[arin-ppml] Revised - Draft Policy ARIN-2018-5: Disallow Third-party Organization Record Creation
owen at delong.com
Mon Apr 1 19:45:12 EDT 2019
Bill’s attempt at wordsmithing notwithstanding, I support the proposal as written or with some wordsmithing to improve clarity.
I agree with Bill that the existing wording is somewhat hard to parse, though I’m not sure his is substantially easier (though I give it points for brevity).
Unfortunately, his particular verbiage doesn’t work in the real world because you can’t be named as the POC for an organization before there’s an ORG record to reference you as a POC, thus creating a catch-22 situation. Thus, I would be opposed to his exact wording as it seems unimplementable to me.
Sadly, I’m unable to formulate a superior alternative as it occurs to me that the following dilemma comes into play:
I, as a contractor, often create ORG records for (and at the request of) my clients. I’m not their ISP and I’m not creating the records without their knowledge or informed consent (which is the real problem here). In fact, I only create them when I am in the process of preparing an IP and/or ASN request for them.
I’m beginning to think that perhaps the correct solution would be to require officer attestation to the validity of an ORG request.
> On Mar 18, 2019, at 16:31 , Andrew Dul <andrew.dul at quark.net> wrote:
> The ARIN advisory council will be considering this draft policy at its upcoming teleconference later this week.
> The AC would appreciate your statement of support (or lack of thereof) for this updated draft to help make a determination if this draft policy is strongly supported by the community and thus is ready to move toward recommended status.
> If you do not support this draft, we would appreciate your comments on if you support this draft policy change in concept and any text changes that you would suggest to improve the draft policy.
> Also, if you are a network operator who creates or modifies a significant number of reassigned-detailed or reallocation records the AC would appreciate your input on if you use automated tools to create org-id records and how long it might take for your organization to make changes necessary to comply with this number policy change.
> On 2/4/2019 10:54 AM, ARIN wrote:
>> The following has been revised:
>> * Draft Policy ARIN-2018-5: Disallow Third-party Organization Record Creation
>> Revised text is below and can be found at:
>> You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:
>> * Enabling Fair and Impartial Number Resource Administration
>> * Technically Sound
>> * Supported by the Community
>> Draft Policy ARIN-2018-5: Disallow Third-party Organization Record Creation
>> Problem Statement:
>> Since the introduction of simple-reassignment some years ago, it is no longer necessary to allow for third-parties (such as upstream ISPs) to create organization records for another entity (such as their customers). In particular, many entities find that spurious organization records are routinely created in their name, causing both confusion and entity + staff time for clean-up.
>> Therefore, this policy establishes that organization records shall be created only by the entity represented by the organization record, and should be created only through an explicit request to ARIN. ISPs wishing to reassign space to customers should either ask the customer for their ORG-ID or shall use the "simple reassignment" method which does not require nor create new organization records. ISPs wishing to reallocate space to customers should ask the customer for their ORG-ID.
>> Policy Statement:
>> Add new section(s) into the NRPM:
>> 3.X Directory Service Records
>> 3.X.1 Organization Record Creation
>> New organization records shall be created upon ARIN receiving a request directly from an authorized contact representing an entity that ARIN is able to validate. Organization records shall not be created upon the request of third-parties.
>> Timetable for implementation: Immediate
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> Please contact info at arin.net if you experience any issues.
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML