[arin-ppml] private whois record

Milton L Mueller mueller at syr.edu
Wed Aug 8 14:06:58 EDT 2012 

I just love the way people present their own views as "the community's" views. Intentionally or not, it can have the effect of pre-empting discussion of things that need to be discussed, and thus needs to be identified and challenged whenever it occurs.

If I am not mistaken - or more accurately, if Chu Yi is not mistaken - APNIC already has the kind of policy or practice he is requesting. Thus, Heather, I must ask: are you saying that the entire Asia-Pacific region is not part of "the community" that has favored transparency? Keep in mind that AP is the world's most populous region with the most Internet users and that the "badness" of which you speak is global and not bounded by any region or territory.

I would say that the merit of your arguments regarding transparency may be strong enough to stand on their own; no need to invoke a fictitious "community" 

> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Schiller, Heather A
> Sent: Wednesday, August 08, 2012 1:26 PM
> To: Chu, Yi [NTK]; Kevin Kargel; 'ARIN PPML (ppml at arin.net)'
> Subject: Re: [arin-ppml] private whois record
> 
> 
> I offer this info for historical context - to give you an overview of what's been
> discussed previously.  Don't let it get in your way of suggesting an alternative
> via: https://www.arin.net/policy/pdp_appendix_b.html  You may want to
> address these concerns in writing the rationale.
> 
> This has come up before.  You can look through meeting minutes, ppml &
> policy proposal archives for the past versions of this discussion- but so far the
> community has favored transparency in requiring whois records.  I think the
> prevailing argument has been that "companies" are inherently public -
> company name and address are already public record, as they are registered
> and searchable in state records.  Law Enforcement folks argue that having
> whois info published facilitates legal investigations, especially in
> emergencies.  In addition the anti-spam/security community will oppose it -
> as they use whois information to track badness.
> 
> Having managed some IP's in the past - the folks who are doing really super
> s3kr3t stuff aren't doing it on the public internet.  Those that are doing
> sensitive things over the public internet, have a better game plan for security
> than obscuring whois, and the good ones have implemented that before it
> gets to asking you not to swip.  The rest can get by with listing already publicly
> identifiable contact info - corp name, corp headquarters, etc.  No one should
> be relying on obscuring swip as a security practice, if you are still accepting
> packets.  An experienced network security auditor would have experience
> with swip records and would know that in the ARIN region commercial space
> isn't going to be marked "private".  In fact, the point could be made that
> marking them private is likely to raise more curiosity, especially when its
> clearly not residential space.
> 
> --Heather
> 
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Chu, Yi [NTK]
> Sent: Tuesday, August 07, 2012 2:08 PM
> To: Kevin Kargel; 'ARIN PPML (ppml at arin.net)'
> Subject: Re: [arin-ppml] private whois record
> 
> The situation is my customer (a company, not residential) had gone through a
> security audit.  The audit identified the whois record as a potential security
> risk.  What they are asking is for their whois  record (inetnum, or network
> record) to be private.  So the assigning LIR has access to the private record, as
> well as ARIN.  But not to general public.  This 'private' feature has been
> incorporated in APNIC for almost 10 years (APNIC-16, 2003
> http://www.apnic.net/services/services-apnic-
> provides/helpdesk/faqs/privacy-of-customer-assignments---faqs) .   I would
> like to know first if ARIN has a similar feature to accommodate my customer's
> request.  If not, has the topic been discussed and if there is interest in
> pursuing.
> 
> yi
> 
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Kevin Kargel
> Sent: Tuesday, August 07, 2012 1:01 PM
> To: 'ARIN PPML (ppml at arin.net)'
> Subject: Re: [arin-ppml] private whois record
> 
> I see no great problem with private registration so long as there are active
> authoritative contacts that can actually do something should a network or
> abuse issue occur.  Having an abuse or NOC contact point to someone who
> can call someone who knows who to call is unacceptable.  We need to be
> able to reach a network administrator directly.
> 
> Having said that, if you are operating on the public network and wish to keep
> your contact information private then something just doesn't jive.  I do
> strongly support transparency.  If you don't want to disclose any information
> the solution is simple, don't transact on public networks.
> 
> 
> Kevin
> 
> 
> ________________________________________
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Chu, Yi [NTK]
> Sent: Tuesday, August 07, 2012 11:26 AM
> To: ARIN PPML (ppml at arin.net)
> Subject: [arin-ppml] private whois record
> 
> APNIC has a 'private' option for LIR to make the non-portable assignments
> private.  It fulfills the LIR's registration requirements, and at the same time
> gives LIR option to address its customer's privacy concerns.  It does seem a
> superb idea.  I wonder if the topic has ever been raised and discussed in
> ARIN?
> 
> Yi Chu
> IP Engineering
> Sprint
> 
> 
> ________________________________________
> 
> This e-mail may contain Sprint Nextel proprietary information intended for
> the sole use of the recipient(s). Any use by others is prohibited. If you are
> not the intended recipient, please contact the sender and delete all copies of
> the message.
> 
> ________________________________
> 
> This e-mail may contain Sprint Nextel proprietary information intended for
> the sole use of the recipient(s). Any use by others is prohibited. If you are
> not the intended recipient, please contact the sender and delete all copies of
> the message.
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to the ARIN
> Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list