[arin-ppml] SWIPs & IPv6
cengel at sponsordirect.com
Thu Dec 3 15:29:04 EST 2009
I am assuming (perhaps incorrectly) that ARIN's real interest in having accurate contact information for the sub-delegates of a block is to have some means of investigating whether the justifications for IP-Address space assignments that the top level block holder (i.e. the ISP) requests are legitimately justified? I mean ARIN's core mission is not the police the internet and make sure no-one setup an open relay right?
I can see how ARIN staff certainly need access to the legitimate contact info of the actual sub-delegates for the purpose of determining address space justification... and can be held accountable for the legitimate use of that information. However, I would see no need for that information to actualy be made public to meet that end....and ARIN should probably decline to reveal such information absent a Court Order.
The need to be able to communicate with parties responsible for a particular address block by the general public when there is a problem originating with that address block is genuine and useful but I would posit that it is an entirely seperate issue from the one described above and may not even fall within the scope of ARIN's core responsibilty.
I would posit that it really properly falls within the responsibilty of the individual ISP's to be responsible for how their sub-delegates use the services provided to them....and to be responsible for addressing any abuses caused by those services. Exactly HOW they go about achieving that end should probably be left upto them.
Essentialy I see it as a chain of responsibilty. ARIN is responsible for dealing out top level block assignments and for making sure that those assignments can be traced to the entities who hold them... and I see no issue with ARIN having a requirement that THOSE entities publish contact information for reporting abuse/problems. The top level block holder (ISP) is responsible for the registration of the sub-delegates who use it's services.... and it really should be upto them to best determine how to facilitate that. If it fails in meeting that basic responsibility I'm assuming it COULD be held legaly responsible by any parties damaged by that.... which should be plenty of incentive to institute an effective means of dealing with such problems (at least in countries where the rule of law has some weight). Likewise the sub-delegate (i.e. Company/Organization) is responsible for tracking the activity of the individual end-users/machines that use it's network space and any problems they might be accountable for....if the sub-delegate fails in that responsibility, they certainly could be held legaly accountable... but it really is best left upto them to determine the method for doing so.
As a Network Admin, I support the use of a public WHOIS service...As I said, my company makes it's info public.... but I'd rather see that as an encouraged option rather then a required mandate...and I can certainly understand why some individuals/organizations would legitimately want to have a gate-keeper obfuscate that information for them.
From: Kevin Kargel [mailto:kkargel at polartel.com]
Sent: Thursday, December 03, 2009 1:40 PM
To: Chris Engel; 'arin-ppml at arin.net'
Subject: RE: [arin-ppml] SWIPs & IPv6
So then is it being suggested that ARIN act as a gatekeeper and keep legitimate information behind a wall, and when needed that information is needed it can be requested by a legitimate party from ARIN but not directly exposed to the public? Would ARIN require and verify the information?
I would be willing to support such a proposal. Having the proper information one step away would be superior to having the information obfuscated as it currently is in many instances.
I would still like to see the transparency of top level company information be transparent and public, but I would accept technical POC and other contact information being secured with ARIN as custodian.
More information about the ARIN-PPML