[arin-ppml] ARIN validation of authorized contacts

[Benson Schliesser]

On Mar 31, 2011, at 6:34 AM, George, Wes E [NTK] wrote:

> There's a thread on NANOG right now about some address hijacking/squatting, and it brings up an interesting question about how ARIN 
> determines whether a person purporting to represent a company is actually authorized to make changes.
> ...
> So my question is regarding the identification and validation of authorized agents. Is ARIN staff already thinking about ways to 
> manage this? Can we potentially kill two birds with one stone and improve the accuracy of ARIN whois records and support RPKI?

Important questions, Wes - thanks for asking them.  In addition, I would also like to understand the following:  How does the ARIN process compare with existing models (e.g. SSL certificates)?  Given the recent headlines about weakness in the certificate industry, is the ARIN process considered adequately robust?  And given the single-root nature of RPKI as implemented by the RIRs (which differs from the SSL multi-CA model) are operators confident they can deal with potential systemic trust issues, i.e. around security threats, governance policy, etc?

Cheers,
-Benson