From adam at solidnetwork.org Tue Apr 25 12:57:37 2017 From: adam at solidnetwork.org (Adam Brenner) Date: Tue, 25 Apr 2017 09:57:37 -0700 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: Message-ID: <252c334d-30db-b42c-bb7e-b24dc42a6560@solidnetwork.org> Responses inline: On 03/22/2017 10:24 AM, ARIN wrote: > > Option 3 - **Recommended option** > > Restore the resource POC back to their original state on the > resource record. This will allow contacts historically associated with > a resource record to more readily administer that record going forward. Won't this allow easier for hijacking? I am going off the assumption that original POC records have domains that expired. Random idea: ARIN could query all records and see if the domain has expired or/and check if the creation date is newer then the date in its database. If a record matches to any of those: perhaps do not restore to the original state? Or.. am I over thinking this? > * Retain the Abuse POC on the Org > * Replace CKN23-ARIN with a handle that better explains the record?s > status (e.g. ?Legacy Record ? See Resource POC?) Isn't that the same thing? Replace the current handle with a new handle? I do not get it. Could still query the database and find all records that have the new handle. If you include text like "Legacy Record" you are also spilling more information to the public about the resource: Legacy, etc. What other status do you plan to use and share with the public? > * Lock all resources associated with these legacy records who have > had their resource POC restored. This would ensure that any changes made > by the resource POC would first have to be reviewed by ARIN. > I like it. Out of curiosity how large of an impact is this to the ARIN community? You mentioned thousands of instances in the opening thread and many are legacy resources. I know you can not go into too much specificity, but is this 50% of all ARIN IP resources? 10%? This would better gauge the importance of the impact which did not come out clear in the original email. /adam -- Adam Brenner, Chief Executive Officer SolidNetwork Technologies, Inc. From adam at solidnetwork.org Wed Apr 26 11:31:16 2017 From: adam at solidnetwork.org (Adam Brenner) Date: Wed, 26 Apr 2017 08:31:16 -0700 Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open In-Reply-To: References: Message-ID: <767c0855-bd60-295c-8eeb-74c5253d56be@solidnetwork.org> All, Sorry for the spam if you got this message twice, but I suspect that ARIN's mailing list is not properly setup to handle domains that have DMARC records setup. I had to disable DMARC on my entire domain to get this message posted. @John: this should _probably_ be fixed if you want to solicit feedback from the community. :-) https://wiki.list.org/DEV/DMARC > The DMARC authors essentially acknowledge that adopting DMARC > requires changing mailing list habits. You cannot continue to > run your mailing list the way you always have, in DMARC > compatible way. Responses to the original thread inline: On 03/22/2017 10:24 AM, ARIN wrote: > > Option 3 - **Recommended option** > > Restore the resource POC back to their original state on the > resource record. This will allow contacts historically associated with > a resource record to more readily administer that record going forward. Won't this allow easier for hijacking? I am going off the assumption that original POC records have domains that expired. Random idea: ARIN could query all records and see if the domain has expired or/and check if the creation date is newer then the date in its database. If a record matches to any of those: perhaps do not restore to the original state? Or.. am I over thinking this? > * Retain the Abuse POC on the Org > * Replace CKN23-ARIN with a handle that better explains the record?s > status (e.g. ?Legacy Record ? See Resource POC?) Isn't that the same thing? Replace the current handle with a new handle? I do not get it. Could still query the database and find all records that have the new handle. If you include text like "Legacy Record" you are also spilling more information to the public about the resource: Legacy, etc. What other status do you plan to use and share with the public? > * Lock all resources associated with these legacy records who have > had their resource POC restored. This would ensure that any changes made > by the resource POC would first have to be reviewed by ARIN. > I like it. Out of curiosity how large of an impact is this to the ARIN community? You mentioned thousands of instances in the opening thread and many are legacy resources. I know you can not go into too much specificity, but is this 50% of all ARIN IP resources? 10%? This would better gauge the importance of the impact which did not come out clear in the original email. /adam -- Adam Brenner, Chief Executive Officer SolidNetwork Technologies, Inc. From jcurran at arin.net Wed Apr 26 16:56:58 2017 From: jcurran at arin.net (John Curran) Date: Wed, 26 Apr 2017 20:56:58 +0000 Subject: [ARIN-consult] DMARC on ARIN Mailing Lists (was: Re: Community Consultation on CKN23-ARIN Now Open) In-Reply-To: <767c0855-bd60-295c-8eeb-74c5253d56be@solidnetwork.org> References: <767c0855-bd60-295c-8eeb-74c5253d56be@solidnetwork.org> Message-ID: On 26 Apr 2017, at 11:31 AM, Adam Brenner > wrote: Sorry for the spam if you got this message twice, but I suspect that ARIN's mailing list is not properly setup to handle domains that have DMARC records setup. Adam - Actually, it is not at all clear if it is presently possible to operate a mailing list in a manner which meets both existing community expectations for mailing list behavior _and_ also aligns with DMARC's expectations regarding header/sender alignment. As result, there is an abundance of discussion currently going on this very topic (e.g. when certain large email providers began to reject based on DMARC settings), as well as an Internet-wide scramble to update to mailing list management software to allow for selection of a variety of new settings for message munging [all suboptimal in one manner or another] entirely to work around the interoperability issues with DMARC that are well-detailed in RFC 7960. I had to disable DMARC on my entire domain to get this message posted. Indeed - telling all receiving mail transfer agents (MTA?s) not to accept email that is purportedly from your domain but coming from a different MTA, and then using mailing lists that do exactly this behavior is likely to result in some issues for the rather obvious reasons... @John: this should _probably_ be fixed if you want to solicit feedback from the community. :-) https://wiki.list.org/DEV/DMARC The DMARC authors essentially acknowledge that adopting DMARC requires changing mailing list habits. You cannot continue to run your mailing list the way you always have, in DMARC compatible way. How nice. The Internet has reminded the DMARC community that one must "Be liberal in what you accept, and conservative in what you send?, or your solution will not be robust? (the very definition of the present state of DMARC operations in the Internet today) However, in regards to your specific suggestion ? we are researching using DMARC on ARIN?s mailing lists, and will develop a plan that attempts to accommodate it with a minimum of impact to participants in the ARIN community. It is quite possible that will require an additional consultation with community on this very mailing list, so you might want to keep that DMARC setting turned off for a while if you wish to participate. Thank you, /John John Curran President and CEO American Registry for Internet Numbers (ARIN) -------------- next part -------------- An HTML attachment was scrubbed... URL: