[arin-ppml] Incorrect POC on resource records

Wed Sep 26 15:03:27 EDT 2012

Hi Ted,

I am going to snip most of this for simplicity.

I will publicly state that John has my permission to discuss what
happened when/if he can.  I do commend John on spending time with me
on this issue, which at first seems like a simple problem but is
something that affects the community.  If for some reason he cannot, I
will spell it out once he and I are totally clear on what happened.

On Wed, Sep 26, 2012 at 11:10 AM, Ted Mittelstaedt <tedm at ipinc.net> wrote:

> The problem is this runs afoul of the protections that the community
> insisted be put into place to guard against malevolent users from
> changing the data.
>
> In the olden days, around 2004, it WAS easy - a phone call to hostmaster
> would do it - provided that you provided verifiable info.  Alas those
> days are gone, now.
>
> I think there's more concern among the community for malevolent people
> changing records than for people who accidentally left their records
> go stale.  Thus the "good guys" have to jump through hoops.
>
> But seriously this isn't any worse than for example, going to a
> bank and getting them to put you on your aged mother's bank account
> when she has a stroke and cannot write checks anymore.

I think you do a fine job of making my point.  How can you claim that
someone is negligent for not updating their POC records when you bring
up something that would require either planning (living will) or
lawyers.

If the first time you contact and ARIN they refuse to update your POC,
the record is now under dispute and should be noted so.  After that,
the POC has done their job, it is ARIN who holds the ball on
Stewardship.

>
>  And if ARIN changes the POC without notice then what?
>>
>> It now becomes the legacy holders fault?  No.
>
>
> Yes.  In property ownership there's a concept called adverse
> possession that basically states that an org can take over abandoned
> property.

The property is not abandoned.  I already stated this.  I am not sure
if you are listening.

>> Or they cannot update the contact info as ARIN has changed the POC.
>> I guess you have never been on the other side of the table, but I
>> have and it's a huge pita once ARIN decides that your record is
>> invalid.  You can't update your physical address even if they can
>> verify it.  This is a very one sided system.
>>
>
> This is an area where a public airing of an actual example would
> help clarify your position.  Until such time that you provide it,
> I am going to have to side with ARIN, buddy.

I am actually very happy to have you side with ARIN because ARIN and I
currently agree.

>> You are using the unfair argument?  I can't go with you here.
>>
>
> Of course you can't because you are operating from the position that
> an org should be allowed to put a POC on a resource that is essentially
> useless.  Your coming from the position that requiring the 98% of
> users to keep their POCs updated is unfair, and that putting a punishment
> into place to convince them to adhere to that requirement
> is unfair.  At least that is how you sound.  If I am wrong then
> WHAT IS your position?

My position is that legacy resource holders should not be subject to
having known wrong POCs put into their ORG records.  One wrong does
not change another.  If someone has signed the RSA, or I assume the
LRSA then they fall under the direct control of that document.

ARIN already has protections to stop people from changing company
names, reassigning assets and such and in the event that it happens,
they have always claimed that a letter from an executive on letterhead
will correct the issue.

All that happens when you change the POC to a known bad one is you
make it harder for the owner of the resource to update the record, or
refresh the ORG which is what you want.

If you don't want the owners of ORGs to be able to update their
resources, what do you want?

> Tell your story, name names, name dates, provide verifiable info
> here, and I am sure people will listen.

I have clearly stated that John has permission to discuss it and if
not I will once we are happy that we understand what went on.  I am
not claiming that ARIN did something malicious or purposely to me, I
am stating that it took me a very long time to clear up an issue.

I have more of an issue with the fact that you believe that you should
be able to call the shots on other peoples networks.

>
> During the argument to get 3.6.1 put in, many examples of POCs that
> were absolutely silly in the extreme were posted.  There were POCs
> that listed UUCP e-mail address and bitnet e-mail addresses, that
> were posted.  These were actual examples right out of whois - they
> were not hypothetical situations.  ARIN staff even had the decency
> to sound embarrassed that they had let it get that bad.

Did the phone numbers work?  The physical addresses?  The fax
machines?  There are multiple contact spots in a POC and if you think
about it, if you can't send email from your old bitnet account, how do
you change your POC other than calling? :)

>
> Nobody said who pushed for 3.6.1 that it was perfect.  But nobody
> posted any examples from "the other side" as you call it since "the
> other side" didn't exist.  Once 3.6.1 was implemented, the "other side"
> was created.  If that side has been mistreated, the post the example
> and we can put our heads together and see if a policy or an operational
> change is needed!

I can call it whatever you want, it's just the state of a ORG owner
who has their POC handles changed by ARIN without their permission
whether purposely or mistakenly.