Questions about populating RIR with customer information.

James Hess mysidia at gmail.com
Thu Aug 2 10:21:16 UTC 2007


On 8/1/07, Drew Weaver <drew.weaver at thenap.com > wrote:
>
>
>        Most of our customers are co-location and dedicated hosting
> customers and we are simply unsure whether or not there are implications
> (legal or otherwise) in publishing our customer data in a public RIR
> database.


I would urge against publishing information about a customer in a WHOIS
entry
without discussing it with that customer first.

WHOIS entries can be made without violating anyone's privacy, just be sure
you get all
 necessary verifiable permission; don't just automatically publish
information you have
 already gathered for internal purposes, when it wasn't previously your
policy to publish
the information.

It is up to you as ISP to get the contact information  that the customer
wants published
in WHOIS (maybe it's different from contact information they would use for
other matters), at the time re-assignment of the ip addresses is being made,

And make sure they know that the listing is going to be publicly viewable.

You do have the option of refusing to sign up or renew a customer if
they fail to provide
good contact information for publication in WHOIS or fail to provide the
necessary
permission.


I suggest you carefully read the policy manual of your applicable RIR.
With regard to when you create SWIP or RWHOIS records, and what exactly you
put in them.

In the ARIN region, whenever an ISP re-assigns a /29 block or larger to a
customer, in
addition to maintaining documentation of the justification for assignment of
the address(es)
to the user,  the ISP is already be required/supposed to publish that
re-assignment is (as
a matter of RIR policy) in SWIP or RWHOIS.

See more here: http://www.arin.net/policy/nrpm.html#four2372

And it's a good idea to allow people who need a contact for abuse from a
machine to go to
the party responsibility over it, first, before having to bother you, a
provider they
happen to be using.


Note that ARIN has a "Residential Customer Privacy" policy; for residential
customers it is
legitimate to substitute the name in your WHOIS response with "Private
Customer"
and "Private Residence" in place of street address.

So I would say there IS some precedant for such a replacement of contact
information.

You need to check your particular RIR's policy manual to determine whether
it is
an acceptable practice in your region, to mask contact information for the
particular
type of customer.

--
-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070802/3d7a7250/attachment.html>


More information about the NANOG mailing list