From info at arin.net Wed Mar 22 13:24:12 2017 From: info at arin.net (ARIN) Date: Wed, 22 Mar 2017 13:24:12 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open Message-ID: There are thousands of instances of the ARIN Point of Contact (POC) handle ?No, Contact Known? or CKN23-ARIN registered in the ARIN database, most of them associated with legacy resource records. ARIN would like the community to review the history of this situation and the proposed solution and provide us with their feedback. The creation and addition of this POC handle was due to a combination of factors. * In 2002, a database conversion project was done at ARIN that created a new database structure and added a new record type (Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC). When an Org ID didn?t have a clear POC that had been recently updated or vetted by ARIN staff, the original resource POC remained on the resource record only and no POCs were added to the Org record at all. * In a later 2011 database conversion, reverse DNS delegation switched from per-net to per-zone. This created significant hijacking potential by allowing resource POCs to change their reverse delegation without first being verified by staff as legitimate. * Also in 2011, ARIN added a new business rule that required an Admin and a Tech POC on all Org records as a way of enhancing data quality. * Policy 2010-14 was implemented in 2011 and required Abuse POCs on all Org records. In order to maintain ARIN?s business rules, comply with policy 2010-14, and prevent hijackings, several actions were initiated by staff: * CKN23-ARIN was created to become the Admin and Tech POC on Orgs that lacked them * Resource POCs of legacy networks that had never been updated or validated by ARIN were moved to the Organization record as the Abuse POC * ARIN?s verification and vetting requirements were thus reinstated as the Abuse POC had to be vetted before making any changes to the record, and therefore could not hijack the resource by adding or changing the nameservers Over time, the above actions have created several issues: * It is easy for hijackers to identify and target records with CKN23 (no contact known) as the handle * POCs that were moved from resource tech to Org abuse are not happy about no longer having control of their resource record There are several different courses of action that ARIN could take to resolve the current situation. Option 1 Retain the current status and do nothing Option 2 Restore the resource POCs back to their original state on the resource record keeping in mind that this would open up the hijacking risk by giving the original resource POC control of the network without a verification process * Retain the Abuse POC on the Org record * Retain CKN23-ARIN as Org POC Option 3 - **Recommended option** Restore the resource POC back to their original state on the resource record. This will allow contacts historically associated with a resource record to more readily administer that record going forward. * Retain the Abuse POC on the Org * Replace CKN23-ARIN with a handle that better explains the record?s status (e.g. ?Legacy Record ? See Resource POC?) * Lock all resources associated with these legacy records who have had their resource POC restored. This would ensure that any changes made by the resource POC would first have to be reviewed by ARIN. We would like to thank the ARIN Services Working Group (WG) for their helpful review of the proposed change ? while the ARIN Services WG did not take a formal position in support of or in opposition of the proposed change, their review led to improvements in presentation of the options We are seeking community feedback on this proposed change (Option #3) to the ARIN Registry database. This consultation will remain open for 60 days - Please provide comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 22 May 2017. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From jschiller at google.com Tue Mar 28 10:20:11 2017 From: jschiller at google.com (Jason Schiller) Date: Tue, 28 Mar 2017 10:20:11 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: Message-ID: I am comfortable with option 3 where the records are restored, but the POC is not provided ARIN-Online access so long as there is a process by which a resource holder can validate the chain of custody and fully vet their right to use the resource without signing an RSA. ___Jason On Wed, Mar 22, 2017 at 1:24 PM, ARIN wrote: > There are thousands of instances of the ARIN Point of Contact (POC) > handle ?No, Contact Known? or CKN23-ARIN registered in the ARIN > database, most of them associated with legacy resource records. ARIN > would like the community to review the history of this situation and the > proposed solution and provide us with their feedback. > > The creation and addition of this POC handle was due to a combination of > factors. > > * In 2002, a database conversion project was done at ARIN that > created a new database structure and added a new record type > (Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC). > When an Org ID didn?t have a clear POC that had been recently updated or > vetted by ARIN staff, the original resource POC remained on the resource > record only and no POCs were added to the Org record at all. > * In a later 2011 database conversion, reverse DNS delegation > switched from per-net to per-zone. This created significant hijacking > potential by allowing resource POCs to change their reverse delegation > without first being verified by staff as legitimate. > * Also in 2011, ARIN added a new business rule that required an Admin > and a Tech POC on all Org records as a way of enhancing data quality. > * Policy 2010-14 was implemented in 2011 and required Abuse POCs on > all Org records. > > In order to maintain ARIN?s business rules, comply with policy 2010-14, > and prevent hijackings, several actions were initiated by staff: > > * CKN23-ARIN was created to become the Admin and Tech POC on Orgs > that lacked them > * Resource POCs of legacy networks that had never been updated or > validated by ARIN were moved to the Organization record as the Abuse POC > * ARIN?s verification and vetting requirements were thus reinstated > as the Abuse POC had to be vetted before making any changes to the > record, and therefore could not hijack the resource by adding or > changing the nameservers > > Over time, the above actions have created several issues: > > * It is easy for hijackers to identify and target records with CKN23 > (no contact known) as the handle > * POCs that were moved from resource tech to Org abuse are not happy > about no longer having control of their resource record > > There are several different courses of action that ARIN could take to > resolve the current situation. > > Option 1 > > Retain the current status and do nothing > > Option 2 > > Restore the resource POCs back to their original state on the > resource record keeping in mind that this would open up the hijacking > risk by giving the original resource POC control of the network without > a verification process > * Retain the Abuse POC on the Org record > * Retain CKN23-ARIN as Org POC > > Option 3 - **Recommended option** > > Restore the resource POC back to their original state on the > resource record. This will allow contacts historically associated with > a resource record to more readily administer that record going forward. > * Retain the Abuse POC on the Org > * Replace CKN23-ARIN with a handle that better explains the record?s > status (e.g. ?Legacy Record ? See Resource POC?) > * Lock all resources associated with these legacy records who have > had their resource POC restored. This would ensure that any changes made > by the resource POC would first have to be reviewed by ARIN. > > We would like to thank the ARIN Services Working Group (WG) for their > helpful review of the proposed change ? while the ARIN Services WG did > not take a formal position in support of or in opposition of the > proposed change, their review led to improvements in presentation of the > options > > We are seeking community feedback on this proposed change (Option #3) to > the ARIN Registry database. > > This consultation will remain open for 60 days - Please provide comments > to arin-consult at arin.net. > > Discussion on arin-consult at arin.net will close on 22 May 2017. > > If you have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -- _______________________________________________________ Jason Schiller|NetOps|jschiller at google.com|571-266-0006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Mar 28 10:46:40 2017 From: jcurran at arin.net (John Curran) Date: Tue, 28 Mar 2017 14:46:40 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: Message-ID: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> On 28 Mar 2017, at 10:20 AM, Jason Schiller wrote: > > I am comfortable with option 3 where the records are restored, but the POC is not provided ARIN-Online access so long as there is a process by which a resource holder can validate the chain of custody and fully vet their right to use the resource without signing an RSA. Jason - Yes, that is the intention - we will lock the resources until the contact has has vetted and is confirmed valid. As always, resource holders may opt to enter into an RSA (if they wish contractual statement of rights and use of new services), but once vetted they are not required to do so in order to administer their legacy resource (i.e. setting such attributes as contacts, reverse DNS servers, and origin AS tag.) Thanks for the feedback, /John John Curran President and CEO ARIN From snoble at sonn.com Tue Mar 28 11:24:48 2017 From: snoble at sonn.com (Steve Noble) Date: Tue, 28 Mar 2017 08:24:48 -0700 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: Hi John, Having been bit by this and ending up in a multi-year mess to get control of an AS that was clearly mine, while still getting billed for it, I am concerned about the vetting process. My experience with the vetting process was very uncomfortable and is something that I do not believe anyone should have to go through. My suggestion is to remove the incorrect information such as CKN23-ARIN from the objects and return them to their proper state. This will give those in control of the object the ability to update information such as the physical address. On Mar 28, 2017 7:46 AM, "John Curran" wrote: On 28 Mar 2017, at 10:20 AM, Jason Schiller wrote: > > I am comfortable with option 3 where the records are restored, but the POC is not provided ARIN-Online access so long as there is a process by which a resource holder can validate the chain of custody and fully vet their right to use the resource without signing an RSA. Jason - Yes, that is the intention - we will lock the resources until the contact has has vetted and is confirmed valid. As always, resource holders may opt to enter into an RSA (if they wish contractual statement of rights and use of new services), but once vetted they are not required to do so in order to administer their legacy resource (i.e. setting such attributes as contacts, reverse DNS servers, and origin AS tag.) Thanks for the feedback, /John John Curran President and CEO ARIN _______________________________________________ ARIN-Consult You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Mar 28 18:22:02 2017 From: jcurran at arin.net (John Curran) Date: Tue, 28 Mar 2017 22:22:02 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: On 28 Mar 2017, at 11:24 AM, Steve Noble wrote: > > Hi John, > > Having been bit by this and ending up in a multi-year mess to get control of an AS that was clearly mine, while still getting billed for it, I am concerned about the vetting process. My experience with the vetting process was very uncomfortable and is something that I do not believe anyone should have to go through. > > My suggestion is to remove the incorrect information such as CKN23-ARIN from the objects and return them to their proper state. This will give those in control of the object the ability to update information such as the physical address. Steve - If we do not lock the resources but do add the old network Admin/Tech contact info to the organization record, then a very large number of these blocks have the potential to be readily hijacked ? one simply would have to register the domain name and setup email for any defunct organization, and you could readily transfer the addresses (despite having no association whatsoever with the original registrant?) Some in the community would view that consequence as an unacceptable tradeoff ? what is your thoughts on it? Thanks, /John John Curran President and CEO ARIN From snoble at sonn.com Tue Mar 28 20:04:16 2017 From: snoble at sonn.com (Steve Noble) Date: Tue, 28 Mar 2017 17:04:16 -0700 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: Hi John, On Mar 28, 2017 3:22 PM, "John Curran" wrote: Steve - If we do not lock the resources but do add the old network Admin/Tech contact info to the organization record, then a very large number of these blocks have the potential to be readily hijacked ? one simply would have to register the domain name and setup email for any defunct organization, and you could readily transfer the addresses (despite having no association whatsoever with the original registrant?) Some in the community would view that consequence as an unacceptable tradeoff ? what is your thoughts on it? I think it is logical to lock ones where the original domain does not exist or was registered after the object. Then I understand a more extensive vetting process. My issue is with cases like mine where everything was in order. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Tue Mar 28 20:35:50 2017 From: bill at herrin.us (William Herrin) Date: Tue, 28 Mar 2017 20:35:50 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: On Tue, Mar 28, 2017 at 8:04 PM, Steve Noble wrote: > I think it is logical to lock ones where the original domain does not > exist or was registered after the object. Then I understand a more > extensive vetting process. > Hi Steve, I concur with one tweak: where the original domain name does not exist or was registered after the -last user-initiated update to- the handle. That could be hard, though. The last updates flagged on my org and net records look more or less legit but the last update flagged on my ARIN handle (which contains the email address) does not correspond to any activity I initiated. If there's data damage then ARIN can't reliably anchor business processes to it. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Wed Mar 29 07:05:20 2017 From: jcurran at arin.net (John Curran) Date: Wed, 29 Mar 2017 11:05:20 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: On 28 Mar 2017, at 8:04 PM, Steve Noble > wrote: Hi John, On Mar 28, 2017 3:22 PM, "John Curran" > wrote: Steve - If we do not lock the resources but do add the old network Admin/Tech contact info to the organization record, then a very large number of these blocks have the potential to be readily hijacked ? one simply would have to register the domain name and setup email for any defunct organization, and you could readily transfer the addresses (despite having no association whatsoever with the original registrant?) Some in the community would view that consequence as an unacceptable tradeoff ? what is your thoughts on it? I think it is logical to lock ones where the original domain does not exist or was registered after the object. Then I understand a more extensive vetting process. My issue is with cases like mine where everything was in order. Steve - Acknowledged, and thanks for the excellent feedback. Given that all of these organization records are currently subject to vetting (and would remain so under the proposed change to put the Tech and Admin contacts onto the Org record), it would be helpful to get some additional feedback from you. If the vetting scope is not changed per the proposed change to the registry that is now under consultation, would you prefer that the registry remain as-is, or that we proceed with putting the original network Tech and Admin contacts on the Org records as proposed? Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From snoble at sonn.com Wed Mar 29 17:21:04 2017 From: snoble at sonn.com (Steven Noble) Date: Wed, 29 Mar 2017 14:21:04 -0700 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> Message-ID: <58DC2540.3030809@sonn.com> Hi John, Now that I have had more time to look at it, I believe you do state the issue I have : " * POCs that were moved from resource tech to Org abuse are not happy about no longer having control of their resource record" The entire reason I wanted to get back control of my AS was to update the physical address nothing else. My reasoning was that the address should be current and correct. Obviously an AS is not as valuable as IP space, which I believe is what this mainly is addressing (no pun intended). Do you have more data about what the POCs are having issues with? If these POCs are upset I assume you must be unable to vet them, otherwise they would have control of the resource. I think clarity on what is necessary to put the correct data into the record would be useful. I do agree that CKN23 should be removed as both the email and phone number are invalid and I believe at a minimum the POC should contain actionable data. I do agree that putting resource POCs back in where there is reasonable suspicion that the POC is invalid/hijacked should trigger a lock. I am having issue with POCs who are still at the same ORG with the same contact information being locked, which would be a small subset I believe. Said POCs would not have done anything wrong and their requests should be honored with minimal interference. Possibly this is what ARIN is planning to do, i.e. an old record with an old POC gets updated, triggers abuse who then can easily vet that the POC is valid. Where as an old record with a new POC would require more intensive vetting. > John Curran > March 29, 2017 at 4:05 AM > On 28 Mar 2017, at 8:04 PM, Steve Noble > wrote: > > Steve - > > Acknowledged, and thanks for the excellent feedback. > > Given that all of these organization records are currently subject to > vetting (and > would remain so under the proposed change to put the Tech and Admin > contacts > onto the Org record), it would be helpful to get some additional > feedback from you. > > If the vetting scope is not changed per the proposed change to the > registry that is now > under consultation, would you prefer that the registry remain as-is, > or that we proceed > with putting the original network Tech and Admin contacts on the Org > records as > proposed? > > Thanks! > /John > > John Curran > President and CEO > ARIN > > > > > Steve Noble > March 28, 2017 at 5:04 PM > Hi John, > > I think it is logical to lock ones where the original domain does not > exist or was registered after the object. Then I understand a more > extensive vetting process. > > My issue is with cases like mine where everything was in order. > > Steve Noble > March 28, 2017 at 8:24 AM > Hi John, > > Having been bit by this and ending up in a multi-year mess to get > control of an AS that was clearly mine, while still getting billed for > it, I am concerned about the vetting process. My experience with the > vetting process was very uncomfortable and is something that I do not > believe anyone should have to go through. > > My suggestion is to remove the incorrect information such as > CKN23-ARIN from the objects and return them to their proper state. > This will give those in control of the object the ability to update > information such as the physical address. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Wed Mar 29 17:44:52 2017 From: jcurran at arin.net (John Curran) Date: Wed, 29 Mar 2017 21:44:52 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: <58DC2540.3030809@sonn.com> References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> Message-ID: <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> On 29 Mar 2017, at 5:21 PM, Steven Noble wrote: > > Hi John, > > Now that I have had more time to look at it, I believe you do state the issue I have : > > " * POCs that were moved from resource tech to Org abuse are not happy about no longer having control of their resource record" > > The entire reason I wanted to get back control of my AS was to update the physical address nothing else. My reasoning was that the address should be current and correct. Obviously an AS is not as valuable as IP space, which I believe is what this mainly is addressing (no pun intended). > > Do you have more data about what the POCs are having issues with? If these POCs are upset I assume you must be unable to vet them, otherwise they would have control of the resource. Steve - We?ve heard some organizations express concern over the fact that they were originally listed on network record, and through no action of their own, are no longer visible in a similar manner now that there are organization and network records. It?s not a question of whether they can vet their organization, but simply a question of the appearance. > I think clarity on what is necessary to put the correct data into the record would be useful. Evidence that the party is a valid representative to the organization that was issued the number resources, or its legal successor. > I do agree that CKN23 should be removed as both the email and phone number are invalid and I believe at a minimum the POC should contain actionable data. Acknowledged. > I do agree that putting resource POCs back in where there is reasonable suspicion that the POC is invalid/hijacked should trigger a lock. Understood ? the challenge with such an approach would be algorithmically determining the factors that constitute ?reasonable suspicion? in a deterministic/equitable manner, and yet cannot be easily bypassed by those who wish to hijack resources. Presently, all of these resources are effectively locked, i.e. parties asserting control must go through Org recovery to have their POC associated with the organization. We not proposing any change to this process - we are only making the organization record have more useful information than just showing "CKN-23". > I am having issue with POCs who are still at the same ORG with the same contact information being locked, which would be a small subset I believe. Said POCs would not have done anything wrong and their requests should be honored with minimal interference. > Possibly this is what ARIN is planning to do, i.e. an old record with an old POC gets updated, triggers abuse who then can easily vet that the POC is valid. Where as an old record with a new POC would require more intensive vetting. The proposed registry change doesn?t make any more parties subject to vetting, nor any less ? it is, as noted above, whether we retain CKN-23 in these organization records or the previous values from the underlying historic network records. Thank you for the excellent feedback! /John John Curran President and CEO ARIN From Andrew.C.Hadenfeldt at windstream.com Wed Mar 29 18:16:16 2017 From: Andrew.C.Hadenfeldt at windstream.com (Hadenfeldt, Andrew C) Date: Wed, 29 Mar 2017 22:16:16 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: Message-ID: <5D106C75D5C2DD41AB2B4B823FE0EC052DE501D8@CWWAPP480.windstream.com> I support Option 3 -Andy Andrew Hadenfeldt | Sr. Engineer | Windstream Communications From: ARIN-PPML [mailto:arin-ppml-bounces at arin.net] On Behalf Of John Curran Sent: Monday, March 27, 2017 2:40 PM To: arin-ppml at arin.net List Subject: [arin-ppml] Fwd: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open Folks - We have initiated a community consultation on a possible restructuring of existing information in the ARIN registry ? this is to address the long-standing concern that some have expressed with the association of a ?No Contact Known? point-of-contact (POC) in some registry records that may have potentially valid Admin and Tech contact information. If you have hold a strong view on this matter, please see the attached consultation announcement and participate in the discussion on the arin-consult mailing list. Thanks! /John John Curran President and CEO ARIN === Begin forwarded message: From: ARIN > Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open Date: 22 March 2017 at 1:24:12 PM EDT To: > There are thousands of instances of the ARIN Point of Contact (POC) handle ?No, Contact Known? or CKN23-ARIN registered in the ARIN database, most of them associated with legacy resource records. ARIN would like the community to review the history of this situation and the proposed solution and provide us with their feedback. The creation and addition of this POC handle was due to a combination of factors. * In 2002, a database conversion project was done at ARIN that created a new database structure and added a new record type (Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC). When an Org ID didn?t have a clear POC that had been recently updated or vetted by ARIN staff, the original resource POC remained on the resource record only and no POCs were added to the Org record at all. * In a later 2011 database conversion, reverse DNS delegation switched from per-net to per-zone. This created significant hijacking potential by allowing resource POCs to change their reverse delegation without first being verified by staff as legitimate. * Also in 2011, ARIN added a new business rule that required an Admin and a Tech POC on all Org records as a way of enhancing data quality. * Policy 2010-14 was implemented in 2011 and required Abuse POCs on all Org records. In order to maintain ARIN?s business rules, comply with policy 2010-14, and prevent hijackings, several actions were initiated by staff: * CKN23-ARIN was created to become the Admin and Tech POC on Orgs that lacked them * Resource POCs of legacy networks that had never been updated or validated by ARIN were moved to the Organization record as the Abuse POC * ARIN?s verification and vetting requirements were thus reinstated as the Abuse POC had to be vetted before making any changes to the record, and therefore could not hijack the resource by adding or changing the nameservers Over time, the above actions have created several issues: * It is easy for hijackers to identify and target records with CKN23 (no contact known) as the handle * POCs that were moved from resource tech to Org abuse are not happy about no longer having control of their resource record There are several different courses of action that ARIN could take to resolve the current situation. Option 1 Retain the current status and do nothing Option 2 Restore the resource POCs back to their original state on the resource record keeping in mind that this would open up the hijacking risk by giving the original resource POC control of the network without a verification process * Retain the Abuse POC on the Org record * Retain CKN23-ARIN as Org POC Option 3 - **Recommended option** Restore the resource POC back to their original state on the resource record. This will allow contacts historically associated with a resource record to more readily administer that record going forward. * Retain the Abuse POC on the Org * Replace CKN23-ARIN with a handle that better explains the record?s status (e.g. ?Legacy Record ? See Resource POC?) * Lock all resources associated with these legacy records who have had their resource POC restored. This would ensure that any changes made by the resource POC would first have to be reviewed by ARIN. We would like to thank the ARIN Services Working Group (WG) for their helpful review of the proposed change ? while the ARIN Services WG did not take a formal position in support of or in opposition of the proposed change, their review led to improvements in presentation of the options We are seeking community feedback on this proposed change (Option #3) to the ARIN Registry database. This consultation will remain open for 60 days - Please provide comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 22 May 2017. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Consult You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Thu Mar 30 09:53:55 2017 From: bill at herrin.us (William Herrin) Date: Thu, 30 Mar 2017 09:53:55 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> Message-ID: On Wed, Mar 29, 2017 at 5:44 PM, John Curran wrote: > Evidence that the party is a valid representative to the organization > that was issued > the number resources, or its legal successor. > Hi John, Out of curiosity: how is ARIN dealing with "organizations" which were and are an unregistered alias of the original individual registrant without any severable legal existence? The discussion I see here seems to presume characteristics of the legacy registrations that were not formalized or enforced until after ARIN's creation. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Thu Mar 30 10:53:11 2017 From: jcurran at arin.net (John Curran) Date: Thu, 30 Mar 2017 14:53:11 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> Message-ID: <6992E110-6816-4019-8E97-CCBA8970F782@arin.net> On 30 Mar 2017, at 9:53 AM, William Herrin > wrote: On Wed, Mar 29, 2017 at 5:44 PM, John Curran > wrote: Evidence that the party is a valid representative to the organization that was issued the number resources, or its legal successor. Hi John, Out of curiosity: how is ARIN dealing with "organizations" which were and are an unregistered alias of the original individual registrant without any severable legal existence? The discussion I see here seems to presume characteristics of the legacy registrations that were not formalized or enforced until after ARIN's creation. Bill - You may have to elaborate on your question, but I?ll answer as best I can based on my understanding of your query. Early IP address applicants were asked for "the responsible organization establishing the network? (generally question 5b on most versions of the INTERNET-NUMBER-TEMPLATE.TXT) While tthe responsible organization did not have to be a legal entity, it is clear that networks had organizations were responsible for the establishment of networks and the request for associated IP address space. If a legacy registrant is making use of their original contact and email address, then they should have no difficulty updating their name servers, etc. If they are no longer clearly associated and assert that they hold the rights to the address block, then we seek some form of documentation which supports that assertion. (Obviously the most problematic situations are those in which the original organization still exists and the requester asserts that they hold the rights not the organization on the record - in such cases ARIN needs to be certain that we?re not harming the organization by approving the requesters change and disassociating the original organization from the address block.) Does this answer your question, or did I miss it? /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Thu Mar 30 12:00:35 2017 From: bill at herrin.us (William Herrin) Date: Thu, 30 Mar 2017 12:00:35 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: <6992E110-6816-4019-8E97-CCBA8970F782@arin.net> References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> <6992E110-6816-4019-8E97-CCBA8970F782@arin.net> Message-ID: On Thu, Mar 30, 2017 at 10:53 AM, John Curran wrote: > Does this answer your question, or did I miss it? > Thanks John, You answered part of it: as long as the POCs have been maintained with reachable email, phone and postal addresses, all is well. What happens if the POC falls out of date and line 5b (or 4b as it was on some versions) on the original registration was essentially a fictitious name which served as an alias for the individual making the registration? Cases where the 5b name does not and never did exist as an independent legal entity? Or as Steven described, a like-named organization exists today but did not then and has no connection to the number resource? In those situations, how does ARIN go about making the determination that the guy presenting himself is the guy who registered the resources, is in actual fact the registrant and has the authority to make updates? I'm old enough to remember the first O'Reilly Crab Book whose advice was, "The application for an IP network address has been covered in detail because everyone should fill out this form, whether or not they are connecting to the Internet." It was good advice at the time. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Thu Mar 30 12:15:23 2017 From: jcurran at arin.net (John Curran) Date: Thu, 30 Mar 2017 16:15:23 +0000 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> <6992E110-6816-4019-8E97-CCBA8970F782@arin.net> Message-ID: On 30 Mar 2017, at 12:00 PM, William Herrin > wrote: On Thu, Mar 30, 2017 at 10:53 AM, John Curran > wrote: Does this answer your question, or did I miss it? Thanks John, You answered part of it: as long as the POCs have been maintained with reachable email, phone and postal addresses, all is well. What happens if the POC falls out of date and line 5b (or 4b as it was on some versions) on the original registration was essentially a fictitious name which served as an alias for the individual making the registration? Cases where the 5b name does not and never did exist as an independent legal entity? Or as Steven described, a like-named organization exists today but did not then and has no connection to the number resource? They are the problematic cases, as we definitely do not want to deprive the original registrant (or their legal successor) of rights to their number resources, but must take great care to avoid facilitating a party which looks quite similar from posing as the original registrant and hijacking those same rights. In those situations, how does ARIN go about making the determination that the guy presenting himself is the guy who registered the resources, is in actual fact the registrant and has the authority to make updates? Very carefully? (Apologies for not getting into more detail, but by definition such information would provide a playbook for those who have nefarious intent.) I'm old enough to remember the first O'Reilly Crab Book whose advice was, "The application for an IP network address has been covered in detail because everyone should fill out this form, whether or not they are connecting to the Internet." It was good advice at the time. Indeed! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Thu Mar 30 12:55:11 2017 From: bill at herrin.us (William Herrin) Date: Thu, 30 Mar 2017 12:55:11 -0400 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: <2164E35D-47DC-4A51-823C-88CA50B6C856@arin.net> <58DC2540.3030809@sonn.com> <5E5589C0-AAE9-4AC2-970C-5BFAC8182EDB@arin.net> <6992E110-6816-4019-8E97-CCBA8970F782@arin.net> Message-ID: On Thu, Mar 30, 2017 at 12:15 PM, John Curran wrote: > > > On 30 Mar 2017, at 12:00 PM, William Herrin wrote: > > On Thu, Mar 30, 2017 at 10:53 AM, John Curran wrote: > >> Does this answer your question, or did I miss it? >> > > Thanks John, > > You answered part of it: as long as the POCs have been maintained with > reachable email, phone and postal addresses, all is well. > > What happens if the POC falls out of date and line 5b (or 4b as it was on > some versions) on the original registration was essentially a fictitious > name which served as an alias for the individual making the registration? > Cases where the 5b name does not and never did exist as an independent > legal entity? Or as Steven described, a like-named organization exists > today but did not then and has no connection to the number resource? > > > They are the problematic cases, as we definitely do not want to deprive > the original registrant > (or their legal successor) of rights to their number resources, but must > take great care to avoid > facilitating a party which looks quite similar from posing as the original > registrant and hijacking > those same rights. > > In those situations, how does ARIN go about making the determination that > the guy presenting himself is the guy who registered the resources, is in > actual fact the registrant and has the authority to make updates? > > > Very carefully? > > (Apologies for not getting into more detail, but by definition such > information would provide a > playbook for those who have nefarious intent.) > > Thanks John. You answered my underlying question which is that ARIN addresses and will continue to address these situations in the registrant's favor regardless of what happens with the CKN23-ARIN handle. Regarding the question the consultation asks, I lean towards option 3, but I don't think it's appropriate to present an abuse POC that ARIN deems unvalidated. You're sorta signing people up for unsolicited email for which they don't necessarily have a simple way to opt out let alone opt in. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: -------------- next part -------------- An HTML attachment was scrubbed... URL: