[arin-ppml] Regarding unauthorized changes (Re: Policy question)
John Curran
jcurran at arin.net
Thu Sep 20 22:46:46 EDT 2012
On Sep 20, 2012, at 10:39 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> ... ARIN should listen to whatever
> organization signed the RSA, actually contracted for the resources,
> and can prove that with suitable notarized documents.
Agreed - that matches our current processes in organizational
authorization, point-of-contact recover, etc.
> For example, if an organization fires their employee who is also their
> Administrative POC, but ARIN is not informed. The former
> administrative POC is no longer authorized within the organization to
> make changes.
>
> If that person, still listed as a POC for the resource, comes to
> ARIN, and requests unauthorized changes, such as a change of
> address, or deletion of other contacts, and they are executed,
> because ARIN was never informed that the contact is no longer
> authorized.....
>
> Will ARIN revert those changes, and replace the Admin POC with the new
> one, when provided a suitable attestation by the officers of the
> organization?
Yes, we will do so (although I must note that it is equally incumbent
for organizations to take reasonable measures to protect their login
accounts, and not solely rely upon ARIN's ability to untangle such
situations after the fact.)
FYI,
/John
John Curran
President and CEO
ARIN
More information about the ARIN-PPML
mailing list