From dean at av8.net Fri May 2 17:45:05 2008 From: dean at av8.net (Dean Anderson) Date: Fri, 2 May 2008 17:45:05 -0400 (EDT) Subject: [arin-discuss] Importance of Corporate Governance (fwd) Message-ID: For some reason, this also didn't go through. ---------- Forwarded message ---------- Date: Fri, 2 May 2008 17:16:53 -0400 (EDT) From: Dean Anderson To: arin-discuss at arin.net Subject: Re: [arin-discuss] Importance of Corporate Governance FYI, the following message was not posted to ARIN discuss in error: I am indeed a member in good standing. David Divins (Principal Engineer at ServerVault) works for ARIN Chairman John Curran (Executive Vice President and CTO of ServerVault). The timing of this message by Curran's coworker (I couldn't confirm if Divins is a direct report) challenging my membership status and without repudiation while ARIN was simultaneously unlawfully interfering in my membership rights, created a false impression of my membership status to the other members. Curran knew Divin's challenge to be false, but let it go unrefuted. Without reference to other serious issues raised by the interference in membership rights and related misconduct, at the very least this conduct by Divins and Curran should reflect on Curran's character and performance as an ARIN Board Member. But perhaps it does also raise the question of whether there are or could be non-members on the membership list. I understand that each member gets to put exactly one member representative on the ARIN-DISCUSS list. Is that correct? --Dean On Fri, 2 May 2008, Dean Anderson wrote: > On Wed, 6 Feb 2008 arin-discuss-owner at arin.net wrote: > > You are not allowed to post to this mailing list, and your message has > been automatically rejected. If you think that your messages are > being rejected in error, contact the mailing list owner at > arin-discuss-owner at arin.net. > > > Date: Wed, 6 Feb 2008 16:29:47 -0500 (EST) > From: Dean Anderson > To: "Divins, David" > Cc: Paul Vixie , arin-discuss at arin.net > Subject: Re: [arin-discuss] Importance of Corporate Governance > > Yes, I am a member in good standing. > > You can check the membership list at > http://www.arin.net/cgi-bin/member_list.pl > > --Dean > > On Wed, 6 Feb 2008, Divins, David wrote: > > > Mr. Anderson, > > > > Based on many of your posts and your known position as a Legacy Holder > > who suggests not signing the ARIN RSA. I am left with a question: > > > > Are you an ARIN Member in Good Standing as defined by the ARIN > > (http://www.arin.net/membership/index.html)? > > > > Thank you, > > dsd > > > > David Divins > > Principal Engineer > > ServerVault Corp. > > (703) 652-5955 > > > > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From aaron at wholesaleinternet.com Thu May 8 20:38:34 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Thu, 8 May 2008 19:38:34 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: Message-ID: <1a8301c8b16d$035590b0$0a00b210$@com> Is there any way that ARIN accepts SWIPS for dedicated hosting customers without a name and address? I know they do this for private residences but what about commercial entities? Normally this isn't an issue for us but recently we've had a lot of customers complain about personal information tied to their IP addresses and demand that it be removed. Any suggestions? Aaron From jer at mia.net Mon May 12 10:17:49 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Mon, 12 May 2008 09:17:49 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <1a8301c8b16d$035590b0$0a00b210$@com> References: <1a8301c8b16d$035590b0$0a00b210$@com> Message-ID: <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: > Is there any way that ARIN accepts SWIPS for dedicated hosting > customers > without a name and address? I know they do this for private > residences but > what about commercial entities? > > Normally this isn't an issue for us but recently we've had a lot of > customers complain about personal information tied to their IP > addresses and > demand that it be removed. > > Any suggestions? > I would be curious about this as well. We've had similar requests in the past. Seems silly to me, because if someone really wanted the info that bad, they could still find it... Anyway.. Thanks! Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com From mdaniels at nframe.com Mon May 12 11:38:41 2008 From: mdaniels at nframe.com (Mark Danielson) Date: Mon, 12 May 2008 11:38:41 -0400 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> Message-ID: <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> When I SWIP I use our company's contact information except for the legal business name of my customer. Keeps things simple and meets the requirements. I've never received any hassle from ARIN or my customers, unless I neglect doing it. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony Kinsey Sent: Monday, May 12, 2008 10:18 AM To: Aaron Wendel Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: > Is there any way that ARIN accepts SWIPS for dedicated hosting > customers > without a name and address? I know they do this for private > residences but > what about commercial entities? > > Normally this isn't an issue for us but recently we've had a lot of > customers complain about personal information tied to their IP > addresses and > demand that it be removed. > > Any suggestions? > I would be curious about this as well. We've had similar requests in the past. Seems silly to me, because if someone really wanted the info that bad, they could still find it... Anyway.. Thanks! Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From owen at delong.com Mon May 12 12:49:58 2008 From: owen at delong.com (Owen DeLong) Date: Mon, 12 May 2008 09:49:58 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> Message-ID: It does not, in my opinion, meet the requirements: 4.2.3.7.1. Customer organization information ISPs are required to demonstrate efficient use of IP address space allocations by providing appropriate documentation, including assignment histories, showing their efficient use. SWIP and RWHOIS reassignments should show each client's organizational information. I do not believe your company's contact information qualifies as "Customer organization information". It may be that ARIN has not yet noticed you doing this, but, this clearly violates the spirit of the policy, and, I believe the letter as well. Owen On May 12, 2008, at 8:38 AM, Mark Danielson wrote: > When I SWIP I use our company's contact information except for the > legal > business name of my customer. Keeps things simple and meets the > requirements. I've never received any hassle from ARIN or my > customers, > unless I neglect doing it. > > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony > Kinsey > Sent: Monday, May 12, 2008 10:18 AM > To: Aaron Wendel > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: > >> Is there any way that ARIN accepts SWIPS for dedicated hosting >> customers >> without a name and address? I know they do this for private >> residences but >> what about commercial entities? >> >> Normally this isn't an issue for us but recently we've had a lot of >> customers complain about personal information tied to their IP >> addresses and >> demand that it be removed. >> >> Any suggestions? >> > I would be curious about this as well. We've had similar requests in > the past. Seems silly to me, because if someone really wanted the > info that bad, they could still find it... Anyway.. Thanks! > > Regards, > Jeremy Anthony Kinsey > e-mail: jer at mia.net > _____________________________________ > Bella Mia, Inc. www.mia.net > 401 Host Drive www.dslone.com > Lake Geneva, WI. 53147 www.hostdrive.com > Phone: (262)248-6759 www.thednsplace.com > Fax: (262)248-6959 www.hostinglizard.com > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Mon May 12 13:12:08 2008 From: owen at delong.com (Owen DeLong) Date: Mon, 12 May 2008 10:12:08 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> Message-ID: Just to clarify, my statement below is my own personal opinion and not necessarily that of ARIN or the ARIN AC. Owen On May 12, 2008, at 9:49 AM, Owen DeLong wrote: > It does not, in my opinion, meet the requirements: > > 4.2.3.7.1. Customer organization information > ISPs are required to demonstrate efficient use of IP address space > allocations by providing appropriate documentation, including > assignment histories, showing their efficient use. SWIP and RWHOIS > reassignments should show each client's organizational information. > > > > I do not believe your company's contact information qualifies > as "Customer organization information". It may be that ARIN > has not yet noticed you doing this, but, this clearly violates > the spirit of the policy, and, I believe the letter as well. > > Owen > > > > On May 12, 2008, at 8:38 AM, Mark Danielson wrote: > >> When I SWIP I use our company's contact information except for the >> legal >> business name of my customer. Keeps things simple and meets the >> requirements. I've never received any hassle from ARIN or my >> customers, >> unless I neglect doing it. >> >> -----Original Message----- >> From: arin-discuss-bounces at arin.net >> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony >> Kinsey >> Sent: Monday, May 12, 2008 10:18 AM >> To: Aaron Wendel >> Cc: arin-discuss at arin.net >> Subject: Re: [arin-discuss] The joy of SWIPping >> >> >> On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: >> >>> Is there any way that ARIN accepts SWIPS for dedicated hosting >>> customers >>> without a name and address? I know they do this for private >>> residences but >>> what about commercial entities? >>> >>> Normally this isn't an issue for us but recently we've had a lot of >>> customers complain about personal information tied to their IP >>> addresses and >>> demand that it be removed. >>> >>> Any suggestions? >>> >> I would be curious about this as well. We've had similar requests in >> the past. Seems silly to me, because if someone really wanted the >> info that bad, they could still find it... Anyway.. Thanks! >> >> Regards, >> Jeremy Anthony Kinsey >> e-mail: jer at mia.net >> _____________________________________ >> Bella Mia, Inc. www.mia.net >> 401 Host Drive www.dslone.com >> Lake Geneva, WI. 53147 www.hostdrive.com >> Phone: (262)248-6759 www.thednsplace.com >> Fax: (262)248-6959 www.hostinglizard.com >> >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to the ARIN >> Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact the ARIN Member Services Help Desk at info at arin.net >> if you experience any issues. >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to the ARIN >> Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact the ARIN Member Services Help Desk at info at arin.net >> if you experience any issues. > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlewis at atlantic.net Mon May 12 13:30:25 2008 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Mon, 12 May 2008 13:30:25 -0400 (EDT) Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> Message-ID: On Mon, 12 May 2008, Owen DeLong wrote: > 4.2.3.7.1. Customer organization information > ISPs are required to demonstrate efficient use of IP address space > allocations by providing appropriate documentation, including assignment > histories, showing their efficient use. SWIP and RWHOIS reassignments should > show each client's organizational information. > > I do not believe your company's contact information qualifies > as "Customer organization information". It may be that ARIN > has not yet noticed you doing this, but, this clearly violates > the spirit of the policy, and, I believe the letter as well. As far as contacing customers via whois lookup, is there some reason the ISP can't act as an agent for the customer? This is sort of like the various domain whois privacy services...but not nearly as slimely IMO. BTW...we do this as well. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From mdaniels at nframe.com Mon May 12 13:57:35 2008 From: mdaniels at nframe.com (Mark Danielson) Date: Mon, 12 May 2008 13:57:35 -0400 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local>

Message-ID: <053E179161004E4C91C8613916AA37B90477186A@nframemail01.nframe.local> I appreciate your response Owen. I certainly don't want to lead anyone astray. While I'm aware of the "violation" of the letter, I don't agree that it's against the spirit. I do provide the legal business name of my clients (at least how it's written in our contracts) and those names can be pulled up in a variety of record systems that ARIN employs (or anyone else who knows what s/he's doing). While I have a lot more to SWIP since I inherited this job, I make an effort to validate all customer information and have never refused public information when asked. However, as some details are subject to change frequently, I don't wish to maintain it in multiple repositories. One rationalization is that the bulk of our customers reside within our data centers and pay our NOC to monitor and maintain their systems. So, the contact information is not erroneous, but maybe to some lacking, if they desire to talk to our customer directly. Therefore, when an issue arises, the NOC handles the call, confers with the customer and the situation is resolved appropriately. ________________________________________ From: Owen DeLong [mailto:owen at delong.com] Sent: Monday, May 12, 2008 1:12 PM To: Owen DeLong Cc: Mark Danielson; arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping Just to clarify, my statement below is my own personal opinion and not necessarily that of ARIN or the ARIN AC. Owen On May 12, 2008, at 9:49 AM, Owen DeLong wrote: It does not, in my opinion, meet the requirements: 4.2.3.7.1. Customer organization information ISPs are required to demonstrate efficient use of IP address space allocations by providing appropriate documentation, including assignment histories, showing their efficient use. SWIP and RWHOIS reassignments should show each client's organizational information. I do not believe your company's contact information qualifies as "Customer organization information". ?It may be that ARIN has not yet noticed you doing this, but, this clearly violates the spirit of the policy, and, I believe the letter as well. Owen On May 12, 2008, at 8:38 AM, Mark Danielson wrote: When I SWIP I use our company's contact information except for the legal business name of my customer. ?Keeps things simple and meets the requirements. ?I've never received any hassle from ARIN or my customers, unless I neglect doing it. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony Kinsey Sent: Monday, May 12, 2008 10:18 AM To: Aaron Wendel Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: Is there any way that ARIN accepts SWIPS for dedicated hosting ? customers without a name and address? ?I know they do this for private ? residences but what about commercial entities? Normally this isn't an issue for us but recently we've had a lot of customers complain about personal information tied to their IP ? addresses and demand that it be removed. Any suggestions? I would be curious about this as well. ?We've had similar requests in ? the past. ?Seems silly to me, because if someone really wanted the ? info that bad, they could still find it... Anyway.. Thanks! Regards, Jeremy Anthony Kinsey ?e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. ?????????????????????????????????????www.mia.net 401 Host Drive ?????????????????????????????www.dslone.com Lake Geneva, WI. 53147 ????????www.hostdrive.com Phone: (262)248-6759 ??????www.thednsplace.com Fax: (262)248-6959 ???????????www.hostinglizard.com _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From paul at vix.com Mon May 12 13:58:02 2008 From: paul at vix.com (Paul Vixie) Date: Mon, 12 May 2008 17:58:02 +0000 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Your message of "Mon, 12 May 2008 13:30:25 -0400." References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> Message-ID: <28153.1210615082@sa.vix.com> > As far as contacing customers via whois lookup, is there some reason the > ISP can't act as an agent for the customer? This is sort of like the > various domain whois privacy services...but not nearly as slimely IMO. as far as that goes, is there general support here for the idea of the RIRs running mail forwarders for well-formatted non-robotic abuse complaints that can be forwarded to the registered operator of the netblock, without exposing the operator's internal ticket system e-mail address via whois? From dsd at servervault.com Mon May 12 14:02:32 2008 From: dsd at servervault.com (Divins, David) Date: Mon, 12 May 2008 14:02:32 -0400 Subject: [arin-discuss] The joy of SWIPping References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> Message-ID: <8A3DE12E408BBC499E40C0BE733C860345D5B8@mail1.dulles.sv.int> I would support that. -dsd David Divins Principal Engineer ServerVault Corp. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Paul Vixie Sent: Monday, May 12, 2008 1:58 PM To: jlewis at atlantic.net Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping > As far as contacing customers via whois lookup, is there some reason > the ISP can't act as an agent for the customer? This is sort of like > the various domain whois privacy services...but not nearly as slimely IMO. as far as that goes, is there general support here for the idea of the RIRs running mail forwarders for well-formatted non-robotic abuse complaints that can be forwarded to the registered operator of the netblock, without exposing the operator's internal ticket system e-mail address via whois? _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From owen at delong.com Mon May 12 14:03:16 2008 From: owen at delong.com (Owen DeLong) Date: Mon, 12 May 2008 11:03:16 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <053E179161004E4C91C8613916AA37B90477186A@nframemail01.nframe.local> References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local>

<053E179161004E4C91C8613916AA37B90477186A@nframemail01.nframe.local> Message-ID: <1E824FD1-8C3F-4832-B357-DE3410DB947D@delong.com> I'd agree under that limited set of circumstances that you're probably OK. However, that was not the implication I got from your original note which seemed to advocate this as a general purpose solution. In the specific case you sited, I would think it would be better if the "admin" contact still got someone at the customer, but, having the "tech" contact flow to your NOC seems reasonable since your NOC is, essentially, a valid "tech" contact for the site in question. Thanks for clarifying. Owen On May 12, 2008, at 10:57 AM, Mark Danielson wrote: > I appreciate your response Owen. I certainly don't want to lead > anyone astray. > > While I'm aware of the "violation" of the letter, I don't agree that > it's against the spirit. I do provide the legal business name of my > clients (at least how it's written in our contracts) and those names > can be pulled up in a variety of record systems that ARIN employs > (or anyone else who knows what s/he's doing). > > While I have a lot more to SWIP since I inherited this job, I make > an effort to validate all customer information and have never > refused public information when asked. However, as some details are > subject to change frequently, I don't wish to maintain it in > multiple repositories. > > One rationalization is that the bulk of our customers reside within > our data centers and pay our NOC to monitor and maintain their > systems. So, the contact information is not erroneous, but maybe to > some lacking, if they desire to talk to our customer directly. > Therefore, when an issue arises, the NOC handles the call, confers > with the customer and the situation is resolved appropriately. > > ________________________________________ > From: Owen DeLong [mailto:owen at delong.com] > Sent: Monday, May 12, 2008 1:12 PM > To: Owen DeLong > Cc: Mark Danielson; arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > Just to clarify, my statement below is my own personal opinion > and not necessarily that of ARIN or the ARIN AC. > > Owen > > On May 12, 2008, at 9:49 AM, Owen DeLong wrote: > > > It does not, in my opinion, meet the requirements: > > 4.2.3.7.1. Customer organization information > ISPs are required to demonstrate efficient use of IP address space > allocations by providing appropriate documentation, including > assignment histories, showing their efficient use. SWIP and RWHOIS > reassignments should show each client's organizational information. > > I do not believe your company's contact information qualifies > as "Customer organization information". It may be that ARIN > has not yet noticed you doing this, but, this clearly violates > the spirit of the policy, and, I believe the letter as well. > > Owen > > > > On May 12, 2008, at 8:38 AM, Mark Danielson wrote: > > > When I SWIP I use our company's contact information except for the > legal > business name of my customer. Keeps things simple and meets the > requirements. I've never received any hassle from ARIN or my > customers, > unless I neglect doing it. > > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony > Kinsey > Sent: Monday, May 12, 2008 10:18 AM > To: Aaron Wendel > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > On May 8, 2008, at 7:38 PM, Aaron Wendel wrote: > > > Is there any way that ARIN accepts SWIPS for dedicated hosting > customers > without a name and address? I know they do this for private > residences but > what about commercial entities? > > Normally this isn't an issue for us but recently we've had a lot of > customers complain about personal information tied to their IP > addresses and > demand that it be removed. > > Any suggestions? > > I would be curious about this as well. We've had similar requests in > the past. Seems silly to me, because if someone really wanted the > info that bad, they could still find it... Anyway.. Thanks! > > Regards, > Jeremy Anthony Kinsey > e-mail: jer at mia.net > _____________________________________ > Bella Mia, Inc. www.mia.net > 401 Host Drive www.dslone.com > Lake Geneva, WI. 53147 www.hostdrive.com > Phone: (262)248-6759 www.thednsplace.com > Fax: (262)248-6959 www.hostinglizard.com > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. From jlewis at atlantic.net Mon May 12 14:27:35 2008 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Mon, 12 May 2008 14:27:35 -0400 (EDT) Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <28153.1210615082@sa.vix.com> References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> Message-ID: On Mon, 12 May 2008, Paul Vixie wrote: >> As far as contacing customers via whois lookup, is there some reason the >> ISP can't act as an agent for the customer? This is sort of like the >> various domain whois privacy services...but not nearly as slimely IMO. > > as far as that goes, is there general support here for the idea of the RIRs > running mail forwarders for well-formatted non-robotic abuse complaints that > can be forwarded to the registered operator of the netblock, without exposing > the operator's internal ticket system e-mail address via whois? Are you suggesting that the RIRs act as front-end filters/forwarders for member org abuse@'s? That seems to me to be way out of the scope of the current responsibilities of RIRs, and I can see it being a scaling nightmare for them. Are we looking for ways for ARIN to expand (hire more staff) and burn more money (buy, house, operate clusters of mail servers)? Did you maybe mean LIRs? -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From josmon at rigozsaurus.com Mon May 12 14:28:27 2008 From: josmon at rigozsaurus.com (John Osmon) Date: Mon, 12 May 2008 12:28:27 -0600 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <28153.1210615082@sa.vix.com> References: <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> Message-ID: <20080512182827.GE30018@jeeves.rigozsaurus.com> On Mon, May 12, 2008 at 05:58:02PM +0000, Paul Vixie wrote: > > As far as contacing customers via whois lookup, is there some reason the > > ISP can't act as an agent for the customer? This is sort of like the > > various domain whois privacy services...but not nearly as slimely IMO. > > as far as that goes, is there general support here for the idea of the RIRs > running mail forwarders for well-formatted non-robotic abuse complaints that > can be forwarded to the registered operator of the netblock, without exposing > the operator's internal ticket system e-mail address via whois? I'd support such an idea. It sounds like an appropriate service for an RIR. It seems to fit well with the idea of stewardship and all that... From paul at vix.com Mon May 12 15:05:48 2008 From: paul at vix.com (Paul Vixie) Date: Mon, 12 May 2008 19:05:48 +0000 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Your message of "Mon, 12 May 2008 14:27:35 -0400." References: <1a8301c8b16d$035590b0$0a00b210$@com> <2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net> <053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> Message-ID: <30730.1210619148@sa.vix.com> > > as far as that goes, is there general support here for the idea of the > > RIRs running mail forwarders for well-formatted non-robotic abuse > > complaints that can be forwarded to the registered operator of the > > netblock, without exposing the operator's internal ticket system e-mail > > address via whois? > > Are you suggesting that the RIRs act as front-end filters/forwarders for > member org abuse@'s? That seems to me to be way out of the scope of the > current responsibilities of RIRs, and I can see it being a scaling nightmare > for them. it's a natural trust chokepoint, and private sector alternatives can't launch. > Are we looking for ways for ARIN to expand (hire more staff) and burn more > money (buy, house, operate clusters of mail servers)? since i'm an arin trustee, i have to take that question seriously. "no." if i were not a trustee, i would have ignored the question altogether. JFYI. > Did you maybe mean LIRs? LIRs should also be doing this, yes, and also domain registrars and registries. but, my observation is that services akin to spamcop have wrecked the whois data, by essentially spamming network operators with low-grade complaints (in strange useless formats, often falsely positive) which has caused network operators to publish only worthless ticket system ("ignore-bot") addresses in their whois. RIRs and LIRs have more information about network operators than goes into whois. billing information, for example, and authentication information for online records changes. my proposal is that these "natural trust chokepoints" be augmented to allow bona fide human-originated communication, most of which will probably be abuse complaints, to be submitted to the RIR (and LIR and domain registrar and so on but that's not a topic for this mailing list, we're all about RIRs here), who would then forward it to the network operator's unpublished human-answered ticket system. a few years ago somebody gave me a present, a 300K node www-based botnet. it has got down to less than 10K nodes, so i guess folks have been buying new computers or upgrading their anti-virus software or whatever. but i sure would like to have a way to tell the owners of these machines, "hey! wake up!". my only knowledge of their identity is their IP address at a certain date+time, and that ought to be enough, but it's not. but it could be. From michael.dillon at bt.com Mon May 12 16:15:49 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 12 May 2008 21:15:49 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> Message-ID: In my experience ARIN does not care about the accuracy of the SWIP/RWHOIS info when assessing a member for additional IP address blocks. Instead, they are happy to accept detailed data from the member's IP address database. I think there are a number of reasons for this. 1. They realize that SWIP updates could have gotten out of sync with the ISPs internal database for any number of reasons. The internal database is more likely to be correct. 2. They realize that RWHOIS is an hack job that has never been properly maintained or updated, and therefore it is entirely possible that bugs in the rwhois software, or wierdness in the text files from which the server functions, can result in a less accurate picture than the ISP's internal database. 3. They have in the past allowed some ISPs to submit SWIP data in non-usual formats, and it is only fair to let any member do this if they experience difficulties in dealing with the wierd non-standard SWIP and RWHOIS formats. 4. Many ISPs simply will not publish their customer base in whois no matter what ARIN says, and some of them have privately indicated that they are willing to go to court over this. Since ARIN only needs this data at the time of new applications, and since ARIN operates an internal Chinese wall so that even the head of Registration Services is not allowed to see potentially confidential ISP data, the most efficient way to deal with this is to simply accept confidential database dumps whenever an application is made for additional blocks. 5. The purpose and scope of the ARIN whois directory has never been formally defined, nor was it ever formally defined by any predecessor of ARIN after the DARPA. In the time of DARPA the purpose was to identify all users of the ARPANet in order to justify budget allocations. Clearly that is no longer true. In the absence of a clear purpose and scope, it is hard to enforce any particular behavior. 6. The Internet community generally seems to feel that the whois directory is there so that when network abuse occurs, other network operators can quickly make contact with the source of the problem. Since the Internet has changed and it is no longer common for assignees of IP addresses to operate a 24-hour NOC capable of responding to external requests, there is nothing for ARIN to gain by being pedantic about this. In fact, the people with the problem can identify the ISP who received the ARIN allocation and these companies almost always do operate a 24 hour NOC and do have access to their customer's contact info. 7. There is a certain vigilante community that feels the ARIN whois directory should identify users of any IP address so that the self-appointed vigilantes can punish the perpetrators of network abuse. Since ARIN is not the Internet government and since there is a big downside to being seen as the government, it is to ARIN's advantage to *NOT* attempt to force ISPs to publish full 3rd-party (customer) info in the whois directory. By the way, what does "assign" mean? If as a hosting ISP, I configure IP addresses into my switches and routers to enable a hosting customer to communicate using these addresses, then this is not the same as the classic "assignment" scenario. It could be interpreted as internal architecture usage. This is becoming more common as more specialised IP network service companies arise, and a single organization may receive addresses from several different ISPs and only use these addresses for certain purposes. In the classic scenario, an assignment was like a loan of 100% of the address that you would need to configure all the devices in all of your internal networks. Since NAT came on the scene, the picture has gotten fuzzier and fuzzier. --Michael Dillon -------------- next part -------------- An HTML attachment was scrubbed... URL: From mksmith at adhost.com Mon May 12 19:23:27 2008 From: mksmith at adhost.com (Michael K. Smith - Adhost) Date: Mon, 12 May 2008 16:23:27 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <28153.1210615082@sa.vix.com> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> Message-ID: <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss- > bounces at arin.net] On Behalf Of Paul Vixie > Sent: Monday, May 12, 2008 10:58 AM > To: jlewis at atlantic.net > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > As far as contacing customers via whois lookup, is there some reason > the > > ISP can't act as an agent for the customer? This is sort of like the > > various domain whois privacy services...but not nearly as slimely > IMO. > > as far as that goes, is there general support here for the idea of the > RIRs > running mail forwarders for well-formatted non-robotic abuse complaints > that > can be forwarded to the registered operator of the netblock, without > exposing > the operator's internal ticket system e-mail address via whois? I would even support all of the RIR's being able to accept and forward requests for their Members to other RIR's Members and then on locally. So, an APNIC Member has an abuse complaint against me and they contact abuse at apnic which gets forwarded to abuse at arin and then to abuse at adhost (or allow for direct proxying so that abuse at apnic comes directly to me). Regards, Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 475 bytes Desc: not available URL: From jer at mia.net Tue May 13 09:44:07 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Tue, 13 May 2008 08:44:07 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> Message-ID: <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> On May 12, 2008, at 6:23 PM, Michael K. Smith - Adhost wrote: > > >> -----Original Message----- >> From: arin-discuss-bounces at arin.net [mailto:arin-discuss- >> bounces at arin.net] On Behalf Of Paul Vixie >> Sent: Monday, May 12, 2008 10:58 AM >> To: jlewis at atlantic.net >> Cc: arin-discuss at arin.net >> Subject: Re: [arin-discuss] The joy of SWIPping >> >>> As far as contacing customers via whois lookup, is there some reason >> the >>> ISP can't act as an agent for the customer? This is sort of like >>> the >>> various domain whois privacy services...but not nearly as slimely >> IMO. >> >> as far as that goes, is there general support here for the idea of >> the >> RIRs >> running mail forwarders for well-formatted non-robotic abuse >> complaints >> that >> can be forwarded to the registered operator of the netblock, without >> exposing >> the operator's internal ticket system e-mail address via whois? > > I would even support all of the RIR's being able to accept and > forward requests for their Members to other RIR's Members and then > on locally. So, an APNIC Member has an abuse complaint against me > and they contact abuse at apnic which gets forwarded to abuse at arin and > then to abuse at adhost (or allow for direct proxying so that > abuse at apnic comes directly to me). > I guess what I would really like to know is what is so secretive and what is it exactly that these entities have to protect in terms of privacy that motivates them to not want their address listed? I'd really prefer it if the SWIP address remained visible, as should all domain addresses be IMO. But I, like the vast majority end up doing all we can to bend enough for a customer to get and or keep that customer. The alternative, I've suggested customers that do not want to give out their name/address use a PO box. Most companies have a PO separate from their business/mailing address. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com From jer at mia.net Tue May 13 09:57:16 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Tue, 13 May 2008 08:57:16 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> Message-ID: <4B5257F3-CC21-481D-82DA-404FCDC40946@mia.net> BTW, to the guys with this verification messages. Could you turn those things off. You are on a mailing list. It's a bit annoying. Thank you. -jer From paul at vix.com Tue May 13 10:00:31 2008 From: paul at vix.com (Paul Vixie) Date: Tue, 13 May 2008 14:00:31 +0000 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Your message of "Tue, 13 May 2008 08:44:07 EST." <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> Message-ID: <72063.1210687231@sa.vix.com> > From: Jeremy Anthony Kinsey > To: arin-discuss at arin.net > Date: Tue, 13 May 2008 08:44:07 -0500 > > I guess what I would really like to know is what is so secretive and > what is it exactly that these entities have to protect in terms of > privacy that motivates them to not want their address listed? first and foremost, whois is a public database, and so any address listed in it will get a lot of spam from a lot of sources. listing something in whois is tantamount to wearing a "kick me" sign on your backside. second and just as compelling if not more so, are the large and growing collection of horrid tools and bad ideas (spamcop being a prime example) where the spam being sent to whois addresses is well intentioned but absolutely worthless. so we have a situation where the more a company cares about its online reputation, and the more they've invested in their NOC and abuse desk, the less likely they are to be able to afford to put a real address in whois, since both bad people and good people will spam it to oblivion. > I'd really prefer it if the SWIP address remained visible, as should > all domain addresses be IMO. But I, like the vast majority end up > doing all we can to bend enough for a customer to get and or keep that > customer. The alternative, I've suggested customers that do not want > to give out their name/address use a PO box. Most companies have a PO > separate from their business/mailing address. while i'm talking mostly about e-mail addresses here, the arguments extend to phone numbers and postal addresses. those of us who use small variations in our postal contact information can tell who bought or scraped our address and from where. whois trust just does not scale. From jlewis at atlantic.net Tue May 13 10:02:33 2008 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Tue, 13 May 2008 10:02:33 -0400 (EDT) Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <4B5257F3-CC21-481D-82DA-404FCDC40946@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <4B5257F3-CC21-481D-82DA-404FCDC40946@mia.net> Message-ID: On Tue, 13 May 2008, Jeremy Anthony Kinsey wrote: > BTW, to the guys with this verification messages. Could you turn those > things off. You are on a mailing list. It's a bit annoying. They need to be removed from the list. C/R is bad enough on it's own. C/R in 100% HTML in response to mailing list mail is gross incompetence. We're not your spam filter. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From vixie at vix.com Tue May 13 10:06:09 2008 From: vixie at vix.com (Paul Vixie) Date: Tue, 13 May 2008 14:06:09 +0000 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Your message of "Tue, 13 May 2008 08:57:16 EST." <4B5257F3-CC21-481D-82DA-404FCDC40946@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <4B5257F3-CC21-481D-82DA-404FCDC40946@mia.net> Message-ID: <72484.1210687569@sa.vix.com> > BTW, to the guys with this verification messages. Could you turn those > things off. You are on a mailing list. It's a bit annoying. every time i get another verification message i scan it for a unique signature that will identify all instances of that software so that i can reject all future verification messages. here's the current list, in postfix pattern file format. any remote postmaster who runs this kind of software deserves all the rejection messages we can send them. (if anybody has any suggested additions, please e-mail them to me!) /^Subject:.*ALERTE \- Vous avez envoye un mail avec virus/ REJECT avhead /^Subject:.*ALERTE\: un virus a / REJECT avhead /^Subject:.*ALERT\! Virus found in your mail/ REJECT avhead /^Subject:.*Anti-Virus Notification/ REJECT avhead /^Subject:.*Antigen found VIRUS/ REJECT avhead /^Subject:.*Antigen Notification/ REJECT avhead /^Subject:.*AntiVir ALERT/ REJECT avhead /^Subject:.*Antivirus stopped your message/ REJECT avhead /^Subject:.*Antivirus found VIRUS/ REJECT avhead /^Subject:.*Anti\-Virus Notification/ REJECT avhead /^Subject:.*BANNED FILENAME/ REJECT avhead /^Subject:.*BitDefender found an infected object/ REJECT avhead /^Subject:.*Content violation/ REJECT avhead /^Subject:.*Disallowed attachment type found/ REJECT avhead /^Subject:.*Email Quarantined Due to Virus/ REJECT avhead /^Subject:.*Failed to clean virus file/ REJECT avhead /^Subject:.*File blocked - ScanMail for Lotus/ REJECT avhead /^Subject:.*Inflex scan report \[\d+\]/ REJECT avhead /^Subject:.*InterScan NT Alert/ REJECT avhead /^Subject:.*MailMarshal has detected a Virus in your message/ REJECT avhead /^Subject:.*MailSure Virus Alert/ REJECT avhead /^Subject:.*Mail Warning $Attachment Removal$/ REJECT avhead /^Subject:.*message .* contains a virus/ REJECT avhead /^Subject:.*Message deleted/ REJECT avhead /^Subject:.*MMS Notification/ REJECT avhead /^Subject:.*MxShield Virus Notification/ REJECT avhead /^Subject:.*NAV detected a virus/ REJECT avhead /^Subject:.*Network Associates Webshield.*Content Alert/ REJECT avhead /^Subject:.*Norton Anti.* detected/ REJECT avhead /^Subject:.*Ochrona antywirusowa/ REJECT avhead /^Subject:.*problem found in sent message/ REJECT avhead /^Subject:.*RAV Anti[Vv]irus/ REJECT avhead /^Subject:.*RECIPIENT \! Virus Notify \!/ REJECT avhead /^Subject:.*Report to Sender/ REJECT avhead /^Subject:.*Returned due to virus\; was\:/ REJECT avhead /^Subject:.*SAV detected a violation in a / REJECT avhead /^Subject:.*ScanMail Message\: To Sender\, virus found / REJECT avhead /^Subject:.*SENDER \! Virus Notify \!/ REJECT avhead /^Subject:.*Suspected SPAM message.* from your domain/ REJECT avhead /^Subject:.*Suspect Email $SpamGuardian$/ REJECT avhead /^Subject:.*Symantec (AntiVirus|AVF|Mail Security)/ REJECT avhead /^Subject:.*This message contains unsolicited data/ REJECT avhead /^Subject:.*Virenchecker Information/ REJECT avhead /^Subject:.*VIRUS .* IN MAIL FROM YOU/ REJECT avhead /^Subject:.*VIRUS .*IN YOUR MAIL/ REJECT avhead /^Subject:.*Virus Alert/ REJECT avhead /^Subject:.*Virus Check Alert/ REJECT avhead /^Subject:.*Virus Detected by Network Assoc/ REJECT avhead /^Subject:.*Virus discarded/ REJECT avhead /^Subject:.*Virus found in / REJECT avhead /^Subject:.*virus found in sent message/ REJECT avhead /^Subject:.*Virus in Ihrer Nachricht/ REJECT avhead /^Subject:.*VIRUS in your message/ REJECT avhead /^Subject:.*Virus intercepted/ REJECT avhead /^Subject:.*Virus in\:/ REJECT avhead /^Subject:.*VIRUS .*NO SEU EMAIL/ REJECT avhead /^Subject:.*Virus Notification from Redstone/ REJECT avhead /^Subject:.*Virus Notification\:/ REJECT avhead /^Subject:.*Virus Quarantine Notification/ REJECT avhead /^Subject:.*virus trouve dans le message envoye/ REJECT avhead /^Subject:.*virus trovato in un messaggio inviato / REJECT avhead /^Subject:.*Virus Warning/ REJECT avhead /^Subject:.*Votre message contient un virus/ REJECT avhead /^Subject:.*Warning \- Virus Detected\:/ REJECT avhead /^Subject:.*Warning\: antivirus system report/ REJECT avhead /^Subject:.*Warning\: E-mail viruses detected/ REJECT avhead /^Subject:.*Warning\: .* \- user unknown/ REJECT avhead /^Subject:.*WARNING\: YOU MAY HAVE A VIRUS/ REJECT avhead /^Subject:.*WorldSecure Server notification/ REJECT avhead /^Subject:.*\[SmartFilter\] Virus Alert / REJECT avhead /^Subject:.*\[Virus detected\]/ REJECT avhead /^Subject:.*\{VIRUS\?\}/ REJECT avhead /^From:.*Symantec_AntiVirus_for_SMTP_Gateways\@/ REJECT avhead /^Subject:.*VIRUS POSLAN SA VASE ADRES/ REJECT avhead /^Subject:.*Unsolicited commercial email rejected/ REJECT avhead /^Subject:.*ALERT\: Message from [a-z0-9]+ was cleaned/ REJECT avhead /^Subject:.*Your message was discarded/ REJECT avhead /^Subject:.*Message you sent blocked by our bulk email filter/ REJECT avhead /^Subject:.*Message sent from [a-z0-9\@\.]+ To [a-z0-9\@\.]+ was blocked/ REJECT avhead /^Subject:.*NetSource SPAMinator RE\:/ REJECT avhead /^Subject:.*Please confirm your message/ REJECT avhead /^Subject:.*Virus Scan service detected a virus in a message you sent/ REJECT avhead /^Subject:.*ALERT \- Virus .* found\; an attachment/ REJECT avhead /^Subject:.*(ConfirmSystem|Spamwall Confirmation)/ REJECT avhead /^Subject:.*Quarantine Attachments/ REJECT avhead /^Subject:.*Your message was flagged as possible spam/ REJECT avhead /^Subject:.*Automatic response to your mail/ REJECT avhead /^Subject:.*Considered UNSOLICITED BULK EMAIL from you/ REJECT avhead /^From:.*\b(NoReply\@spamrival\.com)\b/ REJECT chresp /^From:.*\@mailsoap\.com\b/ REJECT chresp /^From:.*\@ipermitmail\.com\b/ REJECT chresp /^From:.*\bspamlion\@/ REJECT chresp /^Subject:.*\[Qurb\s+\#\d+\]/ REJECT chresp /^From:.*\bchallenge response\b/ REJECT chresp /^From:.*ImagiNet Email Filter\b/ REJECT chresp /^Hi\.\s+This is the Reflexion Total Control server at\s/ REJECT avbody /^This is due to automatic rules that have determined/ REJECT avbody /^Norton AntiVirus ha trovato un virus/ REJECT avbody /^was blocked by our Spam Firewall. The email you sent/ REJECT avbody /^Sorry Dangerous Attachment has been Removed/ REJECT avbody /^WARNING: This e-mail has been altered by MIMEDefang/ REJECT avbody /^Norton AntiVirus deleted the following email message/ REJECT avbody /^Diagnostic\-Code\: 550 5\.7\.1 Virus detected by ClamAV/ REJECT avbody /^This is a machine-generated message, please do not reply/ REJECT avbody /^Las partes del mensaje que estaban infectadas no han sido/ REJECT avbody /^Your email was not properly addressed/ REJECT avbody /^This is an autoresponder. I'll never see your message./ REJECT avbody /^Hello\. The spammer below is either using your resources/ REJECT avbody /^has triggered our SPAM filters and has been rejected/ REJECT avbody /^The following message was blocked because it contains/ REJECT avbody /^You are receiving this message because you are not yet/ REJECT avbody /^Notice of AUP\-violation from SpamShield/ REJECT avbody /^in order for it to be read/ REJECT avbody /^The following email message was blocked by MailMarshal/ REJECT avbody /^http\:\/\/spamarrest\.com\/a2/ REJECT avbody /^I apologize for this automatic reply to your email\./ REJECT avbody /^I\'m protecting myself from receiving junk mail\./ REJECT avbody /^This e\-mail\, in its original form\, contained one or/ REJECT avbody /^Sender\, Trend Micro Anti\-spam has detected a sensitive e\-mail\./ REJECT avbody /^Your recent email was deemed to contain inappropriate/ REJECT avbody /^You are not allowed to post to this mailing list/ REJECT avbody /^Your message has been refused by our server/ REJECT avbody /^To protect my mailbox from spam\, you need to/ REJECT avbody /^I apologize for this small one-time inconvenience\, but I/ REJECT avbody /^If you have sent a legitimate e-mail to one of our subscribers/ REJECT avbody /^A sua mensagem foi marcada como SPAM pelo servidor de e-mail/ REJECT avbody /^was considered unsolicited bulk e\-mail $UBE$/ REJECT avbody /^An email sent to you was quarantined/ REJECT avbody /^Your Message attached is being held in a queue, because/ REJECT avbody /^The e\-mail that you sent has been quarantined until/ REJECT avbody /^I will receive your original email but only if you will please/ REJECT avbody /^http\:\/\/mail\.webdb\.com\/challenge\// REJECT chresp /^Your email was intercepted because it got a spam rating/ REJECT chresp /^You will be added automatically and your original message/ REJECT chresp /^In order for your message to be delivered to/ REJECT chresp /^http\:\/\/www\.spamsnag\.com\/verify\/cmcom\// REJECT chresp /^To release your message for delivery\, please/ REJECT chresp /^I\'m reducing the amount of junk mail I\'m receiving by using/ REJECT chresp /^The message you sent requires that you verify that you/ REJECT chresp /^This email account is protected by\:/ REJECT chresp /^I use Spam Sleuth to screen all my e\-mail/ REJECT chresp /^In an effort to eliminate time wasting SPAM/ REJECT chresp /^You have received this e\-mail from SpamWall/ REJECT chresp /^100\% spam-free email provided by Sendio/ REJECT chresp /^To complete this verification\,/ REJECT chresp From jer at mia.net Tue May 13 10:29:22 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Tue, 13 May 2008 09:29:22 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <72063.1210687231@sa.vix.com> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com> Message-ID: <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> On May 13, 2008, at 9:00 AM, Paul Vixie wrote: >> From: Jeremy Anthony Kinsey >> To: arin-discuss at arin.net >> Date: Tue, 13 May 2008 08:44:07 -0500 >> >> I guess what I would really like to know is what is so secretive and >> what is it exactly that these entities have to protect in terms of >> privacy that motivates them to not want their address listed? > > first and foremost, whois is a public database, and so any address > listed > in it will get a lot of spam from a lot of sources. listing > something in > whois is tantamount to wearing a "kick me" sign on your backside. > > second and just as compelling if not more so, are the large and > growing > collection of horrid tools and bad ideas (spamcop being a prime > example) > where the spam being sent to whois addresses is well intentioned but > absolutely worthless. > > so we have a situation where the more a company cares about its online > reputation, and the more they've invested in their NOC and abuse > desk, the > less likely they are to be able to afford to put a real address in > whois, > since both bad people and good people will spam it to oblivion. > >> I'd really prefer it if the SWIP address remained visible, as should >> all domain addresses be IMO. But I, like the vast majority end up >> doing all we can to bend enough for a customer to get and or keep >> that >> customer. The alternative, I've suggested customers that do not want >> to give out their name/address use a PO box. Most companies have a >> PO >> separate from their business/mailing address. > > while i'm talking mostly about e-mail addresses here, the arguments > extend > to phone numbers and postal addresses. those of us who use small > variations > in our postal contact information can tell who bought or scraped our > address > and from where. whois trust just does not scale. > I understand your point, but the double edge sword here is, that the lack of the valid information is just as detrimental since many of us use it to track down just such issues as you have described. It makes it easier for those of us that have actual human beings hunting down either spam and or network related issues. We had our network hyjacked by a larger telecommunications company a few years back. Without that information, we never would have been able to get an actual human being to fix the routing screw up. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com From paul at vix.com Tue May 13 11:36:51 2008 From: paul at vix.com (Paul Vixie) Date: Tue, 13 May 2008 15:36:51 +0000 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Your message of "Tue, 13 May 2008 09:29:22 EST." <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com> <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> Message-ID: <75900.1210693011@sa.vix.com> > > while i'm talking mostly about e-mail addresses here, the arguments extend > > to phone numbers and postal addresses. those of us who use small > > variations in our postal contact information can tell who bought or > > scraped our address and from where. whois trust just does not scale. > > I understand your point, but the double edge sword here is, that the lack of > the valid information is just as detrimental since many of us use it to > track down just such issues as you have described. It makes it easier for > those of us that have actual human beings hunting down either spam and or > network related issues. yes it does. which is why i'm proposing a solution. > We had our network hyjacked by a larger telecommunications company a few > years back. Without that information, we never would have been able to get > an actual human being to fix the routing screw up. i imagine that the RIR, or RIR system, who sits between you and that company, could have passed your request in real time to the right person, without also publishing that right person's contact details in a place where spammers, either well intentioned ones like spamcop, or the evil kind, can see it. From jer at mia.net Tue May 13 11:45:46 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Tue, 13 May 2008 10:45:46 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <75900.1210693011@sa.vix.com> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com> <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> <75900.1210693011@sa.vix.com> Message-ID: <85C1F0F4-7FCF-4BF3-A7DA-96FA326EA031@mia.net> On May 13, 2008, at 10:36 AM, Paul Vixie wrote: >>> while i'm talking mostly about e-mail addresses here, the >>> arguments extend >>> to phone numbers and postal addresses. those of us who use small >>> variations in our postal contact information can tell who bought or >>> scraped our address and from where. whois trust just does not >>> scale. >> >> I understand your point, but the double edge sword here is, that >> the lack of >> the valid information is just as detrimental since many of us use >> it to >> track down just such issues as you have described. It makes it >> easier for >> those of us that have actual human beings hunting down either spam >> and or >> network related issues. > > yes it does. which is why i'm proposing a solution. > >> We had our network hyjacked by a larger telecommunications company >> a few >> years back. Without that information, we never would have been able >> to get >> an actual human being to fix the routing screw up. > > i imagine that the RIR, or RIR system, who sits between you and that > company, > could have passed your request in real time to the right person, > without also > publishing that right person's contact details in a place where > spammers, > either well intentioned ones like spamcop, or the evil kind, can see > it. > Ah, actually the SWIP contact info was the only way, and the last resort. Even their own information on their corporate web site did not get us anywhere. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com From chad at onr.com Tue May 13 12:16:51 2008 From: chad at onr.com (Chad Kissinger) Date: Tue, 13 May 2008 11:16:51 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <85C1F0F4-7FCF-4BF3-A7DA-96FA326EA031@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com> <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> <75900.1210693011@sa.vix.com> <85C1F0F4-7FCF-4BF3-A7DA-96FA326EA031@mia.net> Message-ID: I understand and agree with all the issues I see forwarded here: 1. SWIPing exact end user information exposes that information to spammers, hackers, competitors and, generally, is hard to maintain. 2. There is a need for the ability of an interested party to be able to contact the technical and administrative authorities for a given IP block. 3. There is a need for ARIN to be able to discern whether a member is effectively abiding by ARIN IP policy during requests for new IP space. I think SWIP is a waste of time and is a real irritant to the members who have legitimate concerns about exposing proprietary customer information to the public. Anyone trying to contact one of my customers for any legitimate reason is better served by contacting my company first. We're here 24/7, we're technically competent, and we have better customer contact information in our billing/CRM databases than we could ever make available through SWIP. ARIN can't see enough information through SWIP anyway to discern whether end-users are truly using their IP space effectively. The few times I've requested an additional allocation, it's been my experience that you generally have to show that you have really allocated the space (or delegated or whatever you call it) to a customer and that you are requiring them to follow ARIN policy (domain based hosting for shared web servers, NAT where possible, etc.) I think my company's information should be the only information listed in Whois and we should allowed to responsibly field any inquiries sent to it. If we don't want to do that, then we could SWIP individual blocks where we want individual customers to be contacted. Maybe a good ARIN rule would be that anyone who controls IP space needs to maintain an accurate and responding technical and administrative contact. If they don't, whoever they received their delegation of IP space from (whether ARIN or a member) would be required to either do it for them, or take the space back. Onramp Access chad kissinger | president | onramp access, inc. p: 512.322.9200 | f: 512.476.2878 | www.onr.com your internet operations | built | deployed | managed -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony Kinsey Sent: Tuesday, May 13, 2008 10:46 AM To: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping On May 13, 2008, at 10:36 AM, Paul Vixie wrote: >>> while i'm talking mostly about e-mail addresses here, the >>> arguments extend >>> to phone numbers and postal addresses. those of us who use small >>> variations in our postal contact information can tell who bought or >>> scraped our address and from where. whois trust just does not >>> scale. >> >> I understand your point, but the double edge sword here is, that >> the lack of >> the valid information is just as detrimental since many of us use >> it to >> track down just such issues as you have described. It makes it >> easier for >> those of us that have actual human beings hunting down either spam >> and or >> network related issues. > > yes it does. which is why i'm proposing a solution. > >> We had our network hyjacked by a larger telecommunications company >> a few >> years back. Without that information, we never would have been able >> to get >> an actual human being to fix the routing screw up. > > i imagine that the RIR, or RIR system, who sits between you and that > company, > could have passed your request in real time to the right person, > without also > publishing that right person's contact details in a place where > spammers, > either well intentioned ones like spamcop, or the evil kind, can see > it. > Ah, actually the SWIP contact info was the only way, and the last resort. Even their own information on their corporate web site did not get us anywhere. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From clb at midasnetworks.com Tue May 13 12:51:31 2008 From: clb at midasnetworks.com (Chris Boyd) Date: Tue, 13 May 2008 11:51:31 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com> <89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> Message-ID: On May 13, 2008, at 9:29 AM, Jeremy Anthony Kinsey wrote: > I understand your point, but the double edge sword here is, that the > lack of the valid information is just as detrimental since many of us > use it to track down just such issues as you have described. It makes > it easier for those of us that have actual human beings hunting down > either spam and or network related issues. But isn't this the sort of problem that Paul was trying to fix when he asked about letting the *IR's act as a trusted third party? --Chris From aaron at wholesaleinternet.com Tue May 13 13:09:33 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 13 May 2008 12:09:33 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> Message-ID: <23b001c8b51c$1d7bbf20$58733d60$@com> Why is it always about SPAM? Let me give you some other real examples: Customer A rents a server for his Clan. Clan A. It's not a business so his personal information with his home address gets put in the SWIP. Clan B gets ticked off at Clan A and sends someone over to the address in the SWIP (since the domain was private) and threatens his life in front of his family. VERY angry customer calls me the next day demanding his info be removed and threatening to sue for breach of privacy. Customer B runs a political forum. User A doesn't like what Customer B posts so he starts sending death threats to Customer B's wife. Domain is private but there's actually a mistake in the SWIP info that shows up on the address which makes it easy to figure out where User A got his info. Customer B's wife is hysterical which causes Customer B to be very angry with me. I tried to tell both of these guys that I HAVE to do it because otherwise I can't get new IPs and it HAS to be right because, after all, they might be spammers but it just didn't fly. Both of these examples really happened. We lost both customers and the police had to get involved. One other question for everyone out there that's sort of related, How do you reconcile posting customer information in a public database with your privacy policy? Aaron ------------------------------------------------------------------------ I guess what I would really like to know is what is so secretive and what is it exactly that these entities have to protect in terms of privacy that motivates them to not want their address listed? I'd really prefer it if the SWIP address remained visible, as should all domain addresses be IMO. But I, like the vast majority end up doing all we can to bend enough for a customer to get and or keep that customer. The alternative, I've suggested customers that do not want to give out their name/address use a PO box. Most companies have a PO separate from their business/mailing address. ---------------------------------------------------------------------- From jer at mia.net Tue May 13 13:32:41 2008 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Tue, 13 May 2008 12:32:41 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <23b001c8b51c$1d7bbf20$58733d60$@com> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan> <93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <23b001c8b51c$1d7bbf20$58733d60$@com> Message-ID: <3DE024BF-B536-42B1-8633-319486380858@mia.net> On May 13, 2008, at 12:09 PM, Aaron Wendel wrote: > Why is it always about SPAM? Let me give you some other real > examples: > > Customer A rents a server for his Clan. Clan A. It's not a > business so his > personal information with his home address gets put in the SWIP. > Clan B > gets ticked off at Clan A and sends someone over to the address in > the SWIP > (since the domain was private) and threatens his life in front of his > family. VERY angry customer calls me the next day demanding his > info be > removed and threatening to sue for breach of privacy. > > Customer B runs a political forum. User A doesn't like what > Customer B > posts so he starts sending death threats to Customer B's wife. > Domain is > private but there's actually a mistake in the SWIP info that shows > up on the > address which makes it easy to figure out where User A got his info. > Customer B's wife is hysterical which causes Customer B to be very > angry > with me. > > I tried to tell both of these guys that I HAVE to do it because > otherwise I > can't get new IPs and it HAS to be right because, after all, they > might be > spammers but it just didn't fly. > > Both of these examples really happened. We lost both customers and > the > police had to get involved. > > One other question for everyone out there that's sort of related, > How do you > reconcile posting customer information in a public database with your > privacy policy? > Because PUBLIC information is not PRIVATE... Couldn't I find out about Customer A and B by looking in the phone book. By using Google or Google Earth? All this information can be obtained through numerous other methods. I find it hard to believe that name/address/tel in a whois DB is somehow responsible for all the spam on the planet. I understand the argument, I just think things are a bit overstated here. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com From dsd at servervault.com Tue May 13 13:43:11 2008 From: dsd at servervault.com (Divins, David) Date: Tue, 13 May 2008 13:43:11 -0400 Subject: [arin-discuss] The joy of SWIPping References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan><93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net><23b001c8b51c$1d7bbf20$58733d60$@com> <3DE024BF-B536-42B1-8633-319486380858@mia.net> Message-ID: <8A3DE12E408BBC499E40C0BE733C860345D6A5@mail1.dulles.sv.int> The opposite lookup is also problematic for some. Lets assume OrgA is not running a public site, but a private exchange between select peers. Lets say OrgB hates OrgA and wants to cause havoc and so on. Knowing only OrgA's name, using only SWIP, they can map ADP and Physical locations of that organization-- information that would otherwise be unavailable via other means. Some will claim by not having that reverse map, that is relying on security by obscurity. I disagree and feel that a legitimate portion of a well rounded security posture can be to not publish a directory of private information (in this case the IP allocations). -dsd David Divins Principal Engineer ServerVault Corp. (703) 652-5955 -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jeremy Anthony Kinsey Sent: Tuesday, May 13, 2008 1:33 PM To: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping On May 13, 2008, at 12:09 PM, Aaron Wendel wrote: > Why is it always about SPAM? Let me give you some other real > examples: > > Customer A rents a server for his Clan. Clan A. It's not a business > so his > personal information with his home address gets put in the SWIP. > Clan B > gets ticked off at Clan A and sends someone over to the address in the > SWIP (since the domain was private) and threatens his life in front of > his family. VERY angry customer calls me the next day demanding his > info be removed and threatening to sue for breach of privacy. > > Customer B runs a political forum. User A doesn't like what Customer > B > posts so he starts sending death threats to Customer B's wife. > Domain is > private but there's actually a mistake in the SWIP info that shows up > on the address which makes it easy to figure out where User A got his > info. > Customer B's wife is hysterical which causes Customer B to be very > angry with me. > > I tried to tell both of these guys that I HAVE to do it because > otherwise I can't get new IPs and it HAS to be right because, after > all, they might be spammers but it just didn't fly. > > Both of these examples really happened. We lost both customers and > the police had to get involved. > > One other question for everyone out there that's sort of related, How > do you reconcile posting customer information in a public database > with your privacy policy? > Because PUBLIC information is not PRIVATE... Couldn't I find out about Customer A and B by looking in the phone book. By using Google or Google Earth? All this information can be obtained through numerous other methods. I find it hard to believe that name/address/tel in a whois DB is somehow responsible for all the spam on the planet. I understand the argument, I just think things are a bit overstated here. Regards, Jeremy Anthony Kinsey e-mail: jer at mia.net _____________________________________ Bella Mia, Inc. www.mia.net 401 Host Drive www.dslone.com Lake Geneva, WI. 53147 www.hostdrive.com Phone: (262)248-6759 www.thednsplace.com Fax: (262)248-6959 www.hostinglizard.com _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From michael.dillon at bt.com Tue May 13 19:07:57 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 14 May 2008 00:07:57 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local><28153.1210615082@sa.vix.com><17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan><93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <72063.1210687231@sa.vix.com><89FC7119-3481-4E7F-9084-4D19012552A3@mia.net> <75900.1210693011@sa.vix.com><85C1F0F4-7FCF-4BF3-A7DA-96FA326EA031@mia.net> Message-ID: > Anyone > trying to contact one of my customers for any legitimate > reason is better served by contacting my company first. > We're here 24/7, we're technically competent, and we have > better customer contact information in our billing/CRM > databases than we could ever make available through SWIP. This is the big flaw of the whois directory, which is where your SWIP data is published. It does not provide any way for users of the directory to know who has a competent functioning contact point, and who does not. A few years ago, I proposed that we scrap all of the data except the records for organizations with a direct ARIN contractual relationship, and any other organizations who would commit to having a contact point that was READY, WILLING, and ABLE to ACT on incoming complaints. This proposal got lost in the noise of the political gamesmanship that is the ARIN policy process, in other words, most members probably didn't even know that such a thing was possible. The whois directory badly needs to be reformed but this can't happen until we can get some agreement on what the purpose and scope of SWIP data really is. It is no longer used to count users in order to justify DARPA funding, but the directory is largely unchanged since the pre-Internet era. Why are listings in the directory? What is an appropriate use of the directory? Once we answer those questions, it will be obvious what data needs to be added and what data must be removed. Enabling ARIN to evaluate an organization's use of IP address space is not an appropriate use of the whois directory. This can be better determined by information provided in confidence to ARIN under the NDA that is part of the contract between members and ARIN. > I think my company's information should be the only > information listed in Whois and we should allowed to > responsibly field any inquiries sent to it. I strongly agree. People allow their phone numbers to go in the phone directory because they are willing to accept calls. Those who are not willing to accept calls, have unlisted numbers. The whois directory should be the same. If you are unable to deal with network operational problems, or simply don't want to deal with them, then ARIN should not force ISPs to publish contact data in the whois directory. You can read the second draft of my proposal from 2004 here http://www.arin.net/policy/proposals/2004_4.html I even allowed for publishing anonymous entries that had some type information that could be used by researchers who count things like business use vs. educational vs. consumer. --Michael Dillon From michael.dillon at bt.com Tue May 13 19:15:27 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 14 May 2008 00:15:27 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <23b001c8b51c$1d7bbf20$58733d60$@com> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan><93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <23b001c8b51c$1d7bbf20$58733d60$@com> Message-ID: > Both of these examples really happened. We lost both > customers and the police had to get involved. Quite frankly you should sue ARIN for damages when things like this happen, if you can afford it. You might even find that once the lawsuit is under way, some law school will cover your costs in order to establish some case law. ARIN is kowtowing to the interests of vigilante groups who have appointed themselves as the Internet police. Once someone takes this through the courts, I expect them to rule that ARIN cannot force PUBLICATION of this data regardless of how useful the data may be to vigilantes. The fact is that the vigilantes scream louder than ARIN members and therefore it is the interests of the vigilantes that shape ARIN policy. > One other question for everyone out there that's sort of > related, How do you reconcile posting customer information in > a public database with your privacy policy? We use RWHOIS and there is nothing in there but a company name and a city. Since most of our customers are large enough to have multiple locations, even in one city, this doesn't give anything away that isn't already in various sales materials. No street addresses and no zip codes. None of your business. If ARIN wants more info for additional address block applications, then we promptly supply it under their NDA. --Michael Dillon From michael.dillon at bt.com Tue May 13 19:18:23 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 14 May 2008 00:18:23 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <8A3DE12E408BBC499E40C0BE733C860345D6A5@mail1.dulles.sv.int> References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan><93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net><23b001c8b51c$1d7bbf20$58733d60$@com><3DE024BF-B536-42B1-8633-319486380858@mia.net> <8A3DE12E408BBC499E40C0BE733C860345D6A5@mail1.dulles.sv.int> Message-ID: > Some > will claim by not having that reverse map, that is relying on > security by obscurity. Those people need to look up the word "rely" in the dictionary. The best security is multi-layered, and as the camoflaged soldier knows, security by obscurity can be a valuable part of a larger security plan. --Michael Dillon From aaron at wholesaleinternet.com Tue May 13 19:48:56 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 13 May 2008 18:48:56 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1a8301c8b16d$035590b0$0a00b210$@com><2652BB8F-EEAB-4765-BDDE-06D9E30F2DDD@mia.net><053E179161004E4C91C8613916AA37B90477184B@nframemail01.nframe.local> <28153.1210615082@sa.vix.com> <17838240D9A5544AAA5FF95F8D52031603F351ED@ad-exh01.adhost.lan><93F4AE2E-CE5F-4B7B-9822-C369CBF72C92@mia.net> <23b001c8b51c$1d7bbf20$58733d60$@com> Message-ID: <247501c8b553$e88480d0$b98d8270$@com> We have the resources to "bring the hurt" on people when we feel it's warranted however, in this case and most others, I'd rather work with ARIN and the community to find a way to address the concerns rather than just going suit happy on people. It's been suggested that I draft a proposal to change the way SWIPs are handled. I'm seriously looking into it. My position on this whole thing is that in today's world, where people are becoming more and more sophisticated, we, as service providers, have a duty to protect client information and provide the best service possible. One way we do that is by acting as an intermediary between our customers and the outside world. Now before everyone starts screaming about spam... This is not about protecting or hiding spammers. This is about real companies and individuals that do not want to be contacted about network information or would even know what to do with it. I am more than happy to provide ARIN with my IP lists, complete with customer information, during the justification process. Aaron -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of michael.dillon at bt.com Sent: Tuesday, May 13, 2008 6:15 PM To: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping > Both of these examples really happened. We lost both > customers and the police had to get involved. Quite frankly you should sue ARIN for damages when things like this happen, if you can afford it. You might even find that once the lawsuit is under way, some law school will cover your costs in order to establish some case law. ARIN is kowtowing to the interests of vigilante groups who have appointed themselves as the Internet police. Once someone takes this through the courts, I expect them to rule that ARIN cannot force PUBLICATION of this data regardless of how useful the data may be to vigilantes. The fact is that the vigilantes scream louder than ARIN members and therefore it is the interests of the vigilantes that shape ARIN policy. > One other question for everyone out there that's sort of > related, How do you reconcile posting customer information in > a public database with your privacy policy? We use RWHOIS and there is nothing in there but a company name and a city. Since most of our customers are large enough to have multiple locations, even in one city, this doesn't give anything away that isn't already in various sales materials. No street addresses and no zip codes. None of your business. If ARIN wants more info for additional address block applications, then we promptly supply it under their NDA. --Michael Dillon _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From dean at av8.net Thu May 15 16:42:33 2008 From: dean at av8.net (Dean Anderson) Date: Thu, 15 May 2008 16:42:33 -0400 (EDT) Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <28153.1210615082@sa.vix.com> Message-ID: On Mon, 12 May 2008, Paul Vixie wrote: > > As far as contacing customers via whois lookup, is there some reason > > the ISP can't act as an agent for the customer? This is sort of > > like the various domain whois privacy services...but not nearly as > > slimely IMO. There is no reason the ISP can't act as the customer's agent. There is no reason the customer can't have anyone else they choose to act as their agent. Of course, there are obligations to acting as someone else's agent, and liabilities for failing to meet the obligations. But ARIN cannot say that someone else can't have an agent, any more than ARIN can dictate who my lawyer is. A lawyer is also an agent. In fact, there is a whole body of law on the subject called the Law of Agency. One thing that people have not brought up against SWIP is the public perusal of the ISP customer list. The customer list can be used by competitors. The full customer list is usually a company secret. One wonders what the justification for SWIP was, when it seems that all the RIR actually needs is the confidential list. No doubt some companies aren't concerned about the competition getting their customer list, or feel that the risk is offset by the benefit of offloading abuse complaints directly to the customer. SWIP should be optional, and those companies that want to publish this information, certainly should be able to publish that information via their own whois servers. Those that don't want to publish this sensitive information, shouldn't be forced to do so. There is no benefit to ARIN in such tactics. > as far as that goes, is there general support here for the idea of the > RIRs running mail forwarders for well-formatted non-robotic abuse > complaints that can be forwarded to the registered operator of the > netblock, without exposing the operator's internal ticket system > e-mail address via whois? The reason for not exposing the internal ticket system is due to abuse of the ticket system itself. There would be no difference in exposing the ISP internal ticket system versus having the RIR forward to the ISP internal ticket system. Abuse just moves to the RIR, which quite happily forwards it to the ISP, unless you expect the RIR to abuse-filter. Second, ARIN's purpose is to be a registry, not your spam filter. This scheme would cost ARIN a great deal for large ISPs, and perhaps very little for small ISPs. So, unless ARIN charged each for the efforts pro-rata, it would violate the 501(c6) rules and ARIN charter against providing unequal benefits. Its odd that Board members wouldn't see that problem, but they seem to have no regard the rules and laws. The next problem if this were to be done, is that the current ARIN Board and CEO would then be in charge of spam-filtering your abuse contacts. CEO Plzak, with apparent consent of the Board, has asserted in written correspondence that my email to this list may be considered "spam", and blocked as "spam". That even this very message could be considered "spam" and subject to capricious blocking at the whim of the CEO and Board. Who would want such people in charge of their email, or even just their abuse ticket system email? --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From eddy+arin+spam at noc.everquick.net Thu May 15 18:07:02 2008 From: eddy+arin+spam at noc.everquick.net (Edward B. DREGER) Date: Thu, 15 May 2008 22:07:02 +0000 (GMT) Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) Message-ID: DA> Date: Thu, 15 May 2008 16:42:33 -0400 (EDT) DA> From: Dean Anderson [ N.B.: Detection of hyperbole is left as an exercise to the reader. ] You started out okay... DA> Its odd that Board members wouldn't see that problem, but they seem DA> to have no regard the rules and laws. ...but there's where things begin breaking down. Unsubstantiated ad hominem attack. Unless, of course, you have some relevant legal proceedings that you or ARIN would like to share. (I believe that both parties' counsel recently chatted, yes?) DA> CEO Plzak, with apparent consent of the Board, has asserted in DA> written correspondence that my email to this list may be considered DA> "spam", and blocked as "spam". As could my mail. Or anyone else's. This list has a specific charter; messages failing to meet that charter may be disallowed. I posit that I might be disciplined if I posted my favorite pancake recipe, its glucose release profile, a history of pancakes, and my theories on carbohydrate metabolism -- all the while insisting that I had a right to post my diatribes because ARIN could run more efficiently (with healthier staff) by fixing and serving my excellent pancakes. If a message doesn't meet certain criteria, it gets shot down. Your insinuation that ARIN would maliciously obstruct legitimate abuse claims is fallacious, insidious, disingenuous, and generally just not nice. (Indeed, I can see how ARIN board members might suffer irreperable damage if your carefully-worded claims have the effect of leading reasonable people to believe derogatory-yet-unproven statements.) Of course, you are correct that reputation _does_ come in to play: If I receive an abuse claim from someone who has an established track record of frequently posting about how anyone who has ever met Paul Vixie is a criminal mastermind bent on controlling the Internet... yeah, you're right that I'd be considering the source. There's a difference between heated good-faith discussion of complex issues, and someone repeatedly trying to sniff out some statutory language to push one's own vendettas. People who discuss with intent to resolve actual issues tend to be treated as such. Likewise, people who are eager to make damning accusations and legal threats also tend to be treated accordingly. Many of us know your opinions of ARIN, DNSBLs, the IETF, NANOG, Vixie, yadda yadda. Anyone interested in more can read your IADL.ORG blog. Many of us have been humoring you, albeit often somewhat unwittingly, for a decade now. Why not go to court, get your judgements, save the Internet, and then come back to gloat about it? Surely that would be easier than enduring the endless discrimination, strife, and suffering that you cite _ad nauseum_. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter. From tedm at ipinc.net Fri May 16 15:57:46 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 16 May 2008 12:57:46 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <1a8301c8b16d$035590b0$0a00b210$@com> Message-ID: <96836E4E422E46658D0FE61BEBB663B8@tedsdesk> I see this discussion has got to the hysterical point. Whenever Dean weighs in on something, you know the thread is exhausted. Aaron, could you show me in the rules where ARIN requires SWIP information to be available to the general public? Here's what I see: http://www.arin.net/registration/guidelines/ipv4_add_assignment.html "...Your organization must establish justification for the request. Requirements for General and Multi-homed Assignments: Utilization is a key factor in justifying an additional assignment of IPv4 address space. You must show exactly how previous address assignments have been used and provide details to verify your one-year growth projection. The basic criteria are: 80% utilization of all existing assignments 25% utilization of the requested block immediately upon assignment 50% utilization of the requested block within one year A greater utilization rate may be required based on individual network requirements...." Nothing about SWIP there.... http://www.arin.net/policy/nrpm.html#four23 "...4.2.3. Reassigning Address Space to Customers 4.2.3.1. Efficient utilization ISPs are required to apply a utilization efficiency criterion in providing address space to their customers. To this end, ISPs should have documented justification available for each reassignment. ARIN may request this justification at any time. ... Nothing mandating SWIP there..... "...4.2.4.1. Utilization percentage (80%) ISPs must have efficiently utilized all previous allocations and at least.... ...Assigned: information will be verified via SWIP/RWHOIS and 1c. ..... Nothing REQUIRING SWIP there either. You can use SWIP, or RWHOS or 1c of the template, which basically means reporting privately to ARIN In short, there's the answer to your question. Now here is my $0.02 SWIP and RWHOIS is an optional for ISP's. The only real requirement is veryifying information back to the RIR. And, once we switch over to IPv6 in the future, even that will be unimportant since we have so many IP addresses there's little need to be concerned with utilization. However, accepting traffic from specific networks is ALSO and optional from ISPs. If you as an ISP elect not to publish your assignments via some way of me verifying them, then I as an ISP can decide to retaliate simply by blocking all traffic from you. Thus, I see little need to modify the current system. Ted > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel > Sent: Thursday, May 08, 2008 5:39 PM > To: arin-discuss at arin.net > Subject: [arin-discuss] The joy of SWIPping > > > Is there any way that ARIN accepts SWIPS for dedicated > hosting customers without a name and address? I know they do > this for private residences but what about commercial entities? > > Normally this isn't an issue for us but recently we've had a > lot of customers complain about personal information tied to > their IP addresses and demand that it be removed. > > Any suggestions? > > Aaron > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at > info at arin.net if you experience any issues. > From mhalligan at bitpusher.com Fri May 16 16:01:15 2008 From: mhalligan at bitpusher.com (Michael T. Halligan) Date: Fri, 16 May 2008 13:01:15 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <96836E4E422E46658D0FE61BEBB663B8@tedsdesk> References: <96836E4E422E46658D0FE61BEBB663B8@tedsdesk> Message-ID: Perhaps we need to adapt the Godwin law to include Dean? As Dean enters the conversation, the likelihood of a lawsuit to be threatened or implied approaches infinity, as the usefulness of the thread approaches zero? On May 16, 2008, at 12:57 PM, Ted Mittelstaedt wrote: > > I see this discussion has got to the hysterical point. Whenever > Dean weighs in on something, you know the thread is exhausted. > > Aaron, could you show me in the rules where ARIN requires SWIP > information to be available to the general public? Here's what > I see: > > http://www.arin.net/registration/guidelines/ipv4_add_assignment.html > > "...Your organization must establish justification for the request. > > Requirements for General and Multi-homed Assignments: > Utilization is a key factor in justifying an additional assignment > of IPv4 > address space. You must show exactly how previous address > assignments have > been used and provide details to verify your one-year growth > projection. The > basic criteria are: > > 80% utilization of all existing assignments > 25% utilization of the requested block immediately upon assignment > 50% utilization of the requested block within one year > A greater utilization rate may be required based on individual network > requirements...." > > > Nothing about SWIP there.... > > > > http://www.arin.net/policy/nrpm.html#four23 > > "...4.2.3. Reassigning Address Space to Customers > 4.2.3.1. Efficient utilization > ISPs are required to apply a utilization efficiency criterion in > providing > address space to their customers. To this end, ISPs should have > documented > justification available for each reassignment. ARIN may request this > justification at any time. ... > > > Nothing mandating SWIP there..... > > > "...4.2.4.1. Utilization percentage (80%) > ISPs must have efficiently utilized all previous allocations and at > least.... > ...Assigned: information will be verified via SWIP/RWHOIS and > 1c. ..... > > > Nothing REQUIRING SWIP there either. You can use SWIP, or RWHOS or > 1c of > the template, which basically means reporting privately to ARIN > > > In short, there's the answer to your question. > > Now here is my $0.02 > > SWIP and RWHOIS is an optional for ISP's. The only real requirement > is > veryifying information back to the RIR. And, once we switch over to > IPv6 in the future, even that will be unimportant since we have so > many IP addresses there's little need to be concerned with > utilization. > > However, accepting traffic from specific networks is ALSO and optional > from ISPs. > > If you as an ISP elect not to publish your assignments via some > way of me verifying them, then I as an ISP can decide to retaliate > simply by blocking all traffic from you. > > Thus, I see little need to modify the current system. > > > Ted > > >> -----Original Message----- >> From: arin-discuss-bounces at arin.net >> [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel >> Sent: Thursday, May 08, 2008 5:39 PM >> To: arin-discuss at arin.net >> Subject: [arin-discuss] The joy of SWIPping >> >> >> Is there any way that ARIN accepts SWIPS for dedicated >> hosting customers without a name and address? I know they do >> this for private residences but what about commercial entities? >> >> Normally this isn't an issue for us but recently we've had a >> lot of customers complain about personal information tied to >> their IP addresses and demand that it be removed. >> >> Any suggestions? >> >> Aaron >> >> >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to the ARIN >> Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact the ARIN Member Services Help Desk at >> info at arin.net if you experience any issues. >> > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. Michael T. Halligan ------------------------ Chief Technology Officer BitPusher, LLC http://www.bitpusher.com/ From Lee.Howard at stanleyassociates.com Mon May 19 13:21:25 2008 From: Lee.Howard at stanleyassociates.com (Howard, W. Lee) Date: Mon, 19 May 2008 13:21:25 -0400 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <23b001c8b51c$1d7bbf20$58733d60$@com> Message-ID: <369EB04A0951824ABE7D8BAC67AF9BB409EC3BDB@CL-S-EX-1.stanleyassociates.com> I realize it's a week later. I've been busy. > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel > Sent: Tuesday, May 13, 2008 1:10 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > Customer A rents a server for his Clan. . . . > Both of these examples really happened. We lost both > customers and the police had to get involved. > > One other question for everyone out there that's sort of > related, How do you reconcile posting customer information in > a public database with your privacy policy? In 2004 policy proposal 2003-3 became: http://www.arin.net/policy/nrpm.html#four237 Number Resource Policy Manual section "4.2.3.7.6 Residential Customer Privacy" To maintain the privacy of their residential customers, an organization with downstream residential customers may substitute that organization's name for the customer's name, e.g. 'Private Customer - XYZ Network', and the customer's street address may read 'Private Residence'. Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs visible on the WHOIS record for that block. Similar policies exist for IPv6 and rWHOIS (section 3.2). I was going to make a joke about being so responsive we alter time to meet your needs, but I couldn't find a way to make sure it didn't sound sarcastic (which it wasn't). Anyway, does this help? Lee > > Aaron > > From dean at av8.net Mon May 19 16:25:27 2008 From: dean at av8.net (Dean Anderson) Date: Mon, 19 May 2008 16:25:27 -0400 (EDT) Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: Message-ID: [Dreger is a frequent NANOG participant. Most ARIN members don't participate in NANOG. NANOG participants are a small minority in the ARIN membership, yet most (all?) of the people posting attacks on me are NANOG members, as are the Board Members and Ray Plzak. Funny how a small minority is in control of ARIN, via disputed elections] On Thu, 15 May 2008, Edward B. DREGER wrote: > DA> Its odd that Board members wouldn't see that problem, but they seem > DA> to have no regard the rules and laws. > > ...but there's where things begin breaking down. Unsubstantiated ad > hominem attack. Unless, of course, you have some relevant legal > proceedings that you or ARIN would like to share. (I believe that both > parties' counsel recently chatted, yes?) The Board was aware that "good standing" is all that is required for ARIN member participation, and the Chairman was aware of the false dialog of Divins' questioning my good standing. The Board was aware or should have been aware that someone for whom Plzak is responsible, altered my statement, and then used the altered statement as the basis of a false claim of per se libel. The person then used the false claim as a tranactional basis for disrupting my membership rights. It is worthwhile to note that per se libel, even if true, isn't a proper basis for disrupting someone's membership rights in ARIN. BTW, it wasn't just arin-discuss mailing list participation that was disrupted. I was removed from all ARIN mailing lists, and prevented from participating in the last ARIN meeting electronically. > DA> CEO Plzak, with apparent consent of the Board, has asserted in DA> > written correspondence that my email to this list may be considered > DA> "spam", and blocked as "spam". > > As could my mail. Or anyone else's. This list has a specific > charter; messages failing to meet that charter may be disallowed. ARIN discuss is not a private list owned by Ray Plzak. This list is about ARIN business discussion with other members. Plzak and the ARIN Board are not the first to try to disrupt corporate communications between shareholders/members that oppose management. Indeed, the law provides specificially that communication with members or shareholders of a corporation is a right similar to the First Amendment. [18 Am. Jur. 308]: "Indeed, it has been said that the statutory right accorded to a stockholder to communicate with other stockholders regarding matters of common interest as stockholders is similar to the freedom of speech." > I posit that I might be disciplined if I posted my favorite pancake > recipe, I did not post pancake recipes. > If a message doesn't meet certain criteria, it gets shot down. Your > insinuation that ARIN would maliciously obstruct legitimate abuse > claims is fallacious, insidious, disingenuous, and generally just not > nice. My statements are true: as ARIN board members have knowingly obstructed legitimate emails before, and ARIN has done so recently. One Board Member (Vixie) has been successfull sued for doing that previously. That suit (Exactis v. MAPS) stated a RICO predicate and anti-trust violations. They have done similar things before, and they know that the law prohibits such obstruction. They also know that the ARIN charter does not permit capricious obstruction of member rights. BTW, ARIN did not identify even a single message that was inappropriate. I think it is "fallacious, insidious, disingenuous, and generally just not nice" to intentionally and knowingly block the legitmate emails of people that merely oppose management with facts and investigation. > Many of us have been humoring you, albeit often somewhat unwittingly, > for a decade now. Why not go to court, get your judgements, save the > Internet, and then come back to gloat about it? Speaking of gloating, I recall that I was banned for NANOG in the winter 1999 after I was proven right about certain laws applying to the internet. NANOG was discussing a case involving stolen credit cards and the usual crew (I think Dreger was among them) were asserting that U.S. Laws couldn't apply to foreign crackers of U.S. businesses, while I asserted that was nonsense. If they break into US businesses, US laws apply. A few days later the FBI made arrests in the case, and I was quickly blocked without explanation. I didn't have a chance to gloat. In the fall of 1999, Chris Neill was asserting on NANOG that no laws applied to open relays. The usual crew supported his notion. I note that he was fired from Verio and investigated by the FBI. I didn't gloat, then. And before that, in January 1998, I said the ECPA would apply to ISPs. The usual crew said that such a notion was ridiculous, and threatened to find me in an alley if I attended NANOG. Coincidentally, that same month, a Boston ISP began accessing the email of its customers. This was discovered some time later, and became known as U.S. V. Councilman. The ISP plead guilty and paid a $250,000 fine. The system administrators also plead guilty and paid fines. I never got a chance to gloat. I note that in 2002, even though criminal charges against an ISP had been filed, and guilty pleas entered, Steven Bellowvin continued to assert on NANOG that the ECPA did not apply to ISPs. So, for someone who claims to have been humoring me for so long, you seem to have little evidence of any ridiculous claim of mine to humor me about. In contrast, I have much evidence of ridiculous positions by you and your associates. Generally, people who continue to associate with questionable and ruthless people will become disreputable by association. Even if they were honest to begin with, they are placed in compromising situations by their association and participation with the unscrupulous. Rudolf Gulliani and Bernard Kerik come to mind as recent examples. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Mon May 19 16:46:25 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 19 May 2008 13:46:25 -0700 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: Message-ID: <0F3016DDB5B94AB7B5E63C3FAAC49791@tedsdesk> > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Dean Anderson > Sent: Monday, May 19, 2008 1:25 PM > To: Edward B. DREGER > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > Generally, people who continue to associate with questionable > and ruthless people will become disreputable by association. > Even if they were honest to begin with, they are placed in > compromising situations by their association and > participation with the unscrupulous. Rudolf Gulliani and > Bernard Kerik come to mind as recent examples. > Edward, Dean's typical MO is to argue logically to any thread - until about the 6th or 7th post. Then without warning he gathers together all of his logical arguments and creates a Rube Goldberg construction of rediculous and incredible proportions. A typical Dean argument goes something like this: Earth has a large atmosphere Atmosphere is a gas composed mostly of oxygen and nitrogen In the presense of lightning oxygen turns into Ozone Ozone is poisonous to life. There's lightning that happens every day somewhere in the Earth's atmosphere The Earth's atmosphere is poisonous. In other words, reading a Dean thread is something like riding a train that suddenly derails without warning. Everything seems fine until abruptly your wondering "where the hell did that come from" People who attack Dean usually make the mistake of attacking one of his logical arguments that is built up to the heroic construction. Thus they cannot win because those arguments by themselves are solid, and Dean will spend days arguing with them. You can only argue effectively with Dean by challenging his Rube Goldberg construction. If you do he will then ignore you. That proves that you have won. Dean has repeatedly stated "I'm going to sue ARIN" in so many words. Whenever someone argues with him about the logicalness of doing this he valiantly flails away. Whenever someone says "OK Dean, if you feel that way then please sue them" as I have done repeatedly, he falls silent. That is what you need to do. Focus on his conclusions, not his supporting statements. That is where the insanity is. Ted From tkersnick at transworldix.net Mon May 19 19:23:12 2008 From: tkersnick at transworldix.net (=?utf-8?B?VGltb3RoeSBGLiBLZXJzbmljaw==?=) Date: Mon, 19 May 2008 23:23:12 +0000 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: <0F3016DDB5B94AB7B5E63C3FAAC49791@tedsdesk> References: <0F3016DDB5B94AB7B5E63C3FAAC49791@tedsdesk> Message-ID: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> I didn't realize that this list was for drama seekers. I am a relatively new member of ARIN and I am quite surpised that this thread has turned into "he said, she said". What about the original topic? Your statements have not made any significant progress towards resolving the issue at hand in a constructive manner. Instead what you have done is try to oppress anyone that might have a contribution. There have been several key public figures in history that have done the same thing but I dare not mention them here. For the most part, all it has done is spammed everyone with vast amounts of information that is completely off topic. Go ahead and respond to this email with something sarcastic if you like, but the point I want to make is that it will get you no further along than you are right now. If you want to be the kind of person that grabs attention with seemingly witty remarks, but has no real value or contribution then go ahead and respond with another series of negative personal attacks. I will not respond to them. Arguments are great when they are constructive and something of value can be taken away from them. From the recent gripes and jabs I have learned nothing. My whole reason for responding is to perhaps make you see that not everyone wants to hear your personal drama or problems with each other. If you don't like each other, why does everyone else need to know about it? They don't and neither do I. Let's get back to discussing the issue. --Tim Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "Ted Mittelstaedt" Date: Mon, 19 May 2008 13:46:25 To: Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Dean Anderson > Sent: Monday, May 19, 2008 1:25 PM > To: Edward B. DREGER > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > Generally, people who continue to associate with questionable > and ruthless people will become disreputable by association. > Even if they were honest to begin with, they are placed in > compromising situations by their association and > participation with the unscrupulous. Rudolf Gulliani and > Bernard Kerik come to mind as recent examples. > Edward, Dean's typical MO is to argue logically to any thread - until about the 6th or 7th post. Then without warning he gathers together all of his logical arguments and creates a Rube Goldberg construction of rediculous and incredible proportions. A typical Dean argument goes something like this: Earth has a large atmosphere Atmosphere is a gas composed mostly of oxygen and nitrogen In the presense of lightning oxygen turns into Ozone Ozone is poisonous to life. There's lightning that happens every day somewhere in the Earth's atmosphere The Earth's atmosphere is poisonous. In other words, reading a Dean thread is something like riding a train that suddenly derails without warning. Everything seems fine until abruptly your wondering "where the hell did that come from" People who attack Dean usually make the mistake of attacking one of his logical arguments that is built up to the heroic construction. Thus they cannot win because those arguments by themselves are solid, and Dean will spend days arguing with them. You can only argue effectively with Dean by challenging his Rube Goldberg construction. If you do he will then ignore you. That proves that you have won. Dean has repeatedly stated "I'm going to sue ARIN" in so many words. Whenever someone argues with him about the logicalness of doing this he valiantly flails away. Whenever someone says "OK Dean, if you feel that way then please sue them" as I have done repeatedly, he falls silent. That is what you need to do. Focus on his conclusions, not his supporting statements. That is where the insanity is. Ted _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From eddy+arin+spam at noc.everquick.net Mon May 19 21:37:45 2008 From: eddy+arin+spam at noc.everquick.net (Edward B. DREGER) Date: Tue, 20 May 2008 01:37:45 +0000 (GMT) Subject: [arin-discuss] Dean -vs- Eddy... again. Message-ID: Dean, If you _really_ care to pursue this, set up a mailing list on one of your servers. These topics seem well-suited to iadl.org. Let's spare the ARIN membership, who repeatedly has protested this little spats -- which are happening with great regularity. Thas said, false public accusations must be corrected. This will be my last post in this round of ARIN/Dean/whatever-you-call-it. At the end of the day, these diatribes hurt all who are involved. > Dreger is a frequent NANOG participant. I've attended one NANOG. A better term might be "frequent NANOG-L poster". I have dealt with people you cite (Vixie, Bellovin, et cetera) even less than I have with you. Anyone interested in your background, my background, or anyone's background, can start by searching public archives. > most (all?) of the people posting attacks on me are NANOG members Perhaps that's because NANOG members have dealt with you before. It would not make sense for those who have not come in contact with you to post attacks. > Funny how a small minority is in control of ARIN Let's examine that small minority: long-time industry exposure, and greatly affected by ARIN decisions. It's quite logical that such people would participate actively. > I was removed from all ARIN mailing lists, and prevented from > participating in the last ARIN meeting electronically. Then do something about it. If your claims are true, then you're in a great position to stop any abuse of power. One could even argue that you would be negligent in _not_ keeping ARIN in line, lest they begin down a slippery slope that harms all members. I've been critical of ARIN before. I have no particular loyalty to them. However, based on my own personal experience of how you have attempted to characterize me, I am not comfortable pointing any fingers at ARIN based on the veracity of your claims. > (Vixie) has been successfull sued for doing that previously. Exactis/MAPS was vacated without prejudice, and never tried again. It seems that "settled out of court" would be a more accurate description. > (I think Dreger was among them) I don't believe that I was posting to NANOG in 1999. One can examine the archives. > Generally, people who continue to associate with questionable and > ruthless people You claim that various people are questionable and ruthless. They say the same about you. You claim that precedent backs your position. They say the same about their beliefs. In the absence of any formal proceedings, we all are judged in the court of public opinion. Those who are not part of "the NANOG cartel" express desires for these discussions to happen elsewhere. These spats only help, relatively speaking, those who stand to lose the least. > you seem to have little evidence of any ridiculous claim of mine I didn't want to drag the list into the match that it is becoming. That said, the following come readily to mind: 1. You claim that open relaying is acceptable; 2. You claim that SMTP+AUTH is unacceptable because it isn't a standard; 3. Your statements of others' positions (e.g., on the ECPA) does not match what they claim to state. Again, why not set up a mailing list on one of your systems? You're all but guaranteed not to be censored, you get to choose the list charter, and those interested can debate/argue/fight without annoying the rest of ARIN's membership. Let people represent their own positions; then there will be no disagreement over who is twisting whose words. Unfortunately, I must return to work. As much fun as this could be (on a list where people _want_ to read it), actual business also calls. Please post instructions for joining your mailing list(s). Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter. From paul at vix.com Mon May 19 21:52:26 2008 From: paul at vix.com (Paul Vixie) Date: Tue, 20 May 2008 01:52:26 +0000 Subject: [arin-discuss] Dean -vs- Eddy... again. In-Reply-To: Your message of "Tue, 20 May 2008 01:37:45 GMT." References: Message-ID: <30646.1211248346@sa.vix.com> edward, you wrote, in response to dean: > If you _really_ care to pursue this, set up a mailing list on one of > your servers. These topics seem well-suited to iadl.org. Let's spare > the ARIN membership, who repeatedly has protested this little spats -- > which are happening with great regularity. if dean or anybody else sets up a mailing list elsewhere whose topic is ARIN related, then i think it would be reasonable to post a note here to invite folks to join that other mailing list. after all, "the membership" is not a single personality, and does not speak with a single voice, and cannot have been said, as a whole, to have protested as you say. paul From iis-arin at impulse.net Tue May 20 02:05:29 2008 From: iis-arin at impulse.net (Jay Hennigan) Date: Mon, 19 May 2008 23:05:29 -0700 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) Message-ID: <48326A29.9040106@impulse.net> Consider the benefits of denying sustenance to creatures discovered beneath causeways. From tedm at ipinc.net Tue May 20 14:25:26 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 11:25:26 -0700 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> Message-ID: > -----Original Message----- > From: Timothy F. Kersnick [mailto:tkersnick at transworldix.net] > Sent: Monday, May 19, 2008 4:23 PM > To: Ted Mittelstaedt; arin-discuss-bounces at arin.net; > arin-discuss at arin.net > Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > > I didn't realize that this list was for drama seekers. I am > a relatively new member of ARIN and I am quite surpised that > this thread has turned into "he said, she said". What about > the original topic? > > Your statements have not made any significant progress > towards resolving the issue at hand in a constructive manner. There IS no "issue at hand" The original question was answered twice, once by myself on 5-16 by asking the OP to show us in the NRPM it mandates SWIP, and once on 5-19 by Lee who responded to an ISP who claimed they lost residential customers due to privacy leakge in SWIP, and Lee then pointed out the explicit section in the NPRM where it discusses residential privacy (which the ISP apparently didn't follow) The OP thus far has failed to show where he is required in the NRPM to disclose competitive/prooprietary information in SWIP. Dean was never involved in the original question or response, and merely hijacked the thread for his usual campaign of attacks against the ARIN board., as he usually does with all long-running threads on this list. > Let's get back to discussing the issue. > Please, read the entire thread first before merely restating the same stuff that has already been hashed up. You might actually try RESPONDING to the issue at hand. Most who have responded have been upset over what they THINK the NRPM and ARIN's rules on SWIP are, not what the manual and rules actually state. Ted From chad at onr.com Tue May 20 15:05:49 2008 From: chad at onr.com (Chad Kissinger) Date: Tue, 20 May 2008 14:05:49 -0500 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> Message-ID: > There IS no "issue at hand" I disagree, the issue is whether or not you have to put specific customer information in RWHOIS or SWIP, I haven't seen anyone from ARIN answer that yet. You can assert anything you want, but I want to hear it from the people who are going to approve/deny my next IP space request. >The OP thus far has failed to show where he is required in the >NRPM to disclose competitive/prooprietary information in SWIP. >From the NRPM, I find the following two relevant passages. "4.2.4.1. Utilization percentage (80%) ISPs must have efficiently utilized all previous allocations and at least 80% of their most recent allocation in order to receive additional space. This includes all space reassigned to their customers. The reassignment information section of the ARIN ISP Network Request Template should be completed for all address blocks that have been allocated to your organization. In the template, line 1b. Assigned: information will be verified via SWIP/RWHOIS and 1c. Reserved: should be used to indicate internal network information. Please note that until your prior utilization is verified to meet the 80% requirement, ARIN can neither process nor approve a request for additional addresses." And 3.2 Distributed Information Server Use Requirements "The distributed information service must return reassignment information for the IP address queried. The service may allow for privacy protections for customers. For residential users, the service may follow ARIN's residential privacy policy that includes displaying only the city, state, zip code, and country. For all other reassignments, the service shall follow ARIN's privacy policy for publishing data in a public forum I cannot find any "ARIN privacy policy for publishing data in a public forum" So, the question remains, do you have to put the true POC information for each of your customers in SWIP and expose it to the Internet and your competitors? From aaron at wholesaleinternet.com Tue May 20 15:19:44 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 20 May 2008 14:19:44 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> Message-ID: <0c0601c8baae$7627ba10$62772e30$@com> Oh boy... here we go. First off, thanks to all the people that gave me constructive answers. I do appreciate it. I'll just snip off all the other garbage and go right to the point: >Please, read the entire thread first before merely restating the >same stuff that has already been hashed up. You might actually >try RESPONDING to the issue at hand. Most who have responded >have been upset over what they THINK the NRPM and ARIN's rules >on SWIP are, not what the manual and rules actually state. I decided to keep my mouth shut (or fingers still) on your response because it did me no good at all. What it says in the "manual" and what happens in real life are two very different things. I have asked for numerous allocations in the past and ALWAYS been required to SWIP my current allocations to show usage. I asked once if I could send in a list of our customers and their allocations and was told no, I HAD to SWIP them. That being said, Tim, while I appreciate your effort I didn't respond because I had written you off as someone who didn't have a clue. For those of you wondering what then end of the story is, I SWIPed my ranges with my customer's names and my address. I submitted my request with some justification information and received my approval and new allocation in 50 minutes. Seriously. I sent it in at 12:59 and received my block at 1:49. I'm pretty sure that is some kind of record and would like to whole heartedly thank the ARIN staff, who I'm sure have pretty thankless jobs, for realizing I was at something like 99% utilization and needed the IPs desperately. Thank you again, also, to the people who provided constructive, real world suggestions. Aaron From sleibrand at internap.com Tue May 20 15:37:58 2008 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 20 May 2008 12:37:58 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> Message-ID: <48332896.5030009@internap.com> Chad, ARIN, in ordinary practice, does not respond to questions posted to arin-discuss. It seems to me they prefer to allow ARIN members to engage in discussion on this list, rather than make it a public forum for interacting with ARIN staff. There are a number of knowledgeable individuals here who can help, but if you "want to hear it from the people who are going to approve/deny your next IP space request", I would recommend contacting ARIN directly (via info at arin.net or similar) and asking them your question. -Scott Chad Kissinger wrote: > >> There IS no "issue at hand" > > I disagree, the issue is whether or not you have to put specific customer information in RWHOIS or SWIP, I haven't seen anyone from ARIN answer that yet. > You can assert anything you want, but I want to hear it from the people who are going to approve/deny my next IP space request. > >> The OP thus far has failed to show where he is required in the >> NRPM to disclose competitive/prooprietary information in SWIP. > >>From the NRPM, I find the following two relevant passages. > > "4.2.4.1. Utilization percentage (80%) > ISPs must have efficiently utilized all previous allocations and at least 80% of their most recent allocation in order to receive additional space. This includes all space reassigned to their customers. The reassignment information section of the ARIN ISP Network Request Template should be completed for all address blocks that have been allocated to your organization. In the template, line 1b. Assigned: information will be verified via SWIP/RWHOIS and 1c. Reserved: should be used to indicate internal network information. Please note that until your prior utilization is verified to meet the 80% requirement, ARIN can neither process nor approve a request for additional addresses." > > And > > 3.2 Distributed Information Server Use Requirements > > > > "The distributed information service must return reassignment information for the IP address queried. The service may allow for privacy protections for customers. For residential users, the service may follow ARIN's residential privacy policy that includes displaying only the city, state, zip code, and country. For all other reassignments, the service shall follow ARIN's privacy policy for publishing data in a public forum > > > I cannot find any "ARIN privacy policy for publishing data in a public forum" > > So, the question remains, do you have to put the true POC information for each of your customers in SWIP and expose it to the Internet and your competitors? > > > > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. From michael.dillon at bt.com Tue May 20 15:46:00 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 20 May 2008 20:46:00 +0100 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> Message-ID: > I disagree, the issue is whether or not you have to put > specific customer information in RWHOIS or SWIP, I haven't > seen anyone from ARIN answer that yet. We're all ARIN members here, aren't we? Who makes ARIN policies? Members plus other interested parties make the rules so if the rules are out of sync with reality, we should not just knuckle down and follow the rules, we should change them. > You can assert > anything you want, but I want to hear it from the people who > are going to approve/deny my next IP space request. As far as I'm aware, the rules covering what must be published in the ARIN whois directory (via SWIP or RWHOIS) are not connected to the rules for allocating new IP space. In any case, I rather doubt whether ARIN hostmasters ever look at this list, and even if they did, I doubt that their bosses would allow them to post anything on the issue. At best, you will get someone from ARIN management to make a statement. I've already mentioned that my company does not publish any more than customer name and city for business customers. No street address, no zip code. Yet we have successfully received /16 (or better) allocations several times over the last 6 years or so. We do however, provide the ARIN hostmasters with full detail on every internal allocation or assignment, right down to the /32 level, but that is under NDA and even the ARIN management are not allowed to look at that information. > Please note > that until your prior utilization is verified to meet the 80% > requirement, ARIN can neither process nor approve a request > for additional addresses." That's the key sentence. They want proof, not records published in the whois directory. We have provided database dumps, charts of actual vs. forecast growth, pointers to public web pages which list PoP cities and other miscellanea. > I cannot find any "ARIN privacy policy for publishing data in > a public forum" > > So, the question remains, do you have to put the true POC > information for each of your customers in SWIP and expose it > to the Internet and your competitors? It really depends on your IQ, and business acumen. I seriously recommend that you do not publish any zip codes or street addresses, and only publish company names for larger customers where it isn't much of a secret anyway. If ARIN's hostmaster complains, be direct with them and tell them why you will not publish the information, remind them of the NDA that they have signed, and submit the info to the hostmaster only. If this lack of publishing the information is the sole sticking point, then sue ARIN. It is unfair, in a legal sense, for ARIN to force one of its members to publish commercially sensitive information that will benefit your competitors, namely other ARIN members. This is not the kind of level playing field that one expects to be created by "self regulation" and if ARIN is not willing to play fair, sue the bastards to get it on the public record. Quite frankly, I doubt that it would ever get to this point because if your lawyer writes ARIN's lawyer a letter, then ARIN's lawyer will point out that you have misunderstood the hostmaster and that the sticking point on your application was not related to the incomplete data in the whois directory. In any case, the ARIN employees really should not be posting interpretations of policy to this list. --Michael Dillon From tedm at ipinc.net Tue May 20 15:51:04 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 12:51:04 -0700 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: Message-ID: <0700D72F2A884C10937CFBAD094C4CBA@tedsdesk> > -----Original Message----- > From: Chad Kissinger [mailto:chad at onr.com] > Sent: Tuesday, May 20, 2008 12:06 PM > To: Ted Mittelstaedt; tkersnick at transworldix.net; > arin-discuss at arin.net > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > > > > > There IS no "issue at hand" > > I disagree, the issue is whether or not you have to put > specific customer information in RWHOIS or SWIP, I haven't > seen anyone from ARIN answer that yet. You can assert > anything you want, but I want to hear it from the people who > are going to approve/deny my next IP space request. > Last time we got space the ARIN hostmaster that did our request told me to supply justification EITHER on a spreadsheet OR on SWIP. Of course, that is just my word on it, not anything written down. > >The OP thus far has failed to show where he is required in > the NRPM to > >disclose competitive/prooprietary information in SWIP. > > >From the NRPM, I find the following two relevant passages. > > "4.2.4.1. Utilization percentage (80%) > ISPs must have efficiently utilized all previous allocations > and at least 80% of their most recent allocation in order to > receive additional space. This includes all space reassigned > to their customers. The reassignment information section of > the ARIN ISP Network Request Template should be completed for > all address blocks that have been allocated to your > organization. In the template, line 1b. Assigned: information > will be verified via SWIP/RWHOIS and 1c. Reserved: should be > used to indicate internal network information. I don't see anything in there that dictates that SWIP or RWHOIS must contain competitive/proprietary information. Nothing in the manual says WHAT data is required to be in SWIP. And furthermore if you spent any time working with rwhois you will find that virtually all fields in RWHOS are administrator-determined, this is per the rwhois standard. The line is: "...The reassignment information section of the ARIN ISP Network Request Template should be completed for all address blocks that have been allocated to your organization...." it doesen't say HOW it's to be completed. > Please note > that until your prior utilization is verified to meet the 80% > requirement, ARIN can neither process nor approve a request > for additional addresses." > > And > > 3.2 Distributed Information Server Use Requirements > > > > "The distributed information service must return reassignment > information for the IP address queried. The service may allow > for privacy protections for customers. Once more, NOTE THAT "...The service may allow for privacy protections for customers..." is stated BEFORE the explicit mention of RESIDENTIAL users. Meaning, that the service (swip/rwhois) may allow for privacy protections for ALL customers, residential AND business. It is only in the more specific section on residential users where specific fields, city, state, etc. are spelled out. The NRPM is written in a manner that is deliberately vague on the issue of what data must be in SWIP. I suspect this is intentional. I think what is really making YOU uncomfortable is that the NRPM is not black and white on what constitutes contact information and what MUST be put in. I personally WANT IT TO STAY that way. Why? Because, like pornography, this kind of information is subjective and I would rather give the ARIN staff of human beings the authority to look at a SWIP entry and tell the person who entered it that it's bogus and not usable for justification. If you specify the info to the nth degree, then you take away that from the ARIN staff and this also allows people to beat ARIN over the head with the rules - they can meet the letter of the rules but not the spirit. You might ALSO consider the use of the word "should" instead of "must" Unfortunately, the recent Policitally Correct movement has done some damage to language, as people today write signs that say "you shouldn't walk on the grass" rather than say "your not permitted on the grass" and an entire generation has been raised to believe that the word "should" and the word "must" are identical. They are not. "must" states a required condition, "should" states a condition that the condition writer would really, really really like to make required, but they know they have no authority to do so. You might say, your legally compelled to do things you must do, your morally compelled to do things you should do. > > So, the question remains, do you have to put the true POC > information for each of your customers in SWIP and expose it > to the Internet and your competitors? > No, you don't "have" to. You "should". Ted From tedm at ipinc.net Tue May 20 16:00:40 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 13:00:40 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c0601c8baae$7627ba10$62772e30$@com> Message-ID: <80057B0B0426456297DF76E1883F7817@tedsdesk> > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel > Sent: Tuesday, May 20, 2008 12:20 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > Oh boy... here we go. First off, thanks to all the people > that gave me constructive answers. I do appreciate it. > > I'll just snip off all the other garbage and go right to the point: > > >Please, read the entire thread first before merely restating > the same > >stuff that has already been hashed up. You might actually try > >RESPONDING to the issue at hand. Most who have responded have been > >upset over what they THINK the NRPM and ARIN's rules on SWIP > are, not > >what the manual and rules actually state. > > I decided to keep my mouth shut (or fingers still) on your > response because it did me no good at all. What it says in > the "manual" and what happens in real life are two very > different things. I have asked for numerous allocations in > the past and ALWAYS been required to SWIP my current > allocations to show usage. I asked once if I could send in a > list of our customers and their allocations and was told no, > I HAD to SWIP them. > Interesting how this discussion has changed from: "what is required to be in SWIP" to "what is required for me to get my next IP block allocation" In any case, my experience with the ARIN staff has been different than yours. But, I will also state that if your chewing up IP that fast and in such quantity that your asking for numerous allocations that you frankly have no competitive problems with disclosing your customer list. Disclosure of your customer list only hurts you if it results in customer loss. And, you obviously do not have significant customer loss if your asking for numerous allocations. So why do you care that this data is public? > That being said, Tim, while I appreciate your effort I didn't > respond because I had written you off as someone who didn't > have a clue. > > For those of you wondering what then end of the story is, I > SWIPed my ranges with my customer's names and my address. I > submitted my request with some justification information and > received my approval and new allocation in 50 minutes. > Seriously. I sent it in at 12:59 and received my block at > 1:49. I'm pretty sure that is some kind of record and would > like to whole heartedly thank the ARIN staff, who I'm sure > have pretty thankless jobs, for realizing I was at something > like 99% utilization and needed the IPs desperately. > How exactly would ARIN have the time to actually contact any of the names in your SWIPped list and verify that they were actually legitimate, and that you hadn't simply put a bunch of fake names and addresses in there? Ted From chad at onr.com Tue May 20 16:12:02 2008 From: chad at onr.com (Chad Kissinger) Date: Tue, 20 May 2008 15:12:02 -0500 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry>

Message-ID: Well, I've now heard two different stories in the past two e-mails. Scott's story is consistent with my experience... ARIN demands complete SWIP information prior to issuing IP numbers. Michael claims that he has gotten away with less. If actual practice is less stringent than the policy, we should re-write the policy so that people like me, who just want to follow the rules and get the IP space as quickly and painlessly as possible, can just read the simple English in the policy to see what is really required. I don't want to have my lawyer send their lawyer a letter. I just want a fair, clear policy that everyone has to follow. I personally think sending a spreadsheet with the information to ARIN under NDA should be sufficient. Onramp Access chad kissinger | president | onramp access, inc. p: 512.322.9200 | f: 512.476.2878 | www.onr.com your internet operations | built | deployed | managed -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of michael.dillon at bt.com Sent: Tuesday, May 20, 2008 2:46 PM To: arin-discuss at arin.net Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) > I disagree, the issue is whether or not you have to put > specific customer information in RWHOIS or SWIP, I haven't > seen anyone from ARIN answer that yet. We're all ARIN members here, aren't we? Who makes ARIN policies? Members plus other interested parties make the rules so if the rules are out of sync with reality, we should not just knuckle down and follow the rules, we should change them. > You can assert > anything you want, but I want to hear it from the people who > are going to approve/deny my next IP space request. As far as I'm aware, the rules covering what must be published in the ARIN whois directory (via SWIP or RWHOIS) are not connected to the rules for allocating new IP space. In any case, I rather doubt whether ARIN hostmasters ever look at this list, and even if they did, I doubt that their bosses would allow them to post anything on the issue. At best, you will get someone from ARIN management to make a statement. I've already mentioned that my company does not publish any more than customer name and city for business customers. No street address, no zip code. Yet we have successfully received /16 (or better) allocations several times over the last 6 years or so. We do however, provide the ARIN hostmasters with full detail on every internal allocation or assignment, right down to the /32 level, but that is under NDA and even the ARIN management are not allowed to look at that information. > Please note > that until your prior utilization is verified to meet the 80% > requirement, ARIN can neither process nor approve a request > for additional addresses." That's the key sentence. They want proof, not records published in the whois directory. We have provided database dumps, charts of actual vs. forecast growth, pointers to public web pages which list PoP cities and other miscellanea. > I cannot find any "ARIN privacy policy for publishing data in > a public forum" > > So, the question remains, do you have to put the true POC > information for each of your customers in SWIP and expose it > to the Internet and your competitors? It really depends on your IQ, and business acumen. I seriously recommend that you do not publish any zip codes or street addresses, and only publish company names for larger customers where it isn't much of a secret anyway. If ARIN's hostmaster complains, be direct with them and tell them why you will not publish the information, remind them of the NDA that they have signed, and submit the info to the hostmaster only. If this lack of publishing the information is the sole sticking point, then sue ARIN. It is unfair, in a legal sense, for ARIN to force one of its members to publish commercially sensitive information that will benefit your competitors, namely other ARIN members. This is not the kind of level playing field that one expects to be created by "self regulation" and if ARIN is not willing to play fair, sue the bastards to get it on the public record. Quite frankly, I doubt that it would ever get to this point because if your lawyer writes ARIN's lawyer a letter, then ARIN's lawyer will point out that you have misunderstood the hostmaster and that the sticking point on your application was not related to the incomplete data in the whois directory. In any case, the ARIN employees really should not be posting interpretations of policy to this list. --Michael Dillon _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From michael.dillon at bt.com Tue May 20 16:18:43 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 20 May 2008 21:18:43 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c0601c8baae$7627ba10$62772e30$@com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> Message-ID: > I have asked for numerous allocations in > the past and ALWAYS been required to SWIP my current > allocations to show usage. I asked once if I could send in a > list of our customers and their allocations and was told no, > I HAD to SWIP them. I think this is due to misunderstanding of the English language... Wait a minute... the darn policy isn't written in plain English, your statement above is not in plain English, all bets are off. Let's just say that it is difficult for members and hostmasters to communicate clearly about this because SWIP has so many different meanings to different people. The fact is that some companies have applied formally to be allowed to submit info in formats other than SWIP and RWHOIS. Others have informally asked to be allowed to do this. And ARIN has agreed. Escalate the issue within Registration Services. It is not fair to require anyone to force their addressing database into an arcane obsolete format in order to get new IP addresses. As long as it is in a format that the hostmasters can easily manipulate then it should be OK. I dumped my database into CSV format for them. If you engage in dialogue, without chest-thumping, then you *will* find middle ground with ARIN. They cannot advise you what to do because that is outside their remit. They are only entitled to interpret policy in order to carry out their analyses of applications, not to advise applicants. Some people get upset when they don't get a straight answer to a straight question, but that is not really dialogue, is it? > For those of you wondering what then end of the story is, I > SWIPed my ranges with my customer's names and my address. Seems to me that there is no point in publishing contact info for someone who is not READY, WILLING and ABLE to RESPOND when contacted about network issues. Since you used your own address you were actually IMPROVING the quality of the data in the whois directory. --Michael Dillon From chad at onr.com Tue May 20 16:16:08 2008 From: chad at onr.com (Chad Kissinger) Date: Tue, 20 May 2008 15:16:08 -0500 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: <0700D72F2A884C10937CFBAD094C4CBA@tedsdesk> References: <0700D72F2A884C10937CFBAD094C4CBA@tedsdesk> Message-ID: The bottom line is that Scott and now you have said you were allowed to get new IP space without publicly publishing your customer's real data in SWIP. Michael and I have both been denied new IP space until we published the information. I'm not sure whether I should hope to be treated like you were, or whether you should worry that you'll next be treated like I was... but what I do know is that if the policy was clear, specific and uniformly followed, neither of us would have to worry. Onramp Access chad kissinger | president | onramp access, inc. p: 512.322.9200 | f: 512.476.2878 | www.onr.com your internet operations | built | deployed | managed -----Original Message----- From: Ted Mittelstaedt [mailto:tedm at ipinc.net] Sent: Tuesday, May 20, 2008 2:51 PM To: Chad Kissinger; tkersnick at transworldix.net; arin-discuss at arin.net Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) > -----Original Message----- > From: Chad Kissinger [mailto:chad at onr.com] > Sent: Tuesday, May 20, 2008 12:06 PM > To: Ted Mittelstaedt; tkersnick at transworldix.net; > arin-discuss at arin.net > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > > > > > There IS no "issue at hand" > > I disagree, the issue is whether or not you have to put > specific customer information in RWHOIS or SWIP, I haven't > seen anyone from ARIN answer that yet. You can assert > anything you want, but I want to hear it from the people who > are going to approve/deny my next IP space request. > Last time we got space the ARIN hostmaster that did our request told me to supply justification EITHER on a spreadsheet OR on SWIP. Of course, that is just my word on it, not anything written down. > >The OP thus far has failed to show where he is required in > the NRPM to > >disclose competitive/prooprietary information in SWIP. > > >From the NRPM, I find the following two relevant passages. > > "4.2.4.1. Utilization percentage (80%) > ISPs must have efficiently utilized all previous allocations > and at least 80% of their most recent allocation in order to > receive additional space. This includes all space reassigned > to their customers. The reassignment information section of > the ARIN ISP Network Request Template should be completed for > all address blocks that have been allocated to your > organization. In the template, line 1b. Assigned: information > will be verified via SWIP/RWHOIS and 1c. Reserved: should be > used to indicate internal network information. I don't see anything in there that dictates that SWIP or RWHOIS must contain competitive/proprietary information. Nothing in the manual says WHAT data is required to be in SWIP. And furthermore if you spent any time working with rwhois you will find that virtually all fields in RWHOS are administrator-determined, this is per the rwhois standard. The line is: "...The reassignment information section of the ARIN ISP Network Request Template should be completed for all address blocks that have been allocated to your organization...." it doesen't say HOW it's to be completed. > Please note > that until your prior utilization is verified to meet the 80% > requirement, ARIN can neither process nor approve a request > for additional addresses." > > And > > 3.2 Distributed Information Server Use Requirements > > > > "The distributed information service must return reassignment > information for the IP address queried. The service may allow > for privacy protections for customers. Once more, NOTE THAT "...The service may allow for privacy protections for customers..." is stated BEFORE the explicit mention of RESIDENTIAL users. Meaning, that the service (swip/rwhois) may allow for privacy protections for ALL customers, residential AND business. It is only in the more specific section on residential users where specific fields, city, state, etc. are spelled out. The NRPM is written in a manner that is deliberately vague on the issue of what data must be in SWIP. I suspect this is intentional. I think what is really making YOU uncomfortable is that the NRPM is not black and white on what constitutes contact information and what MUST be put in. I personally WANT IT TO STAY that way. Why? Because, like pornography, this kind of information is subjective and I would rather give the ARIN staff of human beings the authority to look at a SWIP entry and tell the person who entered it that it's bogus and not usable for justification. If you specify the info to the nth degree, then you take away that from the ARIN staff and this also allows people to beat ARIN over the head with the rules - they can meet the letter of the rules but not the spirit. You might ALSO consider the use of the word "should" instead of "must" Unfortunately, the recent Policitally Correct movement has done some damage to language, as people today write signs that say "you shouldn't walk on the grass" rather than say "your not permitted on the grass" and an entire generation has been raised to believe that the word "should" and the word "must" are identical. They are not. "must" states a required condition, "should" states a condition that the condition writer would really, really really like to make required, but they know they have no authority to do so. You might say, your legally compelled to do things you must do, your morally compelled to do things you should do. > > So, the question remains, do you have to put the true POC > information for each of your customers in SWIP and expose it > to the Internet and your competitors? > No, you don't "have" to. You "should". Ted From chad at onr.com Tue May 20 16:18:01 2008 From: chad at onr.com (Chad Kissinger) Date: Tue, 20 May 2008 15:18:01 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <80057B0B0426456297DF76E1883F7817@tedsdesk> References: <0c0601c8baae$7627ba10$62772e30$@com> <80057B0B0426456297DF76E1883F7817@tedsdesk> Message-ID: >How exactly would ARIN have the time to actually contact any of >the names in your SWIPped list and verify that they were actually >legitimate, and that you hadn't simply put a bunch of fake >names and addresses in there? Exactly. Why do we have SWIP in the first place? Apparently, everyone is lying or putting in incomplete information. From mjkelly at gmail.com Tue May 20 16:21:07 2008 From: mjkelly at gmail.com (Matt Kelly) Date: Tue, 20 May 2008 16:21:07 -0400 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry>

Message-ID: Since this topic has moved to what ARIN is requiring for additional IP allocation... Is it normal practice to be asked what our customers are using the IP space for? I've been under the impression that as long as we're using more than 80% of our current usage and show information for the upcoming allocation that is all that should be required. We've been asked in the past why we're allocating certain size blocks to certain customers and for what reason. I'm not sure this is kosher and we have NDA's with quite a few customers preventing us from discussing their operations. FWIW, ARIN has asked us for complete SWIP information but we are allowed to use the customers name or company name with our data center address. --Matt Kelly On May 20, 2008, at 4:12 PM, Chad Kissinger wrote: > > Well, I've now heard two different stories in the past two e-mails. > Scott's story is consistent with my experience... ARIN demands > complete SWIP information prior to issuing IP numbers. Michael > claims that he has gotten away with less. If actual practice is > less stringent than the policy, we should re-write the policy so > that people like me, who just want to follow the rules and get the > IP space as quickly and painlessly as possible, can just read the > simple English in the policy to see what is really required. I > don't want to have my lawyer send their lawyer a letter. I just > want a fair, clear policy that everyone has to follow. I personally > think sending a spreadsheet with the information to ARIN under NDA > should be sufficient. > > > Onramp Access > chad kissinger | president | onramp access, inc. > p: 512.322.9200 | f: 512.476.2878 | www.onr.com > your internet operations | built | deployed | managed > > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net > ] On Behalf Of michael.dillon at bt.com > Sent: Tuesday, May 20, 2008 2:46 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of > SWIPping) > >> I disagree, the issue is whether or not you have to put >> specific customer information in RWHOIS or SWIP, I haven't >> seen anyone from ARIN answer that yet. > > We're all ARIN members here, aren't we? Who makes ARIN policies? > Members plus other interested parties make the rules so if the > rules are out of sync with reality, we should not just knuckle > down and follow the rules, we should change them. > >> You can assert >> anything you want, but I want to hear it from the people who >> are going to approve/deny my next IP space request. > > As far as I'm aware, the rules covering what must be published > in the ARIN whois directory (via SWIP or RWHOIS) are not connected > to the rules for allocating new IP space. > > In any case, I rather doubt whether ARIN hostmasters ever look > at this list, and even if they did, I doubt that their bosses > would allow them to post anything on the issue. At best, you > will get someone from ARIN management to make a statement. > > I've already mentioned that my company does not publish > any more than customer name and city for business customers. > No street address, no zip code. Yet we have successfully > received /16 (or better) allocations several times over the last > 6 years or so. We do however, provide the ARIN hostmasters with > full detail on every internal allocation or assignment, right > down to the /32 level, but that is under NDA and even the ARIN > management are not allowed to look at that information. > >> Please note >> that until your prior utilization is verified to meet the 80% >> requirement, ARIN can neither process nor approve a request >> for additional addresses." > > That's the key sentence. They want proof, not records published > in the whois directory. We have provided database dumps, charts > of actual vs. forecast growth, pointers to public web pages which > list PoP cities and other miscellanea. > >> I cannot find any "ARIN privacy policy for publishing data in >> a public forum" >> >> So, the question remains, do you have to put the true POC >> information for each of your customers in SWIP and expose it >> to the Internet and your competitors? > > It really depends on your IQ, and business acumen. I seriously > recommend > that you do not publish any zip codes or street addresses, and only > publish > company names for larger customers where it isn't much of a secret > anyway. > If ARIN's hostmaster complains, be direct with them and tell them why > you > will not publish the information, remind them of the NDA that they > have > signed, > and submit the info to the hostmaster only. If this lack of publishing > the > information is the sole sticking point, then sue ARIN. > > It is unfair, in a legal sense, for ARIN to force one of its members > to > publish commercially sensitive information that will benefit your > competitors, > namely other ARIN members. This is not the kind of level playing field > that > one expects to be created by "self regulation" and if ARIN is not > willing > to play fair, sue the bastards to get it on the public record. > > Quite frankly, I doubt that it would ever get to this point because if > your > lawyer writes ARIN's lawyer a letter, then ARIN's lawyer will point > out > that > you have misunderstood the hostmaster and that the sticking point on > your > application was not related to the incomplete data in the whois > directory. > > In any case, the ARIN employees really should not be posting > interpretations > of policy to this list. > > --Michael Dillon > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. From michael.dillon at bt.com Tue May 20 16:26:58 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 20 May 2008 21:26:58 +0100 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry>

Message-ID: > Michael claims that he has gotten away with less. Less? The whois directory only contains down to the /29 level but I supplied them down to the /32 level. Yes we do have customers with a /32 assignment for the NAT pool on their CPE router. > If actual practice is less stringent than the policy, we > should re-write the policy so that people like me, who just > want to follow the rules and get the IP space as quickly and > painlessly as possible, can just read the simple English in > the policy to see what is really required. I don't want to > have my lawyer send their lawyer a letter. I just want a > fair, clear policy that everyone has to follow. I personally > think sending a spreadsheet with the information to ARIN > under NDA should be sufficient. The amateur lawyers who dominate ARIN meetings and the PPML list, disagree with you. Some of them are net vigilantes in their spare time and need that whois data to ply their trade. --Michael Dillon From tedm at ipinc.net Tue May 20 16:43:34 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 13:43:34 -0700 Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: Message-ID: <15F2D8C2E1E74CF49292E4C936A71187@tedsdesk> > -----Original Message----- > From: Chad Kissinger [mailto:chad at onr.com] > Sent: Tuesday, May 20, 2008 1:16 PM > To: Ted Mittelstaedt; tkersnick at transworldix.net; > arin-discuss at arin.net > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > > > The bottom line is that Scott and now you have said you were > allowed to get new IP space without publicly publishing your > customer's real data in SWIP. Hold on there. I said we were told that we COULD just submit a spreadsheet, not that this is what we DID. Also, your implying that we never had any intention of publically publishing when the opposite is the case. I frankly believe in publically publishing statically assigned RESIDENTIAL ip addresses, on the theory that anyone requesting a static IP for a residence is intending to run a public server, and I know that is not a view that is at all popular these days. In atual fact we DID have customer data SWIPed, just not ALL of our customers, for the simple reason that many of our customers only had a /29 and a whole lot of them only had( and have) a /32. We have a lot of DSL you see - and a very great many of them are business DSL who only have a /32. We do not automatically knee-jerk hand out /29's or larger to anyone that buys business services on DSL, you see. We also had some SWIPS that were older and innacurate, and a number of them that were for small direct assignments that we were routing where the contact info was old. We also had some that were for /24's where we had subsequently split the /24 but not updated the SWIP. After the allocation we completely threw out ALL SWIPS and went to RWHOIS. Since the allocation was to replace a bunch of non contiguous subnets, the SWIPS all had to be replaced anyhow if we were going to keep doing SWIPS. This was all 4 years ago and frankly the only real issues associated with it are the periodic attacks on the rwhois server by jerkoffs on the Internet looking for servers to add to their zombie networks. I would expect that ARIN would more closely scrutinize applications today with the upcoming IPv4 runout. I would ALSO expect that ARIN would more closely scrutinize "fast uptake" people who put in allocation after allocation request for ever more subnets. It may be different in your market but in our market Internet service is steady-state, our market has the highest penetration of internet service and has reached an effective saturation - it is at the point now where a local major ISP who was simply giving service away for free, has failed simply because they could not get enough customers for their advertizing-driven business model to work. As a result it would be completely uncharacteristic for ANY isps in our market to be requesting allocation after allocation. Perhaps ARIN is pushing back on you precisely because your allocation rate is not characteristic. It could be the same principle of the credit card companies who deny credit card authorizations on accounts that have plenty of credit, merely due to profiling of spending history. > Michael and I have both been > denied new IP space until we published the information. I'm > not sure whether I should hope to be treated like you were, > or whether you should worry that you'll next be treated like > I was... but what I do know is that if the policy was clear, > specific and uniformly followed, neither of us would have to worry. > And it would be a lot easier for speculators to obtain large quantities of IPv4 and I don't think we want that. Ted > > Onramp Access > chad kissinger | president | onramp access, inc. > p: 512.322.9200 | f: 512.476.2878 | www.onr.com > your internet operations | built | deployed | managed > > -----Original Message----- > From: Ted Mittelstaedt [mailto:tedm at ipinc.net] > Sent: Tuesday, May 20, 2008 2:51 PM > To: Chad Kissinger; tkersnick at transworldix.net; arin-discuss at arin.net > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The > joy of SWIPping) > > > > > -----Original Message----- > > From: Chad Kissinger [mailto:chad at onr.com] > > Sent: Tuesday, May 20, 2008 12:06 PM > > To: Ted Mittelstaedt; tkersnick at transworldix.net; > > arin-discuss at arin.net > > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of > > SWIPping) > > > > > > > > > > > There IS no "issue at hand" > > > > I disagree, the issue is whether or not you have to put specific > > customer information in RWHOIS or SWIP, I haven't seen anyone from > > ARIN answer that yet. You can assert anything you want, > but I want to > > hear it from the people who are going to approve/deny my > next IP space > > request. > > > > Last time we got space the ARIN hostmaster that did our > request told me to supply justification EITHER on a > spreadsheet OR on SWIP. Of course, that is just my word on > it, not anything written down. > > > >The OP thus far has failed to show where he is required in > > the NRPM to > > >disclose competitive/prooprietary information in SWIP. > > > > >From the NRPM, I find the following two relevant passages. > > > > "4.2.4.1. Utilization percentage (80%) > > ISPs must have efficiently utilized all previous allocations and at > > least 80% of their most recent allocation in order to receive > > additional space. This includes all space reassigned to their > > customers. The reassignment information section of the ARIN ISP > > Network Request Template should be completed for all address blocks > > that have been allocated to your organization. In the > template, line > > 1b. Assigned: information will be verified via SWIP/RWHOIS and 1c. > > Reserved: should be used to indicate internal network information. > > I don't see anything in there that dictates that SWIP or > RWHOIS must contain competitive/proprietary information. > Nothing in the manual says WHAT data is required to be in > SWIP. And furthermore if you spent any time working with > rwhois you will find that virtually all fields in RWHOS are > administrator-determined, this is per the rwhois standard. > > The line is: > > "...The reassignment information section of > the ARIN ISP Network Request Template should be completed > for all address blocks that have been allocated to your > organization...." > > it doesen't say HOW it's to be completed. > > > Please note > > that until your prior utilization is verified to meet the 80% > > requirement, ARIN can neither process nor approve a request for > > additional addresses." > > > > And > > > > 3.2 Distributed Information Server Use Requirements > > > > > > > > "The distributed information service must return reassignment > > information for the IP address queried. The service may allow for > > privacy protections for customers. > > Once more, NOTE THAT > > "...The service may allow for privacy protections for customers..." > > is stated BEFORE the explicit mention of RESIDENTIAL users. > Meaning, that the service (swip/rwhois) may allow for privacy > protections for ALL customers, residential AND business. It > is only in the more specific section on residential users > where specific fields, city, state, etc. are spelled out. > > The NRPM is written in a manner that is deliberately vague on > the issue of what data must be in SWIP. I suspect this is > intentional. > > I think what is really making YOU uncomfortable is that the > NRPM is not black and white on what constitutes contact > information and what MUST be put in. > > I personally WANT IT TO STAY that way. Why? Because, like > pornography, this kind of information is subjective and I > would rather give the ARIN staff of human beings the > authority to look at a SWIP entry and tell the person who > entered it that it's bogus and not usable for justification. > If you specify the info to the nth degree, then you take away > that from the ARIN staff and this also allows people to beat > ARIN over the head with the rules - they can meet the letter > of the rules but not the spirit. > > You might ALSO consider the use of the word "should" instead of "must" > > Unfortunately, the recent Policitally Correct movement has > done some damage to language, as people today write signs > that say "you shouldn't walk on the grass" rather than say > "your not permitted on the grass" and an entire generation > has been raised to believe that the word "should" and the > word "must" are identical. They are not. "must" states a > required condition, "should" states a condition that the > condition writer would really, really really like to make > required, but they know they have no authority to do so. > > You might say, your legally compelled to do things you must > do, your morally compelled to do things you should do. > > > > > So, the question remains, do you have to put the true POC > information > > for each of your customers in SWIP and expose it to the > Internet and > > your competitors? > > > > No, you don't "have" to. You "should". > > Ted > > > From berger at shout.net Tue May 20 16:43:26 2008 From: berger at shout.net (Mike Berger) Date: Tue, 20 May 2008 15:43:26 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> Message-ID: <483337EE.2030303@shout.net> Seems to me that maybe people who aren't ready, willing, and able to respond to network issues surrounding the addresses they're using shouldn't be given any IP addresses in the first place. michael.dillon at bt.com wrote: > Seems to me that there is no point in publishing contact info > for someone who is not READY, WILLING and ABLE to RESPOND when > contacted about network issues. Since you used your own address > you were actually IMPROVING the quality of the data in the > whois directory. > > --Michael Dillon > > From bmanning at vacation.karoshi.com Tue May 20 16:42:04 2008 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Tue, 20 May 2008 20:42:04 +0000 Subject: [arin-discuss] SWIPping - a whois review In-Reply-To: References: <0700D72F2A884C10937CFBAD094C4CBA@tedsdesk> Message-ID: <20080520204204.GA7462@vacation.karoshi.com.> Pretty valid concerns about exposure of sensitive information -might- be illuminated by reviewing Leo Bicknells presentation, "WHOIS by the Numbers" which he presented :: http://www.arin.net/meetings/minutes/ARIN_XVIII/ppm.html --bill manning From aaron at wholesaleinternet.com Tue May 20 16:44:56 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 20 May 2008 15:44:56 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <80057B0B0426456297DF76E1883F7817@tedsdesk> References: <0c0601c8baae$7627ba10$62772e30$@com> <80057B0B0426456297DF76E1883F7817@tedsdesk> Message-ID: <0c3101c8baba$5d2924c0$177b6e40$@com> Tim, >Interesting how this discussion has changed from: > >"what is required to be in SWIP" > >to > >"what is required for me to get my next IP block allocation" Is there any other reason to SWIP? :) >In any case, my experience with the ARIN staff has been different >than yours. Obviously. Stating your experiences in your original reply would have been very helpful. >But, I will also state that if your chewing up IP that fast and in >such quantity that your asking for numerous allocations that >you frankly have no competitive problems with disclosing your >customer list. > >Disclosure of your customer list only hurts you if it results in >customer loss. And, you obviously do not have significant customer >loss if your asking for numerous allocations. So why do you care >that this data is public? Why chance it? Maybe I have good customer retention because of the precautions I take to keep their identities private. >How exactly would ARIN have the time to actually contact any of >the names in your SWIPped list and verify that they were actually >legitimate, and that you hadn't simply put a bunch of fake >names and addresses in there? They wouldn't. It's an honor system and truthfully, it would take way to long to make up a bunch of names. I suppose I could use a phone book or something but using the actual IP list is easier and quicker and.... what's the point? If I already have IPs I need to fake utilization for I obviously don't need new ones. :) Aaron From tedm at ipinc.net Tue May 20 16:50:24 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 13:50:24 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: Message-ID: > -----Original Message----- > From: Chad Kissinger [mailto:chad at onr.com] > Sent: Tuesday, May 20, 2008 1:18 PM > To: Ted Mittelstaedt; 'Aaron Wendel'; arin-discuss at arin.net > Subject: RE: [arin-discuss] The joy of SWIPping > > > > > > > >How exactly would ARIN have the time to actually contact any of the > >names in your SWIPped list and verify that they were actually > >legitimate, and that you hadn't simply put a bunch of fake names and > >addresses in there? > > Exactly. Why do we have SWIP in the first place? > Apparently, everyone is lying or putting in incomplete information. > Anyone who is obtaining IPv4 for the purpose of speculating is basically a criminal and I am sure lying is not much of an obstacle. Same goes for those obtaining IPv4 for spamming. So I am not sure that designing SWIP policy to try and counteract criminals is going to help much there. HOWEVER, I -DO NOT THINK- that the fact that criminals are liars should relieve ARIN of the responsibility of making SOME effort to verify the legitimacy of the data submitted for allocation requests. That verification can be done with the current rules in place, and your story to me really seemed to indicate that such verification isn't being done, and that concerns me. Ted From tedm at ipinc.net Tue May 20 16:52:27 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 20 May 2008 13:52:27 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c3101c8baba$5d2924c0$177b6e40$@com> Message-ID: <45EC1E0A4C5648E3B5F6EE09E2E1ACA5@tedsdesk> > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel > Sent: Tuesday, May 20, 2008 1:45 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > > Why chance it? Maybe I have good customer retention because > of the precautions I take to keep their identities private. > :-) Ted From aaron at wholesaleinternet.com Tue May 20 16:58:05 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 20 May 2008 15:58:05 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <483337EE.2030303@shout.net> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> Message-ID: <0c4401c8babc$32f67610$98e36230$@com> Anyone else notice how easy it is to tell on this list who runs a real business and who doesn't? >Seems to me that maybe people who aren't ready, >willing, and able to respond to network issues >surrounding the addresses they're using shouldn't >be given any IP addresses in the first place. From berger at shout.net Tue May 20 17:11:29 2008 From: berger at shout.net (Mike Berger) Date: Tue, 20 May 2008 16:11:29 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c4401c8babc$32f67610$98e36230$@com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> Message-ID: <48333E81.50607@shout.net> Actually, no. Could you elaborate? I can't tell if you agree or are in favor of handing out addresses to anybody that asks without regard as to who they are and what they want to do with them. Aaron Wendel wrote: > Anyone else notice how easy it is to tell on this list who runs a real > business and who doesn't? > > >> Seems to me that maybe people who aren't ready, >> willing, and able to respond to network issues >> surrounding the addresses they're using shouldn't >> be given any IP addresses in the first place. >> > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > From sleibrand at internap.com Tue May 20 17:27:53 2008 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 20 May 2008 14:27:53 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <48332896.5030009@internap.com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <48332896.5030009@internap.com> Message-ID: <48334259.40108@internap.com> Scott Leibrand wrote: > There are a number of knowledgeable individuals here who can help, but > if you "want to hear it from the people who are going to approve/deny > your next IP space request", I would recommend contacting ARIN directly > (via info at arin.net or similar) and asking them your question. Sorry, the proper address is hostmaster at arin.net. -Scott From aaron at wholesaleinternet.com Tue May 20 17:30:46 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 20 May 2008 16:30:46 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <48333E81.50607@shout.net> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> <48333E81.50607@shout.net> Message-ID: <0c6b01c8bac0$c3f50100$4bdf0300$@com> Sure. Not everyone is as brilliant as you are so they need to hire people like me to run their networks for them. That's how I pay for my car and house and all those porn subscriptions. If I told everyone who came to me who wasn't a network genius that they didn't deserve IP space because they couldn't respond to network issues then I'd just sit around with a jar of Vaseline wondering what to do with it.... Sorry, been up for 48 hours straight. Bottom line. I was mocking your statement because it, obviously, has no basis in reality. Aaron >Actually, no. Could you elaborate? >I can't tell if you agree or are in >favor of handing out addresses to anybody >that asks without regard as to who they are and >what they want to do with them. > > Anyone else notice how easy it is to tell on this list who runs a real > business and who doesn't? > > >> Seems to me that maybe people who aren't ready, >> willing, and able to respond to network issues >> surrounding the addresses they're using shouldn't >> be given any IP addresses in the first place. >> From sleibrand at internap.com Tue May 20 17:31:56 2008 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 20 May 2008 14:31:56 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <0700D72F2A884C10937CFBAD094C4CBA@tedsdesk> Message-ID: <4833434C.5020501@internap.com> Chad Kissinger wrote: > The bottom line is that Scott and now you have said you were allowed to get new IP space without publicly publishing your customer's real data in SWIP. If Scott refers to me, I wasn't the one who said that. -Scott (Leibrand) > Michael and I have both been denied new IP space until we published the information. I'm not sure whether I should hope to be treated like you were, or whether you should worry that you'll next be treated like I was... but what I do know is that if the policy was clear, specific and uniformly followed, neither of us would have to worry. > > > Onramp Access > chad kissinger | president | onramp access, inc. > p: 512.322.9200 | f: 512.476.2878 | www.onr.com > your internet operations | built | deployed | managed > > -----Original Message----- > From: Ted Mittelstaedt [mailto:tedm at ipinc.net] > Sent: Tuesday, May 20, 2008 2:51 PM > To: Chad Kissinger; tkersnick at transworldix.net; arin-discuss at arin.net > Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) > > > >> -----Original Message----- >> From: Chad Kissinger [mailto:chad at onr.com] >> Sent: Tuesday, May 20, 2008 12:06 PM >> To: Ted Mittelstaedt; tkersnick at transworldix.net; >> arin-discuss at arin.net >> Subject: RE: [arin-discuss] Dean -vs- ARIN... again (Re: The >> joy of SWIPping) >> >> >> >> >>> There IS no "issue at hand" >> I disagree, the issue is whether or not you have to put >> specific customer information in RWHOIS or SWIP, I haven't >> seen anyone from ARIN answer that yet. You can assert >> anything you want, but I want to hear it from the people who >> are going to approve/deny my next IP space request. >> > > Last time we got space the ARIN hostmaster that did our request > told me to supply justification EITHER on a spreadsheet OR on > SWIP. Of course, that is just my word on it, not anything written > down. > >>> The OP thus far has failed to show where he is required in >> the NRPM to >>> disclose competitive/prooprietary information in SWIP. >> >From the NRPM, I find the following two relevant passages. >> >> "4.2.4.1. Utilization percentage (80%) >> ISPs must have efficiently utilized all previous allocations >> and at least 80% of their most recent allocation in order to >> receive additional space. This includes all space reassigned >> to their customers. The reassignment information section of >> the ARIN ISP Network Request Template should be completed for >> all address blocks that have been allocated to your >> organization. In the template, line 1b. Assigned: information >> will be verified via SWIP/RWHOIS and 1c. Reserved: should be >> used to indicate internal network information. > > I don't see anything in there that dictates that SWIP or RWHOIS > must contain competitive/proprietary information. Nothing > in the manual says WHAT data is required to be in SWIP. And > furthermore if you spent any time working with rwhois you will > find that virtually all fields in RWHOS are administrator-determined, > this is per the rwhois standard. > > The line is: > > "...The reassignment information section of > the ARIN ISP Network Request Template should be completed for > all address blocks that have been allocated to your > organization...." > > it doesen't say HOW it's to be completed. > >> Please note >> that until your prior utilization is verified to meet the 80% >> requirement, ARIN can neither process nor approve a request >> for additional addresses." >> >> And >> >> 3.2 Distributed Information Server Use Requirements >> >> >> >> "The distributed information service must return reassignment >> information for the IP address queried. The service may allow >> for privacy protections for customers. > > Once more, NOTE THAT > > "...The service may allow for privacy protections for customers..." > > is stated BEFORE the explicit mention of RESIDENTIAL users. Meaning, > that the service (swip/rwhois) may allow for privacy protections > for ALL customers, residential AND business. It is only in the > more specific section on residential users where specific fields, > city, state, etc. are spelled out. > > The NRPM is written in a manner that is deliberately vague on the > issue of what data must be in SWIP. I suspect this is intentional. > > I think what is really making YOU uncomfortable is that the NRPM is > not black and white on what constitutes contact information and what > MUST be put in. > > I personally WANT IT TO STAY that way. Why? Because, like pornography, > this kind of information is subjective and I would rather give the > ARIN staff of human beings the authority to look at a SWIP entry > and tell the person who entered it that it's bogus and not usable > for justification. If you specify the info to the nth degree, then > you take away that from the ARIN staff and this also allows people > to beat ARIN over the head with the rules - they can meet the letter > of the rules but not the spirit. > > You might ALSO consider the use of the word "should" instead of "must" > > Unfortunately, the recent Policitally Correct movement has done some > damage to language, as people today write signs that say "you shouldn't > walk on the grass" rather than say "your not permitted on the grass" > and an entire generation has been raised to believe that the word > "should" and the word "must" are identical. They are not. "must" > states a required condition, "should" states a condition that the > condition writer would really, really really like to make required, > but they know they have no authority to do so. > > You might say, your legally compelled to do things you must do, your > morally compelled to do things you should do. > >> So, the question remains, do you have to put the true POC >> information for each of your customers in SWIP and expose it >> to the Internet and your competitors? >> > > No, you don't "have" to. You "should". > > Ted > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. From berger at shout.net Tue May 20 17:34:10 2008 From: berger at shout.net (Mike Berger) Date: Tue, 20 May 2008 16:34:10 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c6b01c8bac0$c3f50100$4bdf0300$@com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> <48333E81.50607@shout.net> <0c6b01c8bac0$c3f50100$4bdf0300$@com> Message-ID: <483343D2.3090302@shout.net> I see what you mean about the brilliance thing. It never occured to you that you could list someone who WOULD take responsibility for the network even if they weren't the individual to whom the IP address was assigned? You're on the right track. If you won't take responsibility for your own network, hire someone that will. Aaron Wendel wrote: > Sure. > > Not everyone is as brilliant as you are so they need to hire people like me > to run their networks for them. That's how I pay for my car and house and > all those porn subscriptions. > > If I told everyone who came to me who wasn't a network genius that they > didn't deserve IP space because they couldn't respond to network issues then > I'd just sit around with a jar of Vaseline wondering what to do with it.... > > Sorry, been up for 48 hours straight. > > Bottom line. I was mocking your statement because it, obviously, has no > basis in reality. > > Aaron > > > > >> Actually, no. Could you elaborate? >> I can't tell if you agree or are in >> favor of handing out addresses to anybody >> that asks without regard as to who they are and >> what they want to do with them. >> >> Anyone else notice how easy it is to tell on this list who runs a real >> business and who doesn't? >> >> >> >>> Seems to me that maybe people who aren't ready, >>> willing, and able to respond to network issues >>> surrounding the addresses they're using shouldn't >>> be given any IP addresses in the first place. >>> >>> > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > From aaron at wholesaleinternet.com Tue May 20 18:12:33 2008 From: aaron at wholesaleinternet.com (Aaron Wendel) Date: Tue, 20 May 2008 17:12:33 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <483343D2.3090302@shout.net> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> <48333E81.50607@shout.net> <0c6b01c8bac0$c3f50100$4bdf0300$@com> <483343D2.3090302@shout.net> Message-ID: <0c7701c8bac6$9a766340$cf6329c0$@com> The whole SWIP thing has brought out a lot of issues not the least of which are privacy and responsibility. At this point I am of the opinion that the whole 'REASSIGN" template should be done away with and only reallocates done for people who are responsible for their own infrastructure under the service provider. If you have questions about other parts of someone's network then you contact the person ultimately responsible for the IPs. The purpose of SWIP and RWHOIS should be redefined as a system that holds information used for contacting parties responsible for the IP networks and away from a list of people who may or may not know what an IP even is. >I see what you mean about the brilliance thing. >It never occured to you that you could list >someone who WOULD take responsibility for the >network even if they weren't the individual >to whom the IP address was assigned? You're >on the right track. If you won't take responsibility >for your own network, hire someone that will. From jlewis at atlantic.net Tue May 20 18:43:05 2008 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Tue, 20 May 2008 18:43:05 -0400 (EDT) Subject: [arin-discuss] Dean -vs- ARIN... again (Re: The joy of SWIPping) In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry>

Message-ID: On Tue, 20 May 2008, Matt Kelly wrote: > Is it normal practice to be asked what our customers are using the IP > space for? I've been under the impression that as long as we're using > more than 80% of our current usage and show information for the > upcoming allocation that is all that should be required. We've been > asked in the past why we're allocating certain size blocks to certain > customers and for what reason. I'm not sure this is kosher and we > have NDA's with quite a few customers preventing us from discussing > their operations. It's been my experience that ARIN will ask for details on any "larger" assignments. AFAIK, they're happy to sign an NDA if needed, so you might have to work into the NDA between you and your customers that you may be required (under NDA) to share some information about their IP usage with ARIN so that you're able to get future allocations from ARIN. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From michael.dillon at bt.com Wed May 21 05:11:46 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 21 May 2008 10:11:46 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <483337EE.2030303@shout.net> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> Message-ID: > Seems to me that maybe people who aren't ready, willing, and > able to respond to network issues surrounding the addresses > they're using shouldn't be given any IP addresses in the first place. That's right, encourage the FCC to swoop down and take over the whole ball game. This is not a private club of Internet insiders, it is a public utility that serves everyone, regardless of whether they even own a computer or have an Internet connection at home. I agree that there should be someone READY, WILLING and ABLE to RESPOND to network issues for every IP address issued, and that the contact info for these people should be published in a public directory like whois, however, I don't believe that we should force this on everyone who gets an IP address. There is always an upstream provider who is being paid for the Internet service and in most cases, it is that upstream whose contact info should be published. Only end customers who agree to take on the RESPONSE role should be added to the whois directory. Let's face it, your proposal is like banning Macdonalds and Burger King by forcing everyone who wants to eat a hamburger, to cook it themselves. Cute idea, but it will never happen. --Michael Dillon From michael.dillon at bt.com Wed May 21 05:20:17 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 21 May 2008 10:20:17 +0100 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c7701c8bac6$9a766340$cf6329c0$@com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> <48333E81.50607@shout.net> <0c6b01c8bac0$c3f50100$4bdf0300$@com><483343D2.3090302@shout.net> <0c7701c8bac6$9a766340$cf6329c0$@com> Message-ID: > If you have questions about other > parts of someone's network then you contact the person > ultimately responsible for the IPs. When ARIN allocates a block to an ISP, that ISP assumes the responsibility for those addresses. They must be READY, WILLING and ABLE to RESPOND to queries about network issues and they must publish their contact info in the whois directory. I believe this is actually in the contract (RSA) that is signed with ARIN. However, ARIN cannot force a business model on the ISP. If the ISP wants to reassign addresses to a company but RETAIN the RESPONSIBILITY for those addresses, that should be acceptable. One would think that if the ISP does not have direct access to the customer's infrastructure, that they at least have direct contacts with any technical people who work for the customer. And if there really is no-one else out there, they have the power to pull the plug until things are sorted out, and should really have a contract with the customer in which this is clearly stated. People who moan about data missing from the whois directory are really trying to impose a business model on *ALL* ISPs. This is a non-starter. Much better would be to force ISPs to REMOVE data from the whois directory unless it leads to a contact who is READY, WILLING and ABLE to ACT upon queries about network issues. The end result would be a usable whois directory. > The purpose of SWIP and RWHOIS should be redefined as a > system that holds information used for contacting parties > responsible for the IP networks and away from a list of > people who may or may not know what an IP even is. 100% agree. --Michael Dillon From eddy+arin+spam at noc.everquick.net Wed May 21 08:24:05 2008 From: eddy+arin+spam at noc.everquick.net (Edward B. DREGER) Date: Wed, 21 May 2008 12:24:05 +0000 (GMT) Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <483337EE.2030303@shout.net> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> Message-ID: MB> Date: Tue, 20 May 2008 15:43:26 -0500 MB> From: Mike Berger MB> Seems to me that maybe people who aren't ready, willing, and able to MB> respond to network issues surrounding the addresses they're using MB> shouldn't be given any IP addresses in the first place. Are you referring to the top or the bottom of the subnet hierarchy? i.e., that someone somewhere must be responsible, or each subnet holder must be directly responsible? If you're saying something akin to "all domain name holders must have in-house 24/7 DNS-knowledgeable staff", I'd have to disagree. Look at how people get confused with domain-related issues.[1] If you're stating something along the lines of "all subnets should have usable IP-related contacts", we're getting somewhere... and I see no reason why a subnet user should be prohibited from having an agent act on their behalf. Indeed, one could argue that publishing clueless domain POCs invites abusers to pursue their quarry. Do we really expect any different with IP space? [1] When I say "issues", I mean "issues". I am not [mis]using it in its _en vogue_ form as a feel-good way to say "problems". Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter. From berger at shout.net Wed May 21 08:55:53 2008 From: berger at shout.net (Mike Berger) Date: Wed, 21 May 2008 07:55:53 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> Message-ID: <48341BD9.9080909@shout.net> You sure read a lot into my comment. All I said was that any IP address assigned should have a responsible contact listed. The rest is your own imagination. michael.dillon at bt.com wrote: >> Seems to me that maybe people who aren't ready, willing, and >> able to respond to network issues surrounding the addresses >> they're using shouldn't be given any IP addresses in the first place. >> > > That's right, encourage the FCC to swoop down and take over the > whole ball game. This is not a private club of Internet insiders, > it is a public utility that serves everyone, regardless of whether > they even own a computer or have an Internet connection at home. > > I agree that there should be someone READY, WILLING and ABLE to > RESPOND to network issues for every IP address issued, and that the > contact info for these people should be published in a public > directory like whois, however, I don't believe that we should > force this on everyone who gets an IP address. There is always > an upstream provider who is being paid for the Internet service > and in most cases, it is that upstream whose contact info should > be published. Only end customers who agree to take on the RESPONSE > role should be added to the whois directory. > > Let's face it, your proposal is like banning Macdonalds and Burger > King by forcing everyone who wants to eat a hamburger, to cook it > themselves. Cute idea, but it will never happen. > From berger at shout.net Wed May 21 09:02:31 2008 From: berger at shout.net (Mike Berger) Date: Wed, 21 May 2008 08:02:31 -0500 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> Message-ID: <48341D67.803@shout.net> Wow, people in this list sure can extrapolate a lot from a simple statement. Someone should be responsible for each IP address. If the customer won't take responsibility, and won't hire an agent to do so (which might be the service provider) then he shouldn't be on the internet. Anything you add to this notion is not mine. Edward B. DREGER wrote: > MB> Date: Tue, 20 May 2008 15:43:26 -0500 > MB> From: Mike Berger > > MB> Seems to me that maybe people who aren't ready, willing, and able to > MB> respond to network issues surrounding the addresses they're using > MB> shouldn't be given any IP addresses in the first place. > > Are you referring to the top or the bottom of the subnet hierarchy? > i.e., that someone somewhere must be responsible, or each subnet holder > must be directly responsible? > > If you're saying something akin to "all domain name holders must have > in-house 24/7 DNS-knowledgeable staff", I'd have to disagree. Look at > how people get confused with domain-related issues.[1] > > If you're stating something along the lines of "all subnets should have > usable IP-related contacts", we're getting somewhere... and I see no > reason why a subnet user should be prohibited from having an agent act > on their behalf. > > Indeed, one could argue that publishing clueless domain POCs invites > abusers to pursue their quarry. Do we really expect any different with > IP space? > > [1] When I say "issues", I mean "issues". I am not [mis]using it in its > _en vogue_ form as a feel-good way to say "problems". > > > Eddy > -- > Everquick Internet - http://www.everquick.net/ > A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ > Bandwidth, consulting, e-commerce, hosting, and network building > Phone: +1 785 865 5885 Lawrence and [inter]national > Phone: +1 316 794 8922 Wichita > ________________________________________________________________________ > DO NOT send mail to the following addresses: > davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net > Sending mail to spambait addresses is a great way to get blocked. > Ditto for broken OOO autoresponders and foolish AV software backscatter. > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to the ARIN > Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact the ARIN Member Services Help Desk at info at arin.net > if you experience any issues. > From jerry.dowell at associates.dhs.gov Wed May 21 12:21:09 2008 From: jerry.dowell at associates.dhs.gov (DOWELL, JERRY (CTR)) Date: Wed, 21 May 2008 12:21:09 -0400 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0c6b01c8bac0$c3f50100$4bdf0300$@com> References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com><48333E81.50607@shout.net> <0c6b01c8bac0$c3f50100$4bdf0300$@com> Message-ID: <0F029B113FFDA94EB962D8FA54B8404DD50908@NWG-EXMB-A-016.ad.cbp.dhs.gov> I fail to see why ARIN should be in the control of what an organization does with the IP address it is assigned other than requiring justification of the quantity being requested. May issues are related to security and who has the need to know. Jerry L. Dowell DHS IP Administrator Supporting DHS OneNet and CBP Network Engineering Customs and Border Protection/Department of Homeland Security jerry.dowell at associates.dhs.gov Office: (703) 921-7595 Cell: (571) 423-8956 -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Aaron Wendel Sent: Tuesday, May 20, 2008 5:31 PM To: arin-discuss at arin.net Subject: Re: [arin-discuss] The joy of SWIPping Sure. Not everyone is as brilliant as you are so they need to hire people like me to run their networks for them. That's how I pay for my car and house and all those porn subscriptions. If I told everyone who came to me who wasn't a network genius that they didn't deserve IP space because they couldn't respond to network issues then I'd just sit around with a jar of Vaseline wondering what to do with it.... Sorry, been up for 48 hours straight. Bottom line. I was mocking your statement because it, obviously, has no basis in reality. Aaron >Actually, no. Could you elaborate? >I can't tell if you agree or are in >favor of handing out addresses to anybody >that asks without regard as to who they are and >what they want to do with them. > > Anyone else notice how easy it is to tell on this list who runs a real > business and who doesn't? > > >> Seems to me that maybe people who aren't ready, >> willing, and able to respond to network issues >> surrounding the addresses they're using shouldn't >> be given any IP addresses in the first place. >> _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. From dean at av8.net Wed May 21 12:29:01 2008 From: dean at av8.net (Dean Anderson) Date: Wed, 21 May 2008 12:29:01 -0400 (EDT) Subject: [arin-discuss] Dean -vs- Eddy... again. In-Reply-To: Message-ID: I am once again having to respond to irrelevant personal attacks just to set the record straight. I won't respond to the claims in detail, except to say that Dreger misstates my positions on various (irrelevant) issues, and summarize my actual positions. My positions on those issues have been well-reasoned and have also been vindicated: Open relay opponents turned out to be liars (not hyperbole--in fact proven in court to be liars and for the last 10 years, the only ones abusing our open relays. I did write about the flaws of SMTP-AUTH. And in fact, RFC2554 (proposed 1999), RFC4954 (proposed 2007) are "proposed standards", plainly still under development. Plainly, that was the case in 1999 and was the also case in 2003 when I last wrote criticism of SMTP-AUTH. These protocol proposals are still (2008) not so widely implemented that SMTP-AUTH obsoletes open relays, and that certainly wasn't the case in 1999 or 2003. And the claim that open relay enables or promotes spam or enables anonymous email has been debunked as well. My account about Steven Bellovin is here: http://www.av8.net/IETF-watch/People/StevenBellovin/index.html My account about John Levine is here: http://www.av8.net/IETF-watch/People/JohnLevine/index.html My claims about their statements match their statements. You can find links to their statements on the above pages. But I won't argue the substance of the arguments here, lest I be accused of "hijacking the topic". Dreger has misrepresented the facts and my position on the facts. But I note that having positions on the issues that Dreger cites does not justify any of the action from NANOG (in 1998) nor that of ARIN in 2008. Also, the issues Dreger cites were not the ostensible basis of the actions of either organization. So the new issues he raises seem to be completely irrelevant, except these issues probably were the real basis of the NANOG action. Attempting to win argument by silencing opponents is not honest or reputable. People of character and integrity don't do such things. I don't expect Dreger to agree on issues of open relays or SMTP-AUTH. However, these issues were certainly relevant to NANOG in 1999, and my positions were well-reasoned then. I also note that in 1998, I was already well-established in the Internet community, with a reputation then for being a moderate, reasonable person of character and integrity. I was elected President of the LPF by more votes than were cast for any one of the current ARIN board members. Indeed, by about 4 times as many people voted for me as have voted for Paul Vixie. What is relevant now, relevant to the membership of ARIN, is my complaints against ARIN the ARIN leadership: for their action and inaction during periods of scurrilously improper behavior at NANOG, silencing reasonable positions while misrepresenting the criminal laws of our nation, reflect negatively on their character and integrity. Most of the Board and Ray Plzak were associated with NANOG in 1998 and before, and presented themselves as leaders and people of integrity, yet they did nothing about the scurrilous activities; for their fabrication of false claims of per se defamation to justify disrupting my membership in ARIN; for their assertion of false claims of spam, as further justification of capriciously disrupting my membership; for the reasons uncovered in the investigation previously reported, particularly transfering large funds to NANOG, sending ARIN non-operations employees to NANOG, sending resource analysts to NANOG where they are placed in ethically compromising positions, etc. My conduct during this same period, both in the substance of the issues being debated, and in response to the scurrilous events, has been entirely honest and honorable and respectable. On Tue, 20 May 2008, Edward B. DREGER wrote: > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From ppml at rs.seastrom.com Wed May 21 12:43:20 2008 From: ppml at rs.seastrom.com (Robert E. Seastrom) Date: Wed, 21 May 2008 12:43:20 -0400 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0F029B113FFDA94EB962D8FA54B8404DD50908@NWG-EXMB-A-016.ad.cbp.dhs.gov> (JERRY DOWELL's message of "Wed, 21 May 2008 12:21:09 -0400") References: <1391568887-1211239375-cardhu_decombobulator_blackberry.rim.net-1582390634-@bxe005.bisx.prod.on.blackberry> <0c0601c8baae$7627ba10$62772e30$@com> <483337EE.2030303@shout.net> <0c4401c8babc$32f67610$98e36230$@com> <48333E81.50607@shout.net> <0c6b01c8bac0$c3f50100$4bdf0300$@com> <0F029B113FFDA94EB962D8FA54B8404DD50908@NWG-EXMB-A-016.ad.cbp.dhs.gov> Message-ID: <86d4nfmwuv.fsf@seastrom.com> Hi Jerry, Your organization is an end user not an ISP. It would get an assignment, not an allocation, and is under no obligation to file SWIPs, however, when you go back to ARIN for more space, you will have to account for the space you already have (which ARIN last I checked is happy to take in the form of a spreadsheet, an ASCII table, or whatever else you might reasonably bring to the table). It is important to make this distinction since end users can plausibly be treated as a monolithic entity by outsiders for abuse or other contact purposes (even if this turns out to be suboptimal in practice), whereas it is completely unrealistic to expect this to hold in the case of an organization that is acting as a common carrier. If you believe that current ARIN policy could be improved, why not submit a policy proposal? Anyone can participate in this process - you need not be an ARIN member or DMR to submit your thoughts on how to make ARIN work better. http://www.arin.net/policy/irpep.html ---Rob (on the ARIN AC, speaking for myself only) "DOWELL, JERRY (CTR)" writes: > I fail to see why ARIN should be in the control of what an organization > does with the IP address it is assigned other than requiring > justification of the quantity being requested. May issues are related > to security and who has the need to know. > > > Jerry L. Dowell > DHS IP Administrator > Supporting DHS OneNet and CBP Network Engineering > Customs and Border Protection/Department of Homeland Security > jerry.dowell at associates.dhs.gov > Office: (703) 921-7595 > Cell: (571) 423-8956 From tedm at ipinc.net Wed May 21 14:11:09 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 21 May 2008 11:11:09 -0700 Subject: [arin-discuss] The joy of SWIPping In-Reply-To: <0F029B113FFDA94EB962D8FA54B8404DD50908@NWG-EXMB-A-016.ad.cbp.dhs.gov> Message-ID: <44612C4E7F854A1ABE068D4336791478@tedsdesk> > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of DOWELL, > JERRY (CTR) > Sent: Wednesday, May 21, 2008 9:21 AM > To: Aaron Wendel; arin-discuss at arin.net > Subject: Re: [arin-discuss] The joy of SWIPping > > > I fail to see why ARIN should be in the control of what an > organization does with the IP address it is assigned other > than requiring justification of the quantity being requested. If you give ARIN the authority to require justification of use for IP addressing assignments, then you ARE giving ARIN control of what an organization does with it's IP address. If I contact ARIN and say that my justification for obtaining a /8 is because I want to sit on it for 5 years then make a lot of money "selling" the addresses, then guess what - while in my own mind I am meeting justification requirements, in the minds of ARIN and most other people, that use does NOT constitute justification, and I will not get the /8 > May issues are related to security and who has the need to know. > Please, I encourage you to remove your license plates from your automobile and then go down and drive back and forth in front of a police station. Then when you get a ticket, you can argue with the officer, claiming privacy and that the public does not have a "need to know" Let us know how far you get with that. Ted From tedm at ipinc.net Thu May 29 16:27:38 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 29 May 2008 13:27:38 -0700 Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? Message-ID: <676526700D2541639D864D00084EDE0F@tedsdesk> I picked up a little consumer ethernet-to-ethernet router the other day for about $120 USD and surprised that is has IPv6 capability in it. It's a Linksys model RVS4000. It appears to act as an IPv4<->IPv6 gateway, here is what it says: Select the way for IPv6-only hosts to connect to or through IPv4 Internet. NAPT-PT Enable this option to allow your IPv6-only host on the LAN side to connect to IPv4-only hosts on the WAN side through address-translation and protocol-translation (per RFC2766). You can assign IPv6 to both the WAN and LAN interface. This is the first time I've seen IPv6 in the low end consumer "home" router gear. Does the existence of this at that price point make the "we gotta extend the life of IPv4" argument a moot issue? Or does the price point of IPv6 routers have to hit the $19.95-on-sale-at-Walmart region to invalidate that argument? Just curious... Ted From dean at av8.com Fri May 30 18:36:34 2008 From: dean at av8.com (Dean Anderson) Date: Fri, 30 May 2008 18:36:34 -0400 (EDT) Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? In-Reply-To: <676526700D2541639D864D00084EDE0F@tedsdesk> Message-ID: Hi, Ted, On Thu, 29 May 2008, Ted Mittelstaedt wrote: > I picked up a little consumer ethernet-to-ethernet router the > other day for about $120 USD and surprised that is has IPv6 > capability in it. It's a Linksys model RVS4000. Linksys runs mostly embedded linux. Linux has had some kind of IPv6 support for a long time, though IPv6 is usually disabled in the embedded versions because of space constraints. Its rather interesting that linksys assumes there will be IPv6-only clients, since there are no such beasts at this time. > Does the existence of this at that price point make the "we gotta > extend the life of IPv4" argument a moot issue? The 'life' of IPv4 is not at issue. We are trying to extend the time before the complete exhaustion of unassigned IPv4 address space. Avoiding exhaustion is just good management and responsible policy. But even in the presence of bad management, IPv4 will continue to 'live' for quite a long while after there is no more unassigned IP address space. BTW, someone asked me if I had any ideas on an alternative to IPv6, if it fails. The ultra short answer is yes: OSI CLNS is currently implemented in just about every router vendor which supports IS-IS---which is every major brand and most minor brands. All that remains is an OSI CLNS stack for client platforms, and/or an IPv4-CLNS proxy. This is actually much easier than implementing IPv6 on those platforms since there are already longtime stable implementations of the OSI CLNS stack. The other advantage of OSI is that there is a /variable length/ addressing scheme so that packets can be made much smaller than IPv6 packets, and the address space can grow in size without changes to the software. Indeed, in retrospect, choosing IPv4 was probably a mistake because of the fixed address size limitations. But of course, at the time people probably didn't anticipate that address space exhaustion would ever be a problem. And keep in mind also that IS-IS is also superior to OSPF in that every OSPF router in the network must be upgraded to support a new link type. By contrast IS-IS will just pass this information around transparently, so when you add a new link type to the (IS-IS routed) network, only those routers with the that new linktype need to be upgraded. Very nice. IS-IS can route anything, including IPv4 and IPv6, and of course OSI. Many large sites use IS-IS in place of OSPF to route their IPv4 interior. BGP has similar flaws as OSPF. OSI has an exterior protocol called IDRP, which appears similarly to IS-IS, to be able to route IPv4 as well as OSI. I anticipate (but have no data to confirm), that IDRP can be setup similar to a BGP route reflector (ala zebra/quagga) to exchange exterior OSI and IPv4 routes amoung peers. Does anyone want to work on that? Have a good weekend, --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Fri May 30 19:54:33 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 30 May 2008 16:54:33 -0700 Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? In-Reply-To: Message-ID: > -----Original Message----- > From: Dean Anderson [mailto:dean at av8.com] > Sent: Friday, May 30, 2008 3:37 PM > To: Ted Mittelstaedt > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] Anyone play with IPv6 on the RV4000? > > > Hi, Ted, > > On Thu, 29 May 2008, Ted Mittelstaedt wrote: > > > I picked up a little consumer ethernet-to-ethernet router the other > > day for about $120 USD and surprised that is has IPv6 capability in > > it. It's a Linksys model RVS4000. > > Linksys runs mostly embedded linux. Linux has had some kind > of IPv6 support for a long time, though IPv6 is usually > disabled in the embedded versions because of space > constraints. Its rather interesting that linksys assumes > there will be IPv6-only clients, since there are no such > beasts at this time. > You can select either IPv4 only, IPv6 only, or both. The Linux source for the RVS4000 (and other products) is here http://www.linksys.com/servlet/Satellite?c=L_CASupport_C1&childpagename=US/L ayout&cid=1169671246380&pagename=Linksys/Common/VisitorWrapper One big feature missing - the little 4 port switch in the device is managable - partly, but you can't obtain the mac address table from the web interface. Have a good weekend, Ted From steve at ibctech.ca Fri May 30 20:05:22 2008 From: steve at ibctech.ca (Steve Bertrand) Date: Fri, 30 May 2008 20:05:22 -0400 Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? Message-ID: <48409642.8050401@ibctech.ca> > You can select either IPv4 only, IPv6 only, or both. > > The Linux source for the RVS4000 (and other products) is here > > http://www.linksys.com/servlet/Satellite?c=L_CASupport_C1&childpagename=US/L > ayout&cid=1169671246380&pagename=Linksys/Common/VisitorWrapper > > One big feature missing - the little 4 port switch in > the device is managable - partly, but you can't obtain the > mac address table from the web interface. Can you obtain the MAC table via any other method? If so, a patch to fit that into the web interface may be trivial... We use Ovislink for our ADSL modem/router combination devices (for resi subs), and they have been very good to us lately implementing new, custom requested changes into their firmware. I've been pushing them a bit toward IPv6 compatibility, so hopefully they will have some resi-level products ready for testing soon as well. Steve From tedm at ipinc.net Fri May 30 21:00:36 2008 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 30 May 2008 18:00:36 -0700 Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? In-Reply-To: <48409642.8050401@ibctech.ca> Message-ID: <4F75DFF78E064BB5AF40135CD8E16E2E@tedsdesk> > -----Original Message----- > From: arin-discuss-bounces at arin.net > [mailto:arin-discuss-bounces at arin.net] On Behalf Of Steve Bertrand > Sent: Friday, May 30, 2008 5:05 PM > To: arin-discuss at arin.net > Subject: Re: [arin-discuss] Anyone play with IPv6 on the RV4000? > > > > You can select either IPv4 only, IPv6 only, or both. > > > > The Linux source for the RVS4000 (and other products) is here > > > > > http://www.linksys.com/servlet/Satellite?c=L_CASupport_C1&childpagenam > > e=US/L > > ayout&cid=1169671246380&pagename=Linksys/Common/VisitorWrapper > > > > One big feature missing - the little 4 port switch in > > the device is managable - partly, but you can't obtain the > mac address > > table from the web interface. > > Can you obtain the MAC table via any other method? > I haven't tried. After we got done playing, we put them into service at a customer. There's a lot of advantages to having customers pay for your experimentation... ;-) So, I don't have access to the inside interfaces anymore. I suppose one could telnet into the device and maybe run arp or some such. Ted From steve at ibctech.ca Sat May 31 10:39:00 2008 From: steve at ibctech.ca (Steve Bertrand) Date: Sat, 31 May 2008 14:39:00 -0000 (UTC) Subject: [arin-discuss] Anyone play with IPv6 on the RV4000? Message-ID: <1422.206.108.139.2.1212244740.squirrel@webmail.ibctech.ca> >> Can you obtain the MAC table via any other method? > There's a lot of advantages to having customers > pay for your experimentation... ;-) Agreed :) > I suppose one could telnet into the device and maybe run arp or > some such. Generally I find with certain vendors that *don't* allow you access to the source code, will be pretty good about implementing an existing CLI function into the web interface with some pressure. For the support staff that are not used to a CLI driven interface, even if it is a menu, it's much easier to have those troubleshooting abilities available in the web interface when a CPE has to be managed remotely. Steve From steve at ibctech.ca Sat May 31 10:43:17 2008 From: steve at ibctech.ca (Steve Bertrand) Date: Sat, 31 May 2008 14:43:17 -0000 (UTC) Subject: [arin-discuss] Dean -vs- Eddy... again. Message-ID: <1426.206.108.139.2.1212244997.squirrel@webmail.ibctech.ca> > I am once again having to respond to irrelevant personal attacks just to > set the record straight. Although I'm a relative newbie here, I'm curious to know that if what is said you consider irrelevant, why bother responding at all...? What I mean is, if they are irrelevant to you, then they more than likely will be irrelevant to others. Why not just let the record straighten itself? I would think that responding to 'irrelevant' comments would just instigate further 'irrelevant' comments...no? Steve From dean at av8.net Sat May 31 19:45:02 2008 From: dean at av8.net (Dean Anderson) Date: Sat, 31 May 2008 19:45:02 -0400 (EDT) Subject: [arin-discuss] Good Governance In-Reply-To: <1426.206.108.139.2.1212244997.squirrel@webmail.ibctech.ca> Message-ID: On Sat, 31 May 2008, Steve Bertrand wrote: > > I am once again having to respond to irrelevant personal attacks just to > > set the record straight. > > Although I'm a relative newbie here, I'm curious to know that if what is > said you consider irrelevant, why bother responding at all...? > > What I mean is, if they are irrelevant to you, then they more than likely > will be irrelevant to others. Why not just let the record straighten > itself? A rational argument consists of facts and logic and proceed by deduction or analogy. Rules and laws are facts. In a rational argument, there is no grammatical personal object for the concept of relevance---it is senseless to say 'irrelevant _to_a_person_'. In rational argument, relevance is significant to the argument, not to the person. An argument is analyzed by identifying facts, their truth or falsity, and eliminating facts that are irrelevant to the argument. This is the essential process of government. A related concept is 'personal attack'. A personal attack is _not_ something that is merely negative about the person. A personal attack must be: 1. /irrelevant to the argument/ and 2. /personal/. If the argument is about pricing corn for export to China, we can probably see that John Doe's overweight condition is both irrelevant and personal. But if the argument is whether McDonald's burgers contain too much saturated fat that creates weight gain and associated health problems, then John Doe's weight is relevant. And to be specific, if we talk about mismanagement of the corporation, then the personal conflicts of interest and disregard the rules by the management staff are also relevant. Recall that Dreger, before falling off into irrelevant claims, asserts that my criticisms of ARIN management for disregarding the rules is somehow an ad hominem attack. > I would think that responding to 'irrelevant' comments would just > instigate further 'irrelevant' comments...no? The actual relevance of an asserted fact to an argument is an important consideration. Indeed, relevance or irrelevance is sometimes THE most important consideration. Also, the persons who frequently make claims without a basis in fact are discredited as being unreliable. Reliable people make limited, qualified statements that have a basis in fact. And it is also necessary to discredit false claims in order to obtain honest government. The objective of irrelevant comments is sometimes to make false, misleading, sometimes defamatory, claims. Those claims need to be corrected or else a misleading impression is created by those who continue to repeat false claims. In this case, Dreger misrepresents my position and past statements in a fabrication intended to discredit me as somehow having irrational positions. This is very similar to what ARIN CEO Plzak did previously---it is a sly attempt to continue Plzak's fictitious attack which disrupted my membership rights. I think it is no coincidence that Dreger and Plzak are associated through NANOG. Many of the people making fabrications against me are associated through NANOG. Indeed, I see Steve Bertrand is also participating recently in NANOG. NANOG is a very small organization and only a small fraction of ARIN members participate in NANOG. Yet somehow, all of the ARIN Board Members and the ARIN CEO are associated with this small organization, and are doing things with ARIN money that the ARIN membership doesn't do and probably wouldn't do. Board members are supposed to act in the membership's interest, not in their own interest. ARIN is also a trade association under 501(c6) of the IRS rules. The IRS rules prohibit a trade association from doing things that don't benefit all of the members. Since so few ARIN members participate in NANOG, it is hard to see that large transfers to NANOG (described below) benefit all of the ARIN members and not just the NANOG members. Since you are new, you may not know that all of the ARIN Board Members and CEO Ray Plzak are associated with NANOG, and all have a conflict of interest. One board member, Scott Bradner has refused to respond to queries about his apparent conflicts of interest in NANOG. You may not know that ARIN is sending large amounts of money to NANOG, even though only a small fraction of ARIN members participate in NANOG. ARIN provides one third of NANOG's budget in large donations that seem to violate the 501(c6) rules on spending that doesn't benefit all the members. There is no objection to ARIN sending paid speakers to NANOG or anywhere else that will pay for an ARIN speaker. But instead ARIN is paying NANOG. ARIN management is paying NANOG by sending a large number of ARIN employees to NANOG: employees such as the executive secretary, whose jobs have nothing whatsoever to do with network operations; employees including Resource Analysts who decide allocation decisions and who could be ethically compromised by personal relationships with network operations persons who make allocation requests to ARIN. We have also discovered anomalies in the allocation of IP Address blocks: Some persons have received allocations in as little as 2 hours. Of two persons who reported these short times, one is associated with NANOG. The other says he is not associated with NANOG, but didn't identify the company receiving the allocation in 2 hours. ARIN has not released any information on the allocation times, and ARIN management stonewalls investigation. You also may not know that the ARIN Board members were "elected" in elections that didn't have a proper quorum of 10% of the ARIN membership. These elections violated the ARIN charter and bylaws and were contrary to the specific requirements of the Virginia Non-profit Corporation Act. ARIN has asserted that the Notices of meeting fulfill the quorum requirements. I have responded that Notices are required under the Virgina Act, and that ARIN's interpretation makes the Act's quorum requirements meaningless. It is a principle of law that any interpretation of law that makes a part of the law meaningless is not a correct interpretation. As others have said: "It seems to me that the officers elected in the disputed election should be ladies and gentleman and should resign for the benefit of the organization they represent. Then we should take a new vote. Prior non-participants (like me) will probably vote this time." ARIN board members continue their unseemly clinging to powers, even though most were elected with only about 2% of the ARIN membership voting for them. They and don't appear to represent the membership in any demographic except the NANOG group. Myself and other ARIN members have also been trying to investigate these issues, but have been stonewalled by ARIN management. Myself and other ARIN members also oppose the taking of Legacy IP Address Space under the false pretense of "protection" from the unjustified removal of IN-ADDR and WHOIS services. Before ARIN took this controversial action (without the approval of the membership), members asked ARIN to get a formal legal opinion on its right to do this. ARIN did not get a formal legal opinion as requested, and does not appear to have seriously investigated the legal issue. We assert that ARIN has no right to remove essential government services from Legacies who do not transfer their property to ARIN, and thus no right the threaten such removal or offer "protection" from such removal. Indeed, ARIN has not given Legacies _any_ indication of their property rights in the matter, nor any indication that Legacies have a right to the government functions performed by ARIN in the maintenance of Legacy registration records, IN-ADDR services, and WHOIS services. Legacies understandably feel threatened by the prospect of losing these services and ARIN has no right to remove these services. We believe that ARIN should be investigated for violation of the Hobbs Act in these activities. I hope that clears things up. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From eddy+arin+spam at noc.everquick.net Sat May 31 21:29:11 2008 From: eddy+arin+spam at noc.everquick.net (Edward B. DREGER) Date: Sun, 1 Jun 2008 01:29:11 +0000 (GMT) Subject: [arin-discuss] Good Governance In-Reply-To: References: Message-ID: DA> From: Dean Anderson DA> Subject: Re: [arin-discuss] Good Governance ==== DA> Recall that Dreger, before falling off into irrelevant claims, DA> asserts that my criticisms of ARIN management for disregarding the DA> rules is somehow an ad hominem attack. I stated that your assertion of "no regards to rules or the laws" is a personal attack -- unless you have some sort of proof. If you'd like me to provide an example of one of your attacks... DA> I think it is no coincidence that Dreger and Plzak are associated DA> through NANOG. Many of the people making fabrications against me are DA> associated through NANOG. Indeed, I see Steve Bertrand is also DA> participating recently in NANOG. ...I'll point out your circumstantial ad hominem attack right there. 1. What "association"? I read, and post to NANOG. So do you. I have attended one NANOG meeting. I believe you have not. Therefore, the difference between you and I is that I have attended one NANOG meeting. Moreover, I represented an ARIN member organization well _before_ I ever attendend NANOG. The "Eddy is part of the NANOG empire" assertion is not borne out by facts. 2. You argue that NANOG participation is not beneficial to ARIN. I'll rehash that inline below. 3. NANOG tends to be comprised of network operators. Perhaps you are correct: It _is_ no coincidence that network ops would be more affected by, and have greater interest in, ARIN. Republicans traditionally vote more than democrats. Does this mean that there is some republican conspiracy in many elections? You are attacking _people_ in an effort to discredit the positions that [_you_ assert] they represent. The proper tactic would be to assert the validity of your _countering_ claims. By the way: I'm also associated with the Nazi party by way of German ancestry. (Never mind that the last of my ancestors immigrated during the Weimar Republik, and such beliefs have never been held by myself nor any family members. Oh, and does this mean that Godwin's Law is invoked?) ==== DA> NANOG is a very small organization and only a small fraction of ARIN DA> members participate in NANOG. Yet somehow, all of the ARIN Board DA> Members and the ARIN CEO are associated with this small organization, Let's get down to brass tacks. Define "NANOG association", using a definition that includes the entire board. Now, enumerate people who have run for the ARIN board; who is, and who is not, "NANOG-associated"? Does anyone have ARIN attendance records handy? I'd like to know what percentage of ARIN attendees, participants, and voters, meets Dean's non-"NANOG associated" criteria. Again, you're just making circumstantial ad hominem attacks. DA> and are doing things with ARIN money that the ARIN membership DA> doesn't do and probably wouldn't do. Let's examine what NANOG does. It provides a meeting for network operators, largely from North America. It includes presentations, and smaller meetings for "birds of a feather" (peering, security, et cetera). Now, let's assume that "the great, evil NANOG" vanished. Do you assert that the ARIN membership would have _no interest_ in the sort of meetings that NANOG provides? It appears so; and, if so, I reject that position. Do you assert that "non-operational" ARIN staff should have no knowledge of network operations? If so, I reject that position as well. Effective governance requires knowledge of what one is governing, yes? It is very logical that ARIN staff should understand the technology and the people it serves. I submit that, if NANOG did not exist, ARIN should perform the functions NANOG currently performs. Moreover, I posit that duplication of effort would be irresponsible; ARIN should _not_ attempt to do what NANOG already is doing. Perhaps NANOG should be a wholly-ARIN effort. Then there would be no debate on money being "transferred to another organization" -- only on "money being spent on education and outreach". Would that assuage your concerns? ==== DA> Since you are new, you may not know that all of the ARIN Board DA> Members and CEO Ray Plzak are associated with NANOG, and all have a DA> conflict of interest. And what is that conflict of interest? I posit that cigarette smokers have a conflict of interest with respect to cigarette taxes. Therefore, cigarette smokers should not have a say in cigarette taxes, because they likely will choose a position that does not benefit everyone. DA> ARIN management is paying NANOG by sending a large number of ARIN DA> employees to NANOG: employees such as the executive secretary, DA> whose jobs have nothing whatsoever to do with network operations; I do a fair amount of consulting work for companies in several industries. I've often observed executive secretaries being encouraged to understand the industry with which they are dealing. What do you propose as a more cost-effective alternative? DA> employees including Resource Analysts who decide allocation decisions DA> and who could be ethically compromised by personal relationships with DA> network operations persons who make allocation requests to ARIN. Again, what do you propose as an alternative? I welcome your proposals. Being angry about the status quo is well and good. Please, propose another way. (It's a presidential election year in the United States, and I've already had my fill of "trust me because I can point out that other people are evil" rhetoric.) ==== DA> We have also discovered anomalies in the allocation of IP Address DA> blocks: Some persons have received allocations in as little as 2 Two-hour allocations? Sign me up... DA> hours. Of two persons who reported these short times, one is DA> associated with NANOG. The other says he is not associated with DA> NANOG, but didn't identify the company receiving the allocation in 2 DA> hours. ARIN has not released any information on the allocation DA> times, and ARIN management stonewalls investigation. I'm also curious about allocation times and effort required. I think that would be most useful in evaluating allocation dues. ==== DA> Myself and other ARIN members also oppose the taking of Legacy IP DA> Address Space under the false pretense of "protection" from the DA> unjustified removal of IN-ADDR and WHOIS services. Before ARIN took DA> this controversial action (without the approval of the membership), Is ARIN a democracy or a republic? Are you suggesting a referendum on what to do with legacy allocations? DA> members asked ARIN to get a formal legal opinion on its right to do "Members". How many? If I may be allowed to make a circumstantial ad hominem attack of my own: What non-legacy holders take the same position as you? Would catering to their interests be in the best interest of the broader ARIN membership? DA> this. ARIN did not get a formal legal opinion as requested, and does DA> not appear to have seriously investigated the legal issue. DA> We assert that ARIN has no right to remove essential government DA> services from Legacies who do not transfer their property to ARIN, Are IP allocations considered property? I was under the impression that they are not. DA> and thus no right the threaten such removal or offer "protection" DA> from such removal. Indeed, ARIN has not given Legacies _any_ DA> indication of their property rights in the matter, nor any DA> indication that Legacies have a right to the government functions DA> performed by ARIN in the maintenance of Legacy registration records, This brings about an interesting point: Under what [quasi]-jurisdiction do legacy allocations fall? If ARIN, it would seem this is an ARIN policy matter. If not ARIN, then where? DA> IN-ADDR services, and WHOIS services. Legacies understandably feel DA> threatened by the prospect of losing these services and ARIN has no DA> right to remove these services. We believe that ARIN should be DA> investigated for violation of the Hobbs Act in these activities. I encourage those interested to search. e.g., Google ==> "Hobbs Act" site:usdoj.gov Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.