Send ARIN-PPML mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.arin.net/mailman/listinfo/arin-ppml
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ARIN-PPML digest..."
Today's Topics:
1. Re: POC privacy (Christoph Blecker)
2. Re: POC privacy (Kevin Kargel)
3. Re: POC privacy (Kevin Kargel)
4. Re: POC privacy (Lee Dilkie)
5. Re: POC privacy (Kevin Kargel)
6. Re: POC privacy (Steven Noble)
----------------------------------------------------------------------
Message: 1
Date: Fri, 26 Oct 2012 09:21:18 -0700
From: Christoph Blecker <[email protected]>
To: Patrick Klos <[email protected]>
Cc: Klos Technologies Legal Folder <[email protected]>,
[email protected]
Subject: Re: [arin-ppml] POC privacy
Message-ID:
<CADx2oGG2UWgAGzmV=E9D--G3evck1+Fz0aY+f=ap0iokc1s...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Fri, Oct 26, 2012 at 8:30 AM, Patrick Klos <[email protected]> wrote:
> Andrew Koch wrote:
>
> Yesterday during the open mic at the policy meeting, Mike Joseph of
> Google had planted an idea of making Admin and Tech contacts private.
>
> Rather than being able to move all Admin and Tech contacts to being
> private, I would be in favor of requiring one public POC of each type
> be visible. However, additional POCs of those types could be marked
> private.
>
> This would provide for the ability to move all but a select
> representative or role account to receive communications into a
> private status. These private POCs could continue to manage
> resources. It also balances the concern that POCs may receive a large
> bit of unwanted communications and the need to contact them.
>
> As I think about this a bit further, creating a role POC and then
> being able to link multiple ARIN Online accounts to that role POC is
> already available. This would meet the ability to manage resources,
> but not place personal details in the public database. So, I think
> further information on the drivers of this are needed.
>
> In some after-meeting discussions, another thought that was brought
> forward was moving the ability to view certain POC data to a
> restricted system. For example, in public whois, the resource would
> link to a POC name, but the details (name, phone, email) would be only
> accessible after logging into ARIN Online, or using REST with an API
> key.
>
> Regards,
> Andrew Koch
>
>
>
> These ideas of hiding POCs are ridiculous! What is the purpose of a "point
> of CONTACT" if you cannot use it to CONTACT someone?!?!
>
> I constantly use POCs to try to notify resource owners that their resources
> (usually a server on their network) have been compromised and are behaving
> badly (i.e. hosting phishing sites or viruses/trojans). I don't get paid to
> do it - I do it because it needs to be done. If more obstacles are put in
> my way (i.e. requiring me to use various web interfaces and log in to get
> the details I need), I will have less and less time to help out the
> community.
>
> What are people worried about that they feel their POC information should be
> "private"??
>
> A little spam?!? I get so little spam on my POC email addresses, it's silly
> to worry about it!
> What else? Privacy?? Businesses (legitimate ones, anyway) have no reason
> to hide themselves!
>
> What good is a "private" POC? Who would ever got to use it if it's
> private???
>
> Can someone come up with a single legitimate example of why they should have
> public Internet resources assigned to them, but their contact information
> should be hidden from the world??
>
> Sincerely,
>
> Patrick Klos
> Klos Technologies, Inc.
POCs are also used by ARIN to determine who is permitted to modify
records. Technical and Admin POCs linked to ORGs are how this
permissions relationship works. Now fair, private Abuse or NOC POCs
are kind of useless, but the entire argument isn't without merit.
Cheers,
Christoph
------------------------------
Message: 2
Date: Fri, 26 Oct 2012 11:28:32 -0500
From: Kevin Kargel <[email protected]>
To: 'Patrick Klos' <[email protected]>, "'[email protected]'"
<[email protected]>
Cc: 'Klos Technologies Legal Folder' <[email protected]>
Subject: Re: [arin-ppml] POC privacy
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
The tech and abuse PoC's need to be public. They need to be real, accessible
and responsive contacts. If they are not publically accessible they are
useless. If you make them private just eliminate them.
I would go in the other direction completely and say that there needs to be a
public reporting process where members of the public could easily report
non-responsive Tech and Abuse contacts to ARIN and then ARIN could investicate
and remove non-responsive contacts.
Admin PoC's also need to be public to accept legal communications.
If all contacts for a netblock are non-responsive then the netblock should be
considered abandoned and reclaimed.
Think about it.. These are *CONTACTS* .. What good is a contact if you can't
"contact" it..
Kevin Kargel
Polar Communications
________________________________
From: [email protected] [mailto:[email protected]] On
Behalf Of Patrick Klos
Sent: Friday, October 26, 2012 10:30 AM
To: [email protected]
Cc: Klos Technologies Legal Folder
Subject: Re: [arin-ppml] POC privacy
Andrew Koch wrote:
Yesterday during the open mic at the policy meeting, Mike
Joseph of
Google had planted an idea of making Admin and Tech contacts
private.
Rather than being able to move all Admin and Tech contacts to
being
private, I would be in favor of requiring one public POC of
each type
be visible. However, additional POCs of those types could be
marked
private.
This would provide for the ability to move all but a select
representative or role account to receive communications into a
private status. These private POCs could continue to manage
resources. It also balances the concern that POCs may receive
a large
bit of unwanted communications and the need to contact them.
As I think about this a bit further, creating a role POC and
then
being able to link multiple ARIN Online accounts to that role
POC is
already available. This would meet the ability to manage
resources,
but not place personal details in the public database. So, I
think
further information on the drivers of this are needed.
In some after-meeting discussions, another thought that was
brought
forward was moving the ability to view certain POC data to a
restricted system. For example, in public whois, the resource
would
link to a POC name, but the details (name, phone, email) would
be only
accessible after logging into ARIN Online, or using REST with
an API
key.
Regards,
Andrew Koch
These ideas of hiding POCs are ridiculous! What is the purpose of a
"point of CONTACT" if you cannot use it to CONTACT someone?!?!
I constantly use POCs to try to notify resource owners that their
resources (usually a server on their network) have been compromised and are
behaving badly (i.e. hosting phishing sites or viruses/trojans). I don't get
paid to do it - I do it because it needs to be done. If more obstacles are put
in my way (i.e. requiring me to use various web interfaces and log in to get
the details I need), I will have less and less time to help out the community.
What are people worried about that they feel their POC information
should be "private"??
1. A little spam?!? I get so little spam on my POC email
addresses, it's silly to worry about it!
2. What else? Privacy?? Businesses (legitimate ones, anyway)
have no reason to hide themselves!
What good is a "private" POC? Who would ever got to use it if it's
private???
Can someone come up with a single legitimate example of why they should
have public Internet resources assigned to them, but their contact information
should be hidden from the world??
Sincerely,
Patrick Klos
Klos Technologies, Inc.
------------------------------
Message: 3
Date: Fri, 26 Oct 2012 11:40:30 -0500
From: Kevin Kargel <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Re: [arin-ppml] POC privacy
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
>
> POCs are also used by ARIN to determine who is permitted to
> modify records. Technical and Admin POCs linked to ORGs are
> how this permissions relationship works. Now fair, private
> Abuse or NOC POCs are kind of useless, but the entire
> argument isn't without merit.
>
> Cheers,
> Christoph
I would sort of buy in to the concept of public and private "contacts" if there
were an 'ORG' PoC to take over the role currently held by the ADMIN contact.
So long as there are three classes of contacts (Organizational/Legal, Technical
and Abuse) required to be public and responsive then "Admin" contacts solely
for the purpose of interacting with ARIN could be private. That way a company
could grant admin rights to an employee without exposing that employee to the
world.
It would be nice but perhaps not absolutely necessary if the 'Admin' contacts
were visible to ARIN membership. Perhaps the best bet would be to make it
possible for the end user to set the visibility level for those contacts -
public, community or private.
Kevin
------------------------------
Message: 4
Date: Fri, 26 Oct 2012 11:59:48 -0400
From: Lee Dilkie <[email protected]>
To: Patrick Klos <[email protected]>
Cc: Klos Technologies Legal Folder <[email protected]>,
[email protected]
Subject: Re: [arin-ppml] POC privacy
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
agreed.
On 10/26/2012 11:30 AM, Patrick Klos wrote:
> Andrew Koch wrote:
>> Yesterday during the open mic at the policy meeting, Mike Joseph of
>> Google had planted an idea of making Admin and Tech contacts private.
>>
>> Rather than being able to move all Admin and Tech contacts to being
>> private, I would be in favor of requiring one public POC of each type
>> be visible. However, additional POCs of those types could be marked
>> private.
>>
>> This would provide for the ability to move all but a select
>> representative or role account to receive communications into a
>> private status. These private POCs could continue to manage
>> resources. It also balances the concern that POCs may receive a large
>> bit of unwanted communications and the need to contact them.
>>
>> As I think about this a bit further, creating a role POC and then
>> being able to link multiple ARIN Online accounts to that role POC is
>> already available. This would meet the ability to manage resources,
>> but not place personal details in the public database. So, I think
>> further information on the drivers of this are needed.
>>
>> In some after-meeting discussions, another thought that was brought
>> forward was moving the ability to view certain POC data to a
>> restricted system. For example, in public whois, the resource would
>> link to a POC name, but the details (name, phone, email) would be only
>> accessible after logging into ARIN Online, or using REST with an API
>> key.
>>
>> Regards,
>> Andrew Koch
>>
>
> These ideas of hiding POCs are ridiculous! What is the purpose of a
> "point of CONTACT" if you cannot use it to CONTACT someone?!?!
>
> I constantly use POCs to try to notify resource owners that their
> resources (usually a server on their network) have been compromised
> and are behaving badly (i.e. hosting phishing sites or
> viruses/trojans). I don't get paid to do it - I do it because it
> needs to be done. If more obstacles are put in my way (i.e. requiring
> me to use various web interfaces and log in to get the details I
> need), I will have less and less time to help out the community.
>
> What are people worried about that they feel their POC information
> should be "private"??
>
> 1. A little spam?!? I get so little spam on my POC email addresses,
> it's silly to worry about it!
> 2. What else? Privacy?? Businesses (legitimate ones, anyway) have
> no reason to hide themselves!
>
> What good is a "private" POC? Who would ever got to use it if it's
> private???
>
> Can someone come up with a single legitimate example of why they
> should have public Internet resources assigned to them, but their
> contact information should be hidden from the world??
>
> Sincerely,
>
> Patrick Klos
> Klos Technologies, Inc.
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List ([email protected]).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact [email protected] if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.arin.net/pipermail/arin-ppml/attachments/20121026/4271800b/attachment-0001.html>
------------------------------
Message: 5
Date: Fri, 26 Oct 2012 12:54:23 -0500
From: Kevin Kargel <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Re: [arin-ppml] POC privacy
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
.
What are people worried about that they feel their POC information should be
"private"??
1. A little spam?!? I get so little spam on my POC email
addresses, it's silly to worry about it!
2. What else? Privacy?? Businesses (legitimate ones, anyway)
have no reason to hide themselves!
<kjk> One other point I wanted to make here going further on point #2 -
Businesses using a *shared* resource such as the *shared* public internet not
only have no reason to hide themselves, they have an obligation to be reachable
by the members of the community they are sharing the resources with. If they
don't want to participate in the shared public resource then they don't need
shared public resources in the first place. The simple act of reserving a
globally unique address consumes a shared resource and obligates the consumer
to be reachable, even if the globally unique address is never routed globally.
JMO </kjk>
What good is a "private" POC? Who would ever got to use it if it's
private???
Can someone come up with a single legitimate example of why they should
have public Internet resources assigned to them, but their contact information
should be hidden from the world??
Sincerely,
Patrick Klos
Klos Technologies, Inc.
------------------------------
Message: 6
Date: Fri, 26 Oct 2012 11:25:08 -0700
From: Steven Noble <[email protected]>
To: Kevin Kargel <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [arin-ppml] POC privacy
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
I don't see one. If a network is spamming or an AS is advertising a wrong
prefix or your prefix as a /24 you want the best available information
possible. Even the address can matter.
A semi relevant read.
http://www.foundersatwork.com/1/post/2012/10/what-goes-wrong.html
Let me give you one last example of improvising. The Justin.tv founders were
having a lot of scaling issues in the beginning. One weekend their whole video
system went down. Kyle was in charge of it, but no one knew where Kyle was. And
Kyle wasn't picking up his cell phone. This was live video so it was pretty
critical that this get fixed immediately.
Michael Siebel called Kyle's friends and found out he was in Lake Tahoe and got
the address of the house. So here's a problem for you, you know the address
where someone is and he's not answering his phone. How do you get a message to
him right away? Michael went on Yelp and looked for a pizza place near the
house and called them up and said, "I want to have a pizza delivered. But
never mind the pizza. Just send a delivery guy over and say these four words:
The site is down." The pizza place was very confused by this, but they send the
pizza guy without a pizza, Kyle answers the door, and the pizza guy says, "The
site is down." Kyle was able to fix it, and the site was down for less than an
hour total from beginning to end.
Sent from my iPhone
On Oct 26, 2012, at 10:54 AM, Kevin Kargel <[email protected]> wrote:
> .
>
> What are people worried about that they feel their POC information should be
> "private"??
>
>
> 1. A little spam?!? I get so little spam on my POC email addresses,
> it's silly to worry about it!
>
> 2. What else? Privacy?? Businesses (legitimate ones, anyway) have no
> reason to hide themselves!
>
> <kjk> One other point I wanted to make here going further on point #2 -
> Businesses using a *shared* resource such as the *shared* public internet not
> only have no reason to hide themselves, they have an obligation to be
> reachable by the members of the community they are sharing the resources
> with. If they don't want to participate in the shared public resource then
> they don't need shared public resources in the first place. The simple act
> of reserving a globally unique address consumes a shared resource and
> obligates the consumer to be reachable, even if the globally unique address
> is never routed globally. JMO </kjk>
>
> What good is a "private" POC? Who would ever got to use it if it's
> private???
>
> Can someone come up with a single legitimate example of why they should
> have public Internet resources assigned to them, but their contact
> information should be hidden from the world??
>
> Sincerely,
>
> Patrick Klos
> Klos Technologies, Inc.
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List ([email protected]).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact [email protected] if you experience any issues.
------------------------------
_______________________________________________
ARIN-PPML mailing list
[email protected]
http://lists.arin.net/mailman/listinfo/arin-ppml
End of ARIN-PPML Digest, Vol 88, Issue 22
*****************************************
