[arin-ppml] Policy Proposal: Annual WHOIS POC Validation
Celeste Anderson
celestea at usc.edu
Mon Aug 25 16:30:00 EDT 2008
I agree with Eric that the words "NO RESPONSE" should be used in place of "REFUSED RESPONSE".
Celeste.
----- Original Message -----
From: Eric Westbrook
To: arin-ppml at arin.net
Sent: Monday, August 25, 2008 1:07 PM
Subject: Re: [arin-ppml] Policy Proposal: Annual WHOIS POC Validation
1. I suggest that the phrase "NO RESPONSE" should be used globally instead of "REFUSED RESPONSE" in this proposal, since a lack of response, which is not necessarily a refusal, is what triggers it. It probably warrants the same handling, but I think it's an important semantic distinction.
2. I agree with the contention that this marker shouldn't really "overwrite" the email address. The email addresses, even if they fail to respond, should not be discarded or lost.
Also, in this rationale section:
A netblock with no valid POC presents a target to hijackers. Once POC
info is marked or tagged as invalid (like this policy proposes), it
becomes possible for potential hijackers to locate such netblocks by
searching the whois database. As a defense against such hijacking
attempts, this policy proposes that the information be presented in
full to the entire community. This should do at least one of two
things; bring the netblock to the attention of whomever is responsible
for it and/or allow other network operators to understand the
potential risk and take appropriate action to mitigate.
I'm not fully convinced that the benefit of increased visibility to operators and white hats would universally trump the danger of increased visibility to black hats. But I suppose it could help mitigate it in some (and perhaps many) cases.
Regardless, I do think the overall benefit gained by periodic verification (with perhaps a few adjustments as others are suggesting) probably outweighs that concern and any others of which I can currently think.
$0.02,
Eric
------------------------------------------------------------------------------
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080825/a1943d6e/attachment.htm>
More information about the ARIN-PPML
mailing list