA64266@ussenterprise.ufp.org> <20080109181727.879F514465A@smtp2.arin.net> Message-ID: <20080114030203.6E7D014457E@smtp2.arin.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "michael" == michael dillon writes: michael> If we only publish whois info for organizations with a direct michael> ARIN relationship, then we could extend the whois directory michael> to contain the phone number of the local police Commercial michael> Crime department at the organization's headquarters location, michael> the fax number and postal address at which to serve sub-poenas michael> and so on. That's certainly an appealing compromise. Organizations without direct ARIN relationships also tend to more likely to be bad-actors, so this itself might be useful. michael> Police funding is out of scope for ARIN. As for credentials, michael> you seem to be making fun of the idea of a special IP police michael> force. Don't you realize that this is the state of affairs Not entirely. I was asking how ARIN was going to fund this special police force. My jurisdiction used to have the RCMP handle internet "crime". That was devolved down the the local cops, which now offer the fire department if your talk abou firewalls. If you want attention, you need to report child-porn -- that's all they know how to investigate. I'm not upset --- these guys just don't have the budget to hire people with clues. And I can't call the cops in another city/jurisdiction. I have to call my local cops and they have to call the other groups. michael> today? There is a special, self-appointed vigilante IP michael> police force which uses various forms of intimidation as michael> a regular part of their arsenal. These IP police have no michael> credentials and are not regulated by anyone at all. Under the original proposal, only the IP police would have access to whois info, which means that I had better make sure that I have those credentials so that I can find out who is attacking me, and who their upstream is, and when I have transit issues, I can find out who owns blocks of interest. Under your system, I don't need that, as long as the ISPs who delegate address space are willing to answer the phone with complaints about downstream ISPs that don't have ARIN relationships. michael> The first step is to remove all whois information that michael> is not for an organization with a direct relationship with michael> ARIN. - -- Michael Richardson XDS Inc, Ottawa, ON Personal: http://www.sandelman.ca/mcr/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQDVAwUBR4rQo+0sRu40D6vCAQKqswX+Ky8c3xMTD5AexpblB0Tohrvy1QQAQD5f qw7wEE4fY9ZQEZWw6d+H3XnTegszK1B2Yko7UMdKu9/f/Vm/2winQfEKb0lBYTtA l0uLO3rCGTmTxR416NQqLU4DBb+0N/5VOIv9ZYNYwszmOyPBa3TYgeRyw/0eqlMr R0VIHFLg4AIRVyb8sIwTS/xW+aBVYonUm0b2UAZSAX0Im3kvRMzjwKA8XTq4FtHI qXlcLkpfnB5+BfBANqKWPEBgd2vKj7Yf =GJQ+ -----END PGP SIGNATURE----- From mcr at xdsinc.net Sun Jan 13 22:12:42 2008 From: mcr at xdsinc.net (mcr at xdsinc.net) Date: Sun, 13 Jan 2008 22:12:42 -0500 Subject: [ppml] [arin-discuss] /29 limit for ARIN SWIP whois In-Reply-To: <20080109184053.GA25995@ussenterprise.ufp.org> References: <20080108031404.GA52362@ussenterprise.ufp.org> <20080109010127.GA64266@ussenterprise.ufp.org> <20080109181727.879F514465A@smtp2.arin.net> <20080109184053.GA25995@ussenterprise.ufp.org> Message-ID: <20080114031243.0F17314457E@smtp2.arin.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Leo" == Leo Bicknell writes: Leo> In a message written on Wed, Jan 09, 2008 at 01:17:21PM -0500, mcr at xdsinc.net wrote: >> Cool. So, will this policy change identify: >> a) which police I call. Leo> I suggest using your local phone book for, City, County, and State Leo> Police/Sherrif/Constables, and FBI offices near you. Your local Leo> district attorneys may also be interested. Remember that ARIN deals with all of America. North. South. Canada, US. Your generous use of terms don't even begin to include all of the relevant groups. >> b) what are the infractions. >> (is lack of a reverse an infraction? >> Is failing to observe my SLA with my transit ISP an infraction?) Leo> I suggest you contact your lawyer on what may constitute criminal Leo> and/or civil actions. If the government of Canada makes lack of a reverse an infraction, will your lawyers agree to extraditing you? >> c) who these police are going to funded. Leo> Funding for these people are already in place via a mechanism Leo> favorable to the local government, typically taxes. My local police can't spell firewall. The only internet related things they have time for are ones that involve children. Now, do I call the local to me, or the police local to the offender? Leo> In the long run, I suspect having scammers convicted of fraud, Leo> spammers convicted of violation of the CAN SPAM act, and child Leo> molesters guilty of COPA violations (or worse) and putting them in Leo> prision will do far more to solve the problem than having vigilanties Leo> work on getting them booted off a particular ISP only to have them Leo> appear wack-a-mole style on 10 more. Oh, I agree with you entirely. The problem is that I haven't met a police force yet that is able to tell the difference between a flaky router causing packet-loss and a distrubuted denial of service attack that is causing a remote link to be congestion. If I don't have whois, then I can't determine who to contact to help me figure that out, and when I should call the cops. - -- Michael Richardson XDS Inc, Ottawa, ON Personal: http://www.sandelman.ca/mcr/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQDVAwUBR4rTKO0sRu40D6vCAQJx/QYAlCeDRAj1KjRCT6JSsU8Oh9jP4ESHuE3B 6wMQOvmcPkCYYEyNlzwGshemTdP/m+9xHLHP7VsCC27SJF1gelLla0qQuvczogyB J/K8BuSSU+OFHzhWK8QZHJzVf+L9DkoBXnlFvYPbf4QrYzVeqVIbmhBgqvv1TsUe PyP65LOaQZp84YVHF/Hm0JFtp4gDvtZnE+hYVdaEuH2Wgs9JYD7GeCcZWrHnroKC SLvgBWMqBDFgqJvuGT9+hioDe/gXuUjs =a4p+ -----END PGP SIGNATURE----- From martin.hannigan at batelnet.bs Tue Jan 15 18:18:47 2008 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 15 Jan 2008 18:18:47 -0500 Subject: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois Message-ID: <478d3f57.18a.47e.18668@batelnet.bs> ----- Original Message ----- From: Dean Anderson To: "Divins, David" Cc: ppml at arin.net Subject: Re: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois Date: Sun, 13 Jan 2008 18:51:27 -0500 (EST) > I've always been dubious of the need for SWIP. At best, > its a great way to find the customers of your competitors. > At worst, for your competitors to find your customers. > While I'm not against SWIP as an optional service for > those who _want_ to provide such information, I'm against > it as a requirement. > > I don't see any need for ARIN to require SWIP. While ARIN > may have a legitimate interest in this information to > establish usage for further allocation, that information > really should be kept strictly confidential--not even > board members should see it. In contrast, SWIP is public. You could always propose a policy to do away with SWIP. > BTW, Legacy block's don't have to comply with the RSA. "No > SWIP" is just one of the many rights that one loses under > the Legacy RSA. Don't sign the Legacy RSA. Contact me, > instead. What will that get them? -M< From dean at av8.com Wed Jan 16 14:22:46 2008 From: dean at av8.com (Dean Anderson) Date: Wed, 16 Jan 2008 14:22:46 -0500 (EST) Subject: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois In-Reply-To: <478d3f57.18a.47e.18668@batelnet.bs> Message-ID: On Tue, 15 Jan 2008, Martin Hannigan wrote: > > I don't see any need for ARIN to require SWIP. While ARIN > > may have a legitimate interest in this information to > > establish usage for further allocation, that information > > really should be kept strictly confidential--not even > > board members should see it. In contrast, SWIP is public. > > You could always propose a policy to do away with SWIP. I was thinking that a policy to make SWIP optional would be good. > > BTW, Legacy block's don't have to comply with the RSA. "No > > SWIP" is just one of the many rights that one loses under > > the Legacy RSA. Don't sign the Legacy RSA. Contact me, > > instead. > > What will that get them? Information on how to join the legal defense fund, and information about their rights as legacies. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From christopher.ranch at hostway.com Fri Jan 18 13:31:13 2008 From: christopher.ranch at hostway.com (Chris Ranch) Date: Fri, 18 Jan 2008 10:31:13 -0800 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <5482781EE04CDF4FA4DB365A0D6354AA515AA3@exchange.onx.cc> References: <5482781EE04CDF4FA4DB365A0D6354AA515AA3@exchange.onx.cc> Message-ID: <059801c85a00$4e955b10$8119fea9@affinityhq.com> That's what I was thinking. I'd like to see this proposal go forward, and would support it. This should apply to both swip and rwhois. I've never been happy to have to expose (a portion of) our customer list in any form. dsd, does your offer to draft a proposal still stand? Chris > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Dave Heritage > Sent: Friday, January 11, 2008 1:11 PM > To: ppml at arin.net > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Couldn't the policy be revised such that 'just like in the case of a > residential customer' the Address and name of record are > 'Customer#147387 in care of ISP'? That way the basis of anonymity on a > wide scale is intact while those at ARIN could request non-public data > for justification if necessary (from the ISP doing the sub-alloc). > Obviously the user of the IP space is going to have given over more > specific details of the entity for billing purposes. It > seems to me it > would affect both directions of the transaction. The published data > would be of little use to a would-be harmer but people who needed to > actually contact the owner would have a known good go-between. > > Dave > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > ppml-request at arin.net > Sent: Friday, January 11, 2008 11:00 AM > To: ppml at arin.net > Subject: PPML Digest, Vol 31, Issue 12 > > Send PPML mailing list submissions to > ppml at arin.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.arin.net/mailman/listinfo/ppml > or, via email, send a message with subject or body 'help' to > ppml-request at arin.net > > You can reach the person managing the list at > ppml-owner at arin.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of PPML digest..." > > > Today's Topics: > > 1. Re: ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois > (Divins, David) > 2. Re: /29 limit for ARIN SWIP whois (Divins, David) > 3. Re: /29 limit for ARIN SWIP whois (Keith W. Hare) > 4. Re: /29 limit for ARIN SWIP whois (Divins, David) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 10 Jan 2008 15:36:45 -0500 > From: "Divins, David" > Subject: Re: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP > whois > To: "Kevin Kargel" , > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > ARIN requires re-assignment name and address in addition to POC e-mail > for reassignments. You can leave them blank but then you are non-ARIN > compliant per RSA. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Kevin Kargel > Sent: Thursday, January 10, 2008 10:06 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > in.re. battered women and other fugitives.. > > The only traceable thing absolutely required for a SWIP POC > is a working > email address, and you can even use a hotmail account for that. Under > US law (as an example and because I am even more ignorant of > other law) > there is nothing illegal about supplying an alias for > registrations like > this so long as you are not trying to defraud. You can give > the POC any > mailing address in the world, it doesn't have to be your place of > residence or the service site, and the telephone number is not a > required field. Nobody says you have to have telephone service to use > the internet (and yes, there are still people in the world who are > unable to or choose not to have telephone service). > > I don't think anyone will deny that there are lawful people > who are also > odd, eccentric and/or paranoid using the internet. I fully support a > persons right to be odd, eccentric or paranoid (for obvious > reasons that > will hopefully remain unstated.. lol). > > Anonymity can be maintained even if you do utilize SWIP registration. > The current IP registration system is very anarchist > friendly, and IMHO > that is a very good thing. > > Kevin > > :$s/worry/happy/g > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] > On Behalf > > Of Paul G. Timmins > > Sent: Thursday, January 10, 2008 8:36 AM > > To: Leo Bicknell; Public Policy Mailing List > > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > > > Where are all these battered wives and grandmas who are > getting /29s > > from their upstreams? I'm still trying to figure this out. > > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > Behalf Of Leo Bicknell > > Sent: Wednesday, January 09, 2008 6:50 PM > > To: Public Policy Mailing List > > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > > -0500, Eastman, Bruce wrote: > > > I don't mean this to be insulting by any means, but I > have seen you > > > mention Lynch mobs and vigilante justice on here a few different > > times, > > > I am just curious to know if there have ever been any documented > > > instances where vigilante justice has taken place over > the issue of > > > spamming, and if so, was the victim actually found by information > > > provided in the whois data base? > > > > If you're looking for direct evidence of someone murdering a > > spammer and then standing up and saying "I used ARIN's whois > > database to find them" then no, I can provide no direct evidence. > > > > I also want to stress the issue is not just vigilante mobs > > going against spammers though. All the reasons people hate > > each other apply in the cyber world as well. And it's not > > just vigilante mobs, it's also lone individual harasser. > > > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > > Has there ever been a case where a predator used whois data > > to help locate a victim? When a battered woman moves across > > country and signs up for new internet access is there > > adequate disclosure from the provider her name address and > > phone number may be listed in a global, public database? If > > her ex finds her through that information and kills her, is > > the ISP, or even ARIN partially liable? > > > > To bring back a golden oldie: McGruff.org has "stay safe online" > > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > > > "Never give out personal information like your name, > > telephone number, > > address, email, or school name." > > > > How many kids are giving out their name, address, and > > telephone number just by surfing the web from an IP with > > fairly specific whois information? Who's using that > > information, and for what purpose? > > > > The sad part of all of this is the victims aren't going to > > speak up. Spammers who have people come to their house and > > make a death threat aren't going to go to the police. > > Battered women who need to remain anonymous to stay away from > > their ex aren't going to write front page articles on CNN > > about how their privacy was compromised. > > Child predators aren't going to let the world know whois is a > > goldmine for them. > > > > What percentage of people who buy service from a provide who > > lists their details in whois know that is the case? > > > > I can buy a phone line for home and have it be unlisted. I can buy > > 5 phone lines for home and have them be unlisted. I can buy > > 500 phone lines for home and have them be unlisted. Yet, to > > participate in the Internet at anything more than a basic > > level I must provide my information to the entire world? > > > > -- > > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > > List - tmbg-list-request at tmbg.org, www.tmbg.org > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed to > > the ARIN Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > > info at arin.net if you experience any issues. > > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > ------------------------------ > > Message: 2 > Date: Thu, 10 Jan 2008 15:37:52 -0500 > From: "Divins, David" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Keith W. Hare" , > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I > may draft a > proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual > proposal to > change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > ------------------------------ > > Message: 3 > Date: Thu, 10 Jan 2008 16:36:21 -0500 > From: "Keith W. Hare" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Divins, David" , > Cc: "Keith W. Hare" > Message-ID: <3381b21cdc7c5467cc06dc4909fcb7be47868fdb at jcc.com> > Content-Type: text/plain; charset="us-ascii" > > David, > > The advantage of a proposal is it would put the proposed change, the > existing stuff, and the logic for the change in one place. This would > make it easier to have a real discussion of the the technical > merits/issues. > > In the absence of real knowledge, my current opinion is that > it doesn't > make sense to change this for IPv4, but it might for IPv6. However, I > reserve the right to change my mind. > > Keith > > -----Original Message----- > From: Divins, David [mailto:dsd at servervault.com] > Sent: Thursday, January 10, 2008 3:38 PM > To: Keith W. Hare; ppml at arin.net > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I > may draft a > proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual > proposal to > change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > > ------------------------------ > > Message: 4 > Date: Fri, 11 Jan 2008 06:57:06 -0500 > From: "Divins, David" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Joe Maimon" > Cc: ppml at arin.net > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > Joe, > > In your ideal world, what would your bit boundry be? And then > what about > your compromise world :-) > > Thanks, > dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > > -----Original Message----- > From: Joe Maimon [mailto:jmaimon at ttec.com] > Sent: Friday, January 11, 2008 12:47 AM > To: Divins, David > Cc: Keith W. Hare; ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > If the proposal was to remove or change the bit limits for > SWIP, without > changing any of the current requirements, yes. > > In fact I was considering trying my hand at drafting such myself. > > > Divins, David wrote: > > > Would you support a proposal to change current ARIN SWIP policy (in > > general)? > > > > If more than the 4 or 5 that have shown support chime in, I > may draft > > a proposal. > > > > -dsd > > > > David Divins > > Principal Engineer > > ServerVault Corp. > > (703) 652-5955 > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] > On Behalf > > Of Keith W. Hare > > Sent: Thursday, January 10, 2008 10:21 AM > > To: ppml at arin.net > > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN > SWIP whois > > > > After all this discussion and hyperbole, is there an actual > proposal > > to change the current ARIN SWIP whois policy? > > > > Keith > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed > to the ARIN > > Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > info at arin.net if > > you experience any issues. > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed > to the ARIN > > Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > info at arin.net if > you experience any issues. > > > > > > > ------------------------------ > > _______________________________________________ > PPML mailing list > PPML at arin.net > http://lists.arin.net/mailman/listinfo/ppml > > > End of PPML Digest, Vol 31, Issue 12 > ************************************ > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > From aaron at wholesaleinternet.com Fri Jan 18 14:27:48 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Fri, 18 Jan 2008 13:27:48 -0600 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <059801c85a00$4e955b10$8119fea9@affinityhq.com> References: <5482781EE04CDF4FA4DB365A0D6354AA515AA3@exchange.onx.cc> <059801c85a00$4e955b10$8119fea9@affinityhq.com> Message-ID: <035101c85a08$35cec280$a16c4780$@com> I would also support this proposal as I believe a majority of the member ship would. Heck... I might even attend the ARIN meeting just so I could vote on it. :) Aaron Wendel Founder/Chief Technical Officer Wholesale Internet, Inc. 1102 Grand Blvd. Suite 905 Kansas City, MO 64106 -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Chris Ranch Sent: Friday, January 18, 2008 12:31 PM To: 'Dave Heritage'; ppml at arin.net Subject: Re: [ppml] /29 limit for ARIN SWIP whois That's what I was thinking. I'd like to see this proposal go forward, and would support it. This should apply to both swip and rwhois. I've never been happy to have to expose (a portion of) our customer list in any form. dsd, does your offer to draft a proposal still stand? Chris > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Dave Heritage > Sent: Friday, January 11, 2008 1:11 PM > To: ppml at arin.net > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Couldn't the policy be revised such that 'just like in the case of a > residential customer' the Address and name of record are > 'Customer#147387 in care of ISP'? That way the basis of anonymity on a > wide scale is intact while those at ARIN could request non-public data > for justification if necessary (from the ISP doing the sub-alloc). > Obviously the user of the IP space is going to have given over more > specific details of the entity for billing purposes. It > seems to me it > would affect both directions of the transaction. The published data > would be of little use to a would-be harmer but people who needed to > actually contact the owner would have a known good go-between. > > Dave > > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > ppml-request at arin.net > Sent: Friday, January 11, 2008 11:00 AM > To: ppml at arin.net > Subject: PPML Digest, Vol 31, Issue 12 > > Send PPML mailing list submissions to > ppml at arin.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.arin.net/mailman/listinfo/ppml > or, via email, send a message with subject or body 'help' to > ppml-request at arin.net > > You can reach the person managing the list at > ppml-owner at arin.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of PPML digest..." > > > Today's Topics: > > 1. Re: ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP whois > (Divins, David) > 2. Re: /29 limit for ARIN SWIP whois (Divins, David) > 3. Re: /29 limit for ARIN SWIP whois (Keith W. Hare) > 4. Re: /29 limit for ARIN SWIP whois (Divins, David) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 10 Jan 2008 15:36:45 -0500 > From: "Divins, David" > Subject: Re: [ppml] ***POSSIBLE SPAM*** Re: /29 limit for ARIN SWIP > whois > To: "Kevin Kargel" , > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > ARIN requires re-assignment name and address in addition to POC e-mail > for reassignments. You can leave them blank but then you are non-ARIN > compliant per RSA. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Kevin Kargel > Sent: Thursday, January 10, 2008 10:06 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > in.re. battered women and other fugitives.. > > The only traceable thing absolutely required for a SWIP POC > is a working > email address, and you can even use a hotmail account for that. Under > US law (as an example and because I am even more ignorant of > other law) > there is nothing illegal about supplying an alias for > registrations like > this so long as you are not trying to defraud. You can give > the POC any > mailing address in the world, it doesn't have to be your place of > residence or the service site, and the telephone number is not a > required field. Nobody says you have to have telephone service to use > the internet (and yes, there are still people in the world who are > unable to or choose not to have telephone service). > > I don't think anyone will deny that there are lawful people > who are also > odd, eccentric and/or paranoid using the internet. I fully support a > persons right to be odd, eccentric or paranoid (for obvious > reasons that > will hopefully remain unstated.. lol). > > Anonymity can be maintained even if you do utilize SWIP registration. > The current IP registration system is very anarchist > friendly, and IMHO > that is a very good thing. > > Kevin > > :$s/worry/happy/g > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] > On Behalf > > Of Paul G. Timmins > > Sent: Thursday, January 10, 2008 8:36 AM > > To: Leo Bicknell; Public Policy Mailing List > > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > > > Where are all these battered wives and grandmas who are > getting /29s > > from their upstreams? I'm still trying to figure this out. > > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > Behalf Of Leo Bicknell > > Sent: Wednesday, January 09, 2008 6:50 PM > > To: Public Policy Mailing List > > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > > > In a message written on Wed, Jan 09, 2008 at 05:15:35PM > > -0500, Eastman, Bruce wrote: > > > I don't mean this to be insulting by any means, but I > have seen you > > > mention Lynch mobs and vigilante justice on here a few different > > times, > > > I am just curious to know if there have ever been any documented > > > instances where vigilante justice has taken place over > the issue of > > > spamming, and if so, was the victim actually found by information > > > provided in the whois data base? > > > > If you're looking for direct evidence of someone murdering a > > spammer and then standing up and saying "I used ARIN's whois > > database to find them" then no, I can provide no direct evidence. > > > > I also want to stress the issue is not just vigilante mobs > > going against spammers though. All the reasons people hate > > each other apply in the cyber world as well. And it's not > > just vigilante mobs, it's also lone individual harasser. > > > > Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking. > > Has there ever been a case where a predator used whois data > > to help locate a victim? When a battered woman moves across > > country and signs up for new internet access is there > > adequate disclosure from the provider her name address and > > phone number may be listed in a global, public database? If > > her ex finds her through that information and kills her, is > > the ISP, or even ARIN partially liable? > > > > To bring back a golden oldie: McGruff.org has "stay safe online" > > recommendations: http://www.mcgruff.org/Advice/online_safety.php > > > > "Never give out personal information like your name, > > telephone number, > > address, email, or school name." > > > > How many kids are giving out their name, address, and > > telephone number just by surfing the web from an IP with > > fairly specific whois information? Who's using that > > information, and for what purpose? > > > > The sad part of all of this is the victims aren't going to > > speak up. Spammers who have people come to their house and > > make a death threat aren't going to go to the police. > > Battered women who need to remain anonymous to stay away from > > their ex aren't going to write front page articles on CNN > > about how their privacy was compromised. > > Child predators aren't going to let the world know whois is a > > goldmine for them. > > > > What percentage of people who buy service from a provide who > > lists their details in whois know that is the case? > > > > I can buy a phone line for home and have it be unlisted. I can buy > > 5 phone lines for home and have them be unlisted. I can buy > > 500 phone lines for home and have them be unlisted. Yet, to > > participate in the Internet at anything more than a basic > > level I must provide my information to the entire world? > > > > -- > > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > > PGP keys at http://www.ufp.org/~bicknell/ Read TMBG > > List - tmbg-list-request at tmbg.org, www.tmbg.org > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed to > > the ARIN Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > > info at arin.net if you experience any issues. > > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > ------------------------------ > > Message: 2 > Date: Thu, 10 Jan 2008 15:37:52 -0500 > From: "Divins, David" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Keith W. Hare" , > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I > may draft a > proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual > proposal to > change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > ------------------------------ > > Message: 3 > Date: Thu, 10 Jan 2008 16:36:21 -0500 > From: "Keith W. Hare" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Divins, David" , > Cc: "Keith W. Hare" > Message-ID: <3381b21cdc7c5467cc06dc4909fcb7be47868fdb at jcc.com> > Content-Type: text/plain; charset="us-ascii" > > David, > > The advantage of a proposal is it would put the proposed change, the > existing stuff, and the logic for the change in one place. This would > make it easier to have a real discussion of the the technical > merits/issues. > > In the absence of real knowledge, my current opinion is that > it doesn't > make sense to change this for IPv4, but it might for IPv6. However, I > reserve the right to change my mind. > > Keith > > -----Original Message----- > From: Divins, David [mailto:dsd at servervault.com] > Sent: Thursday, January 10, 2008 3:38 PM > To: Keith W. Hare; ppml at arin.net > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I > may draft a > proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of > Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual > proposal to > change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > > > > ------------------------------ > > Message: 4 > Date: Fri, 11 Jan 2008 06:57:06 -0500 > From: "Divins, David" > Subject: Re: [ppml] /29 limit for ARIN SWIP whois > To: "Joe Maimon" > Cc: ppml at arin.net > Message-ID: > > Content-Type: text/plain; charset="us-ascii" > > Joe, > > In your ideal world, what would your bit boundry be? And then > what about > your compromise world :-) > > Thanks, > dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > > -----Original Message----- > From: Joe Maimon [mailto:jmaimon at ttec.com] > Sent: Friday, January 11, 2008 12:47 AM > To: Divins, David > Cc: Keith W. Hare; ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > If the proposal was to remove or change the bit limits for > SWIP, without > changing any of the current requirements, yes. > > In fact I was considering trying my hand at drafting such myself. > > > Divins, David wrote: > > > Would you support a proposal to change current ARIN SWIP policy (in > > general)? > > > > If more than the 4 or 5 that have shown support chime in, I > may draft > > a proposal. > > > > -dsd > > > > David Divins > > Principal Engineer > > ServerVault Corp. > > (703) 652-5955 > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] > On Behalf > > Of Keith W. Hare > > Sent: Thursday, January 10, 2008 10:21 AM > > To: ppml at arin.net > > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN > SWIP whois > > > > After all this discussion and hyperbole, is there an actual > proposal > > to change the current ARIN SWIP whois policy? > > > > Keith > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed > to the ARIN > > Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > info at arin.net if > > you experience any issues. > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed > to the ARIN > > Public Policy Mailing List (PPML at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > Please contact the ARIN Member Services Help Desk at > info at arin.net if > you experience any issues. > > > > > > > ------------------------------ > > _______________________________________________ > PPML mailing list > PPML at arin.net > http://lists.arin.net/mailman/listinfo/ppml > > > End of PPML Digest, Vol 31, Issue 12 > ************************************ > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From info at arin.net Fri Jan 18 15:20:07 2008 From: info at arin.net (Member Services) Date: Fri, 18 Jan 2008 15:20:07 -0500 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29 assignments Message-ID: <479109F7.3000308@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision via the PPML. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: SWIP support for smaller than /29 assignments Author: Joe Maimon Proposal Version: 1 Submission Date: Jan 16, 2008 Proposal type: modify Policy term: permanent Policy statement: 4.2.2.1.2.) " ISPs must provide reassignment information on the entire previously allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. For blocks smaller than /29 and for internal space, ISPs should provide utilization data using the table format described in Section 4.2.3.7.5. " Replace with " ISPs must provide reassignment information on the entire previously allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. For blocks smaller than /29 and for internal space, ISPs should provide utilization data either via SWIP or RWHOIS server or by using the table format described in Section 4.2.3.7.5. " 4.2.2.2.1.) " Utilization for blocks smaller than /29 can be documented using the format described in Section 4.2.3.7.5. " Replace with " Utilization for blocks smaller than /29 can be documented via SWIP or RWHOIS server or by using the format described in Section 4.2.3.7.5. " 4.2.3.7.2.) " For blocks smaller than /29 and for internal space, ISPs should provide utilization data using the format described in Section 4.2.3.7.5. " Replace with " For blocks smaller than /29 and for internal space, ISPs should provide utilization data via SWIP or RWHOIS server or by using the format described in Section 4.2.3.7.5. " 4.2.3.7.5.) Accounting for additional utilization " The following format should be used to provide the required information for utilization of blocks smaller than /29 and for describing internal networks: " Replace with " The following format should be used to provide the required information for utilization of blocks smaller than /29 and for describing internal networks when either SWIP or RWHOIS server is not used: " Rationale: With increasing frequency of smaller than /29 assignements to customers, the ability for ISP's to utilize SWIP or RWHOIS as a single comprehensive source of their utilization data should be supported. To implement this policy change, ARIN SWIP would need to no longer reject SWIP templates smaller then /29. Timetable for implementation: Immediate From michael.dillon at bt.com Fri Jan 18 15:55:00 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 18 Jan 2008 20:55:00 -0000 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29assignments In-Reply-To: <479109F7.3000308@arin.net> References: <479109F7.3000308@arin.net> Message-ID: > Rationale: > With increasing frequency of smaller than /29 assignements to > customers, the ability for ISP's to utilize SWIP or RWHOIS as > a single comprehensive source of their utilization data > should be supported. To implement this policy change, ARIN > SWIP would need to no longer reject SWIP templates smaller then /29. 1. Nothing that ARIN does or does not do has any effect on how an ISP uses their own utilization data. 2. The WHOIS protocol, WHOIS directory, whois tool, Share WHOIS Information Project (SWIP) and Remote WHOIS (RWHOIS) are all ancient and amateurish pieces of work. The average college student building an application with Django could do a far better job at designing a whois service given the base level of technology and training available today compared to twenty (or more) years ago. We should be putting less into the whois directory, not more. 3. There has been some recent discussion about clarifying the purpose of the whois directory and how it should be used. It is premature to extend the use of whois until we sort out the larger issues. 4. Whois was created by the Defense Advanced Research Projects Agency (DARPA) to track who was using their ARPAnet research network so that local network managers, and the larger ARPAnet community could justify budget funding for their work. Somewhere along the way, the network name changed to Internet, the base protocols to TCP/IP and the network purpose from research to everything that human beings want to communicate about. But whois has never been reviewed or changed much beyond adapting it to TCP/IP and adding some referral capabilities (RWHOIS). Clearly there is no longer a need to count users in order to justify Federal research funding. Outside of net folklore, there has never been any agreement on the scope and/or purpose of the whois directory other than in the negative, e.g. the whois directory is not a place to harvest emails to send out advertising. Until we can agree on what whois is for, it is premature to extend its use in any way. --Michael Dillon From christopher.ranch at hostway.com Fri Jan 18 16:01:49 2008 From: christopher.ranch at hostway.com (Chris Ranch) Date: Fri, 18 Jan 2008 13:01:49 -0800 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29assignments In-Reply-To: <479109F7.3000308@arin.net> References: <479109F7.3000308@arin.net> Message-ID: <068d01c85a15$586905f0$8119fea9@affinityhq.com> Hello, I agree with the proposal to get ARIN's whois to no longer reject SWIPs with /30's or smaller blocks. However, I would like the changed wording regarding tightened up a little. I would like this use of SWIP or RWHOIS over submitting in table form to be completely optional, not recommended as 'should' implies. For example: "For blocks smaller than /29 and for internal space, ISPs must provide utilization data via one of the following methods: SWIP, RWHOIS server, or by using the table format described in Section 4.2.3.7.5." $0.02. Chris > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Member Services > Sent: Friday, January 18, 2008 12:20 PM > To: ppml at arin.net; rss feed > Subject: [ppml] Policy Proposal: SWIP support for smaller > than /29assignments > > ARIN received the following policy proposal. In accordance > with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and > being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as written. If the AC accepts the > proposal, > it will be posted as a formal policy proposal to PPML and it will be > presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the > author. The AC > will work with the author to clarify, combine or divide the > proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept > the proposal, > the AC will explain their decision via the PPML. If a proposal is not > accepted, then the author may elect to use the petition process to > advance their proposal. If the author elects not to petition or the > petition fails, then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this > proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their > deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: SWIP support for smaller than /29 assignments > > Author: Joe Maimon > > Proposal Version: 1 > > Submission Date: Jan 16, 2008 > > Proposal type: modify > > Policy term: permanent > > Policy statement: > > 4.2.2.1.2.) > > " > ISPs must provide reassignment information on the entire previously > allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. > For blocks smaller > > than /29 and for internal space, ISPs should provide utilization data > using the table format described in Section 4.2.3.7.5. > " > > Replace with > > " > ISPs must provide reassignment information on the entire previously > allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. > For blocks smaller > > than /29 and for internal space, ISPs should provide utilization data > either via SWIP or RWHOIS server or by using the table format > described > in Section 4.2.3.7.5. > " > > 4.2.2.2.1.) > > " > Utilization for blocks smaller than /29 can be documented using the > format described in Section 4.2.3.7.5. > " > > Replace with > > " > Utilization for blocks smaller than /29 can be documented via SWIP or > RWHOIS server or by using the format described in Section 4.2.3.7.5. > " > > 4.2.3.7.2.) > > " > For blocks smaller than /29 and for internal space, ISPs > should provide > utilization data using the format described in Section 4.2.3.7.5. > " > > Replace with > > " > For blocks smaller than /29 and for internal space, ISPs > should provide > utilization data via SWIP or RWHOIS server or by using the format > described in Section 4.2.3.7.5. > " > > 4.2.3.7.5.) Accounting for additional utilization > > " > The following format should be used to provide the required > information > for utilization of blocks smaller than /29 and for describing internal > networks: > " > > Replace with > > " > The following format should be used to provide the required > information > for utilization of blocks smaller than /29 and for describing internal > networks when either SWIP or RWHOIS server is not used: > " > > Rationale: > > With increasing frequency of smaller than /29 assignements to > customers, > the ability for ISP's to utilize SWIP or RWHOIS as a single > comprehensive source of their utilization data should be supported. To > implement this policy change, ARIN SWIP would need to no longer reject > SWIP templates smaller then /29. > > Timetable for implementation: Immediate > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > From mack at exchange.alphared.com Sun Jan 20 00:43:24 2008 From: mack at exchange.alphared.com (mack) Date: Sat, 19 Jan 2008 23:43:24 -0600 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29 In-Reply-To: References: Message-ID: <859D2283FD04CA44986CC058E06598F8551200AF90@exchange4.exchange.alphared.local> I am not certain this policy is necessary. Expanding SWIP by a factor of 8 may put an undue burden on the infrastructure. SWIP for blocks smaller than /29 moves the burden of maintenance to ARIN. Although I agree with the objection that RWHOIS is ancient, until someone develops something better we are going to see increasing use. The RWHOIS distributed model seems better suited for long term use than SWIPs centralized model. Particularly as the amount of data expands to 3 billion+ records. RWHOIS and the table format already provide the capability to display blocks smaller than a /29. I don't have evidence but I believe ARIN staff already take RWHOIS into account if blocks smaller than /29 are displayed. This proposal could be considerably simplified by only retaining the following modification: > 4.2.3.7.5.) Accounting for additional utilization > > " > The following format should be used to provide the required information > for utilization of blocks smaller than /29 and for describing internal > networks: > " > > Replace with > > " > The following format should be used to provide the required information > for utilization of blocks smaller than /29 and for describing internal > networks when either SWIP or RWHOIS server is not used: > " This implies ARIN will accept SWIP of blocks smaller than /29 and get data from either SWIP or RWHOIS before requiring the tabular format. Or the alternative format proposed, which is neutral on method: > 4.2.3.7.5.) Accounting for additional utilization > > " > The following format should be used to provide the required information > for utilization of blocks smaller than /29 and for describing internal > networks: > " > > Replace with > > " > For blocks smaller than /29 and for internal space, ISPs must provide > utilization data via one of the following methods: SWIP, RWHOIS server, > or the following table format: > " For the record I think ARIN should accept data in the three formats provided but SWIP does not seem scalable into the future. -- LR Mack McBride Network Administrator Alpha Red, Inc. From jmaimon at chl.com Mon Jan 21 10:30:20 2008 From: jmaimon at chl.com (Joe Maimon) Date: Mon, 21 Jan 2008 10:30:20 -0500 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29 In-Reply-To: <859D2283FD04CA44986CC058E06598F8551200AF90@exchange4.exchange.alphared.local> References: <859D2283FD04CA44986CC058E06598F8551200AF90@exchange4.exchange.alphared.local> Message-ID: <4794BA8C.9010906@chl.com> Hey Mack, mack wrote: > I am not certain this policy is necessary. Expanding SWIP by a factor of 8 > may put an undue burden on the infrastructure. Whether the policy is neccessary and whether infrastructure can support potential larger demand are seperate questions. I believe the policy change is beneficial. In the hard to credit scenario where every single /29 SWIP record turned into 2 /30 or 4 /32's, that could be taken as ample evidence that the policy change was very much required, based on subsequent usage demands. Resource limits, should that be a concern, could also be better handled by imposing a cap of SWIP records per allocation. In any event, I view it as extremely unlikely to occur. At some point (usually well before an organization would want to manage thousands of SWIP records through ARIN) rwhois would be the natural choice. > > SWIP for blocks smaller than /29 moves the burden of maintenance to ARIN. I dont see how they would view it much differently than an organization that just never did any assignations smaller than /29. I suspect that ARIN would actually find it much easier to process justification where ALL data was in one place, be it SWIP or RWHOIS, than a combination of either plus tables. > > Although I agree with the objection that RWHOIS is ancient, until someone > develops something better we are going to see increasing use. The RWHOIS > distributed model seems better suited for long term use than SWIPs centralized > model. Particularly as the amount of data expands to 3 billion+ records. The hosts file is also ancient. Yet all systems ship with it. Age is not in and of itself an issue. A centralized SWIP can be depoyed in a decentralized manner internaly. Are there any statistics as to actual records in ARIN SWIP and how many they could expect to reasonably support? In any event, it is highly unlikely that allowing the smaller records would equate into the expansion you are contemplating. /29 records wont immediately be turned into 4 /32 records. The real performance question is likely the time taken to arrive at no match for queries. /32 as opposed to /29 could increase that time depending on implementation. > > RWHOIS and the table format already provide the capability to display blocks > smaller than a /29. And that SWIP doesnt, should either be justified by resource constraints or rectified. > > I don't have evidence but I believe ARIN staff already take RWHOIS into > account if blocks smaller than /29 are displayed. Either RWHOIS is used for an allocation or it is not. If seperately sub /29 allocations are listed, ARIN calls for the table format to be used. I suppose ARIN will consider whatever data you supply. > > This proposal could be considerably simplified by only retaining the following > modification: > > >>4.2.3.7.5.) Accounting for additional utilization >> >>" >>The following format should be used to provide the required information >>for utilization of blocks smaller than /29 and for describing internal >>networks: >>" >> >>Replace with >> >>" >>The following format should be used to provide the required information >>for utilization of blocks smaller than /29 and for describing internal >>networks when either SWIP or RWHOIS server is not used: >>" > > > This implies ARIN will accept SWIP of blocks smaller than /29 and get data > from either SWIP or RWHOIS before requiring the tabular format. > > Or the alternative format proposed, which is neutral on method: > > >>4.2.3.7.5.) Accounting for additional utilization >> >>" >>The following format should be used to provide the required information >>for utilization of blocks smaller than /29 and for describing internal >>networks: >>" >> >>Replace with >> >>" >>For blocks smaller than /29 and for internal space, ISPs must provide >>utilization data via one of the following methods: SWIP, RWHOIS server, >>or the following table format: >>" > The semantics are secondary to the objective in this instance. > > For the record I think ARIN should accept data in the three formats > provided but SWIP does not seem scalable into the future. I suspect that SWIP is as scalable as RWHOIS, since under the hood they can be implemented the same way. Joe > > -- > LR Mack McBride > Network Administrator > Alpha Red, Inc. From heather.skanks at gmail.com Tue Jan 22 12:50:39 2008 From: heather.skanks at gmail.com (heather skanks) Date: Tue, 22 Jan 2008 12:50:39 -0500 Subject: [ppml] News Article on IP addresses as personal data, according to EU privacy group Message-ID: <616812070801220950o4d5dc903x85943f6477d4caf8@mail.gmail.com> "By Aoife White Associated Press Tuesday, January 22, 2008; Page D01 BRUSSELS -- IP addresses, strings of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday." Full article at: http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012101340.html --Heather -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedm at ipinc.net Tue Jan 22 13:07:54 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 22 Jan 2008 10:07:54 -0800 Subject: [ppml] News Article on IP addresses as personal data, according to EU privacy group In-Reply-To: <616812070801220950o4d5dc903x85943f6477d4caf8@mail.gmail.com> Message-ID: In the context of search engines, which is a completely different issue than what we are talking about here. Bzzzt - thank you, play again. The reason that this is an issue with search engines is that it ties a name to what they are searching for. It is the same issue as if the public library were to record a history of all books that you checked out and associate it with your library card number, which was then tied to your phone number, and then sold the information to the highest bidder - as Google currently does. But nobody is out there arguing that all telephone numbers should be regarded as private information. I think you need to re-read the article. You might also consider that this guy they are quoting is Germany's data-protection comissioner, and that Germany does not have the same Bill of Rights that guarentees free speech as the US. In Germany you are not allowed to say and publish what you please, as you are in the US. The German government is used to censorship and keeping secrets, and it's understandable that they don't like it when Google tries shining the light of publicity on things. Note this isn't an argument in favor of Google's position. It's an attempt to get you to take into account regional predjustices before you go throwing around articles with no contextual highlighting. In short, this article isn't authoratative by any means. Ted -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of heather skanks Sent: Tuesday, January 22, 2008 9:51 AM To: ppml at arin.net Subject: [ppml] News Article on IP addresses as personal data,according to EU privacy group "By Aoife White Associated Press Tuesday, January 22, 2008; Page D01 BRUSSELS -- IP addresses, strings of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday." Full article at: http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012101340.html --Heather -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at arin.net Tue Jan 22 13:42:45 2008 From: info at arin.net (Member Services) Date: Tue, 22 Jan 2008 13:42:45 -0500 Subject: [ppml] Policy Proposal 2007-24: IPv6 Assignment Guidelines - Withdrawn by author Message-ID: <47963925.4080705@arin.net> Policy Proposal 2007-24 IPv6 Assignment Guidelines The author withdrew their proposal. The proposal is closed. The policy proposal text is provided below and is also available at: http://www.arin.net/policy/proposals/2007_24.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Proposal 2007-24 IPv6 Assignment Guidelines Author: Leo Bicknell and Ed Lewis Proposal type: new Policy term: permanent Policy statement: Delete the text in 6.5.4.2 and Replace the text in section 6.5.4.1 with the following text: Assignments by LIRs /48 or smaller will not be reviewed by ARIN. Assignments greater than /48 will be reviewed to see if the additional space is warranted according to the 0.94 HD ratio policy. If the space is not warranted, ARIN will consider the excess space to be available for a different assignment, lowering the overall utilization score of the LIR. Rationale: The existing section 6.5.4.1 does not provide clear guidance on how ARIN should treat prefixes allocated to a site should an ISP come back for additional space in the future. This makes it difficult for LIR's to know if they are allocating in accordance with the rules under which they will be judged in the future. The existing section also provides no guidence on what the LIR or ARIN should do in the case a larger prefix is necessary. Timetable for implementation: immediate From michael.dillon at bt.com Tue Jan 22 14:35:15 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 22 Jan 2008 19:35:15 -0000 Subject: [ppml] News Article on IP addresses as personal data, according to EU privacy group In-Reply-To: <616812070801220950o4d5dc903x85943f6477d4caf8@mail.gmail.com> References: <616812070801220950o4d5dc903x85943f6477d4caf8@mail.gmail.com> Message-ID: > BRUSSELS -- IP addresses, strings of numbers that identify > computers on the Internet, should generally be regarded as > personal information, the head of the European Union's group > of data privacy regulators said Monday." For some background read Example #15 in this document: Peter Scharr is the Chairman of the group which produced this document. The full program of the hearing is here: There is no transcript of the meeting and no submission from Peter Scharr or the German data protection agency so I assume that the reported comments came during some discussion of Google's submission which is here: --Michael Dillon From info at arin.net Wed Jan 23 12:31:23 2008 From: info at arin.net (Member Services) Date: Wed, 23 Jan 2008 12:31:23 -0500 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29 assignments In-Reply-To: <479109F7.3000308@arin.net> References: <479109F7.3000308@arin.net> Message-ID: <479779EB.6030708@arin.net> > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. The shepherds from the ARIN Advisory Council for this proposal are Owen DeLong and Bill Darte. Regards, Member Services American Registry for Internet Numbers (ARIN) Member Services wrote: > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as written. If the AC accepts the proposal, > it will be posted as a formal policy proposal to PPML and it will be > presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the author. The AC > will work with the author to clarify, combine or divide the proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept the proposal, > the AC will explain their decision via the PPML. If a proposal is not > accepted, then the author may elect to use the petition process to > advance their proposal. If the author elects not to petition or the > petition fails, then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: SWIP support for smaller than /29 assignments > > Author: Joe Maimon > > Proposal Version: 1 > > Submission Date: Jan 16, 2008 > > Proposal type: modify > > Policy term: permanent > > Policy statement: > > 4.2.2.1.2.) > > " > ISPs must provide reassignment information on the entire previously > allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. > For blocks smaller > > than /29 and for internal space, ISPs should provide utilization data > using the table format described in Section 4.2.3.7.5. > " > > Replace with > > " > ISPs must provide reassignment information on the entire previously > allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. > For blocks smaller > > than /29 and for internal space, ISPs should provide utilization data > either via SWIP or RWHOIS server or by using the table format described > in Section 4.2.3.7.5. > " > > 4.2.2.2.1.) > > " > Utilization for blocks smaller than /29 can be documented using the > format described in Section 4.2.3.7.5. > " > > Replace with > > " > Utilization for blocks smaller than /29 can be documented via SWIP or > RWHOIS server or by using the format described in Section 4.2.3.7.5. > " > > 4.2.3.7.2.) > > " > For blocks smaller than /29 and for internal space, ISPs should provide > utilization data using the format described in Section 4.2.3.7.5. > " > > Replace with > > " > For blocks smaller than /29 and for internal space, ISPs should provide > utilization data via SWIP or RWHOIS server or by using the format > described in Section 4.2.3.7.5. > " > > 4.2.3.7.5.) Accounting for additional utilization > > " > The following format should be used to provide the required information > for utilization of blocks smaller than /29 and for describing internal > networks: > " > > Replace with > > " > The following format should be used to provide the required information > for utilization of blocks smaller than /29 and for describing internal > networks when either SWIP or RWHOIS server is not used: > " > > Rationale: > > With increasing frequency of smaller than /29 assignements to customers, > the ability for ISP's to utilize SWIP or RWHOIS as a single > comprehensive source of their utilization data should be supported. To > implement this policy change, ARIN SWIP would need to no longer reject > SWIP templates smaller then /29. > > Timetable for implementation: Immediate > > From jmaimon at chl.com Wed Jan 23 21:33:47 2008 From: jmaimon at chl.com (Joe Maimon) Date: Wed, 23 Jan 2008 21:33:47 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: <1c16a4870801081359m5b12819ak55dad7f5b28bce7@mail.gmail.com> References: <4780F26B.3000104@chl.com> <20080108031404.GA52362@ussenterprise.ufp.org> <1c16a4870801081359m5b12819ak55dad7f5b28bce7@mail.gmail.com> Message-ID: <4797F90B.3020204@chl.com> Stacy Taylor wrote: > Hi Everyone, > So, Joe - did you want to change it so that /28 and shorter prefix > lengths should be swipped, and that the /29s are trivial? What is it > you'd like us to look at? > Thanks, > Stacy Taylor > I was suggesting that SWIP of /32 - /30 be allowed, but optional. Currently they are neither allowed nor required. From jmaimon at chl.com Wed Jan 23 21:34:21 2008 From: jmaimon at chl.com (Joe Maimon) Date: Wed, 23 Jan 2008 21:34:21 -0500 Subject: [ppml] /29 limit for ARIN SWIP whois In-Reply-To: References: <893076a660f66ef5769235fdf5e693a9478637ec@jcc.com> Message-ID: <4797F92D.2020107@chl.com> If the proposal was to remove or change the bit limits for SWIP, without changing any of the current requirements, yes. In fact I was considering trying my hand at drafting such myself. Divins, David wrote: > Would you support a proposal to change current ARIN SWIP policy (in > general)? > > If more than the 4 or 5 that have shown support chime in, I may draft a > proposal. > > -dsd > > David Divins > Principal Engineer > ServerVault Corp. > (703) 652-5955 > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Keith W. Hare > Sent: Thursday, January 10, 2008 10:21 AM > To: ppml at arin.net > Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois > > After all this discussion and hyperbole, is there an actual proposal to > change the current ARIN SWIP whois policy? > > Keith > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if > you experience any issues. > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > > From jmaimon at chl.com Wed Jan 23 21:34:38 2008 From: jmaimon at chl.com (Joe Maimon) Date: Wed, 23 Jan 2008 21:34:38 -0500 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29assignments In-Reply-To: <068d01c85a15$586905f0$8119fea9@affinityhq.com> References: <479109F7.3000308@arin.net> <068d01c85a15$586905f0$8119fea9@affinityhq.com> Message-ID: <4797F93E.5020908@chl.com> Thanks for your support. It was not my intention to prefer one over the other, simply to make it optional where as now it is not allowed. Joe Chris Ranch wrote: > Hello, > > I agree with the proposal to get ARIN's whois to no longer reject SWIPs with > /30's or smaller blocks. > > However, I would like the changed wording regarding tightened up a little. > I would like this use of SWIP or RWHOIS over submitting in table form to be > completely optional, not recommended as 'should' implies. For example: > > "For blocks smaller than /29 and for internal space, ISPs must provide > utilization data > via one of the following methods: SWIP, RWHOIS server, or by using the table > format > described in Section 4.2.3.7.5." > > $0.02. > > Chris > > >>-----Original Message----- >>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On >>Behalf Of Member Services >>Sent: Friday, January 18, 2008 12:20 PM >>To: ppml at arin.net; rss feed >>Subject: [ppml] Policy Proposal: SWIP support for smaller >>than /29assignments >> >>ARIN received the following policy proposal. In accordance >>with the ARIN >>Internet Resource Policy Evaluation Process, the proposal is being >>posted to the ARIN Public Policy Mailing List (PPML) and >>being placed on >>ARIN's website. >> >>The ARIN Advisory Council (AC) will review this proposal at their next >>regularly scheduled meeting. The AC may decide to: >> >> 1. Accept the proposal as written. If the AC accepts the >>proposal, >>it will be posted as a formal policy proposal to PPML and it will be >>presented at a Public Policy Meeting. >> >> 2. Postpone their decision regarding the proposal until the next >>regularly scheduled AC meeting in order to work with the >>author. The AC >>will work with the author to clarify, combine or divide the >>proposal. At >>their following meeting the AC will accept or not accept the proposal. >> >> 3. Not accept the proposal. If the AC does not accept >>the proposal, >>the AC will explain their decision via the PPML. If a proposal is not >>accepted, then the author may elect to use the petition process to >>advance their proposal. If the author elects not to petition or the >>petition fails, then the proposal will be closed. >> >>The AC will assign shepherds in the near future. ARIN will provide the >>names of the shepherds to the community via the PPML. >> >>In the meantime, the AC invites everyone to comment on this >>proposal on >>the PPML, particularly their support or non-support and the reasoning >>behind their opinion. Such participation contributes to a thorough >>vetting and provides important guidance to the AC in their >>deliberations. >> >>The ARIN Internet Resource Policy Evaluation Process can be found at: >>http://www.arin.net/policy/irpep.html >> >>Mailing list subscription information can be found at: >>http://www.arin.net/mailing_lists/ >> >>Regards, >> >>Member Services >>American Registry for Internet Numbers (ARIN) >> >> >>## * ## >> >> >>Policy Proposal Name: SWIP support for smaller than /29 assignments >> >>Author: Joe Maimon >> >>Proposal Version: 1 >> >>Submission Date: Jan 16, 2008 >> >>Proposal type: modify >> >>Policy term: permanent >> >>Policy statement: >> >>4.2.2.1.2.) >> >>" >>ISPs must provide reassignment information on the entire previously >>allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. >>For blocks smaller >> >>than /29 and for internal space, ISPs should provide utilization data >>using the table format described in Section 4.2.3.7.5. >>" >> >>Replace with >> >>" >>ISPs must provide reassignment information on the entire previously >>allocated block(s) via SWIP or RWHOIS server for /29 or larger blocks. >>For blocks smaller >> >>than /29 and for internal space, ISPs should provide utilization data >>either via SWIP or RWHOIS server or by using the table format >>described >>in Section 4.2.3.7.5. >>" >> >>4.2.2.2.1.) >> >>" >>Utilization for blocks smaller than /29 can be documented using the >>format described in Section 4.2.3.7.5. >>" >> >>Replace with >> >>" >>Utilization for blocks smaller than /29 can be documented via SWIP or >>RWHOIS server or by using the format described in Section 4.2.3.7.5. >>" >> >>4.2.3.7.2.) >> >>" >>For blocks smaller than /29 and for internal space, ISPs >>should provide >>utilization data using the format described in Section 4.2.3.7.5. >>" >> >>Replace with >> >>" >>For blocks smaller than /29 and for internal space, ISPs >>should provide >>utilization data via SWIP or RWHOIS server or by using the format >>described in Section 4.2.3.7.5. >>" >> >>4.2.3.7.5.) Accounting for additional utilization >> >>" >>The following format should be used to provide the required >>information >>for utilization of blocks smaller than /29 and for describing internal >>networks: >>" >> >>Replace with >> >>" >>The following format should be used to provide the required >>information >>for utilization of blocks smaller than /29 and for describing internal >>networks when either SWIP or RWHOIS server is not used: >>" >> >>Rationale: >> >>With increasing frequency of smaller than /29 assignements to >>customers, >>the ability for ISP's to utilize SWIP or RWHOIS as a single >>comprehensive source of their utilization data should be supported. To >>implement this policy change, ARIN SWIP would need to no longer reject >>SWIP templates smaller then /29. >> >>Timetable for implementation: Immediate >> >>_______________________________________________ >>PPML >>You are receiving this message because you are subscribed to >>the ARIN Public Policy >>Mailing List (PPML at arin.net). >>Unsubscribe or manage your mailing list subscription at: >>http://lists.arin.net/mailman/listinfo/ppml >>Please contact the ARIN Member Services Help Desk at >>info at arin.net if you experience any issues. >> > > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > > From jmaimon at chl.com Wed Jan 23 21:34:57 2008 From: jmaimon at chl.com (Joe Maimon) Date: Wed, 23 Jan 2008 21:34:57 -0500 Subject: [ppml] Policy Proposal: SWIP support for smaller than /29assignments In-Reply-To: References: <479109F7.3000308@arin.net> Message-ID: <4797F951.1090506@chl.com> Michael, Thanks for your feedback. michael.dillon at bt.com wrote: >>Rationale: >>With increasing frequency of smaller than /29 assignements to >>customers, the ability for ISP's to utilize SWIP or RWHOIS as >>a single comprehensive source of their utilization data >>should be supported. To implement this policy change, ARIN >>SWIP would need to no longer reject SWIP templates smaller then /29. > > > 1. Nothing that ARIN does or does not do has any effect on how an > ISP uses their own utilization data. ARIN serves a constituency, the proposal suggest the constituency would be better served by this change, which is likely trivial. > > 2. The WHOIS protocol, WHOIS directory, whois tool, Share WHOIS > Information Project (SWIP) and Remote WHOIS (RWHOIS) are all > ancient and amateurish pieces of work. The average college > student building an application with Django could do a far > better job at designing a whois service given the base > level of technology and training available today compared > to twenty (or more) years ago. We should be putting less into > the whois directory, not more. If they are irrelevant, then this change is even more trivial. What goes into SWIP should be another topic other than the proposal which discusses which size blocks are allowed in swip. > > 3. There has been some recent discussion about clarifying the > purpose of the whois directory and how it should be used. > It is premature to extend the use of whois until we sort > out the larger issues. If we paused everything everytime there was a discussion about something, I personally believe nothing would ever get done. > 4. Whois was created by the Defense Advanced Research Projects Agency > (DARPA) to track who was using their ARPAnet research network > so that local network managers, and the larger ARPAnet community > could justify budget funding for their work. Somewhere along > the way, the network name changed to Internet, the base protocols > to TCP/IP and the network purpose from research to everything > that human beings want to communicate about. But whois has never > been reviewed or changed much beyond adapting it to TCP/IP and > adding some referral capabilities (RWHOIS). > > Clearly there is no longer a need to count users in order to justify > Federal research funding. Outside of net folklore, there has never > been any agreement on the scope and/or purpose of the whois directory > other than in the negative, e.g. the whois directory is not a place > to harvest emails to send out advertising. > I think that whois serves a few very nice purposes. But thats off-topic to the proposal which suggests allowing those who choose to use it, to use it better. > Until we can agree on what whois is for, it is premature to extend > its use in any way. > > --Michael Dillon > _______________________________________________ > PPML > You are receiving this message because you are subscribed to the ARIN Public Policy > Mailing List (PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. > > From gih at apnic.net Wed Jan 30 22:11:18 2008 From: gih at apnic.net (Geoff Huston) Date: Thu, 31 Jan 2008 14:11:18 +1100 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulation analysis In-Reply-To: <1582DCBFF968F044A9A910C0AB177C9012FF3D@cliff.cdi.local> References: <1582DCBFF968F044A9A910C0AB177C9012FF3D@cliff.cdi.local> Message-ID: <47A13C56.70206@apnic.net> I've performed some analysis on this policy proposal, attempting to understand to what extent adoption of this proposal would materially alter the consumption of the remaining IPv4 unallocated address pool. The original model I've used here is the model documented at http://ipv4.potaroo.net. This model is based on an order 2 polynomial extrapolation of the advertised address count, As noted on that page the current projections using that model are the exhaustion of the IANA Ipv4 address pool as of 1 June 2011 and the exhaustion of the first RIR's unallocated address pool on the 8th August 2012. There are a lot of assumptions in this model, again as noted on the web page, but question of interest here is what would be these two dates if ALL the RIRs were to adopt this policy proposal. I've adopted a conservative approach to the simulation of this policy proposal, simplifying the proposal to be a utilization level of 80% for allocations until IANA reaches 25 /8s, when the utilization level is set of 85%, and resetting this to 90% when the IANA pool reaches 10 /8s. The first step has been to generate the following table, which says "what would be the net reduction in total allocated addresses if the 0.8 address utilisation factor was changed to a different factor value" Factor afrinic apnic arin lacnic ripencc 0.80 1.000 1.000 1.000 1.000 1.000 0.81 0.994 0.994 0.993 0.994 0.993 0.82 0.987 0.988 0.988 0.989 0.988 0.83 0.981 0.982 0.981 0.982 0.981 0.84 0.973 0.975 0.975 0.976 0.974 0.85 0.970 0.969 0.969 0.968 0.969 0.86 0.961 0.963 0.963 0.961 0.963 0.87 0.956 0.956 0.956 0.957 0.957 0.88 0.950 0.950 0.951 0.949 0.950 0.89 0.943 0.944 0.943 0.945 0.943 0.90 0.935 0.938 0.937 0.936 0.937 0.91 0.931 0.932 0.931 0.934 0.932 0.92 0.922 0.923 0.924 0.927 0.925 0.93 0.921 0.920 0.920 0.918 0.920 0.94 0.913 0.911 0.912 0.914 0.913 0.95 0.903 0.906 0.907 0.904 0.906 0.96 0.905 0.900 0.900 0.901 0.901 0.97 0.897 0.894 0.892 0.895 0.894 0.98 0.890 0.885 0.886 0.889 0.888 0.99 0.882 0.883 0.882 0.878 0.881 1.00 0.877 0.875 0.875 0.876 0.875 Taking the values for 0.85 and 0.90 and plugging them in to the projection model as per the policy proposal results in the following: IANA exhaustion date: 8 July 2011 (was 1 June 2011) First RIR to exhaust its unallocated address pool: 17 October 2012 (was 8 August 2012) Like all simulations there are a lot of assumptions at play here, and I've had to make a number of simplifications in modelling the policy as proposed, but I trust that this result gives the ARIN PPML folk some quantification of the impact of this proposal on the projected consumption rate of the unallocated IPv4 address pools. Thanks, Geoff Husotn APNIC From drc at virtualized.org Wed Jan 30 23:13:56 2008 From: drc at virtualized.org (David Conrad) Date: Wed, 30 Jan 2008 20:13:56 -0800 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulation analysis In-Reply-To: <47A13C56.70206@apnic.net> References: <1582DCBFF968F044A9A910C0AB177C9012FF3D@cliff.cdi.local> <47A13C56.70206@apnic.net> Message-ID: <6184CC3E-C5D6-452F-A1BC-45BF3D980885@virtualized.org> Geoff, Thanks very much! On Jan 30, 2008, at 7:11 PM, Geoff Huston wrote: > Taking the values for 0.85 and 0.90 and plugging them in to the > projection model as per the policy proposal results in the following: > > IANA exhaustion date: 8 July 2011 (was 1 June 2011) > > First RIR to exhaust its unallocated address pool: 17 October 2012 > (was > 8 August 2012) Based on your assumptions and analysis, it would seem the change in allocation criteria wouldn't have sufficient impact to make the effort worthwhile. > Like all simulations there are a lot of assumptions at play here, Indeed, and the back of the envelope results I obtained (oh so long ago) were somewhat different, but I trust your numbers more than mine (:-)). So, the question is, whether I should a) revise 2007-16 to remove the change in allocation criteria but keep the requirements for documentation of transition plans (etc.) b) abandon 2007-16 as a bad idea c) do more simulation studies to see how different the answers might be given different assumptions What do people think? Thanks, -drc From michael.dillon at bt.com Thu Jan 31 03:00:52 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 31 Jan 2008 08:00:52 -0000 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - asimulation analysis In-Reply-To: <6184CC3E-C5D6-452F-A1BC-45BF3D980885@virtualized.org> References: <1582DCBFF968F044A9A910C0AB177C9012FF3D@cliff.cdi.local><47A13C56.70206@apnic.net> <6184CC3E-C5D6-452F-A1BC-45BF3D980885@virtualized.org> Message-ID: > b) abandon 2007-16 as a bad idea I would say, abandon it. In particular, the simulations don't deal with the pent-up demand, i.e. people don't ask for IP addresses because they want some, but because they NEED some. In the face of that NEED, I expect that whatever the system, people will find the cracks in it, and the end result will be little net change in exhaustion dates. Let's face it, we've already run out of IPv4 addresses and the only thing we can do is to spend money on implementing IPv6 or spend money on stretching IPv4 with things like double NAT, mandatory NAT, etc. --Michael Dillon From BillD at cait.wustl.edu Thu Jan 31 07:38:55 2008 From: BillD at cait.wustl.edu (Bill Darte) Date: Thu, 31 Jan 2008 06:38:55 -0600 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulationanalysis References: <47A13C56.70206@apnic.net> Message-ID: Geoff, Thank you very much for the input and analysis. It seems that the IPv4 Soft Landing proposal makes little difference given your assumptions and calculations. Could you comment on what assumptions might be changed that WOULD materially alter the dates of exhaustion and why such assumptions weren't made? What I ask seems simple to me, but if the request turns out NOT to be simple or would be a tremendous amount of work, then I withdraw. Thanks again for all the work you have done for the policy process at ARIN and elsewhere! Bill Darte ARIN AC -----Original Message----- From: ppml-bounces at arin.net on behalf of Geoff Huston Sent: Wed 1/30/2008 9:11 PM To: ppml at arin.net Cc: David Conrad Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulationanalysis I've performed some analysis on this policy proposal, attempting to understand to what extent adoption of this proposal would materially alter the consumption of the remaining IPv4 unallocated address pool. The original model I've used here is the model documented at http://ipv4.potaroo.net. This model is based on an order 2 polynomial extrapolation of the advertised address count, As noted on that page the current projections using that model are the exhaustion of the IANA Ipv4 address pool as of 1 June 2011 and the exhaustion of the first RIR's unallocated address pool on the 8th August 2012. There are a lot of assumptions in this model, again as noted on the web page, but question of interest here is what would be these two dates if ALL the RIRs were to adopt this policy proposal. I've adopted a conservative approach to the simulation of this policy proposal, simplifying the proposal to be a utilization level of 80% for allocations until IANA reaches 25 /8s, when the utilization level is set of 85%, and resetting this to 90% when the IANA pool reaches 10 /8s. The first step has been to generate the following table, which says "what would be the net reduction in total allocated addresses if the 0.8 address utilisation factor was changed to a different factor value" Factor afrinic apnic arin lacnic ripencc 0.80 1.000 1.000 1.000 1.000 1.000 0.81 0.994 0.994 0.993 0.994 0.993 0.82 0.987 0.988 0.988 0.989 0.988 0.83 0.981 0.982 0.981 0.982 0.981 0.84 0.973 0.975 0.975 0.976 0.974 0.85 0.970 0.969 0.969 0.968 0.969 0.86 0.961 0.963 0.963 0.961 0.963 0.87 0.956 0.956 0.956 0.957 0.957 0.88 0.950 0.950 0.951 0.949 0.950 0.89 0.943 0.944 0.943 0.945 0.943 0.90 0.935 0.938 0.937 0.936 0.937 0.91 0.931 0.932 0.931 0.934 0.932 0.92 0.922 0.923 0.924 0.927 0.925 0.93 0.921 0.920 0.920 0.918 0.920 0.94 0.913 0.911 0.912 0.914 0.913 0.95 0.903 0.906 0.907 0.904 0.906 0.96 0.905 0.900 0.900 0.901 0.901 0.97 0.897 0.894 0.892 0.895 0.894 0.98 0.890 0.885 0.886 0.889 0.888 0.99 0.882 0.883 0.882 0.878 0.881 1.00 0.877 0.875 0.875 0.876 0.875 Taking the values for 0.85 and 0.90 and plugging them in to the projection model as per the policy proposal results in the following: IANA exhaustion date: 8 July 2011 (was 1 June 2011) First RIR to exhaust its unallocated address pool: 17 October 2012 (was 8 August 2012) Like all simulations there are a lot of assumptions at play here, and I've had to make a number of simplifications in modelling the policy as proposed, but I trust that this result gives the ARIN PPML folk some quantification of the impact of this proposal on the projected consumption rate of the unallocated IPv4 address pools. Thanks, Geoff Husotn APNIC _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From BillD at cait.wustl.edu Thu Jan 31 07:47:09 2008 From: BillD at cait.wustl.edu (Bill Darte) Date: Thu, 31 Jan 2008 06:47:09 -0600 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - asimulation analysis References: <6184CC3E-C5D6-452F-A1BC-45BF3D980885@virtualized.org> Message-ID: a) revise 2007-16 to remove the change in allocation criteria but keep the requirements for documentation of transition plans (etc.) ------ I (personally) do not believe that it is within the scope of ARIN's mission to create policy that mandates IPv6 as a business practice in order to receive a requested resource (IPv4), when that resource is available. b) abandon 2007-16 as a bad idea c) do more simulation studies to see how different the answers might be given different assumptions ------ It would be easy for me to support this option given that I do not have the capability to do the work, but would be interested in the underlying assumptions that make a material impact..and their practicality. ------ Bill Darte What do people think? Thanks, -drc _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (PPML at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gih at apnic.net Thu Jan 31 18:22:33 2008 From: gih at apnic.net (Geoff Huston) Date: Fri, 01 Feb 2008 10:22:33 +1100 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulationanalysis In-Reply-To: References: <47A13C56.70206@apnic.net> Message-ID: <47A25839.1080804@apnic.net> Bill Darte wrote: > Geoff, > > Thank you very much for the input and analysis. > > It seems that the IPv4 Soft Landing proposal makes little difference given your assumptions and calculations. > > Could you comment on what assumptions might be changed that WOULD materially alter the dates of exhaustion and why such assumptions weren't made? > > What I ask seems simple to me, but if the request turns out NOT to be simple or would be a tremendous amount of work, then I withdraw. > > Thanks again for all the work you have done for the policy process at ARIN and elsewhere! > > Bill Darte > ARIN AC The key assumptions I've made are: 1. For requests for additional IPv4 address space the requestor has fully utilized their existing holdings at the point of the additional allocation of address space. 2. The distribution of new requestors who are requesting initial allocations and requestors wishing a further allocation are largely unchanged from that of the average of the past three years 3. That the demand model is uniformly spread across the year. 4. That the distribution of size of address requests is unchanged from that of the average of the past three years. 5. That the unadvertised pool of addresses has the same factors acting on it that have been visible in the past 3 years - i.e. no change in policies here. About the only assumption I know that is demonstrably false is 3. and the demand model is not at all uniform, and in looking over the data I suspect that the 3 year baseline I'm using is too short, and a 5 or 6 year baseline for the projection model might provide a better trend for projection. If you look at Figure 27f of http://ipv4.potaroo.net the post 2000 total demand model of RIR allocations shows a 7 year trend of growing by around 1.2 /8s per year, from 3 /8's per year in 2000 to 12 /8s per year by the end of 2007. Even using a linear projection this gives us around 3 years before the remaining 42 /8s are exhausted. Now this is predicated on the assumption that we over-service the demand model, and for each deployed address there is a oversupply factor of a further .25 of an address (the 80% rule). Now David's proposal wants to progressively drop this oversupply factor to 0.18 (85%) and then to 0.11 (90%). But this is not a uniform distribution. The matching of a end user population to an allocated prefix essentially quantises the population using a logarithmic division. i.e. if the range of end user populations for each allocation are distribution between 100 (/24) and 1.3M (/8) then a /8 covers the largest half of the populations, a /9 the next quarter, a /10 the next eighth, and so on. So if you change the oversupply factor in this linear fashion this does not directly correlate to a reduction in total address demand by a comparable amount because of the logarithmic nature of the quantisation of demands into powers of 2 to form an address prefix. So I'm not sure that these efforts to change the 80% utilization factor in IPv4 have any significant impact ("significant" in terms of altering the address consumption rate by 20% or more). On the other hand the short term indicators are also important, and over the past 6 months the total RIR allocation rate has dropped from an equivalent rate of some 14 /8s per year to the current allocation rate of 7 /8s per year. This is strongly evident in APNIC, RIPE NCC and LACNIC where the most recent allocation rate is half that of the rate earlier in 2007. While its pretty clear from the graphs that these variations in the rate have been present in the past, the periodicity is not clearly aligned to an annual cycle, so the drivers that cause surges in demand for addresses from regional groups are not solely based on annual business cycles. Beyond that observation I'm not sure where this line of thought leads in terms of being able to add this factor into the address consumption model that I use, nor am I confident that even adding this additional volatility in demand into the model would materially alter the outcomes given that below the volatility is a multi-year long steady growth in demand that is evident in all 5 RIRs. So, in conclusion, I'm not sure that I could offer you a variation of assumptions in this model that would have a major impact on the cumulative address consumption projections. regards, Geoff From drc at virtualized.org Thu Jan 31 20:21:03 2008 From: drc at virtualized.org (David Conrad) Date: Thu, 31 Jan 2008 17:21:03 -0800 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulationanalysis In-Reply-To: <47A25839.1080804@apnic.net> References: <47A13C56.70206@apnic.net> <47A25839.1080804@apnic.net> Message-ID: <1860D572-D23D-4507-8539-286ABE7FDA6A@virtualized.org> Geoff, On Jan 31, 2008, at 3:22 PM, Geoff Huston wrote: > The key assumptions I've made are: > > 1. For requests for additional IPv4 address space the requestor has > fully utilized their existing holdings at the point of the additional > allocation of address space. > > 2. The distribution of new requestors who are requesting initial > allocations and requestors wishing a further allocation are largely > unchanged from that of the average of the past three years > > 3. That the demand model is uniformly spread across the year. > > 4. That the distribution of size of address requests is unchanged from > that of the average of the past three years. > > 5. That the unadvertised pool of addresses has the same factors acting > on it that have been visible in the past 3 years - i.e. no change in > policies here. Would you agree that an additional assumption you make is: 6. Address utilization efficiency is unchanged. Implicit in Soft Landing is the assumption that there is non-trivial inefficiency in the use of allocated address space, e.g., use of public address space for infrastructure that could be numbered with private space, fixed size assignments to customers based on pricing tiers, unused but unrecovered assignments, etc. The point of Soft Landing was to gradually and (somewhat) predictably increase the administrative costs of obtaining additional IPv4 address space as a means to encourage greater IPv4 utilization efficiency and/ or migration to IPv6. If you make the assumption that the staged increases in administrative costs would have the desired effect, all bets would be off (and thus, doing models becomes a bit challenging since the increase in efficiency is not objectively derivable). The alternative, of course, is for the increase in costs for obtaining additional IPv4 address space to go unpredictable all at once. One day, you can get IPv4 space the way you used to, the next day, you're thrown to the vagaries of "the trading floor" (since we can't call it "a market" :-)). To be very clear, the end point is the same whether or not something like Soft Landing is approved: unpredictable costs to obtain IPv4 addresses and increased efficiency in its use. The question is "how do we want to get there?" In any event, at this stage, I'm leaning towards abandoning Soft Landing unless someone wants to make the case that it is worthwhile continuing to pursue it... Regards, -drc From gih at apnic.net Thu Jan 31 23:42:40 2008 From: gih at apnic.net (Geoff Huston) Date: Fri, 01 Feb 2008 15:42:40 +1100 Subject: [ppml] Policy Proposal 2007-16: Ipv4 Soft Landing - a simulationanalysis In-Reply-To: <1860D572-D23D-4507-8539-286ABE7FDA6A@virtualized.org> References: <47A13C56.70206@apnic.net> <47A25839.1080804@apnic.net> <1860D572-D23D-4507-8539-286ABE7FDA6A@virtualized.org> Message-ID: <47A2A340.4000201@apnic.net> David Conrad wrote: > Geoff, > > On Jan 31, 2008, at 3:22 PM, Geoff Huston wrote: >> The key assumptions I've made are: >> >> 1. For requests for additional IPv4 address space the requestor has >> fully utilized their existing holdings at the point of the additional >> allocation of address space. >> >> 2. The distribution of new requestors who are requesting initial >> allocations and requestors wishing a further allocation are largely >> unchanged from that of the average of the past three years >> >> 3. That the demand model is uniformly spread across the year. >> >> 4. That the distribution of size of address requests is unchanged from >> that of the average of the past three years. >> >> 5. That the unadvertised pool of addresses has the same factors acting >> on it that have been visible in the past 3 years - i.e. no change in >> policies here. > > Would you agree that an additional assumption you make is: > > 6. Address utilization efficiency is unchanged. > > Implicit in Soft Landing is the assumption that there is non-trivial > inefficiency in the use of allocated address space, e.g., use of public > address space for infrastructure that could be numbered with private > space, fixed size assignments to customers based on pricing tiers, > unused but unrecovered assignments, etc. I had wrapped this up in assumption 1. but its a valid point. The problem with this particular assumption is that there is no clear data at hand to determine the extent of this potentially recyclable address pool and the nature of the barriers the prevent its use under the current policy regime. If this is a critical component of your policy proposal in terms of the impact of this policy on projected IP address consumption rates, then there is a significant problem here in attempting to quantify the potential outcomes of adopting the policy due to a lack of coherent and reliable data here. We could all make guesses I suppose, but without any solid foundation then frankly one guess is probably as good as any other as to how the policy would impact the address consumption trend data. regards, Geoff