[arin-ppml] Policy Proposal: Annual WHOIS POC Validation

Celeste Anderson celestea at usc.edu
Mon Aug 25 16:30:00 EDT 2008


I agree with Eric that the words "NO RESPONSE" should be used in place of "REFUSED RESPONSE".

Celeste.
  ----- Original Message ----- 
  From: Eric Westbrook 
  To: arin-ppml at arin.net 
  Sent: Monday, August 25, 2008 1:07 PM
  Subject: Re: [arin-ppml] Policy Proposal: Annual WHOIS POC Validation


  1.  I suggest that the phrase "NO RESPONSE" should be used globally instead of "REFUSED RESPONSE" in this proposal, since a lack of response, which is not necessarily a refusal, is what triggers it.  It probably warrants the same handling, but I think it's an important semantic distinction.

  2.  I agree with the contention that this marker shouldn't really "overwrite" the email address.  The email addresses, even if they fail to respond, should not be discarded or lost.

  Also, in this rationale section:


    A netblock with no valid POC presents a target to hijackers.  Once POC
    info is marked or tagged as invalid (like this policy proposes), it
    becomes possible for potential hijackers to locate such netblocks by
    searching the whois database.  As a defense against such hijacking
    attempts, this policy proposes that the information be presented in
    full to the entire community.  This should do at least one of two
    things; bring the netblock to the attention of whomever is responsible
    for it and/or allow other network operators to understand the
    potential risk and take appropriate action to mitigate.


  I'm not fully convinced that the benefit of increased visibility to operators and white hats would universally trump the danger of increased visibility to black hats.  But I suppose it could help mitigate it in some (and perhaps many) cases.

  Regardless, I do think the overall benefit gained by periodic verification (with perhaps a few adjustments as others are suggesting) probably outweighs that concern and any others of which I can currently think.

  $0.02,
  Eric




------------------------------------------------------------------------------


  _______________________________________________
  PPML
  You are receiving this message because you are subscribed to
  the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
  Unsubscribe or manage your mailing list subscription at:
  http://lists.arin.net/mailman/listinfo/arin-ppml
  Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080825/a1943d6e/attachment.htm>


More information about the ARIN-PPML mailing list