[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

[Paul Vixie]

> ... I can't speak authoritatively, but I have heard that there are 
> institutions who are being advised not to sign the legacy RSA because of 
> various provisions in the contract.  

no doubt the people offering this hearsay advice are acting on hearsay advice.

> ... I have also heard that said counsels are more concerned with some of
> the provisions in the LRSA than they are regarding the uncertainty of the
> status of their legacy resources.  ...

i'd like PPML to hear from those counsels directly, or to hear their words,
literally.

> ... I won't engage in an argument as to whether they are correct or not,
> nor can I speak for the general counsel of my own institution.  ...

that makes us even, since i won't engage in speculative arguments.  here are
some facts as i know them from ISC's counsel.  he said "do you think you'll
ever want to do any of the things that this document says you mustn't do?"
and i said, that basically amounts to selling the address space on e-bay, and
no, that's not a right i think ISC has today, so promising not to do it costs
us nothing.  he then said "is there a risk that the original allocator could
come back on you with more egregious implied terms if you don't have this
document signed with their successor in interest?" and i answered, that's
basically the USG and while i don't think they remember allocating this to us,
i have no idea what'll happen when the IANA IPv4 pool runs out, and i can't
rule out the possibility that people without paperwork will be screwed.  so
this lawyer, who works for ISC and is a real person that i know, not just
some counsel that i heard somebody else describe, spoke the following words
to me, that i heard with my own ears, i didn't just hear from somebody else
that these words were spoken.  he said "then go ahead and sign it."

if anyone else has a first hand account of something a corporate counsel said
when presented with the LRSA, or if some corporate counsel wants to speak in
their own words, then i think it's something PPML should hear.

on the other hand stories about what some counsel might've told somebody
else are not advancing this debate at all.

> SPEAKING FOR MYSELF ONLY: I think the LRSA (or at least the idea of it)
> is the right thing to do, and I especially want to support ARIN and the
> services it provides.  I also think that it may not be feasible to ask
> institutions that are bound by certain state and federal guidelines to
> necessarily be able to get on board with the LRSA without some extensive
> review and discussion.  Because the policy, as currently written, does
> not specifically address how institutions with legacy resources (or more
> commonly, a mix of legacy and non-legacy resources) would authenticate
> themselves to update whois information in the absence of a signed LRSA, I
> *cannot* support this policy until such provisions are better fleshed
> out.

that's a fair assessment.  i'm sure that heather would appreciate it if you
and others offered specific text or specific changes to address that concern.

> It may be possible, as part of ARIN membership, to establish an authentic
> list of resources for which the ARIN member is responsible and allow
> updating of whois information for those resources.  It may also be
> possible to create a bare-bones option to pay the $100 fee for record
> maintenance for a certain list of resources without affecting the legal
> status of those resources and without binding the resources to the
> contract.  In the current LRSA, if you stop paying the fees, your
> resources are revoked.  In the alternative scheme with a bare-bones
> contract, if you stop paying, your whois account is locked and you cannot
> make changes.  This fits better with the spirit of the proposal as a
> preventative measure against hijacking, rather than adding another
> "stick" for legacy holders.

this paragraph sounds worthy of a policy proposal in and of itself.  are
you game?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.