[ppml] Policy Proposal 2003-1: Human Point of Contact

Tue Mar 4 20:18:49 EST 2003


--On Tuesday, March 4, 2003 19:59 -0500 Einar Bohlin <ebohlin at UU.NET> wrote:

> Hi,
>
> This post is for 2003-1 and 2003-2.
>
> Long ago there were host records with POCs.
> Then there were net records with POCs.
> Then ASN records with POCs.
>
> There's been a lot of traffic on queries of
> whois records, and making changes to POC records,
> etc., most of this stemming from spam and abuse
> complaints.
>
> ARIN has a gazillion records.  Most of those records are
> nearly meaningless, like all of our /29s to DSL customers,
> which are there in whois entirely for utilization information.
>
While I would agree that the POC data on some of those records may not
be meaningful, I would not agree that it should not be meaningful.
Indeed, you should be registering information for utilization that
leads to a contact who is responsible for the conduct eminating from
that block.

> The key to all of this is that at any given time pick any IP
> address on the Internet and it is part of one Autonomous System.
> It follows that the only data for the purpose of contact information
> that matters in all of ARIN's whois is ASN records.
>
This is simply not always true.  There are a number of cases where an IP
address may be part of more than one ASN.  There are also cases where many
IPs may be part of an ASN, but the contact data for that ASN has very little
to do with the daily operations of that IP block.  For example, there are
many IP ranges that are "part" of WorldCOM or C&W ASNs which belong to
very large organizations which are customers of those providers.  I suspect
that C&W's contact data would not be terribly useful for resolving problems
starting from one of their customers.  Sure, if it's a small enough 
customer,
they might turn them off eventually, if they confirm the abuse, and the
customer doesn't resolve the problem.  However, being able to contact the
responsible contact for the block directly is a very desirable thing.
As such, I cannot agree that the ASN POC is the only relevant POC.  That,
I believe, is why the ASN POC and the IP block POC records are maintained
independently.

> Any organization that has registered an ASN with ARIN
> has an ORG record.  ORG records have mandatory
> ADMIN and TECH POCs.  There's also an optional
> ABUSE POC and a NOC POC. In the future the ADMIN may
> not be displayed, but there will still be a TECH POC.
>
OK.

> That TECH POC should be a role account
> because anybody who is running their own AS
> should have more than one person responsible for
> operations.
>
While that is true, there should still be at least one POC which leads
to a human being not an automated response system.  This isn't so much
intended to be about ROLE vs. INDIVIDUAL as to be about the ability
to reach someone who can resolve the issue or find someone who can
resolve the issue when the automated response system fails
to create acceptable results (for whatever reason).

> To sum this up, IMHO to meet all contact information requirements
> for all ARIN nets, all that ARIN really has to do is try to make
> sure that TECH POC info for ORGs that have ASNs is up to date
> with phone, email, and street address.
>
OK... Your opinion is noted.  I respectfully disagree as detailed above.
I agree that the above would go a long way towards improving things, but
if the phone number only leads to a voice-jail, and the email only leads
to an autoresponder, and the street address turns out to be a mail drop,
then what?  Even if the street address is legitimate, it's not terribly
useful if you are more than 1,000 miles away trying to resolve an ongoing
abuse situation.

Owen