[arin-ppml] Policy Proposal 95: Customer Confidentiality
sethm at rollernet.us
Sat Jan 30 15:57:47 EST 2010
On 1/29/2010 12:30, Rudolph Daniel wrote:
> What I think is at the center of the debate here is : How much
> information and what kind of information is to be in the public view. It
> is not about whether the information exists. ARIN has the information
> and a provider has collected the information and passed it to ARIN.
> Now, under what rules and circumstances can/should that information be
> accessed and by whom and for what purpose. Disclosure on a need to know
> basis is also something I am not not 100% clear on.
> If I see an unusual ip on my server, under what circumstances do I need
> detailed information on who it is allocated to? And how do I efficiently
> access that information if it is not an open public record. If it were
> on public record, what level of certainty do I have that the information
> is accurate?
> If it is not on public record and I give good reason to access it, then
> the entity allocated that record has a right to know / have recorded...
> who accessed the information and when. Where the information is simply
> public view, there is more room for abuse of that information simply
> because there are "fewer" controls on what is published.
My general feeling is that if I see a misbehaving bunch of IP addresses
and I need to nuke it, I'll follow whatever the owner feels like showing
in whois. If the most detail I get is a /19 because the details are
super secret, then /19 is what I'll block.
More information about the ARIN-PPML