[arin-ppml] Policy Proposal: Whois Authentication Alternatives

Ted Mittelstaedt tedm at ipinc.net
Wed Aug 20 15:41:45 EDT 2008



> -----Original Message-----
> From: Michael Sinatra [mailto:michael at rancid.berkeley.edu] 
> Sent: Wednesday, August 20, 2008 11:40 AM
> To: Ted Mittelstaedt
> Cc: 'Member Services'; arin-ppml at arin.net
> Subject: Re: [arin-ppml] Policy Proposal: Whois 
> Authentication Alternatives
> 
> 
> Thanks, Ted.
> 
> On 08/20/08 11:25, Ted Mittelstaedt wrote:
> > Am I correct in assuming that this proposal presumes that legacy 
> > holders who have NOT signed an RSA will not be permitted to modify 
> > their whois data, unless they have gone through this 
> "authentication 
> > process"?
> 
> Yes, if the "Whois Integrity Policy" and the policy are adopted.
> 
> > I wasn't aware that legacy holders, today, are not 
> permitted to update 
> > their whois data with ARIN unless they have signed a Legacy 
> RSA.  Is 
> > that true?
> 
> It is not currently true.  It *appears* that it would be made true if 
> the "Whois Integrity Policy" were adopted.
> 
> > I am not happy with the verbage:
> > 
> > "...This proposal assumes the existence of some form of
> >  policy such as that proposed by the "Whois Integrity 
> Policy Proposal..."
> 
> Are you not happy with the verbiage or are you not happy with the 
> assumption itself?
> 

The assumption.

> > The proposer is asking that we consider a "meta" policy 
> proposal, that 
> > is, a proposal that applies to a proposal under consideration. I 
> > disagree with this.
> 
> I wouldn't call it a meta proposal, but your general 
> impression is correct.
> 
> > I would prefer the proposer of this proposal should instead 
> work with 
> > the authors of the current proposals under consideration, 
> such as the 
> > "Whois Integrity Policy Proposal" to incorporate his ideas into the 
> > existing proposals, rather than submitting a meta-proposal. Or if 
> > those authors refuse to do that, then he can submit a competing 
> > proposal that does the same thing that an existing proposal 
> does, plus 
> > his modifications.
> 
> The proposal was submitted in order to express language that 
> would allow 
> me, and perhaps others, to support Heather's proposal.  I'd actually 
> argue that the proposals be combined, but I don't know 
> Heather's view on 
> this and do not wish to speak for her.  (She has not yet responded to 
> the thread on her proposal, so I don't know if she's aware of the 
> comments.)  If Heather wants to take language from my proposal and 
> incorporate it into hers, then I'll happily withdraw my proposal.
> 

I think you should have taken Heathers proposal, add your ideas, and
submitted
it as a competing proposal to Heathers.

> The intent of my proposal was to give the AC additional language that 
> would make a general whois integrity proposal more palatable 
> for legacy 
> holders who are trying to work out issues with their GCs and 
> the LRSA. 

I know.  The problem here is that one of the main reasons for
signing the LRSA is to get whois integrity.  Keep in mind that
the ARIN community did not give up the right to go after legacy numbering
that non-LRSA legacy signatories hold, after the termination of
the availability of the LRSA next year.

In short, the LRSA is a defence by legacy holders that the community
isn't going to come after their holdings.  Your and Heather's proposals
basically take away the reason a legacy holder has to sign the LRSA in
the first place.

The LRSA availability sunsets next year.  I would vote to oppose any
attempt to extend it's availability after the availability sunsets.  As
a fee-paying member I would prefer at that time to see ARIN go after the
legacy
holders who aren't under LRSA and take away IPv4 that they are not using
or advertising.  By then the Legacy holders who haven't signed the LRSA
will have had enough time to look at the LRSA to sign it and there is
no point in holding out that particular carrot any more.

Ted




More information about the ARIN-PPML mailing list