ARIN WHOIS POC Validation
If you are a regular reader of either my blog or the ARIN PPML (Public Policy Mailing List) than you may remember the discussion surrounding ARIN WHOIS integrity which occurred last August (through October).
The first policy proposal to hit the list was 2008-7 “Whois Integrity Policy Proposal” submitted by Heather Schiller. Although this proposal was named “integrity” the approach was to implement authentication via an RSA (Registration Services Agreement) for all WHOIS resource records, which was contentious to say the least. I will not get into the RSA/LRSA/Legacy Resource debate here other than to say that it was obviously an impediment to Miss Schiller’s proposal.
After about 4 days of debate on the list, Michael Sinatra introduced his proposal “Whois Authentication Alternatives” and the next day Ted Mittelstaedt offered up a third similar proposal, titled “whois POC e-mail cleanup.” I had been following the conversation quite closely and agreed completely with the general intent of Ted’s proposal (WHOIS POC information integrity) but not the specific implementation as proposed. After absorbing as much of the debate as possible; I too submitted a proposal; “Annual WHOIS POC Validation,” the next day. After some initial feedback and later conversations with and input from fellow ‘ppml-ers’, I revised my proposal twice, rewriting it into a much shorter and less operationally intrusive draft:
ARIN will validate each WHOIS POC at least annually. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the record shall be locked or deleted. ARIN will maintain, and make readily available to the community, a current list of address-blocks with no valid POC.
Shortly after my second revision (and ARIN XXII) the ARIN AC (Advisory Council) decided that the best course of action would be to work with the various authors collectively and combine the related proposals into a single revision for community review (and hopefully adoption). All of the authors agreed and we kicked off a three month conversation (facilitated by Marla Azinger) which culminated in a draft which should make its appearance back on the ppml in time for discussion at ARIN XXIII (26-29 April 2009 in San Antonio Texas). The new and improved 2008-7 is now titled “Identify Invalid WHOIS POC’s” (to allow for a second proposal “Fixing Invalid WHOIS POC’s” to be drafted in the near future) and it reads:
During ARINs annual WHOIS POC validation, an e-mail will be sent to every POC in the WHOIS database. Each POC will have a maximum of 60 days to respond with an affirmative that their WHOIS contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the record shall be deleted. ARIN will maintain, and make readily available to the community, a current list of address-blocks with no valid POC; this data will be subject to the current bulk WHOIS policy.
I am very glad that I was able to have a hand in this important piece of policy and am hopeful that it will be easily adopted in it’s current form. Watch the ppml for it and voice your support!
UPDATE 3-SEP-2009: Policy 2008-7 has been adopted by the ARIN Board of Trustees!
UPDATE 7-June-2010: Annual POC validation has been implemented!