[arin-ppml] Policy Proposal: Customer Confidentiality

Matthew Kaufman matthew at matthew.at
Tue Jun 9 13:29:27 EDT 2009

Kevin Kargel wrote:
> I am in general opposed to this proposal.  There are good and valid reasons
> for making direct contacts for a network discoverable.  If a host runs amok
> and is causing grave problems then I need to be able to contact the person
> responsible for that host.  I do not need to find a contact for someone
> three tiers up who will contact someone else who will contact someone who
> will contact the host owner.
I am strongly in favor of this proposal, and have argued against 
disclosure of customer data this way since the very first time it was 
required years ago.

There are good and valid reasons for making someone who is actually 
technically knowledgeable and reachable be listed as a contact. SWIP and 
RWhois have never gone down to the host level, and so "contacting the 
person responsible for the host" is rarely possible. Consumer records 
are already protected this way, and any larger organization is big 
enough that you're going to be talking to someone "three tiers up" or 
higher anyway. Here at my day job for instance, the abuse contact would 
talk to his boss who would enlist the desktop support people who would 
contact the employee or their manager. And of course most employees 
wouldn't know anything about the problem you wanted to talk to them 
about anyway, so they'd need to get desktop support involved again 
anyway. Similarly with hosting companies... you'll talk to the NOC for 
the datacenter, and they'll call the guy who runs the cage full of 
servers, and they will call the person running the virtual hosting 
system on those servers, and that person will call the person whose 
software is giving you trouble.

All you really need is a contact who can: actually terminate the 
connection if that's what is required, or contact a responsible party in 
a timely fashion. So I think that means that for single-homed networks, 
their ISP is appropriate, but for multi-homed networks, you'll want the 
person who runs routers at the multi-homed organization (but not any 
farther down).

Matthew Kaufman

More information about the ARIN-PPML mailing list