[arin-ppml] ARIN-prop-180 ISP Private Reassignment - intent to revise

Chu, Yi [NTK] Yi.Chu at sprint.com
Wed Aug 15 21:06:23 EDT 2012


All:
After reviewing the feedback and discussions, I intend to modify prop-180 as follows.   Please let me know if I have made improvements in gaining your support or made things worse.

1. ARIN approval:  ISP to submit private reassignment request to ARIN for approval.  The info in the request is exactly the same as it would be for public records.  -- This addresses concern of abuse.  As ARIN has to approve, and the info provided is the same as public, so no more prune to abuse.

2. Alignment with residential policy: Upon ARIN's approval, the ISP may substitute that organization's name for the customer's name, e.g. 'Private Customer - XYZ Network', and the customer's street address may read 'Private'. Each private downstream reassignment must have accurate upstream Abuse and Technical POCs visible on the WHOIS directory record for that block.  --- This aligns with residential requirement.  As ARIN and ISP have the real info, so when a law enforcement need to request info with a subpoena, the ISP and ARIN would be able to produce the info.

3.  'Slow zone': Each ISP may only have one outstanding private reassignment request with ARIN. (alternatively, it can also be stated that 'ARIN is putting the ISP's private request in its own queue, and ARIN is not required to process more than one request per ISP per day, something to this effect) --- This addresses people's concern of abuse, ie, ISP swip everything private.   As I envision ISP's private request is rare, that limiting the throughput is OK.

Rationale for the proposal:  I would add that it is for businesses to prevent the prying eyes of hacking.  Right now, a hacking teenage can find IP info on arin whois for any company with just a few clicks by just looking up the company name, which I find a bit un-nerving.  We made it unnecessarily easy for the hackers.

Please let me know your comments.

yi

-----Original Message-----
From: David Farmer [mailto:farmer at umn.edu]
Sent: Thursday, August 09, 2012 2:55 PM
To: Chu, Yi [NTK]
Cc: Brian Kearney; ppml at arin.net; David Farmer
Subject: Re: [arin-ppml] ARIN-prop-180 ISP Private Reassignment

First, I cannot support this proposal as written, however I would like
to see more flexibility provided on this issue.

So here is the problem, your one customer that wants their data private
isn't that big of deal, the system won't fall apart if their data is
private.  However, if everyone wants their data private or ISPs start
marking all their data private by default then the system may fall part.
  Or, at the very least we probably need a radically different system,
I'm not fundamentally opposed to that either, but that's not what your
proposing.

As written, your proposal allows an ISP to mark all their data as
private.  You seem to be saying the that everyone can make all their
data private without any consequences to the current system.  To be
honest I think your wrong, others seem to think so as well.  However, I
also don't believe that all data needs to be public for the system to
work as intended either, just a majority of it.

My suggestion is to go one of two directions, propose a complete rethink
of the current system that doesn't need public data, or provide some
limits to how much data can be private or provide other compensating
policy controls that make up for the lack of public data.

Some examples of possible options, only allow a certain threshold of
private data, say 10% or 20% by volume of addresses, or after a
threshold of private data require escrow of all records with an
independent custodian and who that custodian is must be published, or
require an annual audit of records by ARIN, etc...

Without a complete rethink of the system there needs to be some
consequence for having to much data marked as private or a limit on the
amount of data that can be marked as private.

Thanks

On 8/9/12 12:40 CDT, Chu, Yi [NTK] wrote:
> The private registration would need to go through exact the same scrutiny as is done for the public ones.  The ISP's are still required to register with ARIN.  Private just means the record is not shown/visible on the public whois.  'Private registration' does not relieve the ISP from registration responsibility of their reassignments.
>
> ISP's are still bound by their RSA contract with ARIN, as I stated in another email.
>
> yi
>
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of Brian Kearney
> Sent: Thursday, August 09, 2012 11:50 AM
> To: ARIN
> Cc: ppml at arin.net
> Subject: Re: [arin-ppml] ARIN-prop-180 ISP Private Reassignment
>
> This could easily be abused for utilization justification.
>
>
> Thank You,
> Brian Kearney
> Sent from my iPhone
>
>
> On Aug 9, 2012, at 8:32 AM, ARIN <info at arin.net> wrote:
>
>> ARIN-prop-180  ISP Private Reassignment
>>
>> ARIN received the following policy proposal.
>>
>> The ARIN Advisory Council (AC) will review the proposal at their next
>> regularly scheduled meeting (if the period before the next regularly
>> scheduled meeting is less than 10 days, then the period may be extended
>> to the subsequent regularly scheduled meeting). The AC will decide how
>> to utilize the proposal and announce the decision to the PPML.
>>
>> The AC invites everyone to comment on the proposal on the PPML,
>> particularly their support or non-support and the reasoning
>> behind their opinion. Such participation contributes to a thorough
>> vetting and provides important guidance to the AC in their deliberations.
>>
>> Draft Policies and Proposals under discussion can be found at:
>> https://www.arin.net/policy/proposals/index.html
>>
>> The ARIN Policy Development Process can be found at:
>> https://www.arin.net/policy/pdp.html
>>
>> Mailing list subscription information can be found
>> at:https://www.arin.net/mailing_lists/
>>
>> Regards,
>>
>> Communications and Member Services
>> American Registry for Internet Numbers (ARIN)
>>
>>
>> ## * ##
>>
>> On Thursday, August 9, 2012 10:52 AM, Yi Chu wrote
>>
>> Template: ARIN-POLICY-PROPOSAL-TEMPLATE-2.0
>>
>>    1. Policy Proposal Name:  ISP private reassignment
>>    2. Proposal Originator
>>          1. name: Yi Chu
>>          2. e-mail: yi.chu at sprint.com
>>          3. telephone: +1-703-592-4850
>>          4. organization: Sprint
>>    3. Proposal Version: 1
>>    4. Date: 2012-08-09
>>    5. Proposal type: new
>>    6. Policy term: permanent
>>    7. Policy statement:
>>                 NRPM 4.2.3.7.1.1 and 6.5.5.1.1 ISP private reassignment
>>                 ISP has the option to register a reassignment as private.  A private reassignment is not visible on the public whois database.  Private reassignment is used in calculation of ISP utilization.  By register a reassignment as private, the ISP takes responsibility as POC by means of the direct allocation (parent of the reassigned address block) from ARIN that is publically registered in the whois database.
>>
>>    8. Rationale:
>>                 Some ISP's customers wish to keep their reassignment private.  This can be for security reasons.  It can also be that the customer does not have the staff or know-how to manage their network.  They in term outsource the management of their network to the upstream ISP.  By not having their reassignemnt record showing in public, the whois record of the parent ISP block is a truer representation of the reality.  It make shte whois database more accurate and cleaner.
>>    9. Timetable for implementation: immediate

--
===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE      Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================


________________________________

This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.




More information about the ARIN-PPML mailing list