[arin-ppml] Draft Policy ARIN-2016-8: Removal of Indirect POC Validation Requirement

Owen DeLong owen at delong.com
Tue Feb 21 19:02:42 EST 2017 

> On Feb 14, 2017, at 18:40 , Andrew Dul <andrew.dul at quark.net> wrote:
> 
> There has been some good discussion about this draft. 
> 
> At this time, it seems like perhaps there is disagreement within the
> community on the purpose and use of reassignment records.  As we have
> gone past IPv4 run-out, perhaps now is the time to consider if
> reassignment records provide the same level of value to the Internet
> community that they used to provide.  Doing reassignments was one of the
> primary ways that a service provider showed utilization to ARIN.  This
> could also be done by having an organization share these records
> directly with ARIN during a resource request.
> 
> I'd like to throw out a few open ended questions that perhaps will guide
> the AC as it considers this draft:
> 
> 1. Do you think reassignment records provide value to the Internet
> community from an operational perspective?  Do they provide the same
> value if they are not accurate?  At what point does the "record set" as
> a whole become invaluable because the data in the records isn't
> representative of current reassignments?

1a) Yes.
1b) Somewhat less than if they are accurate, but there’s a lot of questions
	of degree here and the level of inaccuracy that can be tolerated while
	still providing value varies greatly with the perspective of the
	particular consumer of the data.
> 
> 2. Who do you think should be responsible for ensuring that resource
> records are accurate?  The organization doing the reassignment?  ARIN? 
> Someone else?

I think this is a shared responsibility. I think that the organization
receiving the resources from ARIN has primary responsibility. I think
ARIN has a role as auditor. I think that the organization using the
resources should also have some responsibility/accountability here in
the case of delegated resources (reassignment/reallocation/etc.)

> 
> 3. Given we are past IPv4 run-out, do reassignment records provide the
> same value to ARIN for the purposes of determining utilization?  Should
> other methods be used to determine utilization going forward?

3a: Yes.
3b: Such as? It is hard to evaluate alternatives relative to the current
system when no alternatives have yet been proposed.


> 
> 4. Would you support the concept of removing reassignment records for
> which a POC has not been validated after a certain period of time?  1
> year?  2 years?  x years?

No. The records should remain, but should be labeled as “POC INVALID”.

I would support terminating RDNS services after a notice period for all
records. In the case of reassignment/reallocation records, I would require
that the notification of pending termination be sent not only to the resource
holder of record, but also to the parent LIR in question and the direct
ARIN recipient in the chain.

> 
> 5. Would you support the idea that a new reassignment could not be added
> to the database without the approval of the POC who is receiving the
> resource by reassignment?

YES YES YES. Further, I think that it should be somehow possible to register
an ORG->{DOMAIN,…} map using some mechanism by which ARIN can validate that
the DOMAIN in question legitimately belongs to ORG. At that point, it should
be possible for the ORG to register a POC MANAGEMENT contact who has the
authority to approve or deny ALL POC requests involving user@{DOMAIN} emails
where the DOMAIN is one of the ORG’s registered DOMAINs.

Owen

> 
> Thanks for your input
> 
> Andrew
> 
> 
> 
> On 12/20/2016 10:09 AM, ARIN wrote:
>> 
>> 
>> ##########
>> 
>> ARIN-2016-8: Removal of Indirect POC Validation Requirement
>> 
>> Problem Statement:
>> 
>> There are over 600,000 POCs registered in Whois that are only
>> associated with indirect assignments (reassignments) and indirect
>> allocations (reallocations). NRPM 3.6 requires ARIN to contact all
>> 600,000+ of these every year to validate the POC information. This is
>> problematic for a few reasons:
>> 
>> 1) ARIN does not have a business relationships with these POCs. By
>> conducting POC validation via email, ARIN is sending Unsolicited
>> Commercial Emails. Further, because of NRPM 3.6.1, ARIN cannot offer
>> an opt-out mechanism. Finally, ARIN's resultant listing on anti-spam
>> lists causes unacceptable damage to ARIN's ability to conduct ordinary
>> business over email
>> 
>> 2) ARIN has previously reported that POC validation to reassignments
>> causes tremendous work for the staff. It receives many angry phone
>> calls and emails about the POC validation process. I believe the ARIN
>> staff should be focused on POC validation efforts for directly issued
>> resources, as that has more value to internet operations and law
>> enforcement than end-user POC information.
>> 
>> Policy statement:
>> 
>> Replace the first sentence of 3.6.1:
>> 
>> "During ARIN's annual Whois POC validation, an email will be sent to
>> every POC in the Whois database."
>> 
>> with
>> 
>> "During ARIN's annual Whois POC validation, an email will be sent to
>> every POC that is a contact for a direct assignment, direct
>> allocation, reallocation, and AS number, and their associated OrgIDs."
>> 
>> Timetable for implementation: Immediate
>> _______________________________________________
>> PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
> 
> 
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list