Hi Jonathan,
Thank you for bringing this proposal forward. While the intention to address
privacy concerns is understandable, I would like to highlight several issues
that may arise if this policy is implemented:
Lack of Justification for Removal – The proposal does not provide sufficient
evidence of widespread harm due to public WHOIS data exposure or assess the
impact of removal on legitimate users.
Impact on Network Operations and Security – Restricting access to contact
details could hinder network troubleshooting, abuse handling, and incident
response for ISPs, security researchers, and CSIRTs.
Unclear Enforcement Mechanism – The proposal suggests requiring bulk WHOIS
consumers to remove already obtained data but does not outline how APNIC will
ensure compliance, especially for global entities.
Inconsistency with Other RIRs – No other RIRs impose similar restrictions on
WHOIS data. A unilateral change by APNIC may lead to policy fragmentation and
operational inconsistencies.
Potential Impact on Transparency – Limiting WHOIS data availability may reduce
visibility into IP resource ownership, making it harder to track bad actors and
increasing the risk of fraudulent activities.
Increased Operational Burden on APNIC – Moving contact information behind
authentication may result in an increased number of manual inquiries and
authentication requests, creating an additional workload for APNIC.
No Clear Alternative for Legitimate Users – The proposal does not provide a
viable alternative for researchers, network engineers, and security teams who
rely on WHOIS data for non-abuse-related queries.
Given these concerns, I recommend exploring a more balanced approach, such as
rate limiting or requiring authentication for sensitive data, instead of
completely removing public WHOIS contact details.
Looking forward to further discussions on this matter.
BR
Babir
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
