[arin-ppml] Policy Proposal: Customer Confidentiality

Divins, David dsd at servervault.com
Wed Jun 10 09:36:39 EDT 2009


It is this exact case that I support this proposal.  I don't care about
my customer list too much, as all the good ones are logo'd on my
website.

It's the sensitive reallocations that frankly is none of the public's
business especially when I am the appropriate abuse and technical
contact.  The reality is that LEA's and military organizations don't get
SWIPd as who they really are anyway (I mean, how many times does CIA
appear in WHOIS) so let's stop pretending that doesn't happen and make
our lives easier.

-dsd

David Divins
Principal Engineer
ServerVault Corp.
(703) 652-5955

-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
Behalf Of Steve Bertrand
Sent: Wednesday, June 10, 2009 8:36 AM
To: Kevin Kargel
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] Policy Proposal: Customer Confidentiality

Kevin Kargel wrote:
>> -----Original Message-----
>> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] 
>> On Behalf Of Milton L Mueller
>> Sent: Tuesday, June 09, 2009 1:36 PM
>> To: 'William Herrin'
>> Cc: arin-ppml at arin.net
>> Subject: Re: [arin-ppml] Policy Proposal: Customer Confidentiality
>>
>> I don't understand how this is a consideration if the ISP continues 
>> to be accurately identified in the whois. I don't understand how a 
>> third party's suspicion of an ISP gives them a right to access a 
>> customers' data as opposed to the ISP data. Recall that ARIN has 
>> access to the customer information and would thus be accessible to
any real fraud investigation.
> 
> To my mind the issue is not one of fraud investigation but one of 
> abuse resolution.  It is all too easy for a network host to broadcast 
> a number of types of storm traffic from innocent causes such as 
> hardware or software failure or mis-configuration.  Even things as 
> simple as routing loops can be debilitating to more than the end user
in question.
> 
> The end user need not be identified, but a contact to an administrator

> who can deal with routing and traffic issues should be required.
> 
> I am all for privacy, but reachability of an effective PoC needs to be

> maintained.  A PoC who calls a contact who relays a message to someone

> who knows who the administrator is cannot be effective.

I agree with what Kevin is saying here.

In reality, if we can simply publish our own contact info in the SWIP
records, then why bother publishing SWIP information at all? My
aggregate block already has our contact info, so why take the time to
publish further info about smaller pieces of our space with the exact
same information?

The only reason I can see a privacy card being played would be in
sensitive services (military etc). Even in that case, the space could be
swip'ed to an individual responsible for the network.

I think that if something like this is to be ratified, it should focus
solely on privacy from a safety and security standpoint, and not out of
speculation of potential lost business.

Steve




More information about the ARIN-PPML mailing list