Re: [arin-ppml] Draft Policy 2017-03: Update to NPRM 3.6: Annual Whois POC Validation

2018-02-13 Thread Brian Jones 
I support this draft policy with the new language.

—
Brian

On Mon, Feb 5, 2018 at 4:12 PM Potter, Amy  wrote:

> In response to the staff & legal assessment for 2017-3, we are proposing
> the following new language for subsection  3.6.5:
>
>
>
> 3.6.5
>
> An invalid POC is restricted to payment and contact update functionality
> within ARIN Online. As a result, an organization without any valid POCs
> will be unable to access further functionalities within ARIN Online until
> at least one Admin or Tech POC validates that their information is accurate
> or modifies a POC to contain accurate information.
>
>
>
> *ARIN STAFF & LEGAL ASSESSMENT*
>
> *Draft Policy ARIN-2017-03*
>
> *Update to NPRM 3.6: Annual Whois POC Validation*
>
> https://arin.net/policy/proposals/2017_3.html
>
>
>
>
>
> *Date of Assessment:  3 January 2018*
>
>
>
> ___
>
> *1.  Summary (Staff Understanding)*
>
>
>
> Draft Policy 2017-03 establishes the specific Whois Points of Contact
> (POCs) that are required to be verified annually. It further identifies
> which organizations are covered by this policy according to the type of
> resources that it holds i.e. direct assignments, direct allocations, AS
> numbers from ARIN (or one of its predecessor registries) or a reallocation
> from an upstream ISP. It specifically excludes reassignments made to
> downstream end user customers. DP 2017-03 defines the procedure to be
> followed to ensure the above specified POCs are verified through an email
> notification on an annual basis. It instructs ARIN staff to marked POC
> records deemed completely and permanently abandoned or otherwise
> illegitimate as invalid in Whois. It also directs action to be taken if an
> ADMIN or TECH POC has been marked invalid.
>
>
>
> ___
>
> *2.  Comments*
>
>
>
> A.  ARIN Staff Comments
>
>
>
> * 3.6.2 Specified Public Whois Points of Contact for Verification:  Lists
> the 4 types of POCs that must be verified annually. This is very clear.
>
> * 3.6.3 Organizations Covered by this Policy: Clearly states
> qualifications for an Organization’s POCs to require annual verification as
> well as those that do not require it. This is clear.
>
> * 3.6.4 Procedure for Verification: Describes the steps in the
> verification process. This is clear.
>
> * 3.6.5 Non-Responsive Point of Contact Records: This section is unclear
> regarding the scope of the impact to an organization having non-responsive
> POCs, as the phrase "any organization lacking a validated Admin or Tech POC
> will be unable to access the full suite of functionality” fails to specify
> the allowed/prohibited functionality for organizations lacking a valid
> contact.  Absent further clarification, ARIN staff will interpret this to
> mean that an organization without at least one validated Admin or Tech POC
> will only be able to access payment and contact update functionality within
> ARIN Online, regardless of the contact used for access.  For organizations
> that have at least one valid Admin or Tech contact, the organization will
> be able to access full functionality of ARIN Online, even if access is via
> one of its other non-responsive POCs.  If instead the desired policy
> outcome is that only a validated Admin or Tech POC may access full ARIN
> Online functionality, then the policy text should be clarified to that
> effect.
>
> * The proposed policy does not impact ARIN’s ability to provide ongoing
> registry services for number resources, only the ability of impacted
> organizations to make changes to their number resources and related
> services.
>
> * This policy could be implemented as written.
>
>
>
> *B.  ARIN General Counsel – Legal Assessment*
>
>
>
> * There are no material legal issues regarding this proposal.
>
>
>
>
>
> ___
>
> *3.  Resource Impact*
>
>
>
> Implementation of this policy would have minimal resource impact. It is
> estimated that implementation could occur within 3 months after
> ratification by the ARIN Board of Trustees. The following would be needed
> in order to implement:
>
>
>
> * Updated guidelines and internal procedures
>
> * Staff training
>
> * Minimal engineering work
>
>
>
> ___
>
> 4*. Proposal / Draft Policy Text Assessed*
>
>
>
> Draft Policy ARIN-2017-3: Update to NPRM 3.6: Annual Whois POC Validation
>
>
>
> *Version Date:* 14 November 2017
>
>
>
> *Problem Statement:*
>
>
>
> Many of the Point of Contacts listed in ARIN's public Whois database
> contain out-of-date and inaccurate contact information.
>
>
>
> *Policy Statement:*
>
>
>
> *Current Text*:
>
>
>
> 3.6 Annual Whois POC Validation
>
> 3.6.1 Method of Annual Verification
>
> During ARIN's annual Whois POC validation, an email will be sent to every
> POC in the Whois database. Each POC will have a maximum of 60 days to
> respond with an affirmative that their Whois contact information is correct
> and complete. Unresponsive POC email addresses shall be marked as such in
> the database. If ARIN staff deems a POC to be

Re: [arin-ppml] Draft Policy 2017-03: Update to NPRM 3.6: Annual Whois POC Validation

2018-02-06 Thread Owen DeLong 
+1 works for me.

Owen

> On Feb 5, 2018, at 13:12 , Potter, Amy  wrote:
> 
> In response to the staff & legal assessment for 2017-3, we are proposing the 
> following new language for subsection  3.6.5:
>  
> 3.6.5 
> 
> An invalid POC is restricted to payment and contact update functionality 
> within ARIN Online. As a result, an organization without any valid POCs will 
> be unable to access further functionalities within ARIN Online until at least 
> one Admin or Tech POC validates that their information is accurate or 
> modifies a POC to contain accurate information. 
>  
> ARIN STAFF & LEGAL ASSESSMENT
> Draft Policy ARIN-2017-03
> Update to NPRM 3.6: Annual Whois POC Validation
> https://arin.net/policy/proposals/2017_3.html 
> 
>  
>  
> Date of Assessment:  3 January 2018
>  
> ___
> 1.  Summary (Staff Understanding)
>  
> Draft Policy 2017-03 establishes the specific Whois Points of Contact (POCs) 
> that are required to be verified annually. It further identifies which 
> organizations are covered by this policy according to the type of resources 
> that it holds i.e. direct assignments, direct allocations, AS numbers from 
> ARIN (or one of its predecessor registries) or a reallocation from an 
> upstream ISP. It specifically excludes reassignments made to downstream end 
> user customers. DP 2017-03 defines the procedure to be followed to ensure the 
> above specified POCs are verified through an email notification on an annual 
> basis. It instructs ARIN staff to marked POC records deemed completely and 
> permanently abandoned or otherwise illegitimate as invalid in Whois. It also 
> directs action to be taken if an ADMIN or TECH POC has been marked invalid.
>  
> ___
> 2.  Comments
>  
> A.  ARIN Staff Comments
>  
> * 3.6.2 Specified Public Whois Points of Contact for Verification:  Lists the 
> 4 types of POCs that must be verified annually. This is very clear.
> * 3.6.3 Organizations Covered by this Policy: Clearly states qualifications 
> for an Organization’s POCs to require annual verification as well as those 
> that do not require it. This is clear.
> * 3.6.4 Procedure for Verification: Describes the steps in the verification 
> process. This is clear.
> * 3.6.5 Non-Responsive Point of Contact Records: This section is unclear 
> regarding the scope of the impact to an organization having non-responsive 
> POCs, as the phrase "any organization lacking a validated Admin or Tech POC 
> will be unable to access the full suite of functionality” fails to specify 
> the allowed/prohibited functionality for organizations lacking a valid 
> contact.  Absent further clarification, ARIN staff will interpret this to 
> mean that an organization without at least one validated Admin or Tech POC 
> will only be able to access payment and contact update functionality within 
> ARIN Online, regardless of the contact used for access.  For organizations 
> that have at least one valid Admin or Tech contact, the organization will be 
> able to access full functionality of ARIN Online, even if access is via one 
> of its other non-responsive POCs.  If instead the desired policy outcome is 
> that only a validated Admin or Tech POC may access full ARIN Online 
> functionality, then the policy text should be clarified to that effect.  
> * The proposed policy does not impact ARIN’s ability to provide ongoing 
> registry services for number resources, only the ability of impacted 
> organizations to make changes to their number resources and related services.
> * This policy could be implemented as written.
>  
> B.  ARIN General Counsel – Legal Assessment
>  
> * There are no material legal issues regarding this proposal.
>  
>  
> ___
> 3.  Resource Impact
>  
> Implementation of this policy would have minimal resource impact. It is 
> estimated that implementation could occur within 3 months after ratification 
> by the ARIN Board of Trustees. The following would be needed in order to 
> implement:
>  
> * Updated guidelines and internal procedures
> * Staff training
> * Minimal engineering work 
>  
> ___
> 4. Proposal / Draft Policy Text Assessed
>  
> Draft Policy ARIN-2017-3: Update to NPRM 3.6: Annual Whois POC Validation
>  
> Version Date: 14 November 2017
>  
> Problem Statement:
>  
> Many of the Point of Contacts listed in ARIN's public Whois database contain 
> out-of-date and inaccurate contact information.
>  
> Policy Statement:
>  
> Current Text: 
>  
> 3.6 Annual Whois POC Validation
> 3.6.1 Method of Annual Verification
> During ARIN's annual Whois POC validation, an email will be sent to every POC 
> in the Whois database. Each POC will have a maximum of 60 days to respond 
> with an affirmative that their Whois contact information is correct and 
> complete. Unresponsive POC email addresses shall be marked as such in the 
> database. If ARIN staff deems a POC to be completely and permanently 
> abandoned or