[ppml] Policy Proposal 2003-1: Human Point of Contact

Einar Bohlin ebohlin at UU.NET
Tue Mar 4 19:59:48 EST 2003 

Hi,

This post is for 2003-1 and 2003-2.

Long ago there were host records with POCs.
Then there were net records with POCs.
Then ASN records with POCs.

There's been a lot of traffic on queries of 
whois records, and making changes to POC records,
etc., most of this stemming from spam and abuse
complaints.

ARIN has a gazillion records.  Most of those records are 
nearly meaningless, like all of our /29s to DSL customers,
which are there in whois entirely for utilization information.

The key to all of this is that at any given time pick any IP
address on the Internet and it is part of one Autonomous System.
It follows that the only data for the purpose of contact information
that matters in all of ARIN's whois is ASN records.

Any organization that has registered an ASN with ARIN
has an ORG record.  ORG records have mandatory  
ADMIN and TECH POCs.  There's also an optional
ABUSE POC and a NOC POC. In the future the ADMIN may
not be displayed, but there will still be a TECH POC.

That TECH POC should be a role account 
because anybody who is running their own AS
should have more than one person responsible for
operations.

To sum this up, IMHO to meet all contact information requirements
for all ARIN nets, all that ARIN really has to do is try to make
sure that TECH POC info for ORGs that have ASNs is up to date
with phone, email, and street address.

Regards,

Einar Bohlin, IP Analyst
IP Team - Ashburn Virginia - WorldCom
Phone: 703 886-7362 (VNET 806-7362)
email: einar.bohlin at wcom.com



On Tue, 4 Mar 2003, Member Services wrote:

> ARIN welcomes feedback and discussion about the following policy 
> proposal in the weeks leading to the ARIN Public Policy Meeting 
> in Memphis, Tennessee, scheduled for April 7-8, 2003. All feedback 
> received on the mailing list about this policy proposal will be 
> included in the discussions that will take place at the upcoming 
> Public Policy Meeting. 
> 
> This policy proposal discussion will take place on the ARIN Public 
> Policy Mailing List (ppml at arin.net). Subscription information is 
> available at http://www.arin.net/mailing_lists/index.html 
> 
> Richard Jimmerson 
> Director of Operations 
> American Registry for Internet Numbers (ARIN) 
> 
> ### * ### 
> 
> Policy Proposal 2003-1: Human Point of Contact
> 
> 1. Statement of proposed Policy:
> 
> ARIN shall require each ORG or other body receiving resources from 
> ARIN to register at least one POC which is a human being.  ARIN shall 
> amend the registration services agreement to include this requirement 
> and shall further require that each ORG or other body agree to keep 
> such contact up to date within 10 days of any change.  Further, at 
> least one human contact shall be viewable, at least as a reference, 
> on each resource record visible in the public WHOIS information.
> 
> 2. Argument for the proposal and general discussion of the issue.
> 
> Issue:  
>         Automated systems do fail.  In a case where the only contact
>         information available to resolve such a failure is the system
>         which has failed, the problem becomes one which cannot be
>         resolved.
> 
>         The ISPs which are most likely to take advantage of the ability
>         to hide behind role accounts are the ones most likely to have
>         issues which require human intervention.
> 
> Argument in favor:
>         When an automated system fails, it becomes important to be able
>         to reach a human being capable of intervening or contacting
>         an intervenor.  It is OK if the POC information (address,
>         phone number, etc.) is a work number, or NOC, or even a
>         switchboard, as long as it is a point of contact which leads
>         to a real person with some ability to close the loop.
> 
> Problems:
>         I understand the issue of hate mail, threats, and the general
>         difficulty of dealing with irate complainers.  However, in
>         any business, there are risks.  Being the human lightning rod
>         for these complaints at a large provider is not a lot of fun,
>         but it is a job which must be done.  Nobody likes to clean
>         the restroom.
> 
> 3.  Proposed timetable for implementation:
> 
> Once this proposal is ratified, ARIN should update it's registration 
> services agreement to reflect the new policy within 30 days.  Existing 
> ORG and other bodies should receive notification of the change and the 
> requirement to comply during that same period.  They should be required 
> to comply within 90 days of the date the notification is sent to the 
> existing ADMIN-C.
> 
> After that time has elapsed, ARIN staff should be expected to investigate 
> and take further appropriate action on any complaint received about lack 
> of human contact in any resource record.
> 
> Appropriate action is left to the discretion of the ARIN AC, but should 
> include ARIN staff contacting the hidden human contacts to try and find 
> resolution.
> 
>

More information about the ARIN-PPML mailing list