[arin-ppml] Customer Confidentially and IPv6

Leo Bicknell bicknell at ufp.org
Fri Jan 29 14:38:38 EST 2010 

In a message written on Fri, Jan 29, 2010 at 11:04:47AM -0800, Owen DeLong wrote:
>    Actually, as I interpret the NRPM, they would be required to put the
>    covering prefix of the DHCP pool into SWIP as a DHCP Pool, but,
>    there is no need for the DHCP daemon to update SWIPS.
>    If that isn't the case, you are correct that that area of policy needs
>    work.

Based on what is said in sections 6.5.4.4 and 6.5.5 I don't share
your view.  It seems to me the manual is clear, if an ISP assigns
a /48 to someone then it must be registered via SWIP, with the
possible caveat of 6.5.5.1 which allows for the customer name to
be replaced with "Private Customer".

I don't see anything that would make this not true if the assignment
was done via DHCP-PD.

>    However, for static persistent assignments of /56s or shorter prefixes
>    to customers, I think it is perfectly reasonable to require SWIP just
>    as we require it for /29 and shorter today. I do not see a need to
>    expand customer anonymity beyond the current residential
>    requirement.

Let me assume your previous interpretation is right.  A /48 assigned
via DHCP-PD to a cable modem customer (as an example) is not required
to have a SWIP entry.  However, a /48 assigned statically is required
to have a SWIP entry.

How does that make any sense?  What if I make the DHCP-PD "static",
e.g.  enter the MAC and prefix in the DHCP server, so the client
always gets the same range.  Does it now qualify for a SWIP entry?

In IPv4, it's highly likely that a megacorp (GM?) will have something
larger than a /29, and have a SWIP entry.  It's also highly likely
that a person (residental customer) will have something smaller
than a /29, and thus not be SWIPed.  As IPv4 scarecity continues,
this is likely to be more true.

In IPv6 that's not so.  The megacorp can likely live in a /48.  A
residential customer is just as likely to get the same /48.  The
old probabilities don't apply anymore.

In case my position, in both IPv4 and IPv6 was not clear, I believe
several things:

* No residential customer should ever have their personal information in
  WHOIS for any reason.

* Contact information in whois should lead to the entity /most likely to
  help/.  I am extremely skeptical that putting folks as wide ranging as
  Grandma to many small businesses is going to lead to that result, I
  think in almost all cases their upstream ISP is a better place to go.

* ARIN should devise policies and procedures such that it requires the 
  minimum level of effort for an ISP to comply.

Rather than have millions of /29 records in the database, I'd rather see
records like:

NetRange:    10.15.0.0 - 10.15.31.255
CIDR:        10.15.0.0/11
NetName:     CableFOO-Chicago-12
Comment:     Statically assigned residential cable modem customers in 
             the Chicago area.
Usage:       212,453 subnets of 262144 in use on 2009-01-29.

OrgAbuseHandle: CableFOO-ABUSE-ARIN
OrgAbuseName:   CableFOO Inc Abuse Department
OrgAbusePhone:  +1 800 4BOTNET
OrgAbuseEmail:  abuse-chiago at cablefoo.com

Where the usage data was updated on some periodic interval, perhaps say
quarterly.

It protects peoples privacy, provides usage information ARIN needs and
makes it visable to the community, directs people to contact information
that is likely to get someone who can help, and greatly reduces the
burden on the ISP and ARIN to process tons of SWIP templates, 99% of
which just say "Private Customer" and "Private Residence" anyway.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100129/f979d8d1/attachment.sig>

More information about the ARIN-PPML mailing list