[arin-ppml] Policy Proposal: Annual WHOIS POC Validation - Revised

Kevin Kargel kkargel at polartel.com
Mon Oct 20 14:11:48 EDT 2008


I support whois validation.  

One comment I would like to make would be that the method of marking the
record as unvalidated would be to just include the last contact verification
date in the record.  This could initially be the date of creation.

Tracking validation date would give staff (and the community) more
granularity for taking levels of action.  

Authenticated action taken by the registrant such as modification via
template could be construed as verification and update the validation date
field, allowing registrants to proactively volunteer record validation
refresh and to perhaps allow automated template response to verification
requests. 

If this has previously been suggested I apologize.  Maybe that's where I got
the idea.

> -----Original Message-----
> From: arin-ppml-bounces at arin.net 
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Member Services
> Sent: Monday, October 20, 2008 12:50 PM
> To: arin-ppml at arin.net
> Subject: [arin-ppml] Policy Proposal: Annual WHOIS POC 
> Validation - Revised
> 
> The author submitted a revised version of the proposal.
> 
> The ARIN Advisory Council (AC) will review this proposal at 
> their next regularly scheduled meeting. The AC may decide to:
> 
>      1. Accept the proposal as written. If the AC accepts the 
> proposal, it will be posted as a formal policy proposal to 
> PPML and it will be presented at a Public Policy Meeting.
> 
>      2. Postpone their decision regarding the proposal until 
> the next regularly scheduled AC meeting in order to work with 
> the author. The AC will work with the author to clarify, 
> combine or divide the proposal. At their following meeting 
> the AC will accept or not accept the proposal.
> 
>      3. Not accept the proposal. If the AC does not accept 
> the proposal, the AC will explain their decision via the 
> PPML. If a proposal is not accepted, then the author may 
> elect to use the petition process to advance their proposal. 
> If the author elects not to petition or the petition fails, 
> then the proposal will be closed.
> 
> In the meantime, the AC invites everyone to comment on this 
> proposal on the PPML, particularly their support or 
> non-support and the reasoning behind their opinion. Such 
> participation contributes to a thorough vetting and provides 
> important guidance to the AC in their deliberations.
> 
> The ARIN Internet Resource Policy Evaluation Process can be found at:
> http://www.arin.net/policy/irpep.html
> 
> Mailing list subscription information can be found at:
> http://www.arin.net/mailing_lists/
> 
> Regards,
> 
> Member Services
> American Registry for Internet Numbers (ARIN)
> 
> 
> ## * ##
> 
> 
> Policy Proposal Name: Annual WHOIS POC Validation
> 
> Author: Chris Grundemann
> 
> Proposal Version: 3
> 
> Submission Date: 20 October 2008
> 
> Proposal type: new
> 
> Policy term: permanent
> 
> Policy statement:
> 
> ARIN will validate each WHOIS POC at least annually.  
> Unresponsive POC email addresses shall be marked as such in 
> the database.  If ARIN staff deems a POC to be completely and 
> permanently abandoned or otherwise illegitimate, the record 
> shall be locked or deleted.  ARIN will maintain, and make 
> readily available to the community, a current list of 
> address-blocks with no valid POC.
> 
> Rationale:
> 
> The intention of this proposal is to ensure valid whois POC 
> information with an annual validation process.  It further 
> aims to mitigate any risk that it creates in so doing.
> 
> One of the most important resources when dealing with abuse 
> (including hijacking, spam, ddos, etc) is whois.  ARIN's 
> whois data is only useful if it is known to be valid.  The 
> current NRPM does not address this in a manner which ensures 
> up to date POC contact information in all cases.  The focus 
> is on valid email addresses because this is the contact 
> method of choice for most in the Internet community when 
> dealing with abuse or hijacking issues.  POC information that 
> can not be confirmed can be judged as not valid.
> 
> A netblock with no valid POC presents a target to hijackers.  
> Once POC info is marked or tagged as invalid (like this 
> policy proposes), it becomes possible for potential hijackers 
> to locate such netblocks by searching the whois database.  As 
> a defense against such hijacking attempts, this policy 
> proposes that the information be presented in full to the 
> entire community.  This should do at least one of two things; 
> bring the netblock to the attention of whomever is 
> responsible for it and/or allow other network operators to 
> understand the potential risk and take appropriate action to mitigate.
> 
> Timetable for implementation: The first validation should 
> take place within one calendar year of the policy being accepted.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to 
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3107 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20081020/39e13235/attachment.bin>


More information about the ARIN-PPML mailing list