North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Big List of network owners?

  • From: Tom Vest
  • Date: Thu Oct 28 17:42:59 2004

On Oct 28, 2004, at 2:56 PM, [email protected] wrote:

On Thu, 28 Oct 2004 14:17:14 EDT, Tom Vest said:

operators. For those 3000+/- you can be reasonably confident that their
whois data is correct; the other 15.5k actively routed ASNs (much less
the routed netblocks, and less still the idled ASNs and netblocks) are
anyone's guess...
Certainly matches up with what my gut feeling was telling me....

And of course, the irony is that those 3K ASNs will probably exchange billions
of packets with us on total autopilot, and I'll almost never need to find the
owner, but the fact that I'm unable to identify who's *really* responsible for
a given specific /24 makes an address in that /24 all the more desirable to the
sort of people who will end up making me look for the /24's owner, when I'd
much rather never have had any conscious knowledge of that particular /24 being
routable at all...
That irony may disappear soon, but perhaps not in a good way. Observing the general policy trend across the registries, it seems that all are moving toward a system where publicly available contact information for any/all assigned numbers is optimized for resource management, while preserving maximum flexibility for anonymous operation. That is to say, operators may eventually provide visible whois entries that include only a workable email address (e.g., [email protected]) and a cell phone number. So long as these contacts are sufficient to request/remit annual registry renewal fees, the whois requirement will be satisfied.

Opinions vary as to whether this is a good thing or a bad thing. Some advocates suggest that anonymity will help mitigate some security issues, although it seems to me a little incongruous that security through obscurity is advocated in this sphere at the same time that it is ridiculed in other contexts. Anyway, during the ARIN public forum last week there were repeated suggestions that the "scope and purpose" of whois database be clarified once and for all, at least at the institutional (ARIN) level. I for one would hate to see operator identity (i.e., as you say "who's *really* responsible" for a given number) disappear from that that "scope and purpose," especially without considering that change and all of its implications very very carefully.