[arin-ppml] Draft Policy ARIN-2019-2: Waiting List Block Size Restriction
David Farmer
farmer at umn.edu
Fri Mar 1 17:00:44 EST 2019
On Thu, Feb 28, 2019 at 7:16 PM Ronald F. Guilmette <rfg at tristatelogic.com>
wrote:
>
> In message <
> CAN-Dau3yAjwbgfySKYAz7jbMyA7RuHr4JKF+MMM+_t0NG1ZXVw at mail.gmail.com>
> David Farmer <farmer at umn.edu> wrote:
>
> >Ok, I guess it is theoretically possible there are options that are
> >equivalent to retail theft detectors, with no impact on good actors.
> >However, I'm not aware of any policy options with such properties, all of
> >them that I can think of involve the balancing act I referred too. If you
> >have ideas for policies that only impact the bad actors please share them.
>
> Total transparency for everything.
>
> Your university would not have a problem with that. Nor would most
> publicly-traded companies. Nor would a majority of non-profits, I think.
>
"Total transparency for everything" is nice hyperbole, but is not a
practical policy even for my university. We need practical policy proposals
with the details necessary to evaluate and implement them.
Exactly what information and at what level of detail do you want to be
included your total transparency? If you mean, that the reports we have to
give ARIN with the details of how all our current IP addresses are used
when we justify more of them, basically a catalog of each subnet on our
network. If that has to be public, my security people would definitely take
issue with that, that is basically a road map for attacking our network.
ARIN needs to know technical details about each of our networks at a level
that none of us want to be made public. Having that level of information
made public is a technical security risk to our organizations and users.
Now if you want my university's audited financial records, sure those are
public, but not until they have been audited. While you personally might
find them interesting, I don't see how they are relevant to our IP address
usage and why ARIN would care, ARIN may want certain organizational
documents for an 8.2 M&A Transfer, but probably not my university's full
financial records. And even if ARIN did need them we wouldn't want ARIN
making them public, if you want my university's financial records you come
to us for them.
Basically, as I see it, "total transparency for everything" is no
the equivalent to retail theft detectors, and it involves the trade-offs I
was referring to.
Thanks
--
===============================================
David Farmer Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190301/296c1de8/attachment.htm>
More information about the ARIN-PPML
mailing list