[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Di rectory

william at elan.net william at elan.net
Wed Aug 27 13:17:00 EDT 2003


On Wed, 27 Aug 2003 jlewis at lewis.org wrote:

> >   WHOIS without naming the end user is not much use.
Its not always about end-user its about seeing who is responsible for this 
ip block and will respond in case of problems. But naming the end-user is 
also important, for example in situations when you're trying to find 
correlation between different ip blocks.

> >   End user information without contact information, as currently allowed
> >   as reassign-simple, is not much use.
> 
> Without a clear name or contact info, whois could still tell you how large 
> an assignment covering a particular IP is.  For abuse tracking, if you 
> receive spam from a few IPs in the same range, it's handy to be able to 
> see how large that range is, and apply policy to the entire range rather 
> than wait to be spammed from each IP in it.
I completely agree with above statement. Plus would like to add that seeing
name and if possible address in the ip block (at the very least city) can 
also tell a lot both for abuse as well as how the ips has devided network 
(which can be usefull for example for routing).
 
> >   Except for spammer address-harvesting and showing utilization to ARIN,
> >   WHOIS is not much use.
This statement is just plain WRONG WRONG WRONG. Whois is very usefull tool 
for identifying ownership of the resources (past, present, claimed), 
identifying when and how resource was allocated (date are very important 
as well) and tying one resource to another. And on many occasions I was 
able to show that domains or ips below to the same company (or used by 
them) even when addresses or names were different, just by similarities 
of how records were created and by multiple references from one resource 
to another. 

That whois is used for harvesting emails is unfortunete and that is why 
we need WHOIS AUP (see my proposal 2003-9) however ARIN whois is in fact 
primarily used for various types of reports about abuse from and other 
uses include trying to locate proper person in the NOC (sometimes its 
urgent - for example hacking incident), trying to verify ownership of ip 
block by upstream ISPS, etc.  For majority of when ARIN whois data is 
used, having it accurate and having POCs present is very important, so we 
should definetly have a policy that defines in more detail ARIN procedures
in cases of reports of incorrect data as well as info for those listed to 
make sure they understand that they MUST have valid information for 
others to be able to contact them.

Having said the above, I can not really support 2003-11 as it is written 
right now. I actually liked ideas presented by Andrew Dul (as part of what 
AC has been working on, see http://www.arin.net/mailing_lists/ppml/1807.html)
I think it would be in the best interest of everybody if AC instead of 
again trying to do it in private, actually  presented their proposal right 
now and we could all work out best combination of 2003-11 and that proposal
and come up with something acceptable to the majority of those  interested 
in policy about validation of data in whois database.

-- 
William Leibzon (a really big fan of whois :)
william at elan.net




More information about the ARIN-PPML mailing list