[arin-discuss] Privacy of Reassignment Information
Owen DeLong
owen at delong.com
Sat Apr 8 13:48:11 EDT 2006
Fair enough... I was responding to a thread on the discuss list.
Owen
--On April 8, 2006 1:19:48 PM -0400 Member Services <memsvcs at arin.net>
wrote:
> Owen,
>
> As this is a policy issue, please forward this discussion onto the Public
> Policy Mailing List, ppml at arin.net.
> For those of you on arin-discuss not subscribed to ppml, you can find
> subscription instructions at::
> http://www.arin.net/mailing_lists/index.html.
> PPML is open to the general public and provides a forum to raise and
> discuss policy-related ideas and issues surrounding existing and proposed
> ARIN policies.
>
> Regards,
>
> Susan Hamlin
> Director, Member Services
>
>
> Owen DeLong wrote:
>
>> Actually, no, I don't like being solicited. I'm as annoyed by SPAM as
>> anyone. Phishing is little more than SPAM in my experience, since it's
>> usually pretty easy to identify and I know better than to provide my
>> personal information to URLs that don't look right.
>>
>> Education is the answer to phishing. Hiding private information doesn't
>> actually help. The reality is that I can't recall ever receiving a
>> phishing attempt that used information from whois. The phishers
>> don't generally bother. For one thing, there isn't a high enough
>> percentage of targets with whois entries.
>>
>> My opinions on this subject have nothing to do with being affiliated or
>> not with a service provider or with the fact that I also work as a
>> consultant.
>>
>> My opinions are based exactly on the fact, as I stated, that IP addresses
>> are a resource assigned from the public trust. If you obtain the use of
>> federal land, that use permit is a matter of public record. I don't see
>> any reason IP address assignments should be treated any differently.
>> Resource allocations in the public trust should be a matter of public
>> record.
>>
>> Owen
>>
>>
>> --On April 8, 2006 10:38:19 AM -0400 Eric Kagan <ekagan at axsne.com> wrote:
>>
>>
>>
>>> David,
>>>
>>> I fully support and agree with the privacy policy you speak of below.
>>> In this day and age of deception (spam, phishing, fraud and a number of
>>> other things) I feel having any information publically accessible that
>>> could help defraud an individual or enterprise is neglegent. I feel the
>>> Con's far out-weigh the Pro's in this area. I get constant push back
>>> from internal resources as well as private enterprise on releasing their
>>> information. (Solely in regards to reassignments, not reallocations).
>>> The service providers info should be public and accurate and all
>>> communications should come to the service provider and dealt with
>>> privately to their customers. Thats a responsibility and part of
>>> business of being a service provider. (If space is assigned downstream,
>>> the reallocated service provider info should be publically posted.)
>>>
>>> Lets realize that domain registrars have allowed private registrations
>>> for some time. Can anyone on this list say they have *never* received
>>> inappropriate communications (via email, mail, phone call) that used
>>> this certain public information ? I know Owen mentioned he is
>>> registered with his info, but if he's on this list and a "consultant"
>>> he is closely tied to the service provider world and maybe even likes
>>> that he can be solicitied. I am sure most business in the private
>>> sector would not feel the same way.
>>>
>>> Unfirtnuately I am unable to attend the Montreal event, but I am willing
>>> to assist or backup the private policy effort in any way possible. I
>>> will welcome online or offline responses and ideas as well.
>>>
>>> Thank you
>>> Eric
>>>
>>> Eric Kagan
>>> CTO
>>> Access Northeast/ASN 17113
>>> Direct 508-281-7626
>>> ekagan at axsne.com
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: arin-discuss-bounces at arin.net
>>> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Divins, David
>>> Sent: Saturday, April 08, 2006 1:26 AM
>>> To: Owen DeLong; ARIN-discuss at arin.net
>>> Subject: Re: [arin-discuss] Privacy of Reassignment Information
>>>
>>>
>>>
>>> All IP Allocations are done based upon trust. If an ISP just wanted to
>>> obscure a reassignment they could simply make up a customer.
>>>
>>> Allowing ISP's to enter into NDA type status for reassignments and
>>> representing these reassignments as private in public servers should
>>> provide the registrar with more accurate information-- as that is the
>>> basis for the reassignment policy. Additionally, this provides much
>>> needed privacy for companies that must adhere to ever more restrictive
>>> privacy laws. This allows a valid mechanism.
>>>
>>> Why is a corporate entities right to privacy any less than an
>>> individuals (when it comes to IP space-- and remember not all companies
>>> are public)?
>>>
>>> Why is there a need to know what company owns a block provided there is
>>> a valid contact provided? This probably brings the question of how can
>>> we ensure a valid contact. Since all assignments are done based on
>>> trust, there must be some base assumption that for the most part ISP's
>>> act according to ARIN rules-- I am not aware of any ARIN
>>> para-military-esque auditing arm that checks ISP corporate accounting
>>> against IP assignments to see who skirts the rules.
>>>
>>> Honestly, I would be content to see a policy that allows an ISP to go
>>> full NDA with ARIN and provide reassignment information to ARIN on a
>>> private basis. Under this condition, the ISP would need to maintain
>>> valid contact (abuse/noc) for all address space it has been assigned and
>>> not publicly reassigned.
>>>
>>> I firmly believe that this issue will not be going away.
>>>
>>> -dsd
>>>
>>> David Divins
>>> Principal Engineer
>>> ServerVault Corp.
>>> (703) 652-5955
>>>
>>> _____________________________________________
>>> From: Owen DeLong [mailto:owen at delong.com]
>>> Sent: Friday, April 07, 2006 11:56 PM
>>> To: Divins, David; ARIN-discuss at arin.net
>>> Subject: Re: [arin-discuss] Privacy of Reassignment Information
>>>
>>> * PGP Signed by an unknown key: 04/07/2006 at 11:55PM
>>>
>>>
>>> --On April 7, 2006 10:25:11 PM -0400 "Divins, David"
>>> <dsd at servervault.com>
>>> wrote:
>>>
>>>
>>>
>>>> All,
>>>>
>>>> Provided an ISP, or other direct assignment recipient, supplies valid
>>>> and responsive (24x7) Abuse, NOC, and other pertinent contact
>>>> information, a reassignment should be allowed to remain private.
>>>>
>>>>
>>>>
>>> First, a direct assignment recipient cannot reassign, so, this would
>>> not apply to a direct assignment recipient.
>>>
>>> Second, the policy was abandoned fairly recently due to lack of
>>> support by the community and lack of consensus to move forward.
>>>
>>> IP resources are an element of public trust. It is common and
>>> widespread practice to disclose as a matter of public record
>>> possessory interest in public resources. The public interest in an
>>> open and equitable system of resource assignments and allocations
>>> overrides ISPs
>>> interest in hiding the identities of their customers.
>>>
>>>
>>>
>>>> The ability for an ISP to selectively and voluntarily make an
>>>> assignment private will still allow ARIN to have accurate
>>>> reassignment information as the assignments will be provided to ARIN
>>>> privately whenever address utilization must be determined.
>>>>
>>>>
>>>>
>>> ARIN is a stewardship organization. The IP addresses are no more owned
>>> by ARIN than by any recipient organization. They are administered by
>>> ARIN and the ISPs in the public trust. They are public resources.
>>>
>>>
>>>
>>>> The private designation in no way relieves the ISP of its
>>>> responsibility to the Internet community. In fact, a private
>>>> reassignment expands this responsibility as the ISP actually must
>>>> take on the responsibility providing valid 24x7 point of contact.
>>>>
>>>>
>>>>
>>> The community vehemently opposed adding such a requirement to the
>>> previous
>>> attempt at such a policy.
>>>
>>>
>>>
>>>> If an ISP is unable or unwilling to provide a responsive NOC/abuse
>>>> contact, then they may not designate any reassignments as private.
>>>>
>>>>
>>>>
>>> How would you propose to prevent ISPs from ignoring this requirement?
>>>
>>> Owen
>>>
>>> --
>>> If it wasn't crypto-signed, it probably didn't come from me.
>>>
>>> * Unknown Key
>>> * 0x0FE2AA3D - unknown
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> ARIN-discuss mailing list
>> ARIN-discuss at arin.net
>> http://lists.arin.net/mailman/listinfo/arin-discuss
>>
>>
--
If it wasn't crypto-signed, it probably didn't come from me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-discuss/attachments/20060408/c09eec79/attachment.sig>
More information about the ARIN-discuss
mailing list