[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Eric Westbrook arin-ppml at westbrook.com
Tue Aug 19 19:06:16 EDT 2008

Thanks for responding.  My followup remarks are inline below.

Leo Bicknell wrote:
> I am not a lawyer, so I cannot be sure this is the case, but my
> understanding is that if there were no written contract and the
> requester comitted fraud ARIN would have very limited civil court
> recourse.  The best action ARIN could get would be to convince an
> appropriate DA to file criminal fraud charges.  With a contract
> ARIN has direct civil fraud remedies available.
Since this proposal purports to thwart fraudulent whois changes made by 
illegitimate entities (with no "right to the resource"), no such civil 
benefit is derived by having the legitimate holder under contract.
> The other issue is how to keep these records up to date over time.
> One of the tools ARIN uses is yearly billing contact; if someone
> fails to pay the bills the information ARIN has to track down the
> owner should be at most 18 months old.  There is a much greater
> chance of things like postal mail forwarding continuing to work,
> old records being available, etc.  Since I believe billing requires
> a contract, the LRSA is the appropriate contact in this place.
This point does nothing to support the suggestion that an RSA improves 
whois integrity.  Furthermore, it fails to be a compelling reason for 
RSA conversion in any case, since without a contract, there is no 
"tracking down" at all required for billing, as there is no billing.
> The alternative is for ARIN to do the complete re-authentication
> on every request, which could be costly, time consuming, and annoying
> for both parties.
I think this is a key point of confusion -- personally, I fail to see a 
difference in effort (or confidence) between authenticating that someone 
is the resource holder of record, and that someone is the contract 
holder of record.
> Lastly, it's not a primary concern but I assume the act of
> authenticating the resource holders however it is done today takes
> staff time.  Since many legacy holders pay no fees they are being
> subsubsidized by other ARIN members.  The $100 a year hopefully
> covers the cost of authenticating the legacy holder, providing them
> whois and in-addr.arpa services, this forum for discussion, and so
> on so the playing field is much more level than it is today.  Again, I
> don't see how billing can be done without some sort of contract, and the
> LRSA is an appropriate contract.
I'm quite sure that reason alone would be sufficient for ARIN to wish 
for RSAs across the board.  But I'm afraid it's irrelevant to this 
proposal, as it certainly has nothing to do with whois integrity.

Thanks again,
Eric Westbrook

More information about the ARIN-PPML mailing list