[arin-ppml] Comments on Draft Policy 2010-3: Customer Confidentiality

Stephen Sprunk stephen at sprunk.org
Wed Apr 7 11:31:14 EDT 2010

On 06 Apr 2010 18:17, Steve Bertrand wrote:
> On 2010.04.06 17:27, Jay Hennigan wrote:
>> I have to respectfully disagree. The vast majority of our customers
>> are small to medium sized businesses who have very little operational
>> clue.  Law firms, insurance agents, warehouse firms, etc. The
>> contacts at the phone number or physical address of these operations
>> can barely spell BGP, let alone describe it.
> The vast majority of my customers are exactly the same.

I suspect that the vast majority of _everyone's_ customers are the
same.  Heck, most of the folks _working for ISPs_ I've dealt with can't
describe BGP.  The average customer can't even spell _IP_.

>> As their ISP, we are much more likely to able to do away with any problems that they may create than their on-premise staff.
> Agreed.


>> Listing their phone number and address instead of ours results in total confusion as their receptionist is likely to want to have someone call you back.  
> Even if an operator is half-baked, they still should know that it's trivial to look up the POCs for the encompassing block in the event that a receptionist responds with "no" when one asks "do you have a computer technician that looks after your stuff?".

True.  It's trivially easy to format your WHOIS request to get the
parent block(s) of the address you're looking up.  I normally bypass the
end user altogether when I have a need to contact someone because the
odds of them having anyone technical enough to be useful are so small.

> Better yet, I throw it right into the SWIP 'Comments' section, just to
> be safe:
> Comment:    For other issues, or if the above contacts
> Comment:    are non-responsive, contact the ARIN POC registered
> Comment:    to the encompassing IP block.

This is a decent idea, but IMHO it would be better to set a "technical"
and/or "abuse" POC on the SWIP itself (available with the "detailed"

> Note that this proposal in my opinion is better for *technical* reasons, without regard to any business and privacy concerns driving it.
> I completely understand what your stance is on this and why you feel
> this way, as seemingly we have a similar type of client base. However,
> you, like I, are the ones who *will* properly fix a problem when
> required. I'm concerned about the ones who will use this as a loophole
> to avoid that.

Indeed.  IMHO, most of those who will take advantage of this policy will
do so for business reasons (e.g. hiding their customer lists from
competitors) rather than technical ones.


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3646 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100407/1dca6f20/attachment-0001.p7s>

More information about the ARIN-PPML mailing list