[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal
michael at rancid.berkeley.edu
Tue Aug 19 18:38:32 EDT 2008
On 08/19/08 14:06, Paul Vixie wrote:
> if anyone else has a first hand account of something a corporate counsel said
> when presented with the LRSA, or if some corporate counsel wants to speak in
> their own words, then i think it's something PPML should hear.
> on the other hand stories about what some counsel might've told somebody
> else are not advancing this debate at all.
I knew I'd regret bringing it up in this manner, and I don't want to get
into a vacuous debate. I agree that statements like those have not done
much to advance the debate about the LRSA, but they were intended to
support my larger point: A lot of us on PPML don't have the ability to
sign the LRSA, regardless of whether or not we want to do so. Moreover,
even if our GCs ultimately agree to do it, the process takes a long
time. I am hoping that the feedback can be made to ARIN counsel in a
more more concrete manner by those (unlike me) actually qualified to do
so. (Frankly, I am as interested in hearing concrete concerns as you
are.) In the absence of that, I do not think it is good policy to force
the LRSA or the regular RSA as the only fleshed-out means by which we
can update our whois information.
>> It may be possible, as part of ARIN membership, to establish an authentic
>> list of resources for which the ARIN member is responsible and allow
>> updating of whois information for those resources. It may also be
>> possible to create a bare-bones option to pay the $100 fee for record
>> maintenance for a certain list of resources without affecting the legal
>> status of those resources and without binding the resources to the
>> contract. In the current LRSA, if you stop paying the fees, your
>> resources are revoked. In the alternative scheme with a bare-bones
>> contract, if you stop paying, your whois account is locked and you cannot
>> make changes. This fits better with the spirit of the proposal as a
>> preventative measure against hijacking, rather than adding another
>> "stick" for legacy holders.
> this paragraph sounds worthy of a policy proposal in and of itself. are
> you game?
Yes. I think the point of such a policy would be to define mechanisms
by which resource holders could authenticate themselves to make updates
for a period of time. They could be according to the following mechanisms:
1. Via an RSA
2. Via LRSA
3. As a fee-paying ARIN member in good standing, via the mechanism
4. As a non-member paying a separate fee, to be determined by ARIN, for
the services of: (a) authenticating the institution's claim to the
resources; and (b) maintaining whois information and in-addr.arpa, and
This could either go as a separate proposal or be merged with Heather's.
Does this make sense?
More information about the ARIN-PPML