[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Directory

[Mury]

Sounds good to me with two exceptions.  Under #5 I think testing every 3
months is a little overboard.  Maybe once a year is more reasonable.

Under #3 and #4 I don't understand the 'guarantee' word and concept.
Perhaps the word guarantee should be replaced with something more
appropriate.  What exactly happens to the resource holder if they don't
keep the info up to date?  They merely get their contact info removed from
the directory?  I know the argument over policy enforcement has been
thrown around with little resolution, but I think there either needs to be
a consequence with real teeth or nothing at all.  For example, add
language that forces the removal of the resources from the entity not
providing current contact info, or just write the policy to say the
resource holder shall provide contact info... remove the guarantee
language and remove #6.

My two cents.

Mury

On Thu, 21 Aug 2003, Member Services wrote:

> ARIN welcomes feedback and discussion about the following policy
> proposal in the weeks leading to the ARIN Public Policy Meeting
> in Chicago, Illinois, scheduled for October 22-23, 2003. All feedback
> received on the mailing list about this policy proposal will be
> included in the discussions that will take place at the upcoming
> Public Policy Meeting.
>
> This policy proposal discussion will take place on the ARIN Public
> Policy Mailing List (ppml at arin.net). Subscription information is
> available at http://www.arin.net/mailing_lists/index.html
>
> Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ### * ###
>
>
> Policy Proposal regarding purpose and scope of whois directory.
>
> 1. ARIN shall maintain and publish a directory of contact information for
> the purposes of facilitating the operation of internconnected IP networks.
>
> 2. This directory will contain contact information for all organizations
> and individuals within the ARIN region who have received IP allocations or
> AS numbers directly from ARIN or its predecessors.
>
> 3. Organizations and individuals must guarantee to ARIN that contact
> addresses published in the whois directory will reach a person who is
> ready, willing and able to communicate regarding network operations and
> interconnect issues and who is able to act on that communication.
>
> 4. Any other organizations may elect to be listed in the whois directory
> as long as they make the guarantee detailed in item 3.
>
> 5. All contacts listed in the whois directory will be contacted every 3
> months to verify that the contact addresses are still valid.
>
> 6. Any invalid contact information will be removed from the directory
> within 60 days of the first attempted contact from item 5.
>
> 7. ARIN will publish the whois directory in three forms using the whois
> protocol on port 43, bulk copies available by FTP and using the LDAP
> protocol.
>
> Why do this?
>
> Well, first of all I think that ARIN needs to have a clear policy
> statement of why we are collecting and publishing this directory.
>
> After that, items 2, 3 and 4 specify what information goes into the
> directory. Specifically, it excludes all organizations and individuals who
> have not received resources directly from ARIN unless they ask to be
> included. It also forces organizations to make a commitment to make sure
> that the contact information provides access to people who can do
> something about interconnect issues (peering), denial of service technical
> issues, abuse, etc. As currently, these addresses could be role accounts,
> P.O. boxes, voicemail numbers etc.
>
> Then items 5 and 6 specify that the data will be tested regularly and
> cleared out if it is stale. I think this is enough detail for the policy
> level to deal with. Most of the existing data will disappear after the 1st
> test period because people will either not respond or will not agree to
> the commitments in item 3. I don't intend for the entire database to be
> tested on the same day. I would hope that operationally this would be
> spread out over the 3 month period.
>
> And in 7, I am specifying that ARIN add an LDAP server to publish this
> directory because I feel that we should provide a real choice to people
> who need to access this directory. I suggest that a good way to start is
> to set up OpenLDAP and use the FIRS work done in the IETF's CRISP working
> group and then see how this all works out in practice. I believe that in
> the long run we will need to add back some kind of status information
> about the large number of address assignments that will no longer show up
> in whois and LDAP is ideally suited to doing this without a lot of
> anguish.
>
> In general, I see no reason why this could not be implemented by January
> 2004. I wouldn't expect 100% of the existing contacts to be tested by that
> time, but I would expect the testing to be well under way. Because the
> first round involves clearing out a much larger number of records, it
> could very well take until the middle of 2004 to have fully dealt with
> every one. A lot of this work could be alleviated if ISPs would provide
> lists of assignments for which they will take responsibility so that ARIN
> can remove those SWIP records wholesale without testing.
>
> -------------------------------------------------------
> Michael Dillon
> Capacity Planning, Prescot St., London, UK
> Mobile: +44 7900 823 672 Internet: michael.dillon at radianz.com
> Phone: +44 20 7650 9493 Fax: +44 20 7650 9030
>