[ARIN-consult] Community Consultation on CKN23-ARIN Now Open

John Curran jcurran at arin.net
Wed Mar 29 17:44:52 EDT 2017 

On 29 Mar 2017, at 5:21 PM, Steven Noble <snoble at sonn.com> wrote:
> 
> Hi John,
> 
> Now that I have had more time to look at it, I believe you do state the issue I have :
> 
> "    * POCs that were moved from resource tech to Org abuse are not happy about no longer having control of their resource record"
> 
> The entire reason I wanted to get back control of my AS was to update the physical address nothing else.  My reasoning was that the address should be current and correct.  Obviously an AS is not as valuable as IP space, which I believe is what this mainly is addressing (no pun intended).
> 
> Do you have more data about what the POCs are having issues with?  If these POCs are upset I assume you must be unable to vet them, otherwise they would have control of the resource.

Steve - 
 
  We’ve heard some organizations express concern over the fact that they were originally
  listed on network record, and through no action of their own, are no longer visible in a 
  similar manner now that there are organization and network records.  It’s not a question 
  of whether they can vet their organization, but simply a question of the appearance. 

> I think clarity on what is necessary to put the correct data into the record would be useful.

  Evidence that the party is a valid representative to the organization that was issued
  the number resources, or its legal successor. 

> I do agree that CKN23 should be removed as both the email and phone number are invalid and I believe at a minimum the POC should contain actionable data.

  Acknowledged. 

> I do agree that putting resource POCs back in where there is reasonable suspicion that the POC is invalid/hijacked should trigger a lock.

  Understood – the challenge with such an approach would be algorithmically determining 
  the factors that constitute “reasonable suspicion” in a deterministic/equitable manner, and 
  yet cannot be easily bypassed by those who wish to hijack resources.

  Presently, all of these resources are effectively locked, i.e. parties asserting control must go 
  through Org recovery to have their POC associated with the organization.  We not proposing 
  any change to this process - we are only making the organization record have more useful
  information than just showing "CKN-23".

> I am having issue with POCs who are still at the same ORG with the same contact information being locked, which would be a small subset I believe.  Said POCs would not have done anything wrong and their requests should be honored with minimal interference.
> Possibly this is what ARIN is planning to do, i.e. an old record with an old POC gets updated, triggers abuse who then can easily vet that the POC is valid.  Where as an old record with a new POC would require more intensive vetting.

  The proposed registry change doesn’t make any more parties subject to vetting, nor 
  any less – it is, as noted above, whether we retain CKN-23 in these organization 
  records or the previous values from the underlying historic network records. 

Thank you for the excellent feedback!
/John

John Curran
President and CEO
ARIN

More information about the ARIN-consult mailing list