[arin-ppml] Draft Policy 2010-3: Customer Confidentiality

Chris Grundemann cgrundemann at gmail.com
Tue Feb 2 17:15:21 EST 2010

On Tue, Feb 2, 2010 at 14:29, Leo Bicknell <bicknell at ufp.org> wrote:
> In a message written on Tue, Feb 02, 2010 at 01:52:04PM -0700, Chris Grundemann wrote:
>> Agreed again - I think whois is in pretty sorry shape at the moment
>> (for more than one reason); but should we respond by throwing our
>> hands up and codifying bad behavior - or by addressing the problem?
> While we clearly disagree on the desired outcome, it appears we
> both agree that the current situation is absurd.
> I have consistenly supported proposals to remove this information
> from whois, and I have also written and spent several years propmoting
> my own policy in this space (2005-2) which was subsequently abandoned.
> I have yet to see anyone on the other side of this issue propose
> any method of "addressing the problem" from the other side, that
> is tightening requirements such that someone is required to be
> listed.
> Please understand this is why I find such positions hypocritical.
> While I would disgree with tightening requirements, I would respect
> those making the argument that such requirments were "fundamental"
> if they were pushing policy initatives to make that actually be the
> case.  Using such forceful language to oppose policy when it is
> known not to represent the status quo and also when not working to
> change the status quo leaves the impression that the convictions
> on that point are weak, or nonexistant.

See policy 2008-7 (and the surrounding discussions), my first step in
addressing the problems, as I see them, with our current use of whois.
 Although I am not prepared to lay out a plan for addressing the whole
system in this message - you can be assured that my convictions are

The status quo does not necessarily (and often does not at all)
represent the ideal or the intended. The original intent of whois was
to register everyone who was able to pass traffic across the
Internet[1]. The required information was name, physical address,
phone number and network mailbox. Obviously we can not (and do not
want) to register every cell-phone user or PC owner. We do still want
to be able to contact network administrators who actually have the
ability to make changes on the network in question though. In some
cases, this is an ISP but in most cases involving an end-user who is a
business, it is the end-user.


[1] See "WHO SHOULD BE IN THE DATA BASE" in RFC 812 and RFC 954

> I think ARIN just has the whois thing plain wrong.  Allocations and
> assignments made from ARIN should have regularized information
> published on them by ARIN.  Everything below that should be optional,
> as decided by the ISP and the customer.  More to the point, it
> should be more open than the current system, a-la what RIPE does.
> If the customer and the ISP want to put a 20 page missive in whois
> listing every employee with phone, e-mail, cell, facebook page, and
> favorite color, great!  If they want to not be listed, and have
> their ISP take calls, great!
> --
>       Leo Bicknell - bicknell at ufp.org - CCIE 3440
>        PGP keys at http://www.ufp.org/~bicknell/
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.


More information about the ARIN-PPML mailing list