ARIN-PPML Message

[ppml] Staff Comments Regarding Policy Proposal 2006-3

> However, the current ARIN IRR, according to recent messages on the ppml
> list, contains information that is pulled in from other IRR sources.
> The authenticity of this data can not be verified by ARIN.

Sure it can. ARIN is the only one who CAN guarantee
its authenticity since ARIN is the one who knows 
whether the data originated from its delegees or
from another IRR. If ARIN adds a data field to all
its IRR objects to inform users whether ARIN considers
the data to be trustable or not, then ISPs can act 
accordingly. 

> For route objects stored in the ARIN IRR, according to information I
> was told early this year, ARIN does not presently verify the person
> registering the object against POC info in the resource database as
> is done for address and AS objects.  So ARIN could, but does not,
> authenticate this information.

ARIN is acting correctly in not authenticating this
info because ARIN has no policy that defines the
ARIN RIR as a source of trusted data. In the absence
of a policy defining the scope of the ARIN IRR, 
what is the point in worrying about the processes
followed internally?

--Michael Dillon