Re: [Community-Discuss] [Ext] Re: Community-Discuss Digest, Vol 547, Issue 1

2019-12-08 Thread Leo Vegoda
On 12/8/19, 3:33 PM, "Ronald F. Guilmette"  wrote:

[...]

> Mr. Vegoda appears to be arguing that 

No, I am not making an argument, I am observing that there is a difference in 
the way these two RIRs perform this function. 

Kind regards,

Leo Vegoda

___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss


Re: [Community-Discuss] [Ext] Re: Community-Discuss Digest, Vol 547, Issue 1

2019-12-08 Thread Ronald F. Guilmette
In message <4d311b9c-2bf1-45a8-bf21-a4dffb989...@icann.org>, 
Leo Vegoda  wrote:

>... {snipped} ...

Mr. Vegoda appears to be arguing that even if one jumps through all
necessary hoops in order to obtain "researcher" access to the RIPE
data base, one still won't get a full and unredacted copy of that
(RIPE) data base.

I do not presently believe that to be true, but I would argue that even
if it is true, it doesn't matter, and that any such restriction is just
another sign of modern bureaucrats covering their own asses while making
life pointlessly difficult for everyone else.

In the case of both the RIPE data base and the AFRINIC data base, I hope
that we can all agree that it is trivially possible to download, via
FTP, redacted copies of these data bases, and that from these it is
trivially possible to extract full lists of all relevant person and role
handles.

I hope that we can further agree that given such lists of person and
role handles, it is also a programatically trivial matter to use those
handle lists to directly query the relevant WHOIS servers, using the
-B option, in order to obtain unredacted copies of all such person and
role records, and further, that any one of the numerous commercially
available proxy services may be used in order to trivially skirt any
troublesome per-IP rate limits that may apply to such sets of sequential
WHOIS queries.

In short, the act of denying direct access to unredacted copies of *any*
RIR WHOIS data base is a fool's errand, and one which may be trivially
circumvented by any truly determined party.  It's ultimate practical
effect, therefore, is simply to inconvenience both bad actors and
legitimate researchers alike, while not materially preventing access
to the unredacted data in question.  This does not even qualify as
the much maligned "security through obscurity".  This is "security
through inconvenience" and is demonstratably, in the end, equally
pointless and foolish.

There are two possible responses to these undeniable facts:  (1) arrange
for all RIRs to *always* redact *all* contact information from *all*
WHOIS queries, or else (2) stop wasting everyone's time with these
ridiculous and provably futile attempts to pander to the anti-transparency
lobby.

Option (1) would quite obviously be disasterous for the continued smooth
functioning of the Internet.  If things start to go seriously haywire
on any given network, and if no one on the entire planet can even find
contact information for that network, then havoc will quite obviously
ensue.  Not that this means anything to the anti-transparency advocates.
As far as they are concerned, personal privacy is the ultimate consideration,
even for network opeerators, and even if, taken to its logical conclusion,
it means that we all have to go back to living in our own privacy-enhancing
personal caves.

On the other hand, option (2) is equally unacceptable, at least to the
anti-transparency "personal privacy" advocates and their attorneys who
have, over time, deminstrated a pronounced preference for hiding not
only all of their activities but also even their identities in places
like Mauritius, Malta, the Seychelles, and the Cayman Islands.

My hope is that the poople on this list will appreciate that a global
interconnected network is not at all well served by rendering communication
between network managers either difficult or impossible, and that thus,
all here will soundly reject option (1) as the perfect idiocy that it is.

It's time to stop hiding the ball and pandering to "offshore" skulduggery
and none of the RIRs have any viable *or* legal excuse for continuing to
do so, especially not now, when there has been an ample demonstration
of the use of an opaque offshore jurisdiction in conjunction with the
insider-engineered theft of AFRINIC IPv4 address space.  (See the
particulars relating to ORG-AISL1-AFRINIC for further information.)


Regards,
rfg

___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss


Re: [Community-Discuss] [Ext] Re: Community-Discuss Digest, Vol 547, Issue 1

2019-12-08 Thread Leo Vegoda
Owen DeLong  wrote:

[...]

> Whois is data that is published generally, so your comments here 
> about DPR don’t really apply.
> 
> Such WHOIS dumps are available from RIPE, so I don’t think it is a 
> GDPR issue at all.

Both AFRINIC and RIPE NCC public database dumps on their FTP sites but the RIPE 
NCC data is cleaned to remove more person data than the AFRINIC data dumps. The 
AFRINIC data includes the unique nic-hdl of contacts for resources but the 
dumps published by the RIPE NCC replace the unique nic-hdl with DUMY-RIPE:

person:  Placeholder Person Object
address: RIPE Network Coordination Centre
address: P.O. Box 10096
address: 1001 EB Amsterdam
address: The Netherlands
phone:   +31 20 535 
nic-hdl: DUMY-RIPE
mnt-by:  RIPE-DBM-MNT
remarks: **
remarks: * This is a placeholder object to protect personal data.
remarks: * To view the original object, please query the RIPE
remarks: * Database at:
remarks: * http://www.ripe.net/whois
remarks: **
created: 2009-11-11T16:36:07Z
last-modified:   2009-11-11T16:36:07Z
source:  RIPE

Kind regards,

Leo

___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss