[arin-ppml] Draft Policy 2017-03: Update to NPRM 3.6: Annual Whois POC Validation

Tue Feb 13 11:48:00 EST 2018

I support this draft policy with the new language.

—
Brian

On Mon, Feb 5, 2018 at 4:12 PM Potter, Amy <apotter at hilcoglobal.com> wrote:

> In response to the staff & legal assessment for 2017-3, we are proposing
> the following new language for subsection  3.6.5:
>
>
>
> 3.6.5
>
> An invalid POC is restricted to payment and contact update functionality
> within ARIN Online. As a result, an organization without any valid POCs
> will be unable to access further functionalities within ARIN Online until
> at least one Admin or Tech POC validates that their information is accurate
> or modifies a POC to contain accurate information.
>
>
>
> *ARIN STAFF & LEGAL ASSESSMENT*
>
> *Draft Policy ARIN-2017-03*
>
> *Update to NPRM 3.6: Annual Whois POC Validation*
>
> https://arin.net/policy/proposals/2017_3.html
>
>
>
>
>
> *Date of Assessment:  3 January 2018*
>
>
>
> ___
>
> *1.  Summary (Staff Understanding)*
>
>
>
> Draft Policy 2017-03 establishes the specific Whois Points of Contact
> (POCs) that are required to be verified annually. It further identifies
> which organizations are covered by this policy according to the type of
> resources that it holds i.e. direct assignments, direct allocations, AS
> numbers from ARIN (or one of its predecessor registries) or a reallocation
> from an upstream ISP. It specifically excludes reassignments made to
> downstream end user customers. DP 2017-03 defines the procedure to be
> followed to ensure the above specified POCs are verified through an email
> notification on an annual basis. It instructs ARIN staff to marked POC
> records deemed completely and permanently abandoned or otherwise
> illegitimate as invalid in Whois. It also directs action to be taken if an
> ADMIN or TECH POC has been marked invalid.
>
>
>
> ___
>
> *2.  Comments*
>
>
>
> A.  ARIN Staff Comments
>
>
>
> * 3.6.2 Specified Public Whois Points of Contact for Verification:  Lists
> the 4 types of POCs that must be verified annually. This is very clear.
>
> * 3.6.3 Organizations Covered by this Policy: Clearly states
> qualifications for an Organization’s POCs to require annual verification as
> well as those that do not require it. This is clear.
>
> * 3.6.4 Procedure for Verification: Describes the steps in the
> verification process. This is clear.
>
> * 3.6.5 Non-Responsive Point of Contact Records: This section is unclear
> regarding the scope of the impact to an organization having non-responsive
> POCs, as the phrase "any organization lacking a validated Admin or Tech POC
> will be unable to access the full suite of functionality” fails to specify
> the allowed/prohibited functionality for organizations lacking a valid
> contact.  Absent further clarification, ARIN staff will interpret this to
> mean that an organization without at least one validated Admin or Tech POC
> will only be able to access payment and contact update functionality within
> ARIN Online, regardless of the contact used for access.  For organizations
> that have at least one valid Admin or Tech contact, the organization will
> be able to access full functionality of ARIN Online, even if access is via
> one of its other non-responsive POCs.  If instead the desired policy
> outcome is that only a validated Admin or Tech POC may access full ARIN
> Online functionality, then the policy text should be clarified to that
> effect.
>
> * The proposed policy does not impact ARIN’s ability to provide ongoing
> registry services for number resources, only the ability of impacted
> organizations to make changes to their number resources and related
> services.
>
> * This policy could be implemented as written.
>
>
>
> *B.  ARIN General Counsel – Legal Assessment*
>
>
>
> * There are no material legal issues regarding this proposal.
>
>
>
>
>
> ___
>
> *3.  Resource Impact*
>
>
>
> Implementation of this policy would have minimal resource impact. It is
> estimated that implementation could occur within 3 months after
> ratification by the ARIN Board of Trustees. The following would be needed
> in order to implement:
>
>
>
> * Updated guidelines and internal procedures
>
> * Staff training
>
> * Minimal engineering work
>
>
>
> ___
>
> 4*. Proposal / Draft Policy Text Assessed*
>
>
>
> Draft Policy ARIN-2017-3: Update to NPRM 3.6: Annual Whois POC Validation
>
>
>
> *Version Date:* 14 November 2017
>
>
>
> *Problem Statement:*
>
>
>
> Many of the Point of Contacts listed in ARIN's public Whois database
> contain out-of-date and inaccurate contact information.
>
>
>
> *Policy Statement:*
>
>
>
> *Current Text*:
>
>
>
> 3.6 Annual Whois POC Validation
>
> 3.6.1 Method of Annual Verification
>
> During ARIN's annual Whois POC validation, an email will be sent to every
> POC in the Whois database. Each POC will have a maximum of 60 days to
> respond with an affirmative that their Whois contact information is correct
> and complete. Unresponsive POC email addresses shall be marked as such in
> the database. If ARIN staff deems a POC to be completely and permanently
> abandoned or otherwise illegitimate, the POC record shall be marked
> invalid. ARIN will maintain, and make readily available to the community, a
> current list of number resources with no valid POC; this data will be
> subject to the current bulk Whois policy.
>
>
>
> *Proposed Revised Text*:
>
>
>
> 3.6 Annual Validation of ARIN's Public Whois Point of Contact Data
>
> 3.6.1 Annual POC Verification
>
> ARIN will perform an annual verification of specific Points of Contact
> registered in the public Whois using the criteria and procedures outlined
> in sections 3.6.2, 3.6.3, and 3.6.4.
>
> 3.6.2 Specified Public Whois Points of Contact for Verification
>
> Each of the following Points of Contact are to be verified annually, and
> will be referred to as Point of Contact or POC throughout this policy, and
> should be understood to be both organization and resource POCs:
>
>    - Admin
>    - Tech
>    - NOC
>    - Abuse
>
> 3.6.3 Organizations Covered by this Policy
>
> This policy applies to every Organization that has a direct assignment,
> direct allocation, or AS number from ARIN (or one of its predecessor
> registries) or a reallocation from an upstream ISP. This includes but is
> not limited to upstream ISPs and their downstream ISP customers (as defined
> by NRPM 2.5 and 2.6), but not reassignments made to their downstream end
> user customers.
>
> 3.6.4 Procedure for Verification
>
> An annual email notification will be sent to each of the Points of Contact
> outlined in section 3.6.2 on an annual basis. Each Point of Contact will
> have up to sixty (60) days from the date of the notification in which to
> respond with an affirmative that their Whois contact information is correct
> and complete or to submit new data to correct and complete it.  If after
> careful analysis, ARIN staff deems a POC to be completely and permanently
> abandoned or otherwise illegitimate, the POC record shall be marked invalid
> in Whois.
>
> 3.6.5 Non-Responsive Point of Contact Records
>
> Once a non-responsive POC has been marked invalid in the public Whois, any
> organization lacking a validated Admin or Tech POC will be unable to access
> the full suite of functionality within ARIN Online until the invalid POC(s)
> have either validated that their information is accurate or
> modified their POC to contain up-to-date information.
>
>
>
> *Comments:*
>
>
>
> Timetable for implementation: to be based upon discussions with ARIN's
> staff.
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20180213/c15ab1fa/attachment.htm>