[ppml] Legacy /24s

William Herrin arin-contact at dirtside.com
Sun Sep 2 00:41:40 EDT 2007

On 9/1/07, Keith W. Hare <Keith at jcc.com> wrote:
> requirement that you have to comply with a security and
> security auditing specification, such as the payment card industry (PCI)
> specification.  Part of the cost would be renumbering, part would be
> revising the rules in the firewalls, intrusion detection system, etc.  A
> big part would be in re-auditing the information security configuration.


That's an interesting argument. Having been through the PCI auditing
process I don't buy that it increases the renumbering cost enough to
merit requiring everybody else to pay $17k per year but its an
interesting argument.

Here's another interesting argument: For better or for worse, spam
filtering is heavily biased towards the IP address. Current software
is extremely suspicious of IP addresses which suddenly begin emiting
large amounts of mail. Getting the new IP address back on everybody's
whitelist is very manpower-expensive. If you're a large non-profit
organization who uses email to solicit donations from constituents,
the lost opportunity cost while correcting those filtering problems
very rapidly runs to hundreds of thousands of dollars.

If you make PI addresses available on those criteria, how would you
measure? How much credit card activity justifies PI addresses? How
much email?

Bill Herrin

William D. Herrin                  herrin at dirtside.com  bill at herrin.us
3005 Crane Dr.                        Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

More information about the ARIN-PPML mailing list