[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Paul Vixie vixie at isc.org
Tue Aug 19 17:06:40 EDT 2008

> ... I can't speak authoritatively, but I have heard that there are 
> institutions who are being advised not to sign the legacy RSA because of 
> various provisions in the contract.  

no doubt the people offering this hearsay advice are acting on hearsay advice.

> ... I have also heard that said counsels are more concerned with some of
> the provisions in the LRSA than they are regarding the uncertainty of the
> status of their legacy resources.  ...

i'd like PPML to hear from those counsels directly, or to hear their words,

> ... I won't engage in an argument as to whether they are correct or not,
> nor can I speak for the general counsel of my own institution.  ...

that makes us even, since i won't engage in speculative arguments.  here are
some facts as i know them from ISC's counsel.  he said "do you think you'll
ever want to do any of the things that this document says you mustn't do?"
and i said, that basically amounts to selling the address space on e-bay, and
no, that's not a right i think ISC has today, so promising not to do it costs
us nothing.  he then said "is there a risk that the original allocator could
come back on you with more egregious implied terms if you don't have this
document signed with their successor in interest?" and i answered, that's
basically the USG and while i don't think they remember allocating this to us,
i have no idea what'll happen when the IANA IPv4 pool runs out, and i can't
rule out the possibility that people without paperwork will be screwed.  so
this lawyer, who works for ISC and is a real person that i know, not just
some counsel that i heard somebody else describe, spoke the following words
to me, that i heard with my own ears, i didn't just hear from somebody else
that these words were spoken.  he said "then go ahead and sign it."

if anyone else has a first hand account of something a corporate counsel said
when presented with the LRSA, or if some corporate counsel wants to speak in
their own words, then i think it's something PPML should hear.

on the other hand stories about what some counsel might've told somebody
else are not advancing this debate at all.

> SPEAKING FOR MYSELF ONLY: I think the LRSA (or at least the idea of it)
> is the right thing to do, and I especially want to support ARIN and the
> services it provides.  I also think that it may not be feasible to ask
> institutions that are bound by certain state and federal guidelines to
> necessarily be able to get on board with the LRSA without some extensive
> review and discussion.  Because the policy, as currently written, does
> not specifically address how institutions with legacy resources (or more
> commonly, a mix of legacy and non-legacy resources) would authenticate
> themselves to update whois information in the absence of a signed LRSA, I
> *cannot* support this policy until such provisions are better fleshed
> out.

that's a fair assessment.  i'm sure that heather would appreciate it if you
and others offered specific text or specific changes to address that concern.

> It may be possible, as part of ARIN membership, to establish an authentic
> list of resources for which the ARIN member is responsible and allow
> updating of whois information for those resources.  It may also be
> possible to create a bare-bones option to pay the $100 fee for record
> maintenance for a certain list of resources without affecting the legal
> status of those resources and without binding the resources to the
> contract.  In the current LRSA, if you stop paying the fees, your
> resources are revoked.  In the alternative scheme with a bare-bones
> contract, if you stop paying, your whois account is locked and you cannot
> make changes.  This fits better with the spirit of the proposal as a
> preventative measure against hijacking, rather than adding another
> "stick" for legacy holders.

this paragraph sounds worthy of a policy proposal in and of itself.  are
you game?

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the ARIN-PPML mailing list