[ppml] Proposed policy - Purpose and scope of ARIN Whois directory
memsvcs at arin.net
Thu Feb 19 09:34:13 EST 2004
ARIN received the following policy proposal. In accordance
with the ARIN Internet Resource Policy Evaluation Process the
proposal is being posted to the ARIN Public Policy Mailing List
and being placed on ARIN's website.
The ARIN Advisory Council will review the proposal and within
ten working days may decide to:
1) support the proposal as is,
2) work with the author to clarify, divide or combine one or more
policy proposals, or
3) not support the policy proposal.
If this proposal is accepted by the Advisory Council or successfully
petitioned it will be posted as a formal policy proposal to the Public
Policy Mailing List and it will be presented at the Public Policy
Meeting. If the proposal is not supported by the AC and the author
elects not to petition or the petition fails, then the policy proposal
will be considered closed.
The ARIN Internet Resource Policy Evaluation Process is available at:
Mailing list subscription information is available at:
American Registry for Internet Numbers (ARIN)
### * ###
Policy Proposal Name: Purpose and scope of ARIN Whois directory
Author: Michael Dillon
Author's Organization: Radianz, Inc.
Policy term: permanent
1. ARIN shall maintain and publish a directory of contact information
for the purposes of facilitating the operation of interconnected
2. This directory will contain contact information for all organizations
and individuals within the ARIN region who have received IP allocations
or AS numbers directly from ARIN or its predecessors.
3. Organizations and individuals must guarantee to ARIN that contact
addresses published in the whois directory will reach a person who
is ready, willing and able to communicate regarding network operations
and interconnect issues and who is able to act on that communication.
4. Any other organizations may elect to be listed in the whois directory
as long as they make the guarantee detailed in item 3.
5. All contacts listed in the whois directory will be contacted
periodically and the directory will indicate information which may
be stale if contact cannot be made promptly.
6. Additionally, the whois directory will contain, directly or indirectly,
a record of all address blocks sub-allocated or assigned by the
entities mentioned in item 3.
7. The records mentioned in item 7 will not identify the organization or
individual receiving the address block or their exact location. These
records will only indicate an organizational type, the nearest
municipality providing postal service to the end user, state/province
ARIN doesn't really have a policy regarding whois. Most of what we have
today is adopted based on a long tradition that nobody understands
In looking back at historical sources it appears that whois was originally
set up so that ARPANET site managers could justify their ARPANET
connectivity funding by enumerating the people/projects that were making
use of the ARPANET.
Times have changed and tradition is no longer sufficient reason for doing
This proposal attempts to put in place a simple statement of the purpose
and scope of a whois directory. It is my opinion that if we cannot all
agree on some sort of simple policy similar to what I am proposing, then
we probably should scrap the whois directory entirely.
Nothing in this policy should be construed to restrain ARIN staff's
ability to maintain and use whatever databases they may need in the
performance of their duties including IP address allocation. This policy
only refers to the data which is made freely available to the public.
If this policy is adopted it will also alleviate concerns from the
cable and DSL industry in regard to residential user privacy.
a) ARIN policy doesn't currently state that ARIN will maintain
or publish a whois directory. This policy fixes that.
b) This proposal also explicitly states the purpose of the
whois directory as being targeted at internetworking and
operational issues. It is not intended to help anti-spamming
collectives bypass the ISPs who are responsible for operating a
network. In fact one of the goals is to make it harder for
anti-spamming groups to attack end users. This whois policy would
force them to report network abuse to the ISP employees who are
responsible for finding and fixing network abuse issues.
c) The proposal does not recognize research as part of the scope of the
whois directory, however items 6 and 7 do provide for data which
allows some mapping and analysis of address usage and therefore
the research community will not be left out in the cold.
d) This policy only directly puts a mandate on those organizations who
have, or should have, an ARIN relationship to supply data.
e) The policy also allows any responsible party to add their contact
data to the ARIN database. However, this is done with their consent
and by binding them to act responsibly, i.e. you can't list your
organization and then ignore all abuse reports. The words "Ready,
willing and able to communicate" are important here.
f) The ARIN staff are charged to keep the directory up to date and to
give us some indication when the contact process seems to be going
awry. However, it refrains from giving detailed directions to the staff
and relies on their prudence in setting out the timing and the process
of this verification.
g) I interpret "facilitating the operation of interconnected IP
networks" to include the provision of data that allows some mapping
and statistical analysis of the address space. For that reason, some
small amount of data is required to enumerate and distinguish
sub-allocations and assignments.
h) This policy covers rwhois as well. ARIN is charged to maintain the
whois directory but can certainly delegate some of this task to
rwhois users. And when the policy specifies that all address blocks
must be represented in the directory it also allows for this
information to be published indirectly, for instance, through
rhwois. However the policy does not require rwhois technology
since it is in such a sad state of repair. It also refrains from
prescribing LDAP at this time ;-)
i) The classification system for organization types has been intentionally
left unspecified. Obviously, it needs to include "individual" as a type
but it could include NAICS sector codes, e.g. "NAICS 25" is the
construction industry. It could also include NTEE codes for non-profits
e.g. "NTEE H" is Medical research. And it could include some simple
codes like "Company", "Non-Profit", "Education", "Government" for
users who don't know about the various classification systems.
j) End users are truly anonymous, no name, no address, no zip/postal code.
In other words, people who are not involved in network operations are
not identified in any way by the whois directory.
Timetable for implementation: 30 days after ratification
More information about the ARIN-PPML