[arin-ppml] Draft Policy 2017-3: Update to NRPM 3.6: Annual Whois POC Validation
    Potter, Amy 
    apotter at hilcoglobal.com
       
    Wed Sep  6 11:13:03 EDT 2017
    
    
  
Hi all,
The text of 2017-3 that we presented at our last meeting attempts to address the problem of whois inaccuracy by removing reverse DNS entries for organizations that lack validated POC records as well as removing their resources from the public whois database. The feedback we've received for this option has been largely negative, so we are looking to get some feedback on alternative solutions.
A revised draft is included below that proposes instead to remove access to ARIN Online for organizations that lack a validated tech or admin POC. Other options have also been proposed that we would like your feedback on. Those include:
1.       Requiring organizations to validate their POCs at the time of creation. POCs for organizations that have received a reallocation from their upstream must validate both that the POC contact information is correct and that their organization information is correct.
2.       Requiring POCs for reallocated space to validate their information prior to the reallocation being visible in public whois.
3.       Removing ARIN Online access to upstream ISPs until every reallocation made from their direct allocation has validated POCs. Upstream ISPs would not be able to validate the POCs of their downstream recipients of reallocations. Only the actual recipients of the reallocation would be able to validate their own POCs (i.e. upstream ISPs would be dependent on the actions of their downstream customers, and would lose ARIN Online access if their customers did not validate the information the upstream provided for them in ARIN's whois). Some interesting stats were provided by staff to help us flesh out the feasibility of this idea. Those stats are included at the very bottom of this message.
4.       Proposed revised text below.
5.       Any other ideas?
Proposed revised text
Policy statement:
Current text:
3.6 Annual Whois POC Validation
3.6.1 Method of Annual Verification
During ARIN's annual Whois POC validation, an email will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy.
Proposed revised text:
3.6 Annual Validation of ARIN's Public Access WHOIS Point of Contact Data
3.6.1 Annual POC Verification
ARIN will perform an annual verification of point of contact data each year on the date the POC was registered, beginning on January 1 each year using the procedure provided in 3.6.4.
3.6.2 Specified Public WHOIS Points of Contact for Verification
Each of the following Points of Contact are to be verified annually and will be referred to as Points of Contact throughout this policy:
- Admin
- Tech
- NOC
- Abuse
3.6.3 Organizations Covered by this Policy
This policy applies to every Organization that holds a direct assignment, direct allocation, AS number or reallocation from ARIN. This includes but is not limited to upstream ISPs and downstream ISP customers (as defined by NRPM 2.5 and 2.6), but not reassignments made to downstream customers or end user customers.
3.6.4 ARIN Staff Procedure for Verification
Email notification will be sent to each of the Points of Contact in section 3.6.2 on an annual basis. Each Point of Contact will have up to sixty (60) days from the date of the notification in which to respond with confirmation as to the public WHOIS contact data or to submit data to correct and complete it. Validation can occur via the ARIN Online account, or, alternatively, by clicking the validation link in the email notification. After the sixty (60) day period, non-responsive Point of Contact records will be marked as "non-responsive" in the public WHOIS directory.
3.6.5 Non-Responsive Point of Contact Records
After an additional ninety (90) days after the Point of Contact record has been marked as "non-responsive", ARIN's staff after through research and analysis, will mark those non validated, abandoned or otherwise illegitimate POC records "invalid".  Organizations lacking a valid Tech or Admin POC will lose access to their ARIN Online account  until a Tech or Admin POC has been validated.
Comments:
a. Timetable for implementation: to be based upon discussions with ARIN's staff.
b. Anything else
***
Reallocation stats provided by staff...
1) Could we get a breakdown of the number of nets in whois, how many are direct allocations, reallocations, and reassignments?
# of nets in Whois: 3,161,723
# direct allocation: 23,661
# direct assignment: 35,751
# reallocations: 89,607
# detailed reassignments: 511,637
# simple reassignments: 2,502,016 (note: simple reassignments have no point of contact information)
Note: This includes both legacy and non-legacy.
2) How many Org's have made reallocations? Not how many reallocations as the previous question, but how many org's with direct allocations have made reallocations.
There are 5,590 Org IDs with one or more direct allocations. Of those, 648 (12%) have made one or more reallocations and 4,942 (88%) have no reallocations. Note that this excludes legacy direct allocations as well as self-reallocations (reallocations made to the same Org ID as the direct allocation).
3) Of the Direct Allocations, what is the average and median number of reallocations associated to the direct allocations?
There are 2,205 direct allocations with one or more reallocations.
The maximum number of reallocations under a single direct allocation is 31,500. (Note: This is a IPv6 Direct Allocation)
The mean number of reallocations under a direct allocation (counting only direct allocations with one or more reallocations) is 37.
The median number of reallocations under a direct allocation (counting only direct allocations with one or more reallocations) is 3.
And, just for statistical completeness, the mode (# that occurs most frequently) is 1.
As another datapoint:
1,648 direct allocations have 1-9 reallocations (Those nets have a total of 4,327 reallocations, 5% of the reallocations).
465 direct allocations have 10-99 reallocations (Those nets have a total of 13,322 reallocations, 16% of the reallocations)
92 have 100+ reallocations (Those nets have a total of 64,895 reallocations, 79% of the reallocations).
3b) As a companion to the above, we ran the numbers on a per-Org ID basis.
There are 648 Org IDs with one or more reallocations.
The maximum number of reallocations under a single Org ID is 31,504.
The mean number of reallocations under a direct allocation (counting only direct allocations with one or more reallocations) is 127.
The median number of reallocations under a direct allocation (counting only direct allocations with one or more reallocations) is 3.
And, just for statistical completeness, the mode (# that occurs most frequently) is 1.
As another datapoint:
454 Org IDs have 1-9 reallocations (1,256 total reallocations)
160 Org IDs have 10-99 reallocations (4,805 total reallocations)
34 Org IDs have 100+ reallocations (76,486 total reallocations)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20170906/18ecbf95/attachment.htm>
    
    
More information about the ARIN-PPML
mailing list