I'm fine with that. Thanks. / Patrick Arkley ** sent from mobile device ** ----- Original Message ----- From: Gert Doering <gert@space.net> To: Arkley, Patrick Cc: address-policy-wg@ripe.net <address-policy-wg@ripe.net> Sent: Tue Oct 13 09:29:31 2009 Subject: Re: [address-policy-wg] Inet6num requirements in the db Hi, there's two parallel "inet6num registration" discussions going on at the same time - let me respond to this one first, because it's a bit easier. On Fri, Oct 09, 2009 at 01:52:07PM +0200, Arkley, Patrick wrote:

I seem to recall from the RIPE meeting that Axel talked about the RIPE database as a valuable source of information. Also other organisations thinks it is a valuable and trustworthy source. It is also a very easy way of finding out the most likely users (at least one step down stream from the LIR) of a specific IP-range.

But how come there is no requirement to add end-user objects for IPv6? Only the LIR's allocations are required. If we want to continue the work that has been done for IPv4 I think we need end-user objects for IPv6 as well.

Regarding end-user registrations in the RIPE DB, there are a few conflicting interests to balance: - finding someone "who can make it stop" in case of net-abuse - knowing the end user - protection of personal data for private users - documenting that the network resources are properly used The crucial one is balancing the first one vs. the third one. For private users, there really is no point in having the contact data of the end customer in the database - because if they get some angry e-mails or phone calls from someone who is just now being attacked from their PC, the chance is very high that this end user has no idea whatsoever to do about it. So the best point of contact in that case might be the ISP, who knows the customer, knows whom to call, and how to bring the message "your 0wn3d" across. Now, if there is not much sense in having that data around (because it won't help), EU data protection requires that we don't store it in the first place... Now, for enterprise customers, or multi-level ISP re-seller structures, the question of "whom to contact" and responsibility for abuse handling is different again - so for these, registering the inet6num: objects makes very much sense, and is perfectly fine according to data protection laws (because there is an operational purpose of storing the data). There has been long discussions about this whole topic, mostly taking place in the database working group, and this is the resulting compromise: - you *can* store the end user objects in the RIPE DB, if it makes sense - you don't *have* to store them (in a publically visible database), if it does not make sense - the data needs to be made available to the RIPE NCC, so that for additional allocations, the usage ratio of your allocation can be verified - but that can be in a private DB only accessible to the NCC. So - basically this means "the contact of last resort is the LIR, and if they are not publishing end-user contact data, they (need to!) take responsibility for handling all issues relating to that network block". I assume that this answer is not exactly what you have hoped for, but I think that this should at least clarify the reasoning a bit. Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 141055 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 Verizon Sweden AB - registrerat i Sverige med organisationsnummer 556489-1009– huvudkontorets adress: Armégatan 38, Box 4127, 171 04 Solna, Sverige