[arin-ppml] SWIPs & IPv6

Chris Engel cengel at sponsordirect.com
Fri Dec 4 12:52:36 EST 2009 

John,

I'm not saying that Joe Public doesn't need contact information for a particular address block.... they don't need to know WHO they are contacting. For the purposes of anything that would need to be handled in a timely fashion (e.g. getting flooded with packets from a misconfigured router), all they would need is the phone number and a contact e-mail for who-ever can act technicaly on that information. They don't need to know the actual IDENTITY of the sub-delegate. The only legitimate reason why THEY, not ARIN, would need to know the IDENTITY of the block holder would be the kind of stuff (lawsuits or criminal investigations) that doesn't neccesitate a timely response and which would appropriately involve the Courts anyway.

More explicitly here is what WHOIS asks you to provide......

Block-Holder
org:     (required)
street:     (required)
city:     (only optional for non-US)
state:     (only optional for non-US)
zipcode:     (only optional for non-US)
cntry:     (required)
maint:     (required)

Technical Contact
nichandl:     (optional, if a user handle is not currently assigned; required if assigned)
lname:     (required)
fname:     (required)
mname:     (optional)
org:     (required)
street:     (required)
city:     (only optional for non-US)
state:     (only optional for non-US)
zipcode:     (only optional for non-US)
cntry:     (required)
phne:     (required)
mbox:     (optional)


Here is what Joe Public ACTUALY needs to know in order to deal with any of the issues you mentioned....

Technical Contact Phone #:
Technical Contact E-mail:




Hopefully the difference is blatantly obvious. Furthermore for alot of sub-delegates (particularly under IPv6) it would actually make more sense to list their ISP's NOC under the Technical Contact info. Most small enterprises (and certainly private individuals) DON'T have NOC's and DON'T have 24/7 staffing.  So what are you going to do if the problem you need resolved is happening at 2:00 AM on Saturday???  Do you expect people to list thier private cell phone #'s on a publicly accessable WHOIS lookup? Are you going to require anyone that has a sub assignment of more then 8 static IP's to have 24/7 coverage themselves?? (Even under IPv6).

I believe people need to think this through a little bit more. Most organizations and individuals who contract for an assignment of an IP address block through an ISP aren't going to have much problem with the ISP having thier contact info... including even after hours/emergency contact info. They know who thier ISP is and they know how the ISP will be using that info.... but to have that info published publicly for anyone to look up for any purposes.... alot of people are going to be hesitant about that.

Your best bet for getting people to voluntarly comply is to assure them that any information they provide will only be divulged on a need to know basis and only then only the minimum information neccesary for the task. Let them use thier ISP's or other trusted agents as Gatekeepers for thier info where appropriate.




Christopher Engel

-----Original Message-----
From: John Curran [mailto:jcurran at arin.net]
Sent: Thursday, December 03, 2009 9:42 PM
To: Chris Engel
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] SWIPs & IPv6



On Dec 3, 2009, at 3:13 PM, Chris Engel wrote:
> ...
> You, as Joe Public, really don't need to know WHO holds a particular
> address block....you just need to know what that address block is and
> how to go about reporting problems caused by it. You don't really need
> to know who that entity is to accomplish that...just where to report
> the issue. The point where you would need to know the actual identity
> of the block holder is likely the point at which law enforcment or the
> courts should be getting involved anyway.

Chris - There's several reasons that have been cited in the past for having to know the holder of a block, and while that includes the law enforcement angle, there's also abuse & copyright mitigation, operational attack response, and end-to-end network problem diagnosis.  I haven't been running a network personally in a few years, so I don't know the extent to which these are still valid but mention them for consideration.

Also, it's important to note that it is not going to be one contact that you need, as address allocation is hierarchical in nature.  So, if network contacts aren't publicly visible, what we're really saying that you get the contact for the master block, and ask them for the contact for their sub-delegation, then contact that entity to repeat as necessary until you get the contact for the end-user assignment.  This could indeed could be workable, but that likely depends on the timeliness that is needed in response.

Interesting issues to consider,
/John

John Curran
President and CEO
ARIN

More information about the ARIN-PPML mailing list