[arin-announce] Reminder: Consultation on CKN23-ARIN Proposal

ARIN info at arin.net
Tue Apr 25 12:12:23 EDT 2017 

As announced on 22 March 2017, there are thousands of instances of the
ARIN Point of Contact (POC) handle "No, Contact Known" or CKN23-ARIN
registered in the ARIN database, most of them associated with legacy
resource records. ARIN would like the community to review the history of
this situation and the proposed solution and provide us with their
feedback. We are conducting this community consultation to obtain
feedback on the proposed options to address this issue. This
consultation period will close at 5 PM EDT, 22 May 2017.
Consultation

The creation and addition of the CKN23-ARIN POC handle was due to a
combination of factors.

     1. In 2002, a database conversion project was done at ARIN that
created a new database structure and added a new record type
(Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC).
When an Org ID didn't have a clear POC that had been recently updated or
vetted by ARIN staff, the original resource POC remained on the resource
record only and no POCs were added to the Org record at all.
     2. In a later 2011 database conversion, reverse DNS delegation
switched from per-net to per-zone. This created significant hijacking
potential by allowing resource POCs to change their reverse delegation
without first being verified by staff as legitimate.
     3. Also in 2011, ARIN added a new business rule that required an
Admin and a Tech POC on all Org records as a way of enhancing data quality.
      4. Policy 2010-14 was implemented in 2011 and required Abuse POCs
on all Org records.

In order to maintain ARIN's business rules, comply with policy 2010-14,
and prevent hijackings, several actions were initiated by staff:

     * CKN23-ARIN was created to become the Admin and Tech POC on Orgs
that lacked them
     * Resource POCs of legacy networks that had never been updated or
validated by ARIN were moved to the Organization record as the Abuse POC
      * ARIN's verification and vetting requirements were thus reinstated
as the Abuse POC had to be vetted before making any changes to the
record, and therefore could not hijack the resource by adding or
changing the nameservers

Over time, the above actions have created several issues:

      * It is easy for hijackers to identify and target records with
CKN23 (no contact known) as the handle
      * POCs that were moved from resource tech to Org abuse are not
happy about no longer having control of their resource record

There are several different courses of action that ARIN could take to
resolve the current situation.

Option 1

      * Retain the current status and do nothing

Option 2

      * Restore the resource POCs back to their original state on the
resource record keeping in mind that this would open up the hijacking
risk by giving the original resource POC control of the network without
a verification process
      * Retain the Abuse POC on the Org record
      * Retain CKN23-ARIN as Org POC

Option 3 - **Recommended option**

      * Restore the resource POC back to their original state on the
resource record.   This will allow contacts historically associated with
a resource record to more readily administer that record going forward.
      * Retain the Abuse POC on the Org
      * Replace CKN23-ARIN with a handle that better explains the
record's status (e.g. "Legacy Record – See Resource POC")
      * Lock all resources associated with these legacy records who have
had their resource POC restored. This would ensure that any changes made
by the resource POC would first have to be reviewed by ARIN.

We would like to thank the ARIN Services Working Group (WG) for their
helpful review of the proposed change – while the ARIN Services WG did
not take a formal position in support of or in opposition of the
proposed change, their review led to improvements in presentation of the
options

We are seeking community feedback on this proposed change (Option #3) to
the ARIN Registry database.

Please provide comments to arin-consult at arin.net. You can subscribe to
this mailing list at:
http://lists.arin.net/mailman/listinfo/arin-consult.

Please contact us at info at arin.net if you have any questions.

Regards,

John Curran
President & CEO
American Registry for Internet Numbers (ARIN)

More information about the ARIN-announce mailing list