[arin-ppml] How bad is it really?

[James Hess]

On Wed, Jul 14, 2010 at 4:44 PM, Owen DeLong <owen at delong.com> wrote:
> On Jul 14, 2010, at 12:11 PM, <michael.dillon at bt.com> wrote:
[snip]
Indeed "Abuse"   is such a loaded word to use for a possible mistake.
 I  would suggest the phrase  "Fraud and Abuse Process"  be replaced
with:    Fraud and  Policy Violations Reporting Process
Still,  at a certain extent,  certain mistakes are just negligence..
ARIN orgs  have a responsibility to make some reasonable efforts to
follow policy and keep their assignment records accurate.    It
cannot be excusable (really) to leave a stale record in place for THAT
many years.


I think it should be considered whether the POC validation could be
reasonably extended to include re-assignment validation.
For example,  every year on the anniversary date of each assignment,
e-mail the POCs  of orgs re-assignments are made TO, requesting
verification.     The e-mail should prompt to click on a link, which
should be guarded by a CAPTCHA or other means of human verification,
and require them to say "Yes" to a statement certifying this
assignment is active, the organization named in the re-assignment  is
using the address space,
AND  the POC receiving the e-mail is currently an  authorized contact
for that organization's networks.

If  an  ORG has multiple assignments to them,  the web page  should
list   them all,  with a checkbox by each one,   so  they can  verify
them all at once,  and avoid receiving more than 1  e-mail message per
year  (by re-verifying each assignment to them on the same date).

If there is no response within a month,  add a  "Status: Unverified"
to the re-assignment in WHOIS, while still publishing it.

And do not allow that re-assignment to be counted as utilized by the
org assigning it,   until the matter has been cleared up.


--
-Mysid