On Thu, 09 March 2000, Randy Bush wrote:

actually, in working with the other large providers, i have not found this to be the case. and most smallish folk seem cooperative. it is usually the middle sized folk who have not scaled to meet the problems, and occasionally let things fall through the cracks.

The key is the ability to reach the right person. In a small provider its easy because the boss answers the phone, or someone who knows the boss answers the phone. In a large provider, you might know a "famous" person. And even though they won't be the right person, they'll know the right person. If AT&T does something stupid, Randy might call Steve Bellovin (the wrong person) who in turn could hit the right manager over the head with the clue-by-four. Replace with the appropriate provider/person UUNET/Mike O'Dell, Verio/Randy Bush, etc. The problem is with providers without famous people and too many people, so they don't know each other. If you don't already know someone at, for example, NTT or BT or Qwest, navigating through their public contacts usually doesn't get you too far. What may be interesting is looking at how other industries handle the problem. In the banking industry, where failure to contact another bank can result in millions of losses, Thompson Publishing has an extensive directory of the security contacts for essentially every bank in the world. Thompson actively verifies the contact information, and banks pay a bunch of money for current copies of the directories. In the chemical industry, where failure to respond to a leak can result in millions in liability, the chemical manufactures' association maintains a 24-hour number which will contact the appropriate company's response group. Again, the contact information is actively verified.