[ppml] Policy Proposal 2003-1: Human Point of Contact

william at elan.net william at elan.net
Thu Mar 6 14:13:00 EST 2003


I did not yet comments on 2003-1 and I'm not entirely made up my mind yet, 
but I have to say I'v not been conviced by either side and I see problems 
with it for both ISP that is listing its contacts and for community 
itself that wants to use the contact info:
I. ISP
 1. Some companies have charn with their employees changing quickly
    and some often change assignments/roles within companies, its easier 
    to keep "role contact", its more up to date. 
 2. People do not like to be listed in public whois information because 
    they inevitibly begin to get contacted for issues not related to 
    do and called names, etc. 
 3. People do not like to be listed in public whois because that information is
    harvested by advertisers.

II. Contact to ISP
 1. If person is not available and its the only contact listed (as its 
    the only contact required!), you have a real problem. 
 2. For emergency situation its a lot more important to reach ANYBODY in 
    the say tech support or NOC then particular somebody.
 3. Human contacts are not available 24/7, role contacts are sometimes 
    (same as #2 really)

I do think its important to keep correct reachable info for at least one 
contact and most likely both abuse and noc if they are listed (as is with 
2003-2), though 2003-2 I'll not support in its current form - it goes way 
way too far on the abuse prevention (I guess I'm moderate...) and to 
actions ARIN can not do (like control over routing table). 

In all, human contact does not hurt, but only as option to be decided by 
ISP and not necessarily as the only option of contact. I think new 
redisign of the database, solves most of it allowing multiple contacts to 
be listed as ISP desires (instead of only one contact as it was before).
And its my understand (please correct me if I'm wrong, I'v not see it 
yet in real whois output yet!) that you can have multiple TECH, ABUSE, NOC 
contacts for the same ORG or NET, allowing for both human and role 
contacts if ISP wants to do so.

On Thu, 6 Mar 2003, Lee Howard wrote:

> On Thu, 6 Mar 2003, McBurnett, Jim wrote:
> 
> > Date: Thu, 06 Mar 2003 14:46:38 -0500
> > From: "McBurnett, Jim" <jmcburnett at msmgmt.com>
> > To: Lee Howard <lee.howard at wcom.com>
> > Cc: ppml at arin.net
> > Subject: RE: [ppml] Policy Proposal 2003-1: Human Point of Contact
> > 
> > 
> > >pick an IP address, look up the ARIN record for that IP address, and
> > >report it to the Abuse POC given in ARIN's records.  Only the latter
> > >case is on topic for ARIN PPML.
> > 
> > The later PPML topic is the one that confuses me sometimes, and hence the
> > RFC ignorant.  A few ISP's I have been spammed from 
> > don't accept abuse@ secuirty@ etc.. And the ARIN POC is often inaccurate for
> > the <fill in your choice word(s) here> people on purpose. And as of late, 
> > many spammers are forging most of the header anyway....
> 
> Somewhat separate issues, still, I think.
> Enforcing ABUSE at domain isn't something I can imagine ARIN doing.  
> Requiring valid POC information is the subject of a current policy 
> proposal, 2003-2.  
> 
> > >or one of my domain names?  I'm not asking about the email address
> > >ABUSE at domain, which is described in the RFC, I'm asking about 
> > >the Abuse 
> > >POC given in ARIN's WHOIS database.
> > 
> > Good Point.. I guess my answer is let's push the POC Policy to get the POC's 
> > to a higher level of accuracy... 
> 
> Excellent, I understand your position now.
> 
>   
> > >In summary, I am asking if there is a proposal to require 
> > >something more
> > >than reachability for the Abuse POC.  If there is, I am asking for 
> > >clarification, and whether this should be part of proposal 2003-1 or a
> > >separate proposal.  If there is no such proposal, then there 
> > >is no debate.
> > 
> > Correction if there is no such proposal we need to create one...
> > AND if it takes it, send the idea to the IETF..
> 
> Here's the text of 2003-2:
> http://www.arin.net/policy/2003_2.html
> Excerpt:
> 
>   2. All networks should [regardless of geographical location] provide a 
>   valid e-mail contact for network [NOC@] and abuse [Abuse@] contact. Make 
>   it standard. 
> 
> It goes further to establish methods for verification and penalties for
> non-compliance.  Are your concerns addressed by this policy proposal, or
> do you have a new policy to propose?
> 
> > Jim
> 
> Thank you for taking the time to discuss the policies.  I must say that
> it's good to see so much participation on the list; it definitely helps
> clarify the proposals being considered at the meeting.
> 
> 
> Lee
> 
> 




More information about the ARIN-PPML mailing list