<div dir="ltr">I am comfortable with option 3 where the records are restored, but the POC is not provided ARIN-Online access so long as there is a process by which a resource holder can validate the chain of custody and fully vet their right to use the resource without signing an RSA.<div><br></div><div>___Jason</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 22, 2017 at 1:24 PM, ARIN <span dir="ltr"><<a href="mailto:info@arin.net" target="_blank">info@arin.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There are thousands of instances of the ARIN Point of Contact (POC)<br>
handle “No, Contact Known” or CKN23-ARIN registered in the ARIN<br>
database, most of them associated with legacy resource records. ARIN<br>
would like the community to review the history of this situation and the<br>
proposed solution and provide us with their feedback.<br>
<br>
The creation and addition of this POC handle was due to a combination of<br>
factors.<br>
<br>
* In 2002, a database conversion project was done at ARIN that<br>
created a new database structure and added a new record type<br>
(Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC).<br>
When an Org ID didn’t have a clear POC that had been recently updated or<br>
vetted by ARIN staff, the original resource POC remained on the resource<br>
record only and no POCs were added to the Org record at all.<br>
* In a later 2011 database conversion, reverse DNS delegation<br>
switched from per-net to per-zone. This created significant hijacking<br>
potential by allowing resource POCs to change their reverse delegation<br>
without first being verified by staff as legitimate.<br>
* Also in 2011, ARIN added a new business rule that required an Admin<br>
and a Tech POC on all Org records as a way of enhancing data quality.<br>
* Policy 2010-14 was implemented in 2011 and required Abuse POCs on<br>
all Org records.<br>
<br>
In order to maintain ARIN’s business rules, comply with policy 2010-14,<br>
and prevent hijackings, several actions were initiated by staff:<br>
<br>
* CKN23-ARIN was created to become the Admin and Tech POC on Orgs<br>
that lacked them<br>
* Resource POCs of legacy networks that had never been updated or<br>
validated by ARIN were moved to the Organization record as the Abuse POC<br>
* ARIN’s verification and vetting requirements were thus reinstated<br>
as the Abuse POC had to be vetted before making any changes to the<br>
record, and therefore could not hijack the resource by adding or<br>
changing the nameservers<br>
<br>
Over time, the above actions have created several issues:<br>
<br>
* It is easy for hijackers to identify and target records with CKN23<br>
(no contact known) as the handle<br>
* POCs that were moved from resource tech to Org abuse are not happy<br>
about no longer having control of their resource record<br>
<br>
There are several different courses of action that ARIN could take to<br>
resolve the current situation.<br>
<br>
Option 1<br>
<br>
Retain the current status and do nothing<br>
<br>
Option 2<br>
<br>
Restore the resource POCs back to their original state on the<br>
resource record keeping in mind that this would open up the hijacking<br>
risk by giving the original resource POC control of the network without<br>
a verification process<br>
* Retain the Abuse POC on the Org record<br>
* Retain CKN23-ARIN as Org POC<br>
<br>
Option 3 - **Recommended option**<br>
<br>
Restore the resource POC back to their original state on the<br>
resource record. This will allow contacts historically associated with<br>
a resource record to more readily administer that record going forward.<br>
* Retain the Abuse POC on the Org<br>
* Replace CKN23-ARIN with a handle that better explains the record’s<br>
status (e.g. “Legacy Record – See Resource POC”)<br>
* Lock all resources associated with these legacy records who have<br>
had their resource POC restored. This would ensure that any changes made<br>
by the resource POC would first have to be reviewed by ARIN.<br>
<br>
We would like to thank the ARIN Services Working Group (WG) for their<br>
helpful review of the proposed change – while the ARIN Services WG did<br>
not take a formal position in support of or in opposition of the<br>
proposed change, their review led to improvements in presentation of the<br>
options<br>
<br>
We are seeking community feedback on this proposed change (Option #3) to<br>
the ARIN Registry database.<br>
<br>
This consultation will remain open for 60 days - Please provide comments<br>
to <a href="mailto:arin-consult@arin.net" target="_blank">arin-consult@arin.net</a>.<br>
<br>
Discussion on <a href="mailto:arin-consult@arin.net" target="_blank">arin-consult@arin.net</a> will close on 22 May 2017.<br>
<br>
If you have any questions, please contact us at <a href="mailto:info@arin.net" target="_blank">info@arin.net</a>.<br>
<br>
Regards,<br>
<br>
John Curran<br>
President and CEO<br>
American Registry for Internet Numbers (ARIN)<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
ARIN-Consult<br>
You are receiving this message because you are subscribed to the ARIN Consult Mailing<br>
List (<a href="mailto:ARIN-consult@arin.net" target="_blank">ARIN-consult@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="http://lists.arin.net/mailman/listinfo/arin-consult" rel="noreferrer" target="_blank">http://lists.arin.net/mailman/<wbr>listinfo/arin-consult</a> Please contact the ARIN Member Services<br>
Help Desk at <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><font color="#555555" face="'courier new', monospace"><div><span style="color:rgb(0,0,0);font-family:arial"><font color="#555555" face="'courier new', monospace">_______________________________________________________<br></font><div><font face="'courier new', monospace">Jason Schiller|NetOps|<a href="mailto:jschiller@google.com" target="_blank">jschiller@google.com</a>|571-266-0006</font></div><div><font face="'courier new', monospace"><br></font></div></span></div></font></div>
</div>