I support this draft policy with the new language. — Brian
On Mon, Feb 5, 2018 at 4:12 PM Potter, Amy <[email protected]> wrote: > In response to the staff & legal assessment for 2017-3, we are proposing > the following new language for subsection 3.6.5: > > > > 3.6.5 > > An invalid POC is restricted to payment and contact update functionality > within ARIN Online. As a result, an organization without any valid POCs > will be unable to access further functionalities within ARIN Online until > at least one Admin or Tech POC validates that their information is accurate > or modifies a POC to contain accurate information. > > > > *ARIN STAFF & LEGAL ASSESSMENT* > > *Draft Policy ARIN-2017-03* > > *Update to NPRM 3.6: Annual Whois POC Validation* > > https://arin.net/policy/proposals/2017_3.html > > > > > > *Date of Assessment: 3 January 2018* > > > > ___ > > *1. Summary (Staff Understanding)* > > > > Draft Policy 2017-03 establishes the specific Whois Points of Contact > (POCs) that are required to be verified annually. It further identifies > which organizations are covered by this policy according to the type of > resources that it holds i.e. direct assignments, direct allocations, AS > numbers from ARIN (or one of its predecessor registries) or a reallocation > from an upstream ISP. It specifically excludes reassignments made to > downstream end user customers. DP 2017-03 defines the procedure to be > followed to ensure the above specified POCs are verified through an email > notification on an annual basis. It instructs ARIN staff to marked POC > records deemed completely and permanently abandoned or otherwise > illegitimate as invalid in Whois. It also directs action to be taken if an > ADMIN or TECH POC has been marked invalid. > > > > ___ > > *2. Comments* > > > > A. ARIN Staff Comments > > > > * 3.6.2 Specified Public Whois Points of Contact for Verification: Lists > the 4 types of POCs that must be verified annually. This is very clear. > > * 3.6.3 Organizations Covered by this Policy: Clearly states > qualifications for an Organization’s POCs to require annual verification as > well as those that do not require it. This is clear. > > * 3.6.4 Procedure for Verification: Describes the steps in the > verification process. This is clear. > > * 3.6.5 Non-Responsive Point of Contact Records: This section is unclear > regarding the scope of the impact to an organization having non-responsive > POCs, as the phrase "any organization lacking a validated Admin or Tech POC > will be unable to access the full suite of functionality” fails to specify > the allowed/prohibited functionality for organizations lacking a valid > contact. Absent further clarification, ARIN staff will interpret this to > mean that an organization without at least one validated Admin or Tech POC > will only be able to access payment and contact update functionality within > ARIN Online, regardless of the contact used for access. For organizations > that have at least one valid Admin or Tech contact, the organization will > be able to access full functionality of ARIN Online, even if access is via > one of its other non-responsive POCs. If instead the desired policy > outcome is that only a validated Admin or Tech POC may access full ARIN > Online functionality, then the policy text should be clarified to that > effect. > > * The proposed policy does not impact ARIN’s ability to provide ongoing > registry services for number resources, only the ability of impacted > organizations to make changes to their number resources and related > services. > > * This policy could be implemented as written. > > > > *B. ARIN General Counsel – Legal Assessment* > > > > * There are no material legal issues regarding this proposal. > > > > > > ___ > > *3. Resource Impact* > > > > Implementation of this policy would have minimal resource impact. It is > estimated that implementation could occur within 3 months after > ratification by the ARIN Board of Trustees. The following would be needed > in order to implement: > > > > * Updated guidelines and internal procedures > > * Staff training > > * Minimal engineering work > > > > ___ > > 4*. Proposal / Draft Policy Text Assessed* > > > > Draft Policy ARIN-2017-3: Update to NPRM 3.6: Annual Whois POC Validation > > > > *Version Date:* 14 November 2017 > > > > *Problem Statement:* > > > > Many of the Point of Contacts listed in ARIN's public Whois database > contain out-of-date and inaccurate contact information. > > > > *Policy Statement:* > > > > *Current Text*: > > > > 3.6 Annual Whois POC Validation > > 3.6.1 Method of Annual Verification > > During ARIN's annual Whois POC validation, an email will be sent to every > POC in the Whois database. Each POC will have a maximum of 60 days to > respond with an affirmative that their Whois contact information is correct > and complete. Unresponsive POC email addresses shall be marked as such in > the database. If ARIN staff deems a POC to be completely and permanently > abandoned or otherwise illegitimate, the POC record shall be marked > invalid. ARIN will maintain, and make readily available to the community, a > current list of number resources with no valid POC; this data will be > subject to the current bulk Whois policy. > > > > *Proposed Revised Text*: > > > > 3.6 Annual Validation of ARIN's Public Whois Point of Contact Data > > 3.6.1 Annual POC Verification > > ARIN will perform an annual verification of specific Points of Contact > registered in the public Whois using the criteria and procedures outlined > in sections 3.6.2, 3.6.3, and 3.6.4. > > 3.6.2 Specified Public Whois Points of Contact for Verification > > Each of the following Points of Contact are to be verified annually, and > will be referred to as Point of Contact or POC throughout this policy, and > should be understood to be both organization and resource POCs: > > - Admin > - Tech > - NOC > - Abuse > > 3.6.3 Organizations Covered by this Policy > > This policy applies to every Organization that has a direct assignment, > direct allocation, or AS number from ARIN (or one of its predecessor > registries) or a reallocation from an upstream ISP. This includes but is > not limited to upstream ISPs and their downstream ISP customers (as defined > by NRPM 2.5 and 2.6), but not reassignments made to their downstream end > user customers. > > 3.6.4 Procedure for Verification > > An annual email notification will be sent to each of the Points of Contact > outlined in section 3.6.2 on an annual basis. Each Point of Contact will > have up to sixty (60) days from the date of the notification in which to > respond with an affirmative that their Whois contact information is correct > and complete or to submit new data to correct and complete it. If after > careful analysis, ARIN staff deems a POC to be completely and permanently > abandoned or otherwise illegitimate, the POC record shall be marked invalid > in Whois. > > 3.6.5 Non-Responsive Point of Contact Records > > Once a non-responsive POC has been marked invalid in the public Whois, any > organization lacking a validated Admin or Tech POC will be unable to access > the full suite of functionality within ARIN Online until the invalid POC(s) > have either validated that their information is accurate or > modified their POC to contain up-to-date information. > > > > *Comments:* > > > > Timetable for implementation: to be based upon discussions with ARIN's > staff. > > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues.
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
