ARIN?

Wed Nov 11 19:57:18 UTC 1998

On Tue, 10 Nov 1998, Phil Howard wrote:

[...]

> Our customers are also becoming more security conscious.  That doesn't mean
> they want to run their own firewall; they still want us to do so.  But it
> does mean they are well prepared, and in our experience very happy, to keep
> the Internet at "arms length" in the office.
[...]

So maybe there's a business model for centralized security management
(like TabNet and Hiway and Critical Path, but for outsourcing security
management)? Centralized service agency places a firewall at the ISP, and
via encrypted, authenticated configuration session is able to update the
firewall for each customer, so the customer/ISP/integrator has the ability
to update the firewall through a Web interface, rather than having to go
through the ISP. Just thinking...

[...]
> Perhaps a better solution is a distributed SWIP database.  Perhaps a SWIP
> record can be added to DNS to indicate the name of the server to query for
> detail information by network.  It would then co-exist along side the PTR
> records.  Appropriate SWIP lookup clients would resolve for SWIP data in
> the in-addr.arpa space and then query that server (or servers) for the real
> data about the network in question.

How about using reverse DNS on the network number (which normally wouldn't
have reverse DNS), and having it point at the distributed SWIP server? The
query is going to be on the network number anyways, and either ARIN or the
(r)whois client could do the redirection. There might have to be some kind
of authentication/verification prior to the redirection, but that'd be
much simpler than servicing the query.

I think this would even work down to the /30 level. Similar to how Cisco's
show the break-down on a subnetted /24, where the query on the /24 would
show both the ownership of the /24 and the break-down of the subnets, and
subsequent queries could be done on the subnets.

There's probably a business model for outsourcing services for distributed
SWIP, too. ;)

Pete.