<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16705" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I agree with Eric that the words "NO
RESPONSE" should be used in place of "REFUSED RESPONSE".</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Celeste.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=arin-ppml@westbrook.com href="mailto:arin-ppml@westbrook.com">Eric
Westbrook</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=arin-ppml@arin.net
href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 25, 2008 1:07
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [arin-ppml] Policy Proposal:
Annual WHOIS POC Validation</DIV>
<DIV><BR></DIV>
<DIV dir=ltr>1. I suggest that the phrase "NO RESPONSE" should be used
globally instead of "REFUSED RESPONSE" in this proposal, since a lack of
response, which is not necessarily a refusal, is what triggers it. It
probably warrants the same handling, but I think it's an important semantic
distinction.<BR><BR>2. I agree with the contention that this marker
shouldn't really "overwrite" the email address. The email addresses,
even if they fail to respond, should not be discarded or lost.<BR><BR>Also, in
this rationale section:<BR><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">A
netblock with no valid POC presents a target to hijackers. Once
POC<BR>info is marked or tagged as invalid (like this policy proposes),
it<BR>becomes possible for potential hijackers to locate such netblocks
by<BR>searching the whois database. As a defense against such
hijacking<BR>attempts, this policy proposes that the information be
presented in<BR>full to the entire community. This should do at least
one of two<BR>things; bring the netblock to the attention of whomever is
responsible<BR>for it and/or allow other network operators to understand
the<BR>potential risk and take appropriate action to
mitigate.<BR></BLOCKQUOTE><BR>I'm not fully convinced that the benefit of
increased visibility to operators and white hats would universally trump the
danger of increased visibility to black hats. But I suppose it could
help mitigate it in some (and perhaps many) cases.<BR><BR>Regardless, I do
think the overall benefit gained by periodic verification (with perhaps a few
adjustments as others are suggesting) probably outweighs that concern and any
others of which I can currently think.<BR><BR>$0.02,<BR>Eric<BR><BR></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>PPML<BR>You are
receiving this message because you are subscribed to<BR>the ARIN Public Policy
Mailing List (ARIN-PPML@arin.net).<BR>Unsubscribe or manage your mailing list
subscription at:<BR>http://lists.arin.net/mailman/listinfo/arin-ppml<BR>Please
contact info@arin.net if you experience any issues.</BLOCKQUOTE></BODY></HTML>