[ppml] Policy Proposal 2007-15: Authentication of Legacy Resources
Owen DeLong
owen at delong.com
Tue Jul 24 17:27:53 EDT 2007
I oppose this proposal as written.
While I am in favor of some of the general intent of this proposal, I
take
issue with the following:
1. Termination of changes to records.
The information in WHOIS is already horribly out of date for
many records. Refusing to register changes for those organizations
willing to register their changes but unwilling to sign an RSA is a
disservice to the ARIN community and does not really provide
any meaningful incentive to sign the RSA.
2. Fees
ARIN is not really in a position to demand fees from legacy holders.
We should make it possible for legacy holders to enter into an RSA
without requiring fees. We should encourage legacy holders to fully
join the ARIN process and pay annual fees, but, I think that tying the
RSA signing to a commitment to pay fees is an unnecessary barrier
to the RSA. The RSA is, in my opinion, the more important goal.
3. Termination of DNS services
Much like the refusal to make changes to whois, this action is more
of a disservice to the ARIN community than any sort of incentive for
legacy holders.
Owen
On Jul 24, 2007, at 12:56 PM, Member Services wrote:
> On 19 July 2007, the ARIN Advisory Council (AC) concluded their
> initial
> review of "Authentication of Legacy Resources" and accepted it as a
> formal policy proposal for discussion by the community.
>
> The proposal is designated Policy Proposal 2007-15: Authentication of
> Legacy Resources. The proposal text is below and can be found at:
> http://www.arin.net/policy/proposals/2007_15.html
>
> All persons in the community are encouraged to discuss Policy Proposal
> 2007-15 prior to it being presented at the ARIN Public Policy
> Meeting in
> Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on
> the
> Public Policy Mailing List and at the Public Policy Meeting will be
> used
> to determine the community consensus regarding this policy proposal.
>
> The ARIN Internet Resource Policy Evaluation Process can be found at:
> http://www.arin.net/policy/irpep.html
>
> ARIN's Policy Proposal Archive can be found at:
> http://www.arin.net/policy/proposals/proposal_archive.html
>
> Regards,
>
> Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ## * ##
>
>
> Policy Proposal 2007-15
> Authentication of Legacy Resources
>
> Author: Andrew Dul
>
> Proposal type: New
>
> Policy term: Permanent
>
> Policy statement:
>
> Add new NRPM section 4.9 - Legacy Records
>
> Legacy resource record holders shall be permitted to sign an
> registration services agreement which permits the organization
> which is
> currently using the resources as of January 1, 2007 to continue to use
> those resources as long as a registration services agreement is signed
> by the organization and the organization is not past-due on their
> annual
> maintenance fee. ARIN will evaluate and verify the chain of custody of
> any resource records prior to executing a registration services
> agreement with an organization.
>
> If a legacy resource holder requests additional IPv4 resources all
> IPv4
> resources (legacy and non-legacy) shall be evaluated to determine
> utilization for additional assignments under NRPM sections 4.2 or 4.3.
>
> ARIN shall use all reasonable methods to attempt to contact legacy
> record holders starting on January 1, 2008.
>
> ARIN shall also post information on the public website regarding this
> outreach to legacy resource holders.
>
> No changes shall be made to legacy resource records which are not
> covered by a registration services agreement after December 31, 2007.
>
> Add new NRPM section 7.3 - Legacy Reverse Delegation Records
>
> Legacy IP address record holders who have not signed a registration
> services agreement with ARIN will have their name server
> delegations for
> the in-addr.arpa zone removed starting on June 30, 2009. All name
> server
> delegations shall be removed from the in-addr.arpa zone by December
> 31,
> 2009.
>
> If an individual contacts ARIN and claims to represent a legacy record
> holder after the removal of an organization's name server delegations,
> the individual shall be permitted to request a one-time 6 month
> reinstatement of their name server delegations. This 6 month period is
> intended to allow an organization to work in good faith to establish a
> registration services agreement.
>
> Policy Rationale
>
> An ARIN Legacy resource holder is an organization which was issued
> number resources prior to the formation of ARIN and whose registration
> information was not transferred to another RIR through the Early
> Registration Transfer Project (http://www.arin.net/registration/erx).
> Legacy resource holders were issued number resources through an
> informal
> process. This policy proposal attempts to bring these legacy resource
> holders into a formal agreement with ARIN, the manager of the IP
> numbering resources for many of the legacy record holders.
>
> Some legacy resource holders have expressed concerns about
> committing to
> a registration services agreement when the legacy resource holder
> cannot
> be assured that they will be permitted to retain and their
> resources for
> the long-term. This policy proposal also does not preclude existing
> legacy space holders, who may have signed another version of the
> registration services agreement from having the same commitment level.
> It is suggested that the Board of Trustees formalize the annual
> maintenance fees for legacy resource holders at a level similar to the
> $100 USD per year for end-sites.
>
> This policy sets in place a notification period of 18 months to
> contact
> all legacy resource holders and creates an incentive for the
> holders to
> formalize their relationship with ARIN. The dates in this policy
> proposal were arbitrarily chosen based upon an expected
> ratification by
> the ARIN Board of Trustees by December 31, 2007. If this policy is
> implemented after December 31, 2007, the trigger dates in the policy
> should be adjusted appropriately.
>
> Given the informal relationship under which the resources were
> granted,
> ARIN current maintains the records including WHOIS and in-addr.arpa
> delegations in a best-effort fashion. Many believe that ARIN may
> not be
> obligated to maintain these records. ARIN has experienced some
> difficulty maintaining these records. Legacy records have been a
> popular
> target for hijackers, in part due to the out of date information
> contained in these records. Having up to date contact information
> would
> assist ARIN and ISP's in insuring the stability of the Internet.
>
> This policy proposal sets a termination date for in-addr.arpa
> delegation
> services for legacy resource record holders who have not formalized
> their relationship with ARIN through a registration services
> agreement.
> The 6 month period of delegation record removal was intended to
> provide
> ARIN the flexibility of removing the records on a gradual plan during
> second half of 2009 and to avoid a large change on a single day.
>
> Legacy resource holders who sign a registration services agreement
> would
> continue to receive all the services that are currently provided by
> ARIN
> plus they would be eligible for any future services that ARIN may
> offer,
> such as cryptographic signing of resource records.
>
> Timetable for implementation: As stated in policy
>
>
> _______________________________________________
> This message sent to you through the ARIN Public Policy Mailing List
> (PPML at arin.net).
> Manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml
More information about the ARIN-PPML
mailing list