[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Robert E. Seastrom ppml at rs.seastrom.com
Tue Aug 19 14:36:24 EDT 2008 

Keith, Kevin...

Kevin's observations are spot-on.

As a legacy space holder who has not yet signed a legacy RSA (but
intends to)...

As a person who has been involved in unwinding unauthorized changes to
the whois database on innocent parties' number resources (both address
blocks and ASNs)...

I support this proposal.

I wasn't involved in this proposal's drafting, but I believe it is in
the best interests of all concerned (*even* for those who elect not to
sign a legacy RSA) to require an action that is prima facie evidence
of fraud if it is undertaken by people who are not truly authorized to
do so before updating number resources data.  This is not an attempt
at a shake-down for $100/year legacy RSA fee, it is an attempt to
better protect the assignment records for number resources that are
currently assigned to you or your organization.

                              ---Rob (member of, but not speaking for, the AC)

"Kevin Oberman" <oberman at es.net> writes:

> Keith,
>
> I think you are mis-reading the proposal and I think the wording needs
> some serious work as I am not sure that you are.
>
> I believe that this proposal is an attempt to prevent the hijacking of
> legacy space. There have been to cases of such hijacking that have
> gotten a fair amount of attention and another that was confusion over
> who owned a legacy block. These all resulted from modification of ARIN
> records for legacy spaces by people who should not have been able to
> modify it, but were able to do so due to the lack of confirmed data on
> legacy space.
>
> I do not think that this is an effort to make life difficult for legacy
> holders (including my employer), but to prevent the theft of their
> address space.
>
> Heather, can you clarify? (Seems that Verizon Business was involved in
> one to the cases I mentioned...not as a hijacker, of course.)
> -- 
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net			Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
>
>
>> Date: Tue, 19 Aug 2008 12:04:11 -0400
>> From: "Keith Medcalf" <kmedcalf at dessus.com>
>> Sender: arin-ppml-bounces at arin.net
>> 
>> 
>> This is a really stupid idea and I, for one, am completely against it.
>> 
>> My Legacy /24 registration data is up-to-date.  If the intention is that I not update it anymore then the proper course of action is to note that the resources are "delegated" outside of the ARIN system (by the US DoC or DDNNIC for example) and then REMOVE PUBLIC VISIBILITY of all my personal information.
>> 
>> I sure the Legacy resource holders can come up with a completely separate system to monitor those resources -- and without needing to use EXTORTION to get it going. 
>> 
>> > -----Original Message-----
>> > From: arin-ppml-bounces at arin.net 
>> > [mailto:arin-ppml-bounces at arin.net] On Behalf Of Member Services
>> > Sent: Monday, 18 August, 2008 10:39
>> > To: arin-ppml at arin.net
>> > Subject: [arin-ppml] Policy Proposal: Whois Integrity Policy Proposal
>> > 
>> > ARIN received the following policy proposal. In accordance 
>> > with the ARIN
>> > Internet Resource Policy Evaluation Process, the proposal is being
>> > posted to the ARIN Public Policy Mailing List (PPML) and 
>> > being placed on
>> > ARIN's website.
>> > 
>> > The ARIN Advisory Council (AC) will review this proposal at their next
>> > regularly scheduled meeting. The AC may decide to:
>> > 
>> >      1. Accept the proposal as written. If the AC accepts the 
>> > proposal,
>> > it will be posted as a formal policy proposal to PPML and it will be
>> > presented at a Public Policy Meeting.
>> > 
>> >      2. Not accept the proposal. If the AC does not accept 
>> > the proposal,
>> > the AC will explain their decision via the PPML. If a proposal is not
>> > accepted, then the author may elect to use the petition process to
>> > advance their proposal. If the author elects not to petition or the
>> > petition fails, then the proposal will be closed.
>> > 
>> > The AC will assign shepherds in the near future. ARIN will provide the
>> > names of the shepherds to the community via the PPML.
>> > 
>> > In the meantime, the AC invites everyone to comment on this 
>> > proposal on
>> > the PPML, particularly their support or non-support and the reasoning
>> > behind their opinion. Such participation contributes to a thorough
>> > vetting and provides important guidance to the AC in their 
>> > deliberations.
>> > 
>> > The ARIN Internet Resource Policy Evaluation Process can be found at:
>> > http://www.arin.net/policy/irpep.html
>> > 
>> > Mailing list subscription information can be found at:
>> > http://www.arin.net/mailing_lists/
>> > 
>> > Regards,
>> > 
>> > Member Services
>> > American Registry for Internet Numbers (ARIN)
>> > 
>> > 
>> > ## * ##
>> > 
>> > Policy Proposal Name:  Whois Integrity Policy Proposal
>> > 
>> > Author: Heather Schiller
>> > 
>> > Proposal Version: 1
>> > 
>> > Submission Date:  August 15, 2008
>> > 
>> > Policy statement:
>> > 
>> > To ensure the integrity of information in the ARIN WHOIS Database a
>> > resource must be under an RSA (either legacy or traditional) 
>> > in order to
>> > update the WHOIS record.  ARIN will not update historical 
>> > information in
>> > the ARIN Whois Database until the resource holder can prove the
>> > organization's right to the resource.
>> > 
>> > 
>> > Rationale:
>> > 
>> > ARIN currently maintains WHOIS and in-addr.arpa delegation 
>> > records in a
>> > best-effort fashion.  In many cases ARIN does not have a formal
>> > agreement with the legacy resource holders.  Legacy records are
>> > frequently out of date and have become an increasingly popular target
>> > for hijackers.  Having up to date contact information and a formal
>> > relationship with legacy record holders would assist ARIN and ISP's in
>> > ensuring these records are maintained accurately.  A similar 
>> > policy was
>> > successfully adopted in the APNIC region.
>> > (http://www.apnic.net/policy/proposals/prop-018-v001.html)
>> > 
>> > Timetable for implementation:
>> > 
>> > Within sixty (60) days of approval - with notification to current POC
>> > email addresses listed on historical assignments, or as soon as
>> > reasonable for ARIN staff.
>> > 
>> > 
>> > 
>> > 
>> > _______________________________________________
>> > PPML
>> > You are receiving this message because you are subscribed to
>> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> > Unsubscribe or manage your mailing list subscription at:
>> > http://lists.arin.net/mailman/listinfo/arin-ppml
>> > Please contact info at arin.net if you experience any issues.
>> > 
>> 
>> 
>> 
>> _______________________________________________
>> PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list