[ppml] comments on 2005-2

[Edward Lewis]

http://www.arin.net/policy/proposals/2005_2.html

# 3.2.1 Non-Responsive Contacts
#
# If ARIN is unable to verify contact information via the normal
# verification procedure ARIN shall attempt to notify the parent of the
# resource to have the information updated. If there is no parent, or if
# the data is not corrected in a reasonable amount of time the resource
# shall be SUSPENDED.

Is "suspended" defined elsewhere?  I searched the policy guide and 
don't see the word.

# Third parties may report the inability to make contact with a party via
# information in the APID. In this case ARIN shall attempt the contact
# verification procedure for that contact immediately. If a response is
# received, ARIN should document that a problem occurred, and the response
# from the resource holder. Offenders who fail to respond to third parties
# more than 4 times per month for three months may have their resources
# reclaimed at the discretion of ARIN staff.

"Offenders" - this seems to be an inappropriate label.  There is no 
definition of the "offense."

# If a third party submits reports of the inability to make contact that
# are subsequently disproven, ARIN may choose to ignore reports from
# specific companies, people, e-mail addresses, or any other classification
# means as appropriate.

It would seem to me that ARIN never should respond to third party 
reports in the spirit of confidentiality.  There is no need to have 
the policy to allow for ignoring "crying wolf."  The worst that could 
happen is that if org A repeatedly says org B is "down" and ARIN 
either takes no steps to fix this OR is unable to fix this, org A 
might go to NANOG and whine.  (That'll happen anyway.)

I suggest dropping that paragraph.

# 3.3.1 Methods of Access
#
# ARIN shall publish the APID in the following methods using industry
# standard practices:
#	*	 Via the WHOIS protocol.
#	*	 Via a query form accessible via the HTTP protocol.
#	*	 Via FTP to users who complete the bulk data form.
#	*	 Via CDROM to users who complete the bulk data form.
#	*	 Via the RWHOIS protocol.

I want so see IRIS on this list.  The definition of IRIS for address 
registries has been lagging, I'd like to see it get pushed through 
the IETF and then deployed.  With it, better authorization policies 
can be implemented - regarding what data is widely public and what 
data is available only to the registrant, etc.  (If IRIS isn't 
beneficial, I'd like to know why.)

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

If you knew what I was thinking, you'd understand what I was saying.