[75045] in North American Network Operators' Group
Re: Big List of network owners?
daemon@ATHENA.MIT.EDU (Tom Vest)
Thu Oct 28 17:42:19 2004
In-Reply-To: <200410281856.i9SIuf1M013564@turing-police.cc.vt.edu>
Cc: Joe Abley <jabley@isc.org>, John Underhill <stepnwlf@magma.ca>,
nanog@merit.edu
From: Tom Vest <tvest@pch.net>
Date: Thu, 28 Oct 2004 17:41:50 -0400
To: Valdis.Kletnieks@vt.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Oct 28, 2004, at 2:56 PM, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 28 Oct 2004 14:17:14 EDT, Tom Vest said:
>
>> operators. For those 3000+/- you can be reasonably confident that
>> their
>> whois data is correct; the other 15.5k actively routed ASNs (much less
>> the routed netblocks, and less still the idled ASNs and netblocks) are
>> anyone's guess...
>
> Certainly matches up with what my gut feeling was telling me....
>
> And of course, the irony is that those 3K ASNs will probably exchange
> billions
> of packets with us on total autopilot, and I'll almost never need to
> find the
> owner, but the fact that I'm unable to identify who's *really*
> responsible for
> a given specific /24 makes an address in that /24 all the more
> desirable to the
> sort of people who will end up making me look for the /24's owner,
> when I'd
> much rather never have had any conscious knowledge of that particular
> /24 being
> routable at all...
That irony may disappear soon, but perhaps not in a good way. Observing
the general policy trend across the registries, it seems that all are
moving toward a system where publicly available contact information for
any/all assigned numbers is optimized for resource management, while
preserving maximum flexibility for anonymous operation. That is to
say, operators may eventually provide visible whois entries that
include only a workable email address (e.g.,
ASN54321@genericemailservice.com) and a cell phone number. So long as
these contacts are sufficient to request/remit annual registry renewal
fees, the whois requirement will be satisfied.
Opinions vary as to whether this is a good thing or a bad thing. Some
advocates suggest that anonymity will help mitigate some security
issues, although it seems to me a little incongruous that security
through obscurity is advocated in this sphere at the same time that it
is ridiculed in other contexts. Anyway, during the ARIN public forum
last week there were repeated suggestions that the "scope and purpose"
of whois database be clarified once and for all, at least at the
institutional (ARIN) level. I for one would hate to see operator
identity (i.e., as you say "who's *really* responsible" for a given
number) disappear from that that "scope and purpose," especially
without considering that change and all of its implications very very
carefully.
Tom
