<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7233.28">
<TITLE>RE: [arin-discuss] Privacy of Reassignment Information</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">All IP Allocations are done based upon trust. If an ISP just wanted to obscure a reassignment they could simply make up a customer.</FONT></P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Allowing ISP's to enter into NDA type status for reassignments and representing these reassignments as private in public servers should provide the registrar with more accurate information-- as that is the basis for the reassignment policy. Additionally, this provides much needed privacy for companies that must adhere to ever more restrictive privacy laws. This allows a valid mechanism.</FONT></P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Why is a corporate entities right to privacy any less than an individuals (when it comes to IP space-- and remember not all companies are public)?</FONT></P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Why is there a need to know what company owns a block provided there is a valid contact provided? This probably brings the question of how can we ensure a valid contact. Since all assignments are done based on trust, there must be some base assumption that for the most part ISP's act according to ARIN rules-- I am not aware of any ARIN para-military-esque auditing arm that checks ISP corporate accounting against IP assignments to see who skirts the rules.</FONT></P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Honestly, I would be content to see a policy that allows an ISP to go full NDA with ARIN and provide reassignment information to ARIN on a private basis. Under this condition, the ISP would need to maintain valid contact (abuse/noc) for all address space it has been assigned and not publicly reassigned.</FONT></P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">I firmly believe that this issue will not be going away.</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">-dsd</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">David Divins</FONT>
<BR><FONT SIZE=2 FACE="Arial">Principal Engineer</FONT>
<BR><FONT SIZE=2 FACE="Arial">ServerVault Corp.</FONT>
<BR><FONT SIZE=2 FACE="Arial">(703) 652-5955</FONT>
</P>
<BR>
<P><FONT SIZE=1 FACE="Tahoma">_____________________________________________ </FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">From: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Owen DeLong [</FONT><A HREF="mailto:owen@delong.com"><U><FONT COLOR="#0000FF" SIZE=1 FACE="Tahoma">mailto:owen@delong.com</FONT></U></A><FONT SIZE=1 FACE="Tahoma">] </FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">Sent: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Friday, April 07, 2006 11:56 PM</FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">To: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Divins, David; ARIN-discuss@arin.net</FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">Subject: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Re: [arin-discuss] Privacy of Reassignment Information</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">* PGP Signed by an unknown key: 04/07/2006 at 11:55PM</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2 FACE="Arial">--On April 7, 2006 10:25:11 PM -0400 "Divins, David" <dsd@servervault.com></FONT>
<BR><FONT SIZE=2 FACE="Arial">wrote:</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">> All,</FONT>
<BR><FONT SIZE=2 FACE="Arial">> </FONT>
<BR><FONT SIZE=2 FACE="Arial">> Provided an ISP, or other direct assignment recipient, supplies valid</FONT>
<BR><FONT SIZE=2 FACE="Arial">> and responsive (24x7) Abuse, NOC, and other pertinent contact</FONT>
<BR><FONT SIZE=2 FACE="Arial">> information, a reassignment should be allowed to remain private.</FONT>
<BR><FONT SIZE=2 FACE="Arial">> </FONT>
<BR><FONT SIZE=2 FACE="Arial">First, a direct assignment recipient cannot reassign, so, this would</FONT>
<BR><FONT SIZE=2 FACE="Arial">not apply to a direct assignment recipient.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Second, the policy was abandoned fairly recently due to lack of</FONT>
<BR><FONT SIZE=2 FACE="Arial">support by the community and lack of consensus to move forward.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">IP resources are an element of public trust. It is common and widespread</FONT>
<BR><FONT SIZE=2 FACE="Arial">practice to disclose as a matter of public record possessory interest</FONT>
<BR><FONT SIZE=2 FACE="Arial">in public resources. The public interest in an open and equitable</FONT>
<BR><FONT SIZE=2 FACE="Arial">system of resource assignments and allocations overrides ISPs</FONT>
<BR><FONT SIZE=2 FACE="Arial">interest in hiding the identities of their customers.</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">> The ability for an ISP to selectively and voluntarily make an assignment</FONT>
<BR><FONT SIZE=2 FACE="Arial">> private will still allow ARIN to have accurate reassignment information</FONT>
<BR><FONT SIZE=2 FACE="Arial">> as the assignments will be provided to ARIN privately whenever address</FONT>
<BR><FONT SIZE=2 FACE="Arial">> utilization must be determined.</FONT>
<BR><FONT SIZE=2 FACE="Arial">> </FONT>
<BR><FONT SIZE=2 FACE="Arial">ARIN is a stewardship organization. The IP addresses are no more owned</FONT>
<BR><FONT SIZE=2 FACE="Arial">by ARIN than by any recipient organization. They are administered by</FONT>
<BR><FONT SIZE=2 FACE="Arial">ARIN and the ISPs in the public trust. They are public resources.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">> The private designation in no way relieves the ISP of its responsibility</FONT>
<BR><FONT SIZE=2 FACE="Arial">> to the Internet community. In fact, a private reassignment expands this</FONT>
<BR><FONT SIZE=2 FACE="Arial">> responsibility as the ISP actually must take on the responsibility</FONT>
<BR><FONT SIZE=2 FACE="Arial">> providing valid 24x7 point of contact.</FONT>
<BR><FONT SIZE=2 FACE="Arial">> </FONT>
<BR><FONT SIZE=2 FACE="Arial">The community vehemently opposed adding such a requirement to the previous</FONT>
<BR><FONT SIZE=2 FACE="Arial">attempt at such a policy.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">> If an ISP is unable or unwilling to provide a responsive NOC/abuse</FONT>
<BR><FONT SIZE=2 FACE="Arial">> contact, then they may not designate any reassignments as private.</FONT>
<BR><FONT SIZE=2 FACE="Arial">> </FONT>
<BR><FONT SIZE=2 FACE="Arial">How would you propose to prevent ISPs from ignoring this requirement?</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Owen</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">-- </FONT>
<BR><FONT SIZE=2 FACE="Arial">If it wasn't crypto-signed, it probably didn't come from me.</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">* Unknown Key</FONT>
<BR><FONT SIZE=2 FACE="Arial">* 0x0FE2AA3D - unknown</FONT>
</P>
</BODY>
</HTML>