Privacy of info in IP requests [was: Re: Draft internic ip allocation doc]
Dear Local-IR folks! I don't know how many of us are following the PI vs. PA address discussion on CIDRD and other lists, probably quite a few - apologies to those who now get just another copy - but the message as appended below strung a cord inside me. More so after talking to people from the DE-NIC a while ago, who as I understood worried about security and privacy of the information stored at their premises. I'd be really interested in the point of view of others. I recognize that we, being a SP registry for an R&D community might have have less stringent requirements, but even then the delimiting criteria become more and more blurred these days... Wilfried. PS: Mike, apologies for not asking you before hitting the LOCAL-IR list, but I think it's really something to think about... -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 -------------------------------------------------------------------------- From: Mark Kosters <markk@internic.net> Subject: Re: Draft internic ip allocation doc To: peter@agis.net (Peter Kline) Date: Wed, 17 May 1995 13:40:46 -0400 (EDT) CC: markk@internic.net, nanog@merit.edu, cidrd@iepg.org, kimh@internic.net
What's being asked for here is what a lot of businesses might consider proprietary or trade secret type information. There are few secrets on the Internet, we all know, once the network is in place, but plans for expansion and new business ought to be confidential until the day the circuit is turned on.
To an extent this problem can be mitigated by private IP numbering, etc., but more and more I believe people will resist submitting this kind of information.
We are very sensitive to the privacy of this information - to the point that the we are considered within the company to be fanatical on not letting anyone who is not a part of this project be able to touch our net(s) or operations area in any way. I've requested our lawyer to have a non-disclosure agreement ready for those who would like to sign up to one before submitting confidential information. Mark -- Mark Kosters markk@internic.net +1 703 742 4795 Software Engineer InterNIC Registration Services --------------------------------------------------------------------------------
Just to remind everyone, ripe-104 says: 4. IRs will keep records of correspondence and information exchanges in conjunction with the registry function for later review and the resolution of disputes. IRs will hold this information in strict confidence and use it only to review requests and in audit procedures or to resolve disputes. The RIPE NCC makes every reasonable effort to keep the information we store confidential. On the other hand we have to store it electronically on machines connected -albeit restrictively- to the Internet. All local IRs should do the same. The RIPE NCC also in the past has dealt with (a very small number) of requests which should have been dealt with by local IRs but for which the requestor had perceived conflicts of interest or coinfidentiallity issues with a particular local IR. These mainly were concerned with ISPs setting up as a potential competitor to the ISP running the IR. Daniel
PS: Mike, apologies for not asking you before hitting the LOCAL-IR list, but I think it's really something to think about...
Au contraire, Wilfried, I must thank you for bringing Mark's important point to our attention. We need to think about it not just at local IR level, but also at regional level in the context of harmonising procedures globally. Cheers. Mike
participants (3)
-
Daniel Karrenberg -
Mike Norris -
Wilfried Woeber, UniVie/ACOnet