[arin-ppml] Policy Proposal: Whois Authentication Alternatives

Ted Mittelstaedt tedm at ipinc.net
Wed Aug 20 14:25:08 EDT 2008

Am I correct in assuming that this proposal presumes that
legacy holders who have NOT signed an RSA will not be
permitted to modify their whois data, unless they have
gone through this "authentication process"?

I wasn't aware that legacy holders, today, are not permitted
to update their whois data with ARIN unless they have signed
a Legacy RSA.  Is that true?

I am not happy with the verbage:

"...This proposal assumes the existence of some form of 
 policy such as that proposed by the "Whois Integrity Policy Proposal..."

The proposer is asking that we consider a "meta" policy proposal,
that is, a proposal that applies to a proposal under consideration.
I disagree with this.

I would prefer the proposer of this proposal should instead work with the
authors of the current proposals under consideration, such as
the "Whois Integrity Policy Proposal" to incorporate his ideas
into the existing proposals, rather than submitting a meta-proposal.
Or if those authors refuse to do that, then he can submit a
competing proposal that does the same thing that an existing
proposal does, plus his modifications.


> -----Original Message-----
> From: arin-ppml-bounces at arin.net 
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Member Services
> Sent: Wednesday, August 20, 2008 7:47 AM
> To: arin-ppml at arin.net
> Subject: [arin-ppml] Policy Proposal: Whois Authentication 
> Alternatives
> ARIN received the following policy proposal. In accordance 
> with the ARIN Internet Resource Policy Evaluation Process, 
> the proposal is being posted to the ARIN Public Policy 
> Mailing List (PPML) and being placed on ARIN's website.
> The ARIN Advisory Council (AC) will review this proposal at 
> their next regularly scheduled meeting. The AC may decide to:
>       1. Accept the proposal as written. If the AC accepts 
> the proposal, it will be posted as a formal policy proposal 
> to PPML and it will be presented at a Public Policy Meeting.
>       2. Postpone their decision regarding the proposal until 
> the next regularly scheduled AC meeting in order to work with 
> the author. The AC will work with the author to clarify, 
> combine or divide the proposal. At their following meeting 
> the AC will accept or not accept the proposal.
>       3. Not accept the proposal. If the AC does not accept 
> the proposal, the AC will explain their decision via the 
> PPML. If a proposal is not accepted, then the author may 
> elect to use the petition process to advance their proposal. 
> If the author elects not to petition or the petition fails, 
> then the proposal will be closed.
> The AC will assign shepherds in the near future. ARIN will 
> provide the names of the shepherds to the community via the PPML.
> In the meantime, the AC invites everyone to comment on this 
> proposal on the PPML, particularly their support or 
> non-support and the reasoning behind their opinion. Such 
> participation contributes to a thorough vetting and provides 
> important guidance to the AC in their deliberations.
> The ARIN Internet Resource Policy Evaluation Process can be 
> found at: http://www.arin.net/policy/irpep.html
> Mailing list subscription information can be found at: 
> http://www.arin.net/mailing_lists/
> Regards,
> Member Services
> American Registry for Internet Numbers (ARIN)
> ## * ##
> Policy Proposal Name: Whois Authentication Alternatives
> Author: Michael Sinatra
> Proposal Version: 1
> Submission Date: August 19, 2008
> Proposal type: new
> Policy term: permanent
> Policy statement:
> In addition to current processes ARIN has to authenticate 
> holders of historical resources, ARIN will also allow holders 
> of resources to authenticate themselves for the purposes of 
> updating WHOIS information for a given resource according to 
> the following mechanism:
> A holder of resources not governed by any type of RSA (i.e. 
> legacy or regular) may work with ARIN staff to establish an 
> inventory of those resources legitimately maintained by the 
> holder.  ARIN staff will work to authenticate each resource 
> claimed by the holder.  Upon successful completion of the 
> authentication process, the holder will be entitled to make 
> updates to whois information for those resources for a period 
> of one year, with an option for renewal. For ARIN 
> non-members, ARIN will charge a maintenance fee to recover 
> costs associated with the authentication process and whois 
> maintenance. For ARIN members, the fee will be waived or 
> discounted at ARIN's discretion.  Renewal is automatic 
> pending the payment of maintenance or membership fees.  
> Failure to pay fees will result in the whois information 
> being "locked," and updates to the information will not be possible.
> Successful authentication and the payment of membership 
> and/or maintenance fees does not confer any rights upon the 
> holder such as those that would be granted by an RSA (legacy 
> or regular).
> Rationale:
> ARIN needs to protect whois data from hijacking, but the 
> current mechanisms for authenticating holders (especially 
> legacy holders) are limited.  The current method, signing a 
> Legacy RSA, may not be a viable option in the near term for 
> such legacy holders for a variety of legal reasons.  In the 
> interest of: (a) protecting whois data; (b) keeping whois 
> up-to-date for the Internet community; and
> (c) recovering costs associated with WHOIS and in-addr.arpa 
> delegation, an alternative authentication mechanism needs to 
> be established for holders of historical resources.  This 
> proposal does not intend to discount either type of RSA, and 
> it attempts to specifically stay out of the way of the RSAs.
> NOTE: This proposal assumes the existence of some form of 
> policy such as that proposed by the "Whois Integrity Policy Proposal."
> Timetable for implementation: Immediate
> _______________________________________________
> You are receiving this message because you are subscribed to 
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). 
> Unsubscribe or manage your mailing list subscription at: 
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list