[ppml] Access to Bulk WHOIS data - a possible proposal?
    sigma at smx.pair.com 
    sigma at smx.pair.com
       
    Wed May 21 12:28:05 EDT 2003
    
    
  
In the spirit of full disclosure, I am part of the group which worked on
the WHOIS policy within the AC.  Right now the proposal is under review by
ARIN staff and legal counsel.  It will be published to PPML soon.
Kevin
> The AC's job is to examine public input regarding policy proposals and
> formulate recommendations for the board.  Every scrap of public discussion
> goes towards that process.  Your willingness to engage in public discussion
> and revisions is a great thing, and I, too, encourage you to run for the
> AC.  It's exactly the kind of work which needs to be done.
> 
> The group in the AC is not radically rewriting your policy or doing
> anything weird or clandestine.
> 
> Kevin
> 
> > > There is a small group of AC members working on this proposal. 
> > 
> > As I already stated several times before, anybody, be that member of AC 
> > or not, can and should make suggestions on this issue, on how proposal 
> > for whois aup and bulk whois should look like and post that on ppml. As 
> > has been shown by my previous actions, I heard every suggestion that was 
> > made and have incorporated it all into new version. The text is at:
> > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm
> > 
> > If you you do not like particular text there, or have other suggestions, 
> > PLEASE, PLEASE say it on ppml and we can discuss it and see if better 
> > text can be created (and if you do not want to post on public list for 
> > privacy, email harvesting, or other reasons, send email to me privately 
> > and I'll repost it without specifying your email address and only your 
> > first name).
> > 
> > As for the AC working on it privately - you choose to do things completely
> > behind close doors and make everyone accept it afterwards, not my way, sorry.
> > So I challenge people at AC who are supposedly working on it to post their
> > version NOW so we could all compare and see if it is better or has any points
> > not otherwise already addressed by the version of proposal I have made. If 
> > I do not see anything posted by the end of the week I'll consider it an 
> > answer that AC has nothing good to add on this issue and as such AC should 
> > not be a barrier to an issue that is otherwise already beeing addressed.
> > 
> > > -----Original Message-----
> > > From: william at elan.net [mailto:william at elan.net]
> > > Sent: Wednesday, May 21, 2003 4:59 AM
> > > To: Ian Baker
> > > Cc: ppml at arin.net
> > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal?
> > > 
> > > 
> > > How long is not an simple answer...
> > > 
> > > After last proposal despite general support for it from those present on 
> > > the meeting, the AC decided to abandon it. In my view this was just 
> > > completely unprecidented for proposal where main ideas are totolly 
> > > supported by everybody (37:0 for) and issues being raised were only 
> > > to clarify how proposal changes current policies, and for example even
> > > the network abuse proposal which everyone felt is completely ridiculous in 
> > > the current form was not abandoned and in that case some thought its just 
> > > completely unnecessary and nothing should be done there. So I'm sure 
> > > reasons for abandoing whois aup proposals had nothing to do with the 
> > > proposal itself or reaction to it on the meeting. 
> > > 
> > > And couple weeks ago, I've promised to send appeal letter to get AC decision
> > > reversed, but got busy with other work and did not do it. I'll now work on 
> > > it and will actually send two letters, one to AC to reconsider abandoing 
> > > proposal and returning it for discussion or recomending approval of new 
> > > version and one letter to BoT to reject AC recomendation to abandon 
> > > proposal (in case AC decides not to respond to my letter). I do not know 
> > > how much that will change, AC is not likely to admit it made decisions 
> > > based not on the merit of the case, but its possible BoT might ignore AC 
> > > considering the situation. In either case and even if both AC and BoT do 
> > > not respond (which they do not have to considering there is no official 
> > > appeal process), the new version of proposal will be presented on next 
> > > meeting (matters not if its called new version or new proposal). In theory 
> > > its possible that AC will see it my way, reverse its decision, review 
> > > current version and agree that I made necessary changes based on the 
> > > feedback received and send new version for approval by BoT - in this case 
> > > the proposal can be approved and implemented before next meeting having 
> > > gone through one already, but this is probably a dream and current AC is 
> > > unlikely to make such a decision.
> > > 
> > > But I'v learned my lesson, after presenting proposal on next meeting, I'll 
> > > not let the pool be taken then only on the issue and will directly ask 
> > > about current version and if people have comments and suggestions will 
> > > modify proposal in real-time on my notebook as I'v seen others do and my 
> > > feeling is that people in the meeting will approve it and then there is 
> > > some chance it'll be approved by BoT by end of the year. 
> > > 
> > > So realisticly you're probably looking at year 2004 when you'll see this 
> > > implimented. As I said, in theory its possible to get it done a lot sooner
> > > (even within one-two months...) and in my view there is no good arguments 
> > > no to, but its probably not going to happen.
> > > 
> > > On Wed, 21 May 2003, Ian Baker wrote:
> > > 
> > > > William,
> > > >     Yep - that matches exactly what I'm asking for.
> > > > 
> > > > Any idea on how long this sort of procedure takes? I assume that I'd have
> > > to
> > > > reapply in writing, after the rejection of the first request? (As I said -
> > > > I'm a newbie here ;o)
> > >  
> > > > Personally, I'm only looking at something like a monthly or tri-monthly
> > > > update - it's the accuracy that I'm really worried about, as the
> > > granularity
> > > > on a general search doesn't appear to be too hot. I'll only know for sure
> > > > when comparing with the old method (based on the principle used by GeoIP,
> > > > which uses the two most significant bytes of an IPv4 address and is
> > > > hideously inaccurate for RIPE addresses)
> > > > 
> > > > Regards,
> > > > 
> > > > Ian
> > > > 
> > > > ----- Original Message ----- 
> > > > From: <william at elan.net>
> > > > To: "Ian Baker" <ibaker at codecutters.org>
> > > > Cc: <ppml at arin.net>
> > > > Sent: Wednesday, May 21, 2003 8:07 AM
> > > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal?
> > > > 
> > > > 
> > > > I have been advocating direct access to bulk whois for a while and I also
> > > > represent company (or rather non-profit public-service project by the
> > > > company) that would really benefit from being able current whois data
> > > > at least once/day plus to that I'm begging a work on real-time
> > > > specific bogons list based of ip space not present in whois (first part of
> > > > this project will involve only old internic blocks, but then I'd like to
> > > > move to all blocks where arin is making current registrations as well).
> > > > 
> > > > A already made one proposal for last meeting:
> > > > http://www.arin.net/policy/2003_9.html
> > > > and newer version of this that will most likely go to next meeting is at
> > > > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm
> > > > 
> > > > If this does not meat your needs for access to bulk whois, I would very
> > > > much like to hear from you as well as about any other comments people have
> > > > regarding the proposal and its text. I'll incorporate all good suggestions
> > > > to come up with acceptable proposal text by next meeting.
> > > > 
> > > > On Wed, 21 May 2003, Ian Baker wrote:
> > > > 
> > > > > Hi,
> > > > >     After some e-mail conversation with Mike at the ARIN helpdesk, I am
> > > > > thinking about putting-forward a proposal concerning access to bulk
> > > WHOIS
> > > > > data.
> > > > >
> > > > > However, being a newbie at this, I thought it better to open-up
> > > > discussions
> > > > > /before/ submitting such a proposal. If this is the wrong way of doing
> > > > > things, or has already been rejected in the past (couldn't see anything
> > > > > obvious in the archives) then please just let me know..
> > > > >
> > > > > Basically, I have written an IP to country/continent translator. It is
> > > > > initially being used to provide a geographical visitor profile to my web
> > > > > site, and as a filter mechanism of the anti-spam e-mail server that is
> > > > > currently awaiting release.
> > > > >
> > > > > RIPE an APNIC data is processed using the bulk databases, taking around
> > > 3
> > > > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling
> > > > > limit for a continuous 2 to 7 days. The reason being, I'm a private
> > > > > individual.
> > > > >
> > > > > Apparently the rules are such that bulk WHOIS data is only available to
> > > > > corporations, and not individuals.
> > > > >
> > > > > I can understand the reasoning behind such a rule - an individual
> > > > > spammer/cracker would be pretty difficult to track-down in the event of
> > > an
> > > > > abuse of access - but I'm not convinced that this should be an
> > > /absolute/
> > > > > rule. My reasoning is thus:
> > > > >
> > > > > 1. The rule does not make a distinction between "white-hat" and
> > > > "black-hat"
> > > > > activity - a corporation that later goes on to, or is acquired by an
> > > > > organization that, employs undesirable practices (e.g. spamming) may be
> > > > > permitted access, while a private individual is not.
> > > > >
> > > > > 2. Much of the data is publicly available, if one is willing to wait
> > > long
> > > > > enough
> > > > >
> > > > > 3. The data provided by a general WHOIS search is less accurate, as -
> > > from
> > > > a
> > > > > sample of the run thus far - large blocks are allocated to individual
> > > > > organizations with no real way of determining whether smaller blocks
> > > have
> > > > > been sub-allocated to different organizations and countries. Which
> > > greatly
> > > > > reduces the accuracy of the data sampled.
> > > > >
> > > > > 4. The majority of spamming data would appear to originate from trawls
> > > of
> > > > > Usenet, the Web, and SMTP servers.
> > > > >
> > > > > 5. Depending upon what checks are made, there may be nothing to stop an
> > > > > individual from falsely claiming to represent an organization (e.g.
> > > Chief
> > > > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in
> > > > place -
> > > > > simply using their employer's name without their knowledge). This allows
> > > > the
> > > > > possibility of "black-hat" individuals gaining access to the data, while
> > > > > still inhibiting access by those of a more honest nature.
> > > > >
> > > > > My conclusion is therefore that the ban on private access does not
> > > > > particularly aid the development of the Internet as a whole, while it
> > > most
> > > > > definitely inhibits certain aspects.
> > > > >
> > > > > My proposal is, therefore, to remove the ban on private individuals
> > > having
> > > > > access to bulk WHOIS data and decide the issue purely on merit.
> > > > >
> > > > > Now - what have I missed? ;o)
> > > > >
> > > > > Regards,
> > > > >
> > > > > Ian Baker
> > > > > Webmaster, codecutters.org &
> > > > > EMEA Support Manager, OpenConnect Systems Ltd.
> > > > >
> > > > 
> > > > 
> > > 
> > 
> 
    
    
More information about the ARIN-PPML
mailing list