[arin-ppml] POC privacy

Christoph Blecker cblecker at gmail.com
Fri Oct 26 12:21:18 EDT 2012


On Fri, Oct 26, 2012 at 8:30 AM, Patrick Klos <patrick at klos.com> wrote:
> Andrew Koch wrote:
>
> Yesterday during the open mic at the policy meeting, Mike Joseph of
> Google had planted an idea of making Admin and Tech contacts private.
>
> Rather than being able to move all Admin and Tech contacts to being
> private, I would be in favor of requiring one public POC of each type
> be visible.  However,  additional POCs of those types could be marked
> private.
>
> This would provide for the ability to move all but a select
> representative or role account to receive communications into a
> private status.  These private POCs could continue to manage
> resources.  It also balances the concern that POCs may receive a large
> bit of unwanted communications and the need to contact them.
>
> As I think about this a bit further, creating a role POC and then
> being able to link multiple ARIN Online accounts to that role POC is
> already available.  This would meet the ability to manage resources,
> but not place personal details in the public database.  So, I think
> further information on the drivers of this are needed.
>
> In some after-meeting discussions, another thought that was brought
> forward was moving the ability to view certain POC data to a
> restricted system.  For example, in public whois, the resource would
> link to a POC name, but the details (name, phone, email) would be only
> accessible after logging into ARIN Online, or using REST with an API
> key.
>
> Regards,
> Andrew Koch
>
>
>
> These ideas of hiding POCs are ridiculous!  What is the purpose of a "point
> of CONTACT" if you cannot use it to CONTACT someone?!?!
>
> I constantly use POCs to try to notify resource owners that their resources
> (usually a server on their network) have been compromised and are behaving
> badly (i.e. hosting phishing sites or viruses/trojans).  I don't get paid to
> do it - I do it because it needs to be done.  If more obstacles are put in
> my way (i.e. requiring me to use various web interfaces and log in to get
> the details I need), I will have less and less time to help out the
> community.
>
> What are people worried about that they feel their POC information should be
> "private"??
>
> A little spam?!?  I get so little spam on my POC email addresses, it's silly
> to worry about it!
> What else?  Privacy??  Businesses (legitimate ones, anyway) have no reason
> to hide themselves!
>
> What good is a "private" POC?  Who would ever got to use it if it's
> private???
>
> Can someone come up with a single legitimate example of why they should have
> public Internet resources assigned to them, but their contact information
> should be hidden from the world??
>
> Sincerely,
>
> Patrick Klos
> Klos Technologies, Inc.

POCs are also used by ARIN to determine who is permitted to modify
records. Technical and Admin POCs linked to ORGs are how this
permissions relationship works. Now fair, private Abuse or NOC POCs
are kind of useless, but the entire argument isn't without merit.

Cheers,
Christoph



More information about the ARIN-PPML mailing list