ARIN Public Policy Meeting:ARIN XII
ARIN Advisory Council:23 October 2003
ARIN Board of Trustees:BoT Meetings
Policy Proposal regarding purpose and scope of whois directory.
- ARIN shall maintain and publish a directory of contact information for the purposes of facilitating the operation of internconnected IP networks.
- This directory will contain contact information for all organizations and individuals within the ARIN region who have received IP allocations or AS numbers directly from ARIN or its predecessors.
- Organizations and individuals must guarantee to ARIN that contact addresses published in the whois directory will reach a person who is ready, willing and able to communicate regarding network operations and interconnect issues and who is able to act on that communication.
- Any other organizations may elect to be listed in the whois directory as long as they make the guarantee detailed in item 3.
- All contacts listed in the whois directory will be contacted every 3 months to verify that the contact addresses are still valid.
- Any invalid contact information will be removed from the directory within 60 days of the first attempted contact from item 5.
- ARIN will publish the whois directory in three forms using the whois protocol on port 43, bulk copies available by FTP and using the LDAP protocol.
Why do this?
Well, first of all I think that ARIN needs to have a clear policy statement of why we are collecting and publishing this directory.
After that, items 2, 3 and 4 specify what information goes into the directory. Specifically, it excludes all organizations and individuals who have not received resources directly from ARIN unless they ask to be included. It also forces organizations to make a commitment to make sure that the contact information provides access to people who can do something about interconnect issues (peering), denial of service technical issues, abuse, etc. As currently, these addresses could be role accounts, P.O. boxes, voicemail numbers etc.
Then items 5 and 6 specify that the data will be tested regularly and cleared out if it is stale. I think this is enough detail for the policy level to deal with. Most of the existing data will disappear after the 1st test period because people will either not respond or will not agree to the commitments in item 3. I don't intend for the entire database to be tested on the same day. I would hope that operationally this would be spread out over the 3 month period.
And in 7, I am specifying that ARIN add an LDAP server to publish this directory because I feel that we should provide a real choice to people who need to access this directory. I suggest that a good way to start is to set up OpenLDAP and use the FIRS work done in the IETF's CRISP working group and then see how this all works out in practice. I believe that in the long run we will need to add back some kind of status information about the large number of address assignments that will no longer show up in whois and LDAP is ideally suited to doing this without a lot of anguish.
In general, I see no reason why this could not be implemented by January 2004. I wouldn't expect 100% of the existing contacts to be tested by that time, but I would expect the testing to be well under way. Because the first round involves clearing out a much larger number of records, it could very well take until the middle of 2004 to have fully dealt with every one. A lot of this work could be alleviated if ISPs would provide lists of assignments for which they will take responsibility so that ARIN can remove those SWIP records wholesale without testing.
Capacity Planning, Prescot St., London, UK
Mobile: +44 7900 823 672 Internet: michael.dillon at radianz.com
Phone: +44 20 7650 9493 Fax: +44 20 7650 9030