ARIN-PPML Message

[arin-ppml] Policy Proposal: Whois Authentication Alternatives

ARIN received the following policy proposal. In accordance with the ARIN
Internet Resource Policy Evaluation Process, the proposal is being
posted to the ARIN Public Policy Mailing List (PPML) and being placed on
ARIN's website.

The ARIN Advisory Council (AC) will review this proposal at their next
regularly scheduled meeting. The AC may decide to:

      1. Accept the proposal as written. If the AC accepts the proposal,
it will be posted as a formal policy proposal to PPML and it will be
presented at a Public Policy Meeting.

      2. Postpone their decision regarding the proposal until the next
regularly scheduled AC meeting in order to work with the author. The AC
will work with the author to clarify, combine or divide the proposal. At
their following meeting the AC will accept or not accept the proposal.

      3. Not accept the proposal. If the AC does not accept the proposal,
the AC will explain their decision via the PPML. If a proposal is not
accepted, then the author may elect to use the petition process to
advance their proposal. If the author elects not to petition or the
petition fails, then the proposal will be closed.

The AC will assign shepherds in the near future. ARIN will provide the
names of the shepherds to the community via the PPML.

In the meantime, the AC invites everyone to comment on this proposal on
the PPML, particularly their support or non-support and the reasoning
behind their opinion. Such participation contributes to a thorough
vetting and provides important guidance to the AC in their deliberations.

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

Mailing list subscription information can be found at:
http://www.arin.net/mailing_lists/

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Policy Proposal Name: Whois Authentication Alternatives

Author: Michael Sinatra

Proposal Version: 1

Submission Date: August 19, 2008

Proposal type: new

Policy term: permanent

Policy statement:

In addition to current processes ARIN has to authenticate holders
of historical resources, ARIN will also allow holders of resources
to authenticate themselves for the purposes of updating WHOIS
information for a given resource according to the following mechanism:

A holder of resources not governed by any type of RSA (i.e. legacy
or regular) may work with ARIN staff to establish an inventory of
those resources legitimately maintained by the holder.  ARIN staff
will work to authenticate each resource claimed by the holder.  Upon
successful completion of the authentication process, the holder
will be entitled to make updates to whois information for those
resources for a period of one year, with an option for renewal.
For ARIN non-members, ARIN will charge a maintenance fee to recover
costs associated with the authentication process and whois maintenance.
For ARIN members, the fee will be waived or discounted at ARIN's
discretion.  Renewal is automatic pending the payment of maintenance
or membership fees.  Failure to pay fees will result in the whois
information being "locked," and updates to the information will not
be possible.

Successful authentication and the payment of membership and/or
maintenance fees does not confer any rights upon the holder such
as those that would be granted by an RSA (legacy or regular).

Rationale:

ARIN needs to protect whois data from hijacking, but the current
mechanisms for authenticating holders (especially legacy holders)
are limited.  The current method, signing a Legacy RSA, may not be
a viable option in the near term for such legacy holders for a
variety of legal reasons.  In the interest of: (a) protecting whois
data; (b) keeping whois up-to-date for the Internet community; and
(c) recovering costs associated with WHOIS and in-addr.arpa delegation,
an alternative authentication mechanism needs to be established for
holders of historical resources.  This proposal does not intend to
discount either type of RSA, and it attempts to specifically stay
out of the way of the RSAs.

NOTE: This proposal assumes the existence of some form of policy
such as that proposed by the "Whois Integrity Policy Proposal."

Timetable for implementation: Immediate