[ppml] Policy Proposal 2003-1a: Required Performance of Abuse Contact

Owen DeLong owen at delong.com
Tue Mar 11 12:14:46 EST 2003 

> Don't back off so vigorously. Here's an attempt at some better wording:
>
> Given that the network is a shared resource, it is inevitable that some
> activities on the network will be viewed as network abuse by other users
> of the network. We make no attempt to define abuse here since that is
> better left to other forums. ARIN's only interest is to facilitate
> communication between the various parties who are using the network. To
> that end, this policy specifies the contact information that each
> organization MUST publish.
>
I like this exactly as you have phrased it.  I will substitute the paragraph
in my draft.  Thanks!!!

>>                3.              Address valid for Legal Service
>
> How about "Address to be used only to serve legal documents".
>
I think it is acceptable (although unlikely) for someone to submit other
abuse contact efforts via postal mail to this address prior to litigation.
As such, I don't think the address should be listed as only for legal
service.  However, I do think it is important that the address _CAN_ be
used for legal service.

>>                5.              A list of "normal business hours"
> specified in terms of the
>>                                time zone applicable to the address in
> item 3 or in UTC, with
>>                                an indication of whether DST should be
> considered.  These
>>                                hours should comprise at least 30 hours
> per week.
>
> Too complicated. It should just indicate normal business hours in local
> time and identify the timezone offset from GTM. Assuming North American
> sites, everybody has a business day that overlaps everybody else at one
> end of the day or other, even the Aleutian islands (GMT -10 no DST) and
> Newfoundland (GMT -3.5 uses DST) make it just barely. But if you are
> thinking of the rest of the world, DST rules are not the same everywhere.
> In fact languages and legal systems are also different so let's not go
> there.
>
I think that some providers might prefer to publish their hours in UTC,
and I want to allow for that.  (GMT and UTC are not actually identical,
BTW, and UTC is probably what you intend above).

>
>>                6.              A phone number
>
> Specify that this is a toll number. An 800 number that is usable in the
> USA cannot normally be used from within Canada and vice versa. And a
> regional network probably is only paying for a regional 800 number which
> means it won't work nationally.
>
OK...How about:

		6.	A globally reachable telephone number

>>                7.              A URL where the ORG maintains a web site
> listing it's ABUSE
>>                                POLICIES.
>
> Sounding more like a job for LDAP every day...
>
Let's _PLEASE_ not go there.  (I'm in the middle of my own LDAP nightmares
on a different project right now).

>
>> Each ORG shale be required to meet the following standards with respect
>
> I think this whole section is outside of ARIN's mandate because it is
> defining how the members do business and therefore could be viewed as
> restraint of trade.
>
Nope.  It is setting up a contractual requirement like many other contracts
in business.  The ORG is receiving a resource controlled and allocated by
ARIN, and, in exchange, they are agreeing to meet the terms and conditions
of this contract as long as they continue to retain and/or use that 
resource.

>> If a resource is revoked under this policy, it shall be referred to the
>> ARIN ABUSE COUNCIL for final determination.
>
> This costs money. Before going into great detail about how such a
> hypothetical function will operate you should get some consensus on
> whether or not such a function should exist. This also gets way out of
> scope of a policy for maintaining some contact info.
>
Again, I disagree.  First, the contact policy simply doesn't mean anything
without the ability to revoke the resource as a result of a material breach.
Second, I, for one, am uncomfortable with making the ARIN staff judge, jury,
and executioner on this issue.  (As much for what it would do to the staff
as for the other obvious reasons).  As such, I think having a clearly 
defined
appellate process in the policy is important.  As to the cost, you have
five uncompensated volunteers who conduct their business (which should,
realistically be a very light workload) via email.  How many appealed
revocations are you expecting in given year?  I would expect it to be a
relatively small number.  If it is not, then, perhaps, we need to look at
the cost issue and find other ways of dealing with the appellate process.
However, I don't think this will actually be an issue.

> If ARIN ever did create an ABUSE COUNCIL, I doubt it would happen like
> this. If there really is a need for such a council, it would be better to
> start a working group to do some investigations of the need, define the
> scope, and draft some guidelines for how the ABUSE COUNCIL would operate.
> Then, only if all of this was successful and met with broad support,
> would  you get serious consideration from the ARIN board and AC.
>
I think you are applying more scope to the ABUSE COUNCIL that I attempted
to define in the document.  The sole and only role of the ABUSE COUNCIL 
would
be to provide an appellate to a revocation made by the ARIN staff as a 
result
of this policy.  As such, the creation of the council is within the scope
of this document (although, perhaps the name is implying a broader scope
than intended and I should consider renaming it).  The council does not 
define
abuse, set policy, or create any sort of rules.  They simply examine
revocations made by the staff and any additional evidence presented by the
offending ORG and make a ruling to support, deny, or delay the revocation.

Owen

> --Michael Dillon
>
>

More information about the ARIN-PPML mailing list