[ppml] Whois & privacy related changes - ideas for future
william at elan.net
Tue Oct 19 19:03:26 EDT 2004
Personally I'm not happy about 2004-6 or 2004-7 text and think larger changes
are needed on how whois is used by arin and users, but I could never quite
put it into normative text. But as we're discussing all this today, please
read below on my ideas and maybe this is something that AC can work on
later and can come up with text for a proposal.
First here is what I see as a problem
1. ARIN database seems overwhelmed by amount of small assignments whois data
and having "private customers" seems like waste of database space (what
use is it to see "private customer/private residence' record in whois)
3. Researches don't want addresses of customers completely hidden because
they use that to establish geographical mapping of the net
4. Those doing abuse investigations don't want names hidden (especially
for any large block).
5. Residential and small business customers want privacy for their records
So here are my ideas on what could be done:
1. Change policy to require full reassignment SWIP if its > 128 ips or
possibly > 254 ips
2. For smaller reassignments do not require all of then to be
reported as individual reassignment and create instead new form
of multi-reassignment SWIP which would list number of reassignments
of each size without actually listing each customer name and address.
The actual physical address listed under SWIP would have to correspond
to same geographical area as all customers in that larger swip and
maybe something like address of CO or datacenter or company city office.
Here is why I think this is good and would be ok for most of what we want:
1. The amount of data being entered and maintained in database would
decrease dramaticaly because currently > 75% of it are those small
< /24 reassignment SWIPs. This is easier both for ARIN and for ISPs.
2. Residential customers and small business who desire privacy get it
as their info is not reported any more
3. Researches are still able to get all the info about geographical
location, in fact it even becomes easier when this data for number
of small blocks is aggregated together
4. Based on what I've seen almost all spammers with directly assigned
blocks have > /24 (usually around /21 or /22) of ip space. It appears
the big ones have very serious operations that smaller space would not
work for them and smaller ones go for dedicated servers with few ips
and many/most dedicated server companies don't report those ips in
swips anyway. So dropping info on small blocks would probably not
cause serious issues for abuse investigations.
Question remains if this is ok with ARIN as instead of getting actual
list of customers with exact ip blocks they use, ARIN info would now be
just number of reassignments of different sizes - but I have feeling that
maye exactly what ARIN wants and uses when determening utilization anyway...
Plus if they need more info, they can always ask.
So if you think this is worth it, feel free to discuss it more and maybe
an exact proposal can be created based on the above ideas.
william at elan.net
More information about the ARIN-PPML