Policy Proposal 2004-4: Purpose and Scope of ARIN WHOIS Directory [Archived]

Author: Michael Dillon

Author’s Organization: Radianz, Inc.

Policy term: permanent

Policy statement:

1. ARIN shall maintain and publish a directory of contact information for the purposes of facilitating the operation of interconnected IP networks.

2. This directory will contain contact information for all organizations and individuals within the ARIN region who have received IP allocations or AS numbers directly from ARIN or its predecessors.

3. Organizations and individuals must guarantee to ARIN that contact addresses published in the whois directory will reach a person who is ready, willing and able to communicate regarding network operations and interconnect issues and who is able to act on that communication.

4. Any other organizations may elect to be listed in the whois directory as long as they make the guarantee detailed in item 3.

5. All contacts listed in the whois directory will be contacted periodically and the directory will indicate information which may be stale if contact cannot be made promptly.

6. Additionally, the whois directory will contain, directly or indirectly, a record of all address blocks sub-allocated or assigned by the entities mentioned in item 3.

7. The records mentioned in item 6 will not identify the organization or individual receiving the address block or their exact location. These records will only indicate an organizational type, the nearest municipality providing postal service to the end user, state/province and country.

Rationale:

ARIN doesn’t really have a policy regarding whois. Most of what we have today is adopted based on a long tradition that nobody understands anymore.

In looking back at historical sources it appears that whois was originally set up so that ARPANET site managers could justify their ARPANET connectivity funding by enumerating the people/projects that were making use of the ARPANET.

Times have changed and tradition is no longer sufficient reason for doing things.

This proposal attempts to put in place a simple statement of the purpose and scope of a whois directory. It is my opinion that if we cannot all agree on some sort of simple policy similar to what I am proposing, then we probably should scrap the whois directory entirely.

Nothing in this policy should be construed to restrain ARIN staff’s ability to maintain and use whatever databases they may need in the performance of their duties including IP address allocation. This policy only refers to the data which is made freely available to the public.

If this policy is adopted it will also alleviate concerns from the cable and DSL industry in regard to residential user privacy.

a) ARIN policy doesn’t currently state that ARIN will maintain or publish a whois directory. This policy fixes that.

b) This proposal also explicitly states the purpose of the whois directory as being targeted at internetworking and operational issues. It is not intended to help anti-spamming collectives bypass the ISPs who are responsible for operating a network. In fact one of the goals is to make it harder for anti-spamming groups to attack end users. This whois policy would force them to report network abuse to the ISP employees who are responsible for finding and fixing network abuse issues.

c) The proposal does not recognize research as part of the scope of the whois directory, however items 6 and 7 do provide for data which allows some mapping and analysis of address usage and therefore the research community will not be left out in the cold.

d) This policy only directly puts a mandate on those organizations who have, or should have, an ARIN relationship to supply data.

e) The policy also allows any responsible party to add their contact data to the ARIN database. However, this is done with their consent and by binding them to act responsibly, i.e. you can’t list your organization and then ignore all abuse reports. The words “Ready, willing and able to communicate” are important here.

f) The ARIN staff are charged to keep the directory up to date and to give us some indication when the contact process seems to be going awry. However, it refrains from giving detailed directions to the staff and relies on their prudence in setting out the timing and the process of this verification.

g) I interpret “facilitating the operation of interconnected IP networks” to include the provision of data that allows some mapping and statistical analysis of the address space. For that reason, some small amount of data is required to enumerate and distinguish sub-allocations and assignments.

h) This policy covers rwhois as well. ARIN is charged to maintain the whois directory but can certainly delegate some of this task to rwhois users. And when the policy specifies that all address blocks must be represented in the directory it also allows for this information to be published indirectly, for instance, through rhwois. However the policy does not require rwhois technology since it is in such a sad state of repair. It also refrains from prescribing LDAP at this time ;-)

i) The classification system for organization types has been intentionally left unspecified. Obviously, it needs to include"individual" as a type but it could include NAICS sector codes, e.g. “NAICS 25” is the construction industry. It could also include NTEE codes for non-profits e.g. “NTEE H” is Medical research. And it could include some simple codes like “Company”, “Non-Profit”,“Education”, “Government” for users who don’t know about the various classification systems.

j) End users are truly anonymous, no name, no address, no zip/postal code. In other words, people who are not involved in network operations are not identified in any way by the whois directory.

Timetable for implementation: 30 days after ratification