[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Michael Sinatra michael at rancid.berkeley.edu
Tue Aug 19 16:52:28 EDT 2008

On 08/19/08 12:25, Paul Vixie wrote:
>> as i read it, legacy holders are required to sign the egregious rsa to
>> get the benefit (the $100 does not bother me).  can you say, "no way?"
>> randy
> speaking for a moment as president of ISC, i signed the LRSA as soon as it
> was available, since ISC corporate counsel and i found it non-egregious,
> and we liked our rights better under the agreement than they were before.
> so, egregiousness may be in the mind of the beholder.

Unfortunately, some of those beholders appear to be general counsels of 
legacy holders, including major US universities and state agencies.  I 
can't speak authoritatively, but I have heard that there are 
institutions who are being advised not to sign the legacy RSA because of 
various provisions in the contract.  I have also heard that said 
counsels are more concerned with some of the provisions in the LRSA than 
they are regarding the uncertainty of the status of their legacy 
resources.  I won't engage in an argument as to whether they are correct 
or not, nor can I speak for the general counsel of my own institution. 
I believe that there will be a more concrete and specific statement on 
the part of US universities coming out of EDUCAUSE or some similar 
organization in the future, as there is much discussion of the topic in 
that community.

SPEAKING FOR MYSELF ONLY: I think the LRSA (or at least the idea of it) 
is the right thing to do, and I especially want to support ARIN and the 
services it provides.  I also think that it may not be feasible to ask 
institutions that are bound by certain state and federal guidelines to 
necessarily be able to get on board with the LRSA without some extensive 
review and discussion.  Because the policy, as currently written, does 
not specifically address how institutions with legacy resources (or more 
commonly, a mix of legacy and non-legacy resources) would authenticate 
themselves to update whois information in the absence of a signed LRSA, 
I *cannot* support this policy until such provisions are better fleshed out.

It may be possible, as part of ARIN membership, to establish an 
authentic list of resources for which the ARIN member is responsible and 
allow updating of whois information for those resources.  It may also be 
possible to create a bare-bones option to pay the $100 fee for record 
maintenance for a certain list of resources without affecting the legal 
status of those resources and without binding the resources to the 
contract.  In the current LRSA, if you stop paying the fees, your 
resources are revoked.  In the alternative scheme with a bare-bones 
contract, if you stop paying, your whois account is locked and you 
cannot make changes.  This fits better with the spirit of the proposal 
as a preventative measure against hijacking, rather than adding another 
"stick" for legacy holders.


More information about the ARIN-PPML mailing list