[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Di rectory

[Azinger, Marla]

Ok...so I dont get accused of not commenting until I get to the mic at the
conference....here are my concerns....

I'm not sure what to think about this one yet. 

1.  Can someone verify if this is or is not supposed to be a seperate list
from all the SWIP Records in the WHOIS database? 

2.  In the end...does this policy mean that if I want the End Users and
ISP's that I Re-assign and RE-allocate to will not have their abuse,
technical and whatever else contact info visibile unless I take extra steps
to ensure "I want them visible"?  If this does mean I have to take extra
steps....I give up...because as a person that sends these in daily....I'm
already jumping through to many hoops.

3.  When you mention validating the POC info every three months....is this
to be done with just Direct Allocation from ARIN?  Or do you really mean the
whole WHOIS database?  If its the whole database...and its done in the same
manner it was done this last year by ARIN....where you have to update
records that are really already updated.............Every 3 months is
excessive and I dont see this being easily supported. 

Marla Azinger
IP Analyst for:
Electric Lightwave
Frontier Communications
Citizens 

-----Original Message-----
From: Mury [mailto:mury at goldengate.net]
Sent: Thursday, August 21, 2003 12:20 PM
To: Member Services
Cc: ppml at arin.net
Subject: Re: [ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS
Directory



Sounds good to me with two exceptions.  Under #5 I think testing every 3
months is a little overboard.  Maybe once a year is more reasonable.

Under #3 and #4 I don't understand the 'guarantee' word and concept.
Perhaps the word guarantee should be replaced with something more
appropriate.  What exactly happens to the resource holder if they don't
keep the info up to date?  They merely get their contact info removed from
the directory?  I know the argument over policy enforcement has been
thrown around with little resolution, but I think there either needs to be
a consequence with real teeth or nothing at all.  For example, add
language that forces the removal of the resources from the entity not
providing current contact info, or just write the policy to say the
resource holder shall provide contact info... remove the guarantee
language and remove #6.

My two cents.

Mury

On Thu, 21 Aug 2003, Member Services wrote:

> ARIN welcomes feedback and discussion about the following policy
> proposal in the weeks leading to the ARIN Public Policy Meeting
> in Chicago, Illinois, scheduled for October 22-23, 2003. All feedback
> received on the mailing list about this policy proposal will be
> included in the discussions that will take place at the upcoming
> Public Policy Meeting.
>
> This policy proposal discussion will take place on the ARIN Public
> Policy Mailing List (ppml at arin.net). Subscription information is
> available at http://www.arin.net/mailing_lists/index.html
>
> Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ### * ###
>
>
> Policy Proposal regarding purpose and scope of whois directory.
>
> 1. ARIN shall maintain and publish a directory of contact information for
> the purposes of facilitating the operation of internconnected IP networks.
>
> 2. This directory will contain contact information for all organizations
> and individuals within the ARIN region who have received IP allocations or
> AS numbers directly from ARIN or its predecessors.
>
> 3. Organizations and individuals must guarantee to ARIN that contact
> addresses published in the whois directory will reach a person who is
> ready, willing and able to communicate regarding network operations and
> interconnect issues and who is able to act on that communication.
>
> 4. Any other organizations may elect to be listed in the whois directory
> as long as they make the guarantee detailed in item 3.
>
> 5. All contacts listed in the whois directory will be contacted every 3
> months to verify that the contact addresses are still valid.
>
> 6. Any invalid contact information will be removed from the directory
> within 60 days of the first attempted contact from item 5.
>
> 7. ARIN will publish the whois directory in three forms using the whois
> protocol on port 43, bulk copies available by FTP and using the LDAP
> protocol.
>
> Why do this?
>
> Well, first of all I think that ARIN needs to have a clear policy
> statement of why we are collecting and publishing this directory.
>
> After that, items 2, 3 and 4 specify what information goes into the
> directory. Specifically, it excludes all organizations and individuals who
> have not received resources directly from ARIN unless they ask to be
> included. It also forces organizations to make a commitment to make sure
> that the contact information provides access to people who can do
> something about interconnect issues (peering), denial of service technical
> issues, abuse, etc. As currently, these addresses could be role accounts,
> P.O. boxes, voicemail numbers etc.
>
> Then items 5 and 6 specify that the data will be tested regularly and
> cleared out if it is stale. I think this is enough detail for the policy
> level to deal with. Most of the existing data will disappear after the 1st
> test period because people will either not respond or will not agree to
> the commitments in item 3. I don't intend for the entire database to be
> tested on the same day. I would hope that operationally this would be
> spread out over the 3 month period.
>
> And in 7, I am specifying that ARIN add an LDAP server to publish this
> directory because I feel that we should provide a real choice to people
> who need to access this directory. I suggest that a good way to start is
> to set up OpenLDAP and use the FIRS work done in the IETF's CRISP working
> group and then see how this all works out in practice. I believe that in
> the long run we will need to add back some kind of status information
> about the large number of address assignments that will no longer show up
> in whois and LDAP is ideally suited to doing this without a lot of
> anguish.
>
> In general, I see no reason why this could not be implemented by January
> 2004. I wouldn't expect 100% of the existing contacts to be tested by that
> time, but I would expect the testing to be well under way. Because the
> first round involves clearing out a much larger number of records, it
> could very well take until the middle of 2004 to have fully dealt with
> every one. A lot of this work could be alleviated if ISPs would provide
> lists of assignments for which they will take responsibility so that ARIN
> can remove those SWIP records wholesale without testing.
>
> -------------------------------------------------------
> Michael Dillon
> Capacity Planning, Prescot St., London, UK
> Mobile: +44 7900 823 672 Internet: michael.dillon at radianz.com
> Phone: +44 20 7650 9493 Fax: +44 20 7650 9030
>