[arin-ppml] Revealing /32 customers?

[Chris Grundemann]

On Thu, Apr 26, 2012 at 16:16, John Curran <jcurran at arin.net> wrote:
> On Apr 26, 2012, at 3:02 PM, William Herrin wrote:
>>
>> I don't doubt it and I'm pleased to hear that ARIN is vigorously
>> defending the address pool. I just want to make sure that if we've
>> decided, as a matter of consensus based public policy, that
>> assignments smaller than /29 are permitted to remain a private matter
>> between ISP and customer that the staff procedures are not, in a
>> roundabout way, contradicting or partially nullifying that policy.
>
> I do believe that the policy intent was to keep customer data private
> _with respect to public reassignment directories_, and not with
> respect to answering ARIN inquiries regarding utilization, but I
> could be mistaken.  The policy origin of the language is in ARIN
> 2010-14 <https://www.arin.net/policy/proposals/2010_14.html>
>
>> More to the point, if staff procedures are leaving any ISPs stranded
>> with no choice but to reveal /32 customer identities, I'd like to see
>> those procedures revised to better reflect the spirit of the /29
>> boundary called out multiple times in the NRPM, such as in 4.2.3.7.1.
>
> I believe the procedures we utilize are correct implementation of
> the policy (and policy intent with respect to 2010-14), but if you
> want specifically for ARIN to never seek information on customers
> with smaller than /29 reassignments, then I'd recommend making policy
> to that effect.  Note to also amend NRPM 12, since that is definitely
> without constraints, regardless of the reading of ISP IPv4 policies.

As the originator of Policy Proposal 109[1] which went on to become
2010-14 and now makes up the current text in section 4.2.3.7.[2], I
can unequivocally state that the intention of that policy (and the
corresponding IPv6 policy) was to place limitations on the public
SWIP/WHOIS records only. In fact, all of the limiting language
mentions SWIP directly if I am not mistaken. There was no intent to
limit ARINs ability to conduct full audits, under NDA, when
appropriate.

Of course, this does not mean that there is no room for future policy
changes in this area (and I'm happy to help sort any needed changes
out), only that ARIN staff's current practices are fully inline with
current policy as far as I can tell.

Cheers,
~Chris

[1] - http://lists.arin.net/pipermail/arin-ppml/2010-February/016528.html
[2] - https://www.arin.net/policy/nrpm.html#four237

>
> Thanks!
> /John
>
> John Curran
> President and CEO
> ARIN
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.



-- 
@ChrisGrundemann
http://chrisgrundemann.com