[arin-ppml] Policy Proposal 95: Customer Confidentiality

Steve Bertrand steve at ibctech.ca
Thu Jan 28 20:13:20 EST 2010


Joe Morgan wrote:
> That is really not the point of this proposal. The point is that I
> should not have to give up my entire customer list to my competitors.

There's something wrong about that sentence. If an IP address that has
been SWIP'ed to a specific site is performing blatant network scans
against you, I want you to be able to know who it is.

To me, trying to hide customer information like this is much like
security through obscurity, imho.

> If somebody is having problems with a company doing business under my
> IP space then there is no reason why they cant contact my arin abuse
> poc. 

They can. If there is no PoC associated with a SWIP and only an
address/phone listed within the SWIP, most people who use WHOIS will
already know to just let it fall through to get the proper contact:

Attack from 208.70.107.134?:

%whois 208.70.107.134

...look up the block:

%whois -a NET-208-70-107-128-1

> I would rather those go to me than to the customer that can just
> ignore it. I already have problems with people sending complaints to
> the wrong places and I never even get contacted with the abuse
> complaint. 

That's not a whois/swip problem. That's a people problem.

> I don't understand as arin can request the information why
> does it need to be open to the public?

Why impose cost/time/effort/stress on ARIN when there is no need to do so?

Perhaps if it is looked at in another light... *you* are concerned about
competitors finding out who your *clients* are.

If you are really concerned this much that other sales people will try
to steal your clients because of data presented in whois, perhaps you
are being selfish, as your clients may *want* to be included in whois,
as it may be another avenue of visibility for their
brand/company/whatever to a potential brand new market for them for
their product ;)

I doubt it, as I believe that whois is used by ops trying to reach ops,
but I digress.

Either way, I concur with the AC's decision that this policy should be
abandoned.

Steve



More information about the ARIN-PPML mailing list