[ppml] Policy Proposal: Authentication of Legacy Resources

Michael K. Smith - Adhost mksmith at adhost.com
Wed Jul 11 12:36:00 EDT 2007


Hello James:

> -----Original Message-----
> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf
Of
> James Hess
> Sent: Tuesday, July 10, 2007 6:12 PM
> To: ARIN Address Policy
> Subject: Re: [ppml] Policy Proposal: Authentication of Legacy
Resources
> 
> > I can see how your arguments would apply to removing whois records
> from
> > the database, but after re-reading the proposal I see that Andrew
> only
> > proposed removing DNS delegation.  Can you explain how you depend on
> > ARIN publishing information on the allocation of address space in
DNS
> > (rather than WHOIS)?  It would seem to me that ARIN members like you
> and
> > me benefit primarily from having WHOIS information on legacy
> netblocks.
> 
> Providing answers to automated DNS and WHOIS queries and providing
>  the information period are two different things.  Legacy information
> could
> be provided in just a slightly different manner solely to separate it,
> and to
> make sure anyone who looks up the addresses will know "the X address
> space assigned to region Y is not up-to-date and in good standing with
> the RIR (hasn't signed an RSA, for the space, for instance)".
> 
> 
> Consider this alternative possibility...  address space users who have
> signed an
> RSA, or are in good standing with the RIR in another region continue
to
> have
> full access to the WHOIS.
> 
> The "legacy" addresses get banned or restricted.
> 
> Users who are in known legacy address space are blocked from accessing
> the WHOIS servers and from putting queries to the reverse DNS servers.
> 
> It's not that people can't look them up -- it's that they can't look
> stuff up --
> i.e. no user whose source address is in the legacy IP space is allowed
> to make any
> lookups at all, except perhaps for  their own  record (so they can see
> that up-to-date
> contact information has been provided).
> 
> The information is still public, it's just that there are some
> exceptions as to from
> where it can be requested directly online, without payment of a
> nominal fee to cover
> the costs for maintaining the WHOIS server(s).
> 
> Their names can still be reverse-resolved, but DNS resolvers operating
> from the
> legacy network are not allowed to reverse resolve any address.
> 
> 
> Chances are they do not care the least bit about this, but their users
> may complain about it, particularly when a WHOIS attempt fails and
> alerts the user that was trying to perform the lookup with a
> meaningful explanation that their Service Provider is not in good
> standing with their Regional Registry, and includes the last known
> contact information regarding "who is responsible for the address
> space".
> 
> 
> Follow that up with ammendment for the RSA to require that networks
who
> DO sign a RSA agree not to proxy reverse DNS or WHOIS requests to the
> ARIN servers on behalf of  a user of any address that  according to
> WHOIS is part of
> a  non-RSA historic address block...
> 

I think it would benefit us more to use the carrot approach instead of
the big stick.  Why not actually incent them to get their information
into the appropriate places (DNS/Routing Registries)?  The management
overhead of allowing them to do so (but not requiring), doing some due
diligence in trying to contact them and making tools available and
information available to make it easy for them to update their records
is, to my mind, significantly less than what it would take to restrict
access and then deal with angry 3rd parties who (judging from the bigger
allocations) are likely lawyered-up and have reason to believe that ARIN
has no particular rights and responsibilities for their asset.  I think
generating goodwill and making attempts to provide assistance to those
beyond the pale for the benefit of the greater community would certainly
serve us better as a group than what might be perceived as an attempt by
ARIN to extend its reach/"power" beyond the reach of its
charter/mandate/responsibilities.

So, that would seem to suggest:

1) Gather a list of present legacy holders with their current contact
info to the best of our ability
2) Create a location (legacy.arin.net or some such) that guides the
legacy holders through the process of updating their information *and*
includes a list of things ARIN needs in order to update records (company
letterhead, solemn oaths, signet rings, etc.).
3) Create a guide through the process of doing RR updates
4) Explain at every step in the process how beneficial it would be to
everyone concerned if the old swamp space was returned and replaced with
an RSA-covered allocation.
5) Provide Renumbering for Dummies assistance (I'm thinking textual
references, not Help Desk support).  Then, when they tremble in fear at
the thought of renumbering their network, hit them with IPv6 for Dummies
so they see the benefit of renumbering only once.  (Far stretch, I
know).
6) No change in charges to legacy customers

I guess you could make all web resources free of charge and bill T&M for
phone calls  (1-900-4legacy) if you wanted to go through the hassle.

Regards,

Mike



More information about the ARIN-PPML mailing list