[arin-ppml] Draft Policy 2010-3: Customer Confidentiality

Leo Bicknell bicknell at ufp.org
Tue Feb 2 17:49:25 EST 2010

In a message written on Tue, Feb 02, 2010 at 03:15:21PM -0700, Chris Grundemann wrote:
> See policy 2008-7 (and the surrounding discussions), my first step in
> addressing the problems, as I see them, with our current use of whois.
>  Although I am not prepared to lay out a plan for addressing the whole
> system in this message - you can be assured that my convictions are
> real.

2008-7 is a bit messy due to the merged proposals, but it seems to
me the general concepts at work there are orthogonal to the ones
we are discussing at this instance.

The recent petition and related discussion is about who should or
should not be listed in the database.  2008-7 addresses making sure
the info in the database stays up to date post that decision, and
what action we take if we find it out of date.

> The status quo does not necessarily (and often does not at all)
> represent the ideal or the intended. The original intent of whois was
> to register everyone who was able to pass traffic across the
> Internet[1]. The required information was name, physical address,

Let me quote the passage from RFC 954 for others they don't have
to go look it up:


    DCA requests that each individual with a directory on an ARPANET
    or MILNET host, who is capable of passing traffic across the DoD
    Internet, be registered in the NIC WHOIS Database. MILNET TAC users
    must be registered in the database.

I want to point out, at that time substantially all of the network
was directly paid for by government contract, so the government was
asking for full documentation of who was benefiting from the use
of public funds.  Indeed, I believe to some degree this is required
by Government purchasing rules (that they disclose who receives the

As a result I'm dubious this historical artifact has anything to
do with the privately run, privately paid for network run by RIR's,
and not the DoD that we have today.

> ability to make changes on the network in question though. In some
> cases, this is an ISP but in most cases involving an end-user who is a
> business, it is the end-user.

Actually, in many cases it is both.  When Grandma's PC is infected
with a virus and made part of a botnet there are multiple solutions.
Calling Grandma and explaining the situation and having her fix her
machine might work.  Calling her ISP, and having them disconnect
her box, or put it in a quaranteen VLAN and then working with her
might work as well.

What I advocate is that the RIR's allow the users and ISP's to
choose.  If Grandma buys from Joes Bait and Internet on the $1.99
a month budget plan, he may list her and not even pick up the phone.
If she buys PlatinumCo's $499 a month hyperpeed premium Internet
they may send her the PC, manage it remotely for her, and guarantee
it to be virus free.  They may want to list themselves as the right

I don't understand how Stewardship requires us to pick one business
model over the over.

       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100202/41c244ce/attachment-0001.sig>

More information about the ARIN-PPML mailing list