[arin-ppml] ARIN-prop-180 ISP Private Reassignment - intent to revise
hannigan at gmail.com
Thu Aug 16 10:45:54 EDT 2012
On Thu, Aug 16, 2012 at 1:15 AM, David Farmer <farmer at umn.edu> wrote:
> On 8/15/12 20:06 CDT, Chu, Yi [NTK] wrote:
>> After reviewing the feedback and discussions, I intend to modify prop-180
>> as follows. Please let me know if I have made improvements in gaining your
>> support or made things worse.
>> 1. ARIN approval: ISP to submit private reassignment request to ARIN for
>> approval. The info in the request is exactly the same as it would be for
>> public records. -- This addresses concern of abuse. As ARIN has to
>> approve, and the info provided is the same as public, so no more prune to
> If you leave it to ARIN to approve or not, what criteria should they apply
> to approving or not? Otherwise this is meaningless.
>> 2. Alignment with residential policy: Upon ARIN's approval, the ISP may
>> substitute that organization's name for the customer's name, e.g. 'Private
>> Customer - XYZ Network', and the customer's street address may read
>> 'Private'. Each private downstream reassignment must have accurate upstream
>> Abuse and Technical POCs visible on the WHOIS directory record for that
>> block. --- This aligns with residential requirement. As ARIN and ISP have
>> the real info, so when a law enforcement need to request info with a
>> subpoena, the ISP and ARIN would be able to produce the info.
> This seems reasonable.
>> 3. 'Slow zone': Each ISP may only have one outstanding private
>> reassignment request with ARIN. (alternatively, it can also be stated that
>> 'ARIN is putting the ISP's private request in its own queue, and ARIN is not
>> required to process more than one request per ISP per day, something to this
>> effect) --- This addresses people's concern of abuse, ie, ISP swip
>> everything private. As I envision ISP's private request is rare, that
>> limiting the throughput is OK.
> I'm not sure how effective this is or if it matters how quickly they happen.
> If an ISP private SWIPs 100 in one day, or 1 a day for 100 days and does a
> 1000 SWIPs the rest of the year what's the diff, its still 10%. Most of the
> data needs to be public that what matters not how many in one day.
>> Rationale for the proposal: I would add that it is for businesses to
>> prevent the prying eyes of hacking. Right now, a hacking teenage can find
>> IP info on arin whois for any company with just a few clicks by just looking
>> up the company name, which I find a bit un-nerving. We made it
>> unnecessarily easy for the hackers.
> This is bull, that's like saying if banks only took down their signs no one
> would rob them. BULL!!! I want to see more flexibility here. But let's not
> make up silly excuses, its about privacy not security.
:-) I think the rationale needs work.
I'm also concerned about increasing the cost of ARIN operations
significantly. Someone is going to have to fund this.
More information about the ARIN-PPML