[ppml] comments on 2005-2

[Leo Bicknell]

In a message written on Thu, Apr 14, 2005 at 11:12:13AM -0400, Edward Lewis wrote:
> Is "suspended" defined elsewhere?  I searched the policy guide and 
> don't see the word.

As I said to a previous poster, it's just a label.  A flag that a
particular step in the process has been passed.  I suppose we could
add a definition, but it would be "someone who has failed the first
round of contacting is classified as suspended".

> # Third parties may report the inability to make contact with a party via
> # information in the APID. In this case ARIN shall attempt the contact
> # verification procedure for that contact immediately. If a response is
> # received, ARIN should document that a problem occurred, and the response
> # from the resource holder. Offenders who fail to respond to third parties
> # more than 4 times per month for three months may have their resources
> # reclaimed at the discretion of ARIN staff.
> 
> "Offenders" - this seems to be an inappropriate label.  There is no 
> definition of the "offense."

If we replaced "Offenders" with "Resource holders" is it acceptable?  The
"offense" was failure to respond, which I agree was poorly implied.

> # If a third party submits reports of the inability to make contact that
> # are subsequently disproven, ARIN may choose to ignore reports from
> # specific companies, people, e-mail addresses, or any other classification
> # means as appropriate.
> 
> It would seem to me that ARIN never should respond to third party 
> reports in the spirit of confidentiality.  There is no need to have 
> the policy to allow for ignoring "crying wolf."  The worst that could 
> happen is that if org A repeatedly says org B is "down" and ARIN 
> either takes no steps to fix this OR is unable to fix this, org A 
> might go to NANOG and whine.  (That'll happen anyway.)

I disagree.  Let's say an ISP lists a phone number, and it's
disconnected.  I should be able to e-mail ARIN and say "I tried to
call ISP xyz and their phone is disconnected, so their contact
information is invalid."  Under the proposal ARIN would be required
to put them in the queue for verification to see if the information
can be updated.  That's far more useful than finding the disconnected
number but simply having to wait a week/month/year for ARIN to naturally
re-verify them.

There's no confidentiality disclosure there.  ARIN is providing no
information back to the reporter.  All I wanted to do was give staff
an out so if someone tried to get an ISP reverified once a day just
to be a PITA ARIN staff could just ignore that person.

> # 3.3.1 Methods of Access
> #
> # ARIN shall publish the APID in the following methods using industry
> # standard practices:
> #	*	 Via the WHOIS protocol.
> #	*	 Via a query form accessible via the HTTP protocol.
> #	*	 Via FTP to users who complete the bulk data form.
> #	*	 Via CDROM to users who complete the bulk data form.
> #	*	 Via the RWHOIS protocol.
> 
> I want so see IRIS on this list.  The definition of IRIS for address 
> registries has been lagging, I'd like to see it get pushed through 
> the IETF and then deployed.  With it, better authorization policies 
> can be implemented - regarding what data is widely public and what 
> data is available only to the registrant, etc.  (If IRIS isn't 
> beneficial, I'd like to know why.)

I have no objection to IRIS, and indeed would like to see it added.
That said, I think it's probably too late to consider IRIS for this
meeeting.  If the proposal passes, we can present one at the next
meeting to add IRIS to the list.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20050415/34bd63ba/attachment.sig>