|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: APNIC Privacy of customer assignment records - implementation update
In a message written on Thu, Sep 23, 2004 at 05:56:42PM -0400, Joe Abley wrote:
> The proposal (which comes from APNIC members, not from APNIC staff)
> concerns non-portable addresses assigned to end-users. I don't know
> about anybody else, but I've never had any luck getting a response from
> people in that category anyway; it's invariably the upstream ISPs who
> respond (if anybody does), and there is no suggestion that their
> contact details will be able to be hidden.
There are several proposals in various stages before ARIN and RIPE
about this same issue. APNIC simply beat everyone to the punch, but
most of the other groups are going down the same path.
The interesting case brought by several providers is that some
residential DSL providers are now assigning /29's to end users to
support multiple boxes. In some cases these additional boxes are
service provider boxes to provide value-add services (think, a voice
or video gateway box). This creates the very real situation where
"grandma" is now published in whois.
"grandma" doesn't like the spam, doesn't want to be listed (she
already has an unlisted phone number) and even if her machine is
owned and spewing forth spam contacting her is just going to result
in confusion. To that end the service provider would like to not
list her, protect her privacy, and when people query have only their
block and contact show up so they can field the call and either
block her port, or have a (hopefully more helpful) customer service
person help her clean her infected machine or whatever.
Generally the people who actually work abuse all have a similar report:
end user assignments in whois are worthless. End users fall into one
of two catagories:
1) "grandma", where contacting her is going to get you nowhere because
they don't know what you're talking about.
2) An abuser (spammer, ddoser, whatever). These people either won't
respond, or will respond but take no action, in both cases hoping
to string you along and make you either go away, or at least buy
some more time while they tie you up dealing with them.
Because of this most of the people dealing with abuse are already
ignoring end user contact information and going straight to the
upstream ISP anyway.
This brings us to why these proposals are getting traction in all the
RIR's. Spending thousands of hours maintaining data that many (most?
nearly all?) of the users say is useless is silly.
Indeed, this is the same thing many of the people who have alredy
responded to this thread have said, only turned on it's head. "I
treat all APNIC data as worthless" easily translates into "APNIC
shouldn't keep the data" when you're one of the people paying the
costs to upkeep the data.
Chicken and egg, or egg and chicken? I'm not really sure. That
said, the current rules basically ensure that at some point in the
future, when everyone needs a /29, everyone on the planet will be
listed in whois. That to me is the truely absurd part. I don't
understand people who think every DSL, and every cable modem user
should be listed in whois /purely by the fact that they have a
couple of static IP addresses/. I can't imagine how that makes
anything better for anyone.
Many people will automatically tie this into another issue, but it
is a separate issue. Upstreams, or more importantly LIR's (in
registry speak) need to have valid contact information and need to
act on complaints. I'm not quite sure how we enforce those
requirements. However, the lack of being able to enforce those
requirements does not make listing everyone any better of a solution.
--
Leo Bicknell - [email protected] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [email protected], www.tmbg.org
Attachment:
pgp00012.pgp
|