Send ARIN-PPML mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.arin.net/mailman/listinfo/arin-ppml
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ARIN-PPML digest..."
Today's Topics:
1. Re: POC privacy (Patrick Klos)
2. Re: POC privacy (Jimmy Hess)
----------------------------------------------------------------------
Message: 1
Date: Fri, 26 Oct 2012 18:55:40 -0400
From: Patrick Klos <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Re: [arin-ppml] POC privacy
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Chu, Yi [NTK] wrote:
> Good story aside, some people may not appreciate the fact that any
> anonymous person on earth can track them down, especially the pizza
> guy had no business in the network.
>
> I take this story as indication that the current system is lacking
> concern for privacy.
I don't think the story has any privacy implications whatsoever? It was
just a good story about how resourceful some people can be when they
need to contact someone who is otherwise incommunicado! (and I suspect
the pizza guy was somehow compensated for his "delivery"?)
If a person or entity has resources on the [public] Internet, and those
resources are misbehaving in one way or another, why shouldn't "any
anonymous person on earth" be able to track down the owner or
operator/ISP of those resources to make sure they're aware of the bad
behavior?? Whether people "appreciate" that level of responsibility or
not, they get it when they sign up for the [public] Internet.
If one of my hosts on one of my networks was causing an issue or not
working properly, I hope that some kind [anonymous] person would attempt
to contact me ASAP so I can deal with the issue. I have no reason to
hide from anyone, and I certainly don't want any of my equipment to
cause trouble for my customers or anyone else on the Internet!
Patrick Klos
Klos Technologies, Inc.
> -----Original message-----
>
> *From: *Patrick Klos <[email protected]>*
> To: *Steven Noble <[email protected]>*
> Cc: *"[email protected]" <[email protected]>*
> Sent: *Fri, Oct 26, 2012 15:19:41 CDT*
> Subject: *Re: [arin-ppml] POC privacy
>
> Steven Noble wrote:
> > Michael Siebel called Kyle's friends and found out he was in Lake
> Tahoe and got the address of the house. So here's a problem for
> you, you know the address where someone is and he's not answering
> his phone. How do you get a message to him right away? Michael
> went on Yelp and looked for a pizza place near the house and
> called them up and said, "I want to have a pizza delivered. But
> never mind the pizza. Just send a delivery guy over and say these
> four words: The site is down." The pizza place was very confused
> by this, but they send the pizza guy without a pizza, Kyle answers
> the door, and the pizza guy says, "The site is down." Kyle was
> able to fix it, and the site was down for less than an hour total
> from beginning to end.
> >
> > Sent from my iPhone
> >
>
> Wow... PIZZA-GRAM... that's a great story! (And you typed in on an
> iPhone - I don't have the patience!)
>
> I've been known to jump through hoops once or twice to track down
> someone at some domain or network, but Michael Siebel has taken it to
> the next level. I am seriously impressed! I'll have to remember
> this
> one. I suspect it'll work with Chinese take-out as well?? ;^)
>
> I hope Kyle got a pizza out of the deal anyway?
>
> Patrick
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List ([email protected]).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact [email protected] if you experience any issues.
>
>
> ------------------------------------------------------------------------
>
> This e-mail may contain Sprint Nextel proprietary information intended
> for the sole use of the recipient(s). Any use by others is prohibited.
> If you are not the intended recipient, please contact the sender and
> delete all copies of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.arin.net/pipermail/arin-ppml/attachments/20121026/d9b60a1d/attachment-0001.html>
------------------------------
Message: 2
Date: Fri, 26 Oct 2012 20:52:12 -0500
From: Jimmy Hess <[email protected]>
To: Christoph Blecker <[email protected]>
Cc: Klos Technologies Legal Folder <[email protected]>,
[email protected]
Subject: Re: [arin-ppml] POC privacy
Message-ID:
<CAAAwwbX5fkLSgd58L+cYuRcgjHHLRzEus6F=sv4+-x5yfit...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 10/26/12, Christoph Blecker <[email protected]> wrote:
> POCs are also used by ARIN to determine who is permitted to modify
> records. Technical and Admin POCs linked to ORGs are how this
> permissions relationship works. Now fair, private Abuse or NOC POCs
> are kind of useless, but the entire argument isn't without merit.
I see how there is potential value there for some organizations. To be
able to list additional authorized users, without a contact listing.
But Organizations like Google should be leveraging automation, and
the API interfaces, from centralized systems, rather than having
lots of people permitted to directly modify any record.
That also enables the possibility of additional checks against human
error, and the requisite auditing and security controls.
Having more than a few individuals permitted to directly modify
resources, without even having detailed info shown in WHOIS = Risk.
I realize ARIN uses POCs for this purpose. And other organizations
that wish to have an individual prove authorization, will also use
ARIN POC data as a means of validation.
So POCs have a dual purpose. And yet something that isn't actually
listing contact information in whois, is by definition not a
legitimate usable point of contact.
If the suggestion is to be able to have additional "Private agents"
who may be authorized to submit ARIN resource changes and requests,
who choose to not have listed contact details.
I think I would concede that it is not _that_ bad, as long as:
(1) Private agent data is still required to be recorded, just as if
the POC was going to be fully listed, and all data is still available
to POCs of the organization, such as the administrative contacts.
Possibly by listing just the full name and encrypting the POC
detailed info in WHOIS using PGP, such that only ARIN systems and
other POCs of the organization are enabled to view the complete
contact details.
(2) Every organization still has to have at least one listed Admin
POC, who is a responsive individual, and all details are public.
(3) Every organization has at least one listed NOC or Technical POC,
where all details are public.
(4) Every organization has at least one listed Abuse POC, where all
details are public.
> Cheers,
> Christoph
--
-JH
------------------------------
_______________________________________________
ARIN-PPML mailing list
[email protected]
http://lists.arin.net/mailman/listinfo/arin-ppml
End of ARIN-PPML Digest, Vol 88, Issue 24
*****************************************
