I've tried to sort some of the various aspects/expectations.
Lets see....
=> It depends on the level of "responsibility" and functionality granted to
=> and exercised by that end site. As I've said in a private mail already,
=> we should ask the question about the usefulness of "assigning" (in the
=> good old sense) very small amounts of addresses to sites which are tied
=> in to the services of their provider anyway. I guess most of the ADSL,
=> dial-up, cable-TV connection assignments sh/could be reviewed from that
=> point of view.
=
=The name and address info in the RIPE database needs to contain the
=person (or organisation) responsible for a certain amount of IP space,
=in my opinion.
=
=So, if an ISP wants to be responsible for the IP space it hands out to
=customers, then the ISP should be free to fill in their own name and
=address. This gives ISPs the freedom to fill the RIPE db with names
=and addresses of customers (that saves them the hassle of dealing with
=for example abuse coming from that site), or putting their own name
=in it (meaning they have to respond actively to for example abuse reports,
=which is the ISP's job anyway).
1) IP-Addresses are taken from a globally unique pool. Thus the global
Internet community expects to have access to publicly accessible
registry data to query the status (unassigned/reserved - allocated -
assigned) for a particular address or address block or other unique
resource.
2) The contact information listed for the individual resource serves
2 purposes:
a) it offers info to get in contact with a human being to resolve
connectivity problems (IP or application layer) between end sites
b) it offers info to get in touch with a human being in case of
operational problems that have an unwanted impact on the
performance or security of networks other than the source of the
problem (routing issues, spam, abuse).
Ref: 1:
While I still think that the open availability of that info is essential
for the responsible and continued operation of the Internet, it can be
argued whether contact info to get in touch with a human being has to be
publicly available.
In the long run, we probably have to deal with the authorities in one
way or another (on a national and international level), to get the
existence and maintainance of such a global registry recognized and
endorsed.
Ref: 2)a):
While "we" certainly have become comfortable with the notion of being
able to "talk" to everyone who is on the net (to resolve operational
problems for our own applications or customers), we might have to let
go here - and also to openly tell *our* customers, that we cannot help
in case of problems when the "other end" opts to remain anonymous (by
requesting contact info to be suppressed or, better yet, not to be
collected at all).
Ref: 2)b):
I think it is
- as much a resonable expectation held by all people and sites and
backbones on the net that their network(s) can be protected against
misuse (proactively), or that any incidents can be resolved quickly
and easily,
- as it might be reasonable to request anonymity on the net for end
sites.
I guess we have similar situations in real life, where there is a
conflict of expectations and interests between the individual and the
community, like
. license plates on vehicles to follow up on violation of rules,
. a public registry for real estate ownership to settle ownership claims
. or to track down the owners in case the patch of land becomes a source
of danger or nuisance for neighbours,
. registries for companies, their legal representatives and financial
backing (which many would certainly prefer not to disclose :-)
. registries for the address of citizens in case they do not live up to
contractual obligations
So, would we be better off by following up on our "IRT-pointer" proposal
and then offer the alternative to supply
- *either* the end users's contact information
- *or* the contact information for an IRT that has accepted
responsibility for the operational use of that resource? In most
cases, and for small end-user sites, this would be ISP staff, anyway.
Having a certain resource listed in the registry without any contact
information (neither individual contact nor IRT/ISP contact) should be
seen as a _strong_ hint to exercise strong care in dealing with that
site - by applying whatever means available to minimize the impact of
misconfiguration and/or attacks originating from those sites.
This could indeed limit the usefulness of those resources on a global
scale, much like you are allowed to obtain and drive a vehicle without
registration and thus without a license plate on private property -
but this vehicle gets filtered or blocked on any public road :-)
Comments?
Wilfried.
_________________________________:_____________________________________
Wilfried Woeber : e-mail: Woeber(a)CC.UniVie.ac.at
UniVie Computer Center - ACOnet : Tel: +43 1 4277 - 140 33
Universitaetsstrasse 7 : Fax: +43 1 4277 - 9 140
A-1010 Vienna, Austria, Europe : RIPE-DB: WW144, PGP keyID 0xF0ACB369
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~