[arin-ppml] Petition Underway - Policy Proposal 95: CustomerConfidentiality - Time Sensitive

[michael.dillon at bt.com]

> > And what happens when that "someone else"'s 10th grade 
> English class 
> > is interrupted by your phone call about a possible botnet 
> infection on 
> > his uncle's server?
> 
> ...then the IP was SWIP'ed to a school, and the uncle 
> shouldn't have a server within the school network IP allocation.

A 10th grade kid's extracurricular activities have nothing
whatsoever to do with the school's network. We've already
been told that this is a small photography business that
has a server colocated with their local ISP. Since the 
business owners are experts in photography, it is reasonable
to assume that the server and networking expertise comes
from outside the photography business. Since it is a very
small business, it is reasonable to assume that they hire
tech support as and when needed, not on retainer and not
on-call 24x7. It is also reasonable to assume that they
would shop around for the best price for said tech support
and a 10th-grade nephew is highly likely to fit the profile
of cheap tech support. However, said 10th grade nephew has
other obligations such as attending school, and keeping their
mobile phone turned off while on the school premises.

Why on earth do you want to polute the whois directory with
thousands of phone numbers for 10th grader's mobile phones?
And the number of such tech support people is growing at the
same time that their age is dropping. I would not be surprised
to learn that their are 8th graders now looking after colocated
servers, or VPS root servers.

> > Let's be realistic here. This is not the Internet of 1990 where 
> > everything was in a big building owned by a big 
> organization that was 
> > paying big bucks for the underlying IT infrastructure that was 
> > connected to the Internet.
> 
> ...I want to know how to get a hold of the person/people who 
> are managing the machines that are addressed.

Then the whois directory needs a system for recording stuff like:
"Technical contact is attending school between the hours of
8:30 to 4:30 EST, Mondays thru Fridays. Saturdays from 10:00 to
12:00 he is playing baseball. Contactable at (604)555-1234
other times except when he is on a hot date which is most
likely Thursday thru Saturday evenings EST."

If you have a look through the RIPE database you will see that
they do have long complicated notes about who and how to contact
various support departments, although I've never seen one quite
like the above example.

I really do not understand why people do not support the basic
and fundamental principle of only recording contact information
in the whois directory for people who are READY, WILLING and ABLE
to TAKE ACTION when contacted. What good is it to have mobile
numbers that ring through to voicemail or contact people who,
although they set up the server themselves 3 months ago, have
more or less forgotten all the technical details that they barely
grasped in the first place. It really should be up to ISPs to
manage their customers, and the rest of us should contact the
ISPs who have 24x7 support people who are READY, WILLING and ABLE
to TAKE ACTION when contacted. If this were the standard way
to do things, then ISP contracts would have standard clauses
that allow them to unplug servers until the owner can be contacted
and arrangements made to clean up the problems.

As for servers that are not accepting incoming email or similar 
things, that is not your problem and it is not ARIN's problem.
We can't boil the sea.

--Michael Dillon