[arin-ppml] private whois record

Kevin Kargel kkargel at polartel.com
Wed Aug 8 15:33:13 EDT 2012



 

> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Milton L Mueller
> Sent: Wednesday, August 08, 2012 1:07 PM
> To: Chu, Yi [NTK]; 'ARIN PPML (ppml at arin.net)'
> Subject: Re: [arin-ppml] private whois record
> 
> I just love the way people present their own views as "the community's"
> views. Intentionally or not, it can have the effect of pre-empting
> discussion of things that need to be discussed, and thus needs to be
> identified and challenged whenever it occurs.
> 
> If I am not mistaken - or more accurately, if Chu Yi is not mistaken -
> APNIC already has the kind of policy or practice he is requesting. Thus,
> Heather, I must ask: are you saying that the entire Asia-Pacific region is
> not part of "the community" that has favored transparency? Keep in mind
[kjk] 
[kjk] As far as ARIN is concerned the ARIN community is comprised of it's
members. APNIC is another community.

> that AP is the world's most populous region with the most Internet users
> and that the "badness" of which you speak is global and not bounded by any
> region or territory.
> 
> I would say that the merit of your arguments regarding transparency may be
> strong enough to stand on their own; no need to invoke a fictitious
> "community"
> 
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> > Behalf Of Schiller, Heather A
> > Sent: Wednesday, August 08, 2012 1:26 PM
> > To: Chu, Yi [NTK]; Kevin Kargel; 'ARIN PPML (ppml at arin.net)'
> > Subject: Re: [arin-ppml] private whois record
> >
> >
> > I offer this info for historical context - to give you an overview of
> what's been
> > discussed previously.  Don't let it get in your way of suggesting an
> alternative
> > via: https://www.arin.net/policy/pdp_appendix_b.html  You may want to
> > address these concerns in writing the rationale.
> >
> > This has come up before.  You can look through meeting minutes, ppml &
> > policy proposal archives for the past versions of this discussion- but
> so far the
> > community has favored transparency in requiring whois records.  I think
> the
> > prevailing argument has been that "companies" are inherently public -
> > company name and address are already public record, as they are
> registered
> > and searchable in state records.  Law Enforcement folks argue that
> having
> > whois info published facilitates legal investigations, especially in
> > emergencies.  In addition the anti-spam/security community will oppose
> it -
> > as they use whois information to track badness.
> >
> > Having managed some IP's in the past - the folks who are doing really
> super
> > s3kr3t stuff aren't doing it on the public internet.  Those that are
> doing
> > sensitive things over the public internet, have a better game plan for
> security
> > than obscuring whois, and the good ones have implemented that before it
> > gets to asking you not to swip.  The rest can get by with listing
> already publicly
> > identifiable contact info - corp name, corp headquarters, etc.  No one
> should
> > be relying on obscuring swip as a security practice, if you are still
> accepting
> > packets.  An experienced network security auditor would have experience
> > with swip records and would know that in the ARIN region commercial
> space
> > isn't going to be marked "private".  In fact, the point could be made
> that
> > marking them private is likely to raise more curiosity, especially when
> its
> > clearly not residential space.
> >
> > --Heather
> >
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> > Behalf Of Chu, Yi [NTK]
> > Sent: Tuesday, August 07, 2012 2:08 PM
> > To: Kevin Kargel; 'ARIN PPML (ppml at arin.net)'
> > Subject: Re: [arin-ppml] private whois record
> >
> > The situation is my customer (a company, not residential) had gone
> through a
> > security audit.  The audit identified the whois record as a potential
> security
> > risk.  What they are asking is for their whois  record (inetnum, or
> network
> > record) to be private.  So the assigning LIR has access to the private
> record, as
> > well as ARIN.  But not to general public.  This 'private' feature has
> been
> > incorporated in APNIC for almost 10 years (APNIC-16, 2003
> > http://www.apnic.net/services/services-apnic-
> > provides/helpdesk/faqs/privacy-of-customer-assignments---faqs) .   I
> would
> > like to know first if ARIN has a similar feature to accommodate my
> customer's
> > request.  If not, has the topic been discussed and if there is interest
> in
> > pursuing.
> >
> > yi
> >
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> > Behalf Of Kevin Kargel
> > Sent: Tuesday, August 07, 2012 1:01 PM
> > To: 'ARIN PPML (ppml at arin.net)'
> > Subject: Re: [arin-ppml] private whois record
> >
> > I see no great problem with private registration so long as there are
> active
> > authoritative contacts that can actually do something should a network
> or
> > abuse issue occur.  Having an abuse or NOC contact point to someone who
> > can call someone who knows who to call is unacceptable.  We need to be
> > able to reach a network administrator directly.
> >
> > Having said that, if you are operating on the public network and wish to
> keep
> > your contact information private then something just doesn't jive.  I do
> > strongly support transparency.  If you don't want to disclose any
> information
> > the solution is simple, don't transact on public networks.
> >
> >
> > Kevin
> >
> >
> > ________________________________________
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> > Behalf Of Chu, Yi [NTK]
> > Sent: Tuesday, August 07, 2012 11:26 AM
> > To: ARIN PPML (ppml at arin.net)
> > Subject: [arin-ppml] private whois record
> >
> > APNIC has a 'private' option for LIR to make the non-portable
> assignments
> > private.  It fulfills the LIR's registration requirements, and at the
> same time
> > gives LIR option to address its customer's privacy concerns.  It does
> seem a
> > superb idea.  I wonder if the topic has ever been raised and discussed
> in
> > ARIN?
> >
> > Yi Chu
> > IP Engineering
> > Sprint
> >
> >
> > ________________________________________
> >
> > This e-mail may contain Sprint Nextel proprietary information intended
> for
> > the sole use of the recipient(s). Any use by others is prohibited. If
> you are
> > not the intended recipient, please contact the sender and delete all
> copies of
> > the message.
> >
> > ________________________________
> >
> > This e-mail may contain Sprint Nextel proprietary information intended
> for
> > the sole use of the recipient(s). Any use by others is prohibited. If
> you are
> > not the intended recipient, please contact the sender and delete all
> copies of
> > the message.
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to the ARIN
> > Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4935 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20120808/52b1a877/attachment-0001.bin>


More information about the ARIN-PPML mailing list