[arin-ppml] Draft Policy 2010-3: Customer Confidentiality

George Bonser gbonser at seven.com
Tue Feb 2 14:40:14 EST 2010

> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net]
> Behalf Of Kevin Kargel
> Sent: Tuesday, February 02, 2010 10:26 AM
> Subject: [arin-ppml] Draft Policy 2010-3: Customer Confidentiality
> Hiding community members from contact by prospective service offerings
> is not included anywhere in the ARIN mission statement that I could
> see.

My feeling as well.  But in addition, I would want to make sure that
there is a technical POC listed for whoever is the one that actually has
"enable"/"root"/"administrator" access to the gear I am communicating
with.  I don't care if it is the ISP or the end user's IT staff, but I
want to make sure that there is a technical contact listed that can
actually do something about a problem.

I don't want to call an ISP who has no access to the mail/DNS server or
router or whatever on that user's network. That is a waste of time for
both of us.  We run a very lean shop and I don't have a couple of hours
to open tickets and wait for a response just to get a contact that I
should have been able to obtain from whois.  I believe that is the
purpose of it to begin with.  If you are not going to put the end user's
info in whois, there is no sense having whois at all.  Incorrect
information or information that points to someone who can't help me is
worse than useless.  I would rather have nothing than have a pointer to
a time sink.

People should be talking to me when there is a problem and not talking
to our finance department or CTO because an SMPP bind with someone's
SMSC is failing, for example.  I certainly don't want them calling the
upstream who SWIPed us the subnet because there is nothing they are
going to be able to do about it. 

They should be able to notice there is a problem, look up the IP
address, see the technical POC, send an email or call, and get some kind
of a response from someone who is likely to be able to solve or at least
troubleshoot the problem.  And I want to be able to do the same in the
other direction.

Whois, for the most part, does that today and saves me time.

I am not interested in protecting someone's customer list as a higher
priority than getting meaningful work done but don't mind some mechanism
of protecting them provided it doesn't make life more difficult for
everyone else.  Not allowing the ">" operator on certain whois queries
might be a way to start.

More information about the ARIN-PPML mailing list