[arin-ppml] Draft Policy 2017-03: Update to NPRM 3.6: Annual Whois POC Validation

Potter, Amy apotter at hilcoglobal.com
Mon Feb 5 16:12:01 EST 2018


In response to the staff & legal assessment for 2017-3, we are proposing the following new language for subsection  3.6.5:

3.6.5

An invalid POC is restricted to payment and contact update functionality within ARIN Online. As a result, an organization without any valid POCs will be unable to access further functionalities within ARIN Online until at least one Admin or Tech POC validates that their information is accurate or modifies a POC to contain accurate information.

ARIN STAFF & LEGAL ASSESSMENT
Draft Policy ARIN-2017-03
Update to NPRM 3.6: Annual Whois POC Validation
https://arin.net/policy/proposals/2017_3.html


Date of Assessment:  3 January 2018

___
1.  Summary (Staff Understanding)

Draft Policy 2017-03 establishes the specific Whois Points of Contact (POCs) that are required to be verified annually. It further identifies which organizations are covered by this policy according to the type of resources that it holds i.e. direct assignments, direct allocations, AS numbers from ARIN (or one of its predecessor registries) or a reallocation from an upstream ISP. It specifically excludes reassignments made to downstream end user customers. DP 2017-03 defines the procedure to be followed to ensure the above specified POCs are verified through an email notification on an annual basis. It instructs ARIN staff to marked POC records deemed completely and permanently abandoned or otherwise illegitimate as invalid in Whois. It also directs action to be taken if an ADMIN or TECH POC has been marked invalid.

___
2.  Comments

A.  ARIN Staff Comments

* 3.6.2 Specified Public Whois Points of Contact for Verification:  Lists the 4 types of POCs that must be verified annually. This is very clear.
* 3.6.3 Organizations Covered by this Policy: Clearly states qualifications for an Organization's POCs to require annual verification as well as those that do not require it. This is clear.
* 3.6.4 Procedure for Verification: Describes the steps in the verification process. This is clear.
* 3.6.5 Non-Responsive Point of Contact Records: This section is unclear regarding the scope of the impact to an organization having non-responsive POCs, as the phrase "any organization lacking a validated Admin or Tech POC will be unable to access the full suite of functionality" fails to specify the allowed/prohibited functionality for organizations lacking a valid contact.  Absent further clarification, ARIN staff will interpret this to mean that an organization without at least one validated Admin or Tech POC will only be able to access payment and contact update functionality within ARIN Online, regardless of the contact used for access.  For organizations that have at least one valid Admin or Tech contact, the organization will be able to access full functionality of ARIN Online, even if access is via one of its other non-responsive POCs.  If instead the desired policy outcome is that only a validated Admin or Tech POC may access full ARIN Online functionality, then the policy text should be clarified to that effect.
* The proposed policy does not impact ARIN's ability to provide ongoing registry services for number resources, only the ability of impacted organizations to make changes to their number resources and related services.
* This policy could be implemented as written.

B.  ARIN General Counsel - Legal Assessment

* There are no material legal issues regarding this proposal.


___
3.  Resource Impact

Implementation of this policy would have minimal resource impact. It is estimated that implementation could occur within 3 months after ratification by the ARIN Board of Trustees. The following would be needed in order to implement:

* Updated guidelines and internal procedures
* Staff training
* Minimal engineering work

___
4. Proposal / Draft Policy Text Assessed

Draft Policy ARIN-2017-3: Update to NPRM 3.6: Annual Whois POC Validation

Version Date: 14 November 2017

Problem Statement:

Many of the Point of Contacts listed in ARIN's public Whois database contain out-of-date and inaccurate contact information.

Policy Statement:

Current Text:

3.6 Annual Whois POC Validation
3.6.1 Method of Annual Verification
During ARIN's annual Whois POC validation, an email will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy.

Proposed Revised Text:

3.6 Annual Validation of ARIN's Public Whois Point of Contact Data
3.6.1 Annual POC Verification
ARIN will perform an annual verification of specific Points of Contact registered in the public Whois using the criteria and procedures outlined in sections 3.6.2, 3.6.3, and 3.6.4.
3.6.2 Specified Public Whois Points of Contact for Verification
Each of the following Points of Contact are to be verified annually, and will be referred to as Point of Contact or POC throughout this policy, and should be understood to be both organization and resource POCs:
   - Admin
   - Tech
   - NOC
   - Abuse
3.6.3 Organizations Covered by this Policy
This policy applies to every Organization that has a direct assignment, direct allocation, or AS number from ARIN (or one of its predecessor registries) or a reallocation from an upstream ISP. This includes but is not limited to upstream ISPs and their downstream ISP customers (as defined by NRPM 2.5 and 2.6), but not reassignments made to their downstream end user customers.
3.6.4 Procedure for Verification
An annual email notification will be sent to each of the Points of Contact outlined in section 3.6.2 on an annual basis. Each Point of Contact will have up to sixty (60) days from the date of the notification in which to respond with an affirmative that their Whois contact information is correct and complete or to submit new data to correct and complete it.  If after careful analysis, ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid in Whois.
3.6.5 Non-Responsive Point of Contact Records
Once a non-responsive POC has been marked invalid in the public Whois, any organization lacking a validated Admin or Tech POC will be unable to access the full suite of functionality within ARIN Online until the invalid POC(s) have either validated that their information is accurate or modified their POC to contain up-to-date information.

Comments:

Timetable for implementation: to be based upon discussions with ARIN's staff.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20180205/bf26a3a4/attachment.html>


More information about the ARIN-PPML mailing list