InterCage, Inc. (NOT Atrivo)

John C. A. Bambenek bambenek at
Mon Sep 8 13:44:25 CDT 2008

"> I do not think it is appropriate for ISPs to have to prove or demonstrate the
> legitimacy of their customer base"

Here is the exact point of contention and the point where I think
people disagree.  ISPs are the **first** line of defense against
malware and badware.  They are the ones closest to the customer and
best able to "whack-a-mole".  For those ISPs that do cater to a high
proportion of bad actors, I quite rightly want them to demonstrate
their legitimacy.  By peering with them, there is a trust relationship
formed... if there is a question that goes right to the heart of that
trust, they ought to answer it, otherwise they ought to be de-peered
as well.

On Mon, Sep 8, 2008 at 1:25 PM, Matthew Petach <mpetach at> wrote:
> On 9/8/08, Gadi Evron <ge at> wrote:
>> On Sun, 7 Sep 2008, InterCage - Russ wrote:
>>  Thank you Russ. That is a great step in the right direction dropping this
>> one client. It is appreciated, although it's just one bad apple on a big
>> tree.
>>  However, I don't want to pick on you, so let's reframe the subject:
>> > What do you suggest for the next move?
>> >
>>  Well, perhaps you can share any information with us on a legitimate client
>> you have?
> I do not think it is appropriate for ISPs to have to prove or demonstrate the
> legitimacy of their customer base.  As a legitimate customer of an ISP, I
> would be *highly* incensed if my privacy were to be violated simply to
> provide "proof" that the ISP had legitimate clients.
> The notion of "innocent until proven guilty" I think is a much better model for
> us to work with.  If you find clear miscreants, and have data to back it up,
> then a call for cleaning up the miscreants is somewhat acceptable, though
> I worry that we may descend into a witch hunt if this is taken too far to the
> extreme.  However, a call to "prove your innocence" is entirely uncalled for,
> and opens ISPs up to being caught on the horns of a very nasty dillemma;
> either to maintain their customer's privacy, and be labelled as an evil, nasty,
> non-cooperative provider that must therefore be guilty, by their very dint of
> failure to prove their innocence; or, reveal their law-abiding,
> legitimate client
> information, and and then quickly lose those clients when they realize their
> records are no longer considered private at that ISP.
> If you have proof of clients engaging in illegal practices, then it is
> appropriate
> to go after those clients.  But leave the legitimate clients alone.
> *putting down his pitchfork and torch, and walking away from the mob*
> Matt

More information about the NANOG mailing list