[arin-ppml] Incorrect POC on resource records (was: Regarding unauthorized changes (Re: Policy question))

William Herrin bill at herrin.us
Thu Sep 20 18:12:32 EDT 2012

On Thu, Sep 20, 2012 at 11:35 AM, John Curran <jcurran at arin.net> wrote:
>     Please provide the number resources in question and the changes to
>     them that you believe were incorrect.  If a change was made incorrectly
>     (e.g. not by the listed point of contact or made to the wrong resource
>     record), we will promptly rectify it.   You may provide the list here or
>     privately as you prefer.

Hi John,

I don't pretend familiarity with the current situation, but in the
abstract case I will say this:

When a registration change is promptly challenged, especially if the
challenge is issued by someone who could reasonably be the registrant,
it's the epitome of wisdom to err on the side of reverting the change
pending adjudication.

Network Solutions refuses out-transfers of DNS registrations for a
period of time following a POC change. If the change is challenged,
they generally revert it. Then there's some work proving that you're
the real you and should have access but in the mean time the
registration is safe. But for these anti-fraud measures, I'd have lost
whitehouse.net a few years ago when someone guessed my colleague's
damnable "security question" for password resets. You can bet I
wouldn't have accepted "tough luck" for an answer or have failed to
name them in a suit.

If ARIN doesn't yet have a strong process for reverting illicit
changes that arise from the registrant's security carelessness, it's
time to get cracking. IP addresses just got valuable. It is
politically unwise to facilitate ongoing fraud merely because the
customer's carelessness allowed it to start. Too many organizations
figure that out the hard way. Don't let ARIN become the latest.

Bill Herrin

William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

More information about the ARIN-PPML mailing list