[arin-ppml] Incorrect POC on resource records (was: Regarding unauthorized changes (Re: Policy question))
Heather Schiller
heather.skanks at gmail.com
Thu Sep 20 21:50:21 EDT 2012
On Thu, Sep 20, 2012 at 6:18 PM, John Curran <jcurran at arin.net> wrote:
> Bill -
>
> What you suggest is quite reasonable when a transfer is performed, and ARIN is vigilant for potential fraud in such cases.
>
> That does not apply when no transfer was ever performed with a resource.
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> ARIN
>
Precisely the point. Why bother with a transfer if it's cheaper and
easier to hack the POC and make a change? Stronger Auth is needed
because you don't have to effect a transfer in ARIN in order to change
registration details (address and POC) to something convincing enough
to get an ISP to route it. The long list of legacy holders that
won't update their records proves that there are folks that don't care
what's listed in whois, as long as their ISP routes it. Does ARIN
compare POC changes against routing changes? or monitor all unrouted
address space in the region and look for POC changes if it suddenly
becomes routed? Probably not - you just rely on someone to complain,
but what happens when there is no one left to complain? (when a tree
falls..) Stronger auth for changes, better tools for ISP's to
validate, maybe better monitoring .. or you know we could just do this
v6 thing with some RPKI and bgpsec.
>
> On Sep 20, 2012, at 6:12 PM, "William Herrin" <bill at herrin.us> wrote:
>
>> When a registration change is promptly challenged, especially if the
>> challenge is issued by someone who could reasonably be the registrant,
>> it's the epitome of wisdom to err on the side of reverting the change
>> pending adjudication.
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list