ARIN-PPML Message

[arin-ppml] SWIPs & IPv6

michael.dillon at bt.com wrote:
>> As I stated, the residential privacy concerns expressed by 
>> other posters, including Michael Dillon, are bogus because 
>> the current policy allows the data for those resource holders 
>> to be sufficiently obscured as to protect them.
> 
> "Allows for" is not good enough. The policy needs to make it
> mandatory that useless contact data MUST NOT be published in
> the ARIN whois database.

It already is, Michael.  The RSA that anyone getting numbering
signs has a requirement that WHOIS data be accurate.  The
definition of the technical POC is that of the go-to guy for
when there are problems.  Thus, if an address assignor publishes
useless data in the POC then they are in violation of the RSA.

> If there is not a 24/7 network 
> operations NOC at the other end of the contact info, then
> it MUST NOT be in the whois directory, period!
> 

That is ridiculous.  I very much doubt that the majority of assignors 
have a NOC that's staffed 24x7 by the people who can take care of this 
stuff.  To give you a real-life example, our largest feed is TW Telecom. 
  They have an 800 number in Denver that is staffed 24x7.  But I have 
called it a few times late at night to complain about spamming in
progress that originates from IP numbers of one of their other customers 
who is forging one of our customer e-mail addresses (thus our customer's
mailbox is getting stuffed with backscatter) and I get the old bullcrap 
of "we'll take a trouble ticket but the guy that handles this won't be 
in until Monday morning"

Your diluting your point with this 24x7 stuff.

>> Further, most of the other concerns expressed are trivially 
>> addressed as I suggested below, by the organization in 
>> question getting a legitimate registered fictitious name or 
>> creating a corporation and using a mail receiving service for 
>> their address to do business with ARIN.
>>
>> Sure, there are costs associated with this, just as there is 
>> a fee for having your POTS telephone number unlisted.  This 
>> allows resource holders to decide how much their privacy is 
>> worth to them.  I would think you would be the last person to 
>> have a problem with such a mechanism.
> 
> I don't think that you really understand who these
> organizations in question really are. Imagine an
> ISP that runs a data centre. They sell colocated
> servers. ACME Inc. buys a bunch of them, and gets
> a consultant to rig them up with Virtuozzo so that
> they can sell VPS servers. Widjits Inc, then rents
> a VPS and gets a consultant to set up a control panel
> package. Thingamajig Design Inc, then rents a web
> server package bundled with 10 domains. They then
> sell a web site design service to Gewgaws Inc. on
> one of those domains. The website that is supplied
> is for a shopping cart e-store. Gewgaws Inc. then
> offers a service to all and sundry whereby they
> can offer their miscellaneous overstock goods for
> sale on the e-store and Gewgaws will also run an
> Ebay auction for the items if desired. Now one
> of Gewgaws customers has recently had some products
> rejected by Ebay so they take their products to
> Gewgaws, for listing just on Gewgaws shop and
> start a SPAM campaign to drive business to them.
> 
> You would really like to contact Gewgaws to take
> these pirate DVDs off their site but the problem
> is that there is nobody technical at Gewgaws, in
> fact the two owners are the only people there,
> and they spend most of their time in their 
> high-school classes and after-school basketball.
> Thingamajig also has nobody there except the 
> college student who works weekends on designing
> websites. Widjits Inc. is another one-man band
> who works evenings at Macdonalds. Now ACME does
> have a technical guy working there, but he won't
> do anything without orders from his boss because
> it is his first job after graduating from journalism
> school.
> 
> Now tell me, what is wrong with keeping all of
> these organizatons out of the whois directory
> except for the ISP who got the allocation from
> ARIN. That ISP is in a better position to track
> something down this chain to the end, and if they
> can't do it by phoning/emailing, they can always 
> pull the plug. Simples!
> 

What is wrong is that the two owners of Gewgaws
who spend most of their time in their high-school
classes and after-school basketball DON'T WANT THEIR
UPSTREAMS BOTHERED BY THIS STUFF.  They WANT your complaint
to be mailed TO THEM, they don't want it languishing in
some in-box at the ISP who doesn't know who the
hell they are - why should that ISP know anyway, he
doesn't know ACME's customer list anyway.

If you mail to the basketball players and they ignore
you, then Thingamajig Design Inc. is probably the only
ones in that mass of org names who knows who they are,
and so you do the normal thing of going up the chain
to the next more responsible party which is
Thingamajig Design Inc., and you mail them.  If
Thingamajig Design Inc. is incompetent enough to think
that they can get away with ignoring you, then when you
go up the chain once more and Widjits Inc. then the
college student at Thingamajig Design Inc. will suddenly
get a real-life lesson.  As will the basketball players
who own Gewgaws

Ted