[arin-ppml] Use of the specified transfer policy

Ted Mittelstaedt tedm at ipinc.net
Tue Feb 15 18:24:45 EST 2011 

On 2/15/2011 2:55 PM, John Curran wrote:
> On Feb 15, 2011, at 5:41 PM, Ted Mittelstaedt wrote:
>>
>> I'm sure the address holder is - but the question was, is the
>> person who submitted the report also involved?  That may NOT be an
>> address holder it may just be a guy out on the street there who
>> happens to stumble across something.
>
> They often cannot be involved at the level desired, as the
> information that we receive is still subject to NDA.
>

Jeffrey did not say he wanted to be involved in every step of
the report. Just an acknowledgment.

>> But, is the person who filed the report informed of any action?  Or
>> do they just have to keep looking at the summary reports and trying
>> to guess if their complaint was acted on or not?
>
> We've taken to breaking down each report and any action taken on the
> reports, but have not been sending updates to the reporter.  I will
> change this; there's no reason for you to have to poll for report
> changes.
>


An automatic
ticketing system can send an acknowledgment and assign a ticket #.  Many
such ticket systems exist as free open source software on the Internet.

fraud report submitters should be periodically e-mailed with
status.  A simple "fraud report XXXX you submitted on date YYY
is still pending"  Then, once the matter is resolved, the submitter 
should either get "the investigation on fraud report XXXX you submitted 
on date YYY has been completed, and results will be available on the
next published Fraud Report Summary page" or they should get
"completed and out of scope due to XXXX YYY ZZZ"

If the matter is under NDA then simply don't tell the submitter what
result on the summary page corresponds with his report.  He can
probably guess which one it is, but he has no proof and thus
nobody has any real knowledge of anything, and the NDA agreement
has been preserved.

Doesn't the RSA guarantee the signatories that if they are discovered
to be engaged in fraud that they lose all confidentiality?  If not, it
really should!

>> The summary reports do not serve as adequate examples.  Here are
>> some recent selections:
>>
>> 20100721-F639 ISP assigning IPv4 space without justification
>> Section 12 audit conducted
>>
>> So, what happened?  What were the audit results?  Was the ISP doing
>> this or not?
>>
>
>> 20100814-F655 Report that 2 orgs are assigning IP addresses without
>> justification Section 12 audits conducted on both
>>
>> Results????
>
> If it does not say revocation, then the audit showed the assignments
> were warranted.
>

Oh, I didn't realize the report was created on a UNIX system. :-)


Ted

>> I also would love a bit more detail on this one:
>>
>> 20100819-F657 Report of spam emanating from org’s /15 Investigated,
>> found justification meets ARIN policy requirements.
>>
>> If that was snowshoe spamming and it fits in the NRPM then we
>> definitely need to modify the NRPM.
>
> I will look into this and see if there is a generic case to be added
> to the Policy Experience report for San Juan.
>
> Thanks! /John
>
> John Curran President and CEO ARIN
>
>

More information about the ARIN-PPML mailing list