[arin-ppml] Of interest?

Ronald F. Guilmette rfg at tristatelogic.com
Fri May 17 01:46:05 EDT 2019

In message <CAGkMwz55qfT+PHNdvwUbK5xs8OLCHjfx2DH2V68wM+kPdddggg at mail.gmail.com>
Scott Leibrand <scottleibrand at gmail.com> wrote:

>...I wouldn't expect {ARIN officials} to discuss specifics of
>their validation methods on a public mailing list, as they don't want to
>inform potential scammers of what they'd need to do to bypass ARIN's checks.

I guess you haven't been following the news this week.

The scammers clearly already do know how to get past whatever ARIN has been
doing, even if only half-heartedly, to "prevent fraud".

So, since the scammers already do know how to beat ARIN's vetting system,
what real harm is there in having ARIN officials explain TO THE REST OF
US all of the stuff that they are *not* doing, and whose lack allowed this
mess to happen in the first place?

As I say, the scammers already clearly know the holes in the system.  It's
only us poor dumb honest plebs who are being kept in the dark about what
really happened here, and how some obvious lack in the vetting process
eneded up as a ten million dollar fiasco, complete with legal action,
counter-action, and finally, the involvement of federal agents.

How did it come to this?  That's not an unreasonable question.

Perhaps you have heard the term "security by obscurity".  That appears to
be what you are arguing in favor of.  I just hope you are aware of the
fact that "security by obscurity" is generally considered to be a bad joke
in most well-informed circles.  I would hope that would be true here also,
among competent technical professionals, but perhaps not.

When even the smallest Cessna goes down in a populated area, the NTSB is
jonny-on-the-spot.  They come out, figure out what the bleep went wrong,
and then they tell the rest of us, all with a view toward making sure
it doesn't happen again.  But I am not sensing any such self-effacing
curiosity, rigor, or introspection when it comes to *this* epic mess.
So I need to ask... Am I really the only one who wants to find out what
the hell really happened here, how things went so far off the rails, and
what should be changed to prevent it from happening again?


More information about the ARIN-PPML mailing list