[ppml] /29 limit for ARIN SWIP whois

[Steve Atkins]

On Jan 9, 2008, at 9:58 AM, <michael.dillon at bt.com> wrote:

> For instance, suppose we no longer publish any whois info
> at all for people who have reassigned addresses. None at
> all. This lulls the bad actors into a false sense of
> security and then, when they are not expecting it, the
> law pounces on them and uses the reasonably accurate
> records of their 20 hosting providers as evidence in
> a court of law. We replace the technical attack vector
> with a legal one. After all these bad actors are not
> just network undesirables, they are LAWBREAKERS and the
> system, outside of ARIN, already has processes to deal
> with lawbreakers.

No, they're usually not. The majority of bad traffic is
legal or grey area.

Spam is perfectly legal, for instance, in most places.

> A smart bad actor already knows all of this and he
> prefers that ARIN require ISPs to publish detailled
> whois info so that he can cover his tracks and let
> the unskilled bad actors, many of whom are customers
> of his "bad actor toolkits" to take the heat.

Sometimes, yes.

> I believe that society, and law enforcement agencies,
> would be better served by getting rid of most whois
> information. Only organizations with a direct, contractual,
> relationship with ARIN would be in the whois directory.
> ISPs with an ARIN allocation would be forced to either
> bear the costs of managing abuse reports for their
> customer base, or publish their own whois directory
> if they so wish.

It's a tempting idea in some respects, certainly.

If you want your entire address space to have the same
reputation as the worst of your customers (either current
or within the previous year or so) that would be one approach.

(That's a generic "you" - I'm not attempting to discuss BT's
reputation or history here.)

I can see the attraction of doing that, but I also see the
disadvantages.

Cheers,
   Steve