ARIN-PPML Message

[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Directory

ARIN welcomes feedback and discussion about the following policy 
proposal in the weeks leading to the ARIN Public Policy Meeting 
in Chicago, Illinois, scheduled for October 22-23, 2003. All feedback 
received on the mailing list about this policy proposal will be 
included in the discussions that will take place at the upcoming 
Public Policy Meeting. 

This policy proposal discussion will take place on the ARIN Public 
Policy Mailing List (ppml at arin.net). Subscription information is 
available at http://www.arin.net/mailing_lists/index.html 

Member Services
American Registry for Internet Numbers (ARIN) 


### * ###


Policy Proposal regarding purpose and scope of whois directory.

1. ARIN shall maintain and publish a directory of contact information for
the purposes of facilitating the operation of internconnected IP networks.

2. This directory will contain contact information for all organizations
and individuals within the ARIN region who have received IP allocations or
AS numbers directly from ARIN or its predecessors.

3. Organizations and individuals must guarantee to ARIN that contact
addresses published in the whois directory will reach a person who is
ready, willing and able to communicate regarding network operations and
interconnect issues and who is able to act on that communication.

4. Any other organizations may elect to be listed in the whois directory
as long as they make the guarantee detailed in item 3.

5. All contacts listed in the whois directory will be contacted every 3
months to verify that the contact addresses are still valid.

6. Any invalid contact information will be removed from the directory
within 60 days of the first attempted contact from item 5.

7. ARIN will publish the whois directory in three forms using the whois
protocol on port 43, bulk copies available by FTP and using the LDAP
protocol.

Why do this?

Well, first of all I think that ARIN needs to have a clear policy
statement of why we are collecting and publishing this directory.

After that, items 2, 3 and 4 specify what information goes into the
directory. Specifically, it excludes all organizations and individuals who
have not received resources directly from ARIN unless they ask to be
included. It also forces organizations to make a commitment to make sure
that the contact information provides access to people who can do
something about interconnect issues (peering), denial of service technical
issues, abuse, etc. As currently, these addresses could be role accounts,
P.O. boxes, voicemail numbers etc.

Then items 5 and 6 specify that the data will be tested regularly and
cleared out if it is stale. I think this is enough detail for the policy
level to deal with. Most of the existing data will disappear after the 1st
test period because people will either not respond or will not agree to
the commitments in item 3. I don't intend for the entire database to be
tested on the same day. I would hope that operationally this would be
spread out over the 3 month period.

And in 7, I am specifying that ARIN add an LDAP server to publish this
directory because I feel that we should provide a real choice to people
who need to access this directory. I suggest that a good way to start is
to set up OpenLDAP and use the FIRS work done in the IETF's CRISP working
group and then see how this all works out in practice. I believe that in
the long run we will need to add back some kind of status information
about the large number of address assignments that will no longer show up
in whois and LDAP is ideally suited to doing this without a lot of
anguish.

In general, I see no reason why this could not be implemented by January
2004. I wouldn't expect 100% of the existing contacts to be tested by that
time, but I would expect the testing to be well under way. Because the
first round involves clearing out a much larger number of records, it
could very well take until the middle of 2004 to have fully dealt with
every one. A lot of this work could be alleviated if ISPs would provide
lists of assignments for which they will take responsibility so that ARIN
can remove those SWIP records wholesale without testing.

-------------------------------------------------------
Michael Dillon
Capacity Planning, Prescot St., London, UK
Mobile: +44 7900 823 672 Internet: michael.dillon at radianz.com
Phone: +44 20 7650 9493 Fax: +44 20 7650 9030