[arin-ppml] Regarding unauthorized changes (Re: Policy question)

John Curran jcurran at arin.net
Thu Sep 20 22:46:46 EDT 2012


On Sep 20, 2012, at 10:39 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> ... ARIN should listen to  whatever
> organization  signed the RSA, actually contracted for the resources,
> and can prove that with suitable notarized documents.

Agreed - that matches our current processes in organizational
authorization, point-of-contact recover, etc.

> For example, if an organization fires their employee who is also their
> Administrative POC, but ARIN is not informed.    The former
> administrative POC is no longer authorized within the organization to
> make changes.
> 
> If that person,  still listed as a POC for the resource, comes to
> ARIN,   and requests unauthorized changes,  such as a change of
> address,  or deletion of  other contacts, and they are executed,
> because ARIN was never informed that the contact is no longer
> authorized.....
> 
> Will ARIN revert those changes, and replace the Admin POC with the new
> one,  when provided a suitable attestation by the officers of the
> organization?

Yes, we will do so (although I must note that it is equally incumbent 
for organizations to take reasonable measures to protect their login 
accounts, and not solely rely upon ARIN's ability to untangle such 
situations after the fact.)

FYI,
/John

John Curran
President and CEO
ARIN




More information about the ARIN-PPML mailing list