ARIN-PPML Message

[ppml] Policy Proposal 2005-2: Directory Services Overhaul - withdrawn

2005-2 was withdrawn by the author. The AC made this determination
at their meeting at the conclusion of the ARIN Public Policy meeting on
October 27, 2005. The results of the AC meeting were reported by the
Chair of the AC at the member meeting. This report can be found at
http://www.arin.net/meetings/minutes/ARIN_XVI/mem.html

The current policy proposal text is provided below and is also available
at http://www.arin.net/policy/proposals/2005_2.html

The ARIN Internet Resource Policy Evaluation Process can be found at
http://www.arin.net/policy/irpep.html.

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


###*###


Policy Proposal 2005-2: Directory Services Overhaul

Policy statement

Replace all of section three with the following rewrite.

3. Directory Services

     3.1 ARIN Directory Services Databases

         The ARIN Public Information Database (APID) is a collection of
information created and collected by ARIN during the due course of
business which the ARIN membership has deemed public information and
decided to publish.

         The ARIN Confidential Information Database (ACID) is a
collection of information created and collected by ARIN during the due
course of business which the ARIN membership has deemed is confidential
information that should be kept under a strict privacy policy.

     3.2 Directory Information Made Public

         ARIN shall publish verified contact information and the
resource(s) allocated (including identification for that allocation,
like date of allocation or other information identified by ARIN) in the
APID in the following cases:

             * All resources delegated by ARIN.
             * If allowed by the parent delegation, and requested by the
contact listed with the parent, a subdelegation of a resource.

         ARIN shall insure all contact information in the APID is
verified from time to time and is correct to the best of ARIN's ability.
ARIN staff shall maintain verification criteria and post it on the ARIN
web site.

     3.2.1 Non-Responsive Contacts

         If ARIN is unable to verify contact information via the normal
verification procedure ARIN shall attempt to notify the parent of the
resource to have the information updated. If there is no parent, or if
the data is not corrected in a reasonable amount of time the resource
shall be SUSPENDED.

         Once the resource is suspended ARIN shall make one more request
of all contacts listed with the resource and the parent resource (if
available), and if no response is received in a reasonable amount of
time the resource shall be reclaimed.

         Third parties may report the inability to make contact with a
party via information in the APID. In this case ARIN shall attempt the
contact verification procedure for that contact immediately. If a
response is received, ARIN should document that a problem occurred, and
the response from the resource holder. Offenders who fail to respond to
third parties more than 4 times per month for three months may have
their resources reclaimed at the discretion of ARIN staff.

         If a third party submits reports of the inability to make
contact that are subsequently disproven, ARIN may choose to ignore
reports from specific companies, people, e-mail addresses, or any other
classification means as appropriate.

         The ARIN staff shall publish the time thresholds and procedural
details to implement this policy on the ARIN web site.

         If a resource is reclaimed under no circumstances shall the
holder of that resource be entitled to a refund of any fees.

     3.3 Data Distribution

         3.3.1 Methods of Access

         ARIN shall publish the APID in the following methods using
industry standard practices:

             * Via the WHOIS protocol.
             * Via a query form accessible via the HTTP protocol.
             * Via FTP to users who complete the bulk data form.
             * Via CDROM to users who complete the bulk data form.
             * Via the RWHOIS protocol.

         3.3.1.1 Outside Sources

         ARIN may refer a query to a outside source (for instance via
RWHOIS or HTTP redirect). Outside sources must:

            1. Have an AUP deemed compatible with the ARIN AUP by ARIN
staff.
            2. Meet the requirements in section 3.3.3.
            3. Support the applications in section 3.3.1.
            4. Prohibit the applications in section 3.3.2.

         3.3.2 Acceptable Usage Policy

         All data provided shall be subject to an AUP. The AUP shall be
written by ARIN staff and legal and posted on the ARIN website. ARIN may
require a signed copy of the AUP before providing bulk data.

         3.3.3 Requirements for Internet Accessible Services

         For any method of access which is provided in real time via the
Internet the following requirements must be met:

             * The distributed information service must be operational
24 hours a day, 7 days a week to both the general public and ARIN staff.
The service is allowed reasonable downtime for server maintenance
according to generally accepted community standards.
             * The distributed information service must allow public
access to reassignment information. The service may restrict the number
of queries allowed per time interval from a host or subnet to defend
against DDOS attacks, remote mirroring attempts, and other nefarious acts.
             * The distributed information service must return current
information.

     3.4 Distribution of the ARIN Public Information Database

         3.4.1 Supported Uses

         ARIN shall make the APID available for the following uses
(supported uses):

            1. ARIN's use in implementing ARIN policies and other business.
            2. Community verification, allowing members of the community
to confirm the proper users of the various resources ARIN controls.
            3. Statistic gathering by ARIN and third parties on resource
utilization.
            4. As a contact database to facilitate communication with
the person or entity responsible for a particular resource.

         3.4.2 Prohibited Uses

         ARIN prohibits the use of the APID for the following uses:

            1. Sending any unsolicited commercial correspondence
advertising a product or service to any address (physical or electronic)
listed in the APID.
            2. Using data in the APID to facilitate violating any state,
federal, or local law.

         3.4.3 Other Uses

         ARIN shall allow all non-prohibited uses of the APID, however
unless those uses are listed as a supported use the data set may be
changed in such a way as to render them ineffective, or they may be
blocked outright as deemed necessary by ARIN staff. Users of
applications not listed who are concerned that they are supported should
introduce a proposal to add their application to the supported list.

     3.5 Distribution of the ARIN Confidential Information Database

         ARIN Staff shall use industry standard procedures to prevent
the distribution of any data in the ARIN Confidential Information Database.

     3.6 Implementation Details

         ARIN Staff shall document all implementation specific details
for directory services in a single document available on the web site.
The document must contain, but is not limited to:

             * Database field definitions.
             * Update procedures.
             * Templates.
             * Points of contact.
             * Copies of the AUP.
             * Verification procedures.

     3.7 [Routing Registry] Copy Verbatim from the existing 3.4.

Section 4.2.3.7.4: Replace with:

     All reassignment information for current blocks shall be submitted
to ARIN prior to submitting a request for a new allocation.

Section 4.2.3.7.6: Strike.
Policy Rationale

Various proposals affecting directory services have come and gone in the
last 5 years leaving the policy affecting directory services
fragemented. Also during that time deployments and laws have changed.
Several large DSL and cable providers now offer subnets to residential
customers that may require them to be registered with ARIN. Several laws
have been passed that may restrict the personal information that can be
published. This proposal attempts to provide a unified policy that is
easier to understand, and is updated to deal with these new issues.

Timetable for implementation: 6-18 months, depending on staff impact.