[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Michael Sinatra michael at rancid.berkeley.edu
Tue Aug 19 18:38:32 EDT 2008

On 08/19/08 14:06, Paul Vixie wrote:


> if anyone else has a first hand account of something a corporate counsel said
> when presented with the LRSA, or if some corporate counsel wants to speak in
> their own words, then i think it's something PPML should hear.
> on the other hand stories about what some counsel might've told somebody
> else are not advancing this debate at all.

I knew I'd regret bringing it up in this manner, and I don't want to get 
into a vacuous debate.  I agree that statements like those have not done 
much to advance the debate about the LRSA, but they were intended to 
support my larger point: A lot of us on PPML don't have the ability to 
sign the LRSA, regardless of whether or not we want to do so.  Moreover, 
even if our GCs ultimately agree to do it, the process takes a long 
time.  I am hoping that the feedback can be made to ARIN counsel in a 
more more concrete manner by those (unlike me) actually qualified to do 
so.  (Frankly, I am as interested in hearing concrete concerns as you 
are.)  In the absence of that, I do not think it is good policy to force 
the LRSA or the regular RSA as the only fleshed-out means by which we 
can update our whois information.

>> It may be possible, as part of ARIN membership, to establish an authentic
>> list of resources for which the ARIN member is responsible and allow
>> updating of whois information for those resources.  It may also be
>> possible to create a bare-bones option to pay the $100 fee for record
>> maintenance for a certain list of resources without affecting the legal
>> status of those resources and without binding the resources to the
>> contract.  In the current LRSA, if you stop paying the fees, your
>> resources are revoked.  In the alternative scheme with a bare-bones
>> contract, if you stop paying, your whois account is locked and you cannot
>> make changes.  This fits better with the spirit of the proposal as a
>> preventative measure against hijacking, rather than adding another
>> "stick" for legacy holders.
> this paragraph sounds worthy of a policy proposal in and of itself.  are
> you game?

Yes.  I think the point of such a policy would be to define mechanisms 
by which resource holders could authenticate themselves to make updates 
for a period of time.  They could be according to the following mechanisms:

1. Via an RSA
2. Via LRSA
3. As a fee-paying ARIN member in good standing, via the mechanism 
described above.
4. As a non-member paying a separate fee, to be determined by ARIN, for 
the services of: (a) authenticating the institution's claim to the 
resources; and (b) maintaining whois information and in-addr.arpa, and 
allowing updates.

This could either go as a separate proposal or be merged with Heather's. 
  Does this make sense?

More information about the ARIN-PPML mailing list