[ppml] Last Call for Comment: Policy Proposal 2003-5

[Michael.Dillon at radianz.com]

I think that this proposal is flawed in two separate
ways and should not go forward at this time. In one
sense it specifies too much detail and therefore covers
areas that are better covered in other policies. And
in another sense it attempts to use policy to solve
technical problems which is a bad way to use policies.

>The distributed information service must return reassignment
>information for the IP address queried. The service may allow
>for privacy protections for customers. For residential users, the
>service may follow ARIN's residential privacy policy that includes
>displaying only the city, state, zip code, and country.  For all
>other reassignments, the service shall follow ARIN's privacy policy
>for publishing data in a public forum.

This much detail should not be in this policy. 
Any distributed information service should publish
no more and no less than the information that ARIN
itself publishes. In other words the distributed 
information service is a choice of mechanism for
publishing a whois directory. You can SWIP into
ARIN's database or you can publish using your own
distributed information service.

Also, the exact details of what should be published
are currently under review and it is bad policy to
slip this in here when it could very well be overridden
in a month or so.

>Many ISPs have opted to use RWhois servers for their reassignment
>information over sending SWIPs to ARIN. But some of the ISPs who have
>selected to use RWhois servers for their reassignment information have
>not kept the servers operational 24x7, contents of the database up
>to-date, or are restricting access only to ARIN staff.

Anybody who has ever set up or operated an RWhois server
knows that this is an awkward and mostly undocumented
system. It looks very much like someone slapped together
a quick prototype and it got shipped. The root of the
problem here is a technical issue and a "THOU SHALT" policy
is not the way to fix it. It's like beating your children
because they won't eat their supper and I don't like to
see this attitude creep into ARIN's policies.

If you really want a policy fix to this, you will
get rid of RWhois entirely and allow ISPs to 
publish a whois directory using other technologies
that are supported, documented and available from
more than one source. LDAP is a possibility but
not the only one. You could also define a standard
HTTP and assuming it was backed by an application,
not static files, then we could use the HTTP redirect
feature to get the same kind of distributed lookup 
that RWhois has not been able to deliver.

--Michael Dillon