[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Di rectory
cscott at gaslightmedia.com
Wed Aug 27 14:46:16 EDT 2003
On Wed, 27 Aug 2003, Lee Howard wrote:
> To what extent are the following statements true?
> WHOIS without naming the end user is not much use.
Since you asked... I don't agree with this. While others may want data
all the way to the end user, all I care about is if there's someone I can
contact who's going to take responsibility for some issue. I've spent too
much time trying to contact and get response from end-user contact
addresses and phone numbers and 2nd/3rd tier providers using ARIN whois
data. If there is a desire to maintain data down to the end-user level,
I'd prefer to at least know if the contact data is valid.
> End user information without contact information, as currently allowed
> as reassign-simple, is not much use.
At least if the end-user was there but had no contact information I
wouldn't waste time trying to contact them.
Perhaps there's a compromise in this. If (1) whois data for top level
allocations is mandatory (2) contact data verification for top level
allocations is mandatory, (3) contact data verification is optional for
provider assignments and end users, (4) records required to have contact
verification and records that have opted to have contact verification are
clearly marked as being subject to verification, (5) a process
periodically verifies all such records and clearly marks those that don't
verify, and (6) there is an optional method to query only verified
records, then I think we have the best of all worlds.
I do like the concept of opting lower-level records into contact
verification. With that, a provider who wants to can opt to insist that
their customers have verification on their records as a condition of use
and therefore offload most work associated with network issues for those
assignments. Those who don't will of course be responsible themselves.
The last component would potentially be some way of dealing with
contacts that verify but are not responsive when contacted. If that
happens to be a direct allocation from ARIN, then it would become an
issue involving ARIN. If it's an assignment or end-user, then the next
higher verified contact would be the one involved.
> Except for spammer address-harvesting and showing utilization to ARIN,
> WHOIS is not much use.
I'm sure you asked this rhetorically. The Internet would be a pretty
useless place without some ability to contact network operators. Clearly,
accountability is important, if nowhere else but at the allocation level.
More information about the ARIN-PPML