[ppml] Policy Proposal 2004-4: Purpose and scope of ARIN Whois Directory
ARIN welcomes feedback and discussion about the following policy
proposal in the weeks leading to the ARIN Public Policy Meeting
in Vancouver, Canada, scheduled for April 19-20, 2004.
According to the ARIN Internet Resource Policy Evaluation Process
the Advisory Council will evaluate policy proposals after the Public
Policy Meeting. The feedback and discussion of policy proposals
on the Public Policy Mailing List will be included in the AC's
Subscription information for the ARIN Public Policy Mailing List is
available at http://www.arin.net/mailing_lists/index.html
The ARIN Internet Resource Policy Evaluation Process is available at:
ARIN's Policy Proposal Archive is available at:
American Registry for Internet Numbers (ARIN)
### * ###
Policy Proposal 2004-4: Purpose and scope of ARIN Whois directory
Author: Michael Dillon
Author's Organization: Radianz, Inc.
Policy term: permanent
1. ARIN shall maintain and publish a directory of contact information
for the purposes of facilitating the operation of interconnected
2. This directory will contain contact information for all organizations
and individuals within the ARIN region who have received IP
allocations or AS numbers directly from ARIN or its predecessors.
3. Organizations and individuals must guarantee to ARIN that contact
addresses published in the whois directory will reach a person who
is ready, willing and able to communicate regarding network
operations and interconnect issues and who is able to act on that
4. Any other organizations may elect to be listed in the whois
directory as long as they make the guarantee detailed in item 3.
5. All contacts listed in the whois directory will be contacted
periodically and the directory will indicate information which may
be stale if contact cannot be made promptly.
6. Additionally, the whois directory will contain, directly or
indirectly, a record of all address blocks sub-allocated or
assigned by the entities mentioned in item 3.
7. The records mentioned in item 6 will not identify the organization or
individual receiving the address block or their exact location. These
records will only indicate an organizational type, the nearest
municipality providing postal service to the end user, state/province
ARIN doesn't really have a policy regarding whois. Most of what we have
today is adopted based on a long tradition that nobody understands
In looking back at historical sources it appears that whois was
originally set up so that ARPANET site managers could justify
their ARPANET connectivity funding by enumerating the people/projects
that were making use of the ARPANET.
Times have changed and tradition is no longer sufficient reason for
This proposal attempts to put in place a simple statement of the
purpose and scope of a whois directory. It is my opinion that if we
cannot all agree on some sort of simple policy similar to what I am
proposing, then we probably should scrap the whois directory entirely.
Nothing in this policy should be construed to restrain ARIN staff's
ability to maintain and use whatever databases they may need in the
performance of their duties including IP address allocation. This policy
only refers to the data which is made freely available to the public.
If this policy is adopted it will also alleviate concerns from the
cable and DSL industry in regard to residential user privacy.
a) ARIN policy doesn't currently state that ARIN will maintain
or publish a whois directory. This policy fixes that.
b) This proposal also explicitly states the purpose of the
whois directory as being targeted at internetworking and
operational issues. It is not intended to help anti-spamming
collectives bypass the ISPs who are responsible for operating a
network. In fact one of the goals is to make it harder for
anti-spamming groups to attack end users. This whois policy would
force them to report network abuse to the ISP employees who are
responsible for finding and fixing network abuse issues.
c) The proposal does not recognize research as part of the scope of the
whois directory, however items 6 and 7 do provide for data which
allows some mapping and analysis of address usage and therefore
the research community will not be left out in the cold.
d) This policy only directly puts a mandate on those organizations who
have, or should have, an ARIN relationship to supply data.
e) The policy also allows any responsible party to add their contact
data to the ARIN database. However, this is done with their consent
and by binding them to act responsibly, i.e. you can't list your
organization and then ignore all abuse reports. The words "Ready,
willing and able to communicate" are important here.
f) The ARIN staff are charged to keep the directory up to date and to
give us some indication when the contact process seems to be going
awry. However, it refrains from giving detailed directions to the
staff and relies on their prudence in setting out the timing and
the process of this verification.
g) I interpret "facilitating the operation of interconnected IP
networks" to include the provision of data that allows some mapping
and statistical analysis of the address space. For that reason, some
small amount of data is required to enumerate and distinguish
sub-allocations and assignments.
h) This policy covers rwhois as well. ARIN is charged to maintain the
whois directory but can certainly delegate some of this task to
rwhois users. And when the policy specifies that all address blocks
must be represented in the directory it also allows for this
information to be published indirectly, for instance, through
rhwois. However the policy does not require rwhois technology
since it is in such a sad state of repair. It also refrains from
prescribing LDAP at this time ;-)
i) The classification system for organization types has been
intentionally left unspecified. Obviously, it needs to include
"individual" as a type but it could include NAICS sector codes,
e.g. "NAICS 25" is the construction industry. It could also include
NTEE codes for non-profits e.g. "NTEE H" is Medical research. And
it could include some simple codes like "Company", "Non-Profit",
"Education", "Government" for users who don't know about the
various classification systems.
j) End users are truly anonymous, no name, no address, no zip/postal
code. In other words, people who are not involved in network
operations are not identified in any way by the whois directory.
Timetable for implementation: 30 days after ratification