[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal
michael at rancid.berkeley.edu
Tue Aug 19 16:52:28 EDT 2008
On 08/19/08 12:25, Paul Vixie wrote:
>> as i read it, legacy holders are required to sign the egregious rsa to
>> get the benefit (the $100 does not bother me). can you say, "no way?"
> speaking for a moment as president of ISC, i signed the LRSA as soon as it
> was available, since ISC corporate counsel and i found it non-egregious,
> and we liked our rights better under the agreement than they were before.
> so, egregiousness may be in the mind of the beholder.
Unfortunately, some of those beholders appear to be general counsels of
legacy holders, including major US universities and state agencies. I
can't speak authoritatively, but I have heard that there are
institutions who are being advised not to sign the legacy RSA because of
various provisions in the contract. I have also heard that said
counsels are more concerned with some of the provisions in the LRSA than
they are regarding the uncertainty of the status of their legacy
resources. I won't engage in an argument as to whether they are correct
or not, nor can I speak for the general counsel of my own institution.
I believe that there will be a more concrete and specific statement on
the part of US universities coming out of EDUCAUSE or some similar
organization in the future, as there is much discussion of the topic in
SPEAKING FOR MYSELF ONLY: I think the LRSA (or at least the idea of it)
is the right thing to do, and I especially want to support ARIN and the
services it provides. I also think that it may not be feasible to ask
institutions that are bound by certain state and federal guidelines to
necessarily be able to get on board with the LRSA without some extensive
review and discussion. Because the policy, as currently written, does
not specifically address how institutions with legacy resources (or more
commonly, a mix of legacy and non-legacy resources) would authenticate
themselves to update whois information in the absence of a signed LRSA,
I *cannot* support this policy until such provisions are better fleshed out.
It may be possible, as part of ARIN membership, to establish an
authentic list of resources for which the ARIN member is responsible and
allow updating of whois information for those resources. It may also be
possible to create a bare-bones option to pay the $100 fee for record
maintenance for a certain list of resources without affecting the legal
status of those resources and without binding the resources to the
contract. In the current LRSA, if you stop paying the fees, your
resources are revoked. In the alternative scheme with a bare-bones
contract, if you stop paying, your whois account is locked and you
cannot make changes. This fits better with the spirit of the proposal
as a preventative measure against hijacking, rather than adding another
"stick" for legacy holders.
More information about the ARIN-PPML