[sig-db]Protecting Historical Records in APNIC Whois Database

  • To: <sig-db at apnic dot net>
  • Subject: [sig-db]Protecting Historical Records in APNIC Whois Database
  • From: "Sanjaya" <sanjaya at apnic dot net>
  • Date: Tue, 27 Jan 2004 19:42:50 +1000
  • Importance: Normal
  • List-archive: <http://www.apnic.net/mailing-lists/sig-db/>
  • List-help: <mailto:sig-db-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on whois database issues <sig-db.lists.apnic.net>
  • List-post: <mailto:sig-db@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=unsubscribe>
  • Organization: APNIC
  • Reply-to: <sanjaya@apnic.net>
  • Sender: sig-db-admin@lists.apnic.net
    • Please find below proposal from APNIC secretariat, to be discussed
      in this mailing list and the forthcoming APNIC 17 DB-SIG.
      Appreciate any feedback/comment.
      APNIC Project Manager
      Protecting Historical Records in APNIC Whois Database
      Proposed by: Sanjaya, APNIC Secretariat
      Version: 1.0
      Date: 15 January 2004
      This is a proposal to protect historical resource objects (inetnum and
      aut-num) in the APNIC Whois database, in order to prevent unverified
      transfer of resources. This will not prevent the current custodians from
      using the resource, but it will not allow them to change the whois
      information without verification of the update by the APNIC Secretariat
      under an appropriate services agreement.  
      A historical resource object is defined as an object in the whois
      database for which APNIC does not have a formal membership/service
      agreement.  The majority of such objects were created before the
      membership structure of APNIC was established.
      Historical ASN and IPv4 address ranges are increasingly becoming a
      source of abusive activities in the Internet. A good summary of how this
      is done can be found at:
      One common way for an abuser to take over an unused old resource is to
      change the whois record in such a way that the upstream provider
      believes that the resource is delegated to the abuser's organisation.
      This method becomes easier if the whois record has not been maintained
      properly, as no suspicious activities can be detected due to inactive
      maintainer contacts.
      APNIC secretariat is continuously looking for ways to increase the
      information quality of the Whois Database. Protection of data is one of
      the high priority areas due to the high amount of reports/complaints
      received that are related to this issue. This is demonstrated by the
      following list of action items that have received consensus in the
      member's meeting and approved by APNIC Executive Council:
      db-14-001 Proposal to deprecate MAIL-FROM
      db-14-003 Mandatory maintainers for inetnum objects
      db-16-003 Secretariat to implement proposal "Protecting resource records
      in APNIC Whois Database". This will involve changing the maintainer of
      objects protected by MAINT-NULL to the maintainer of the parent object
      as well as deprecating NONE in the maintainer's auth attribute.
      This proposal is a natural follow-up to these projects. It will further
      improve the data quality and security of APNIC Whois Database.
      APNIC secretariat has surveyed the historical ASN and IPv4 address
      ranges and the following results were obtained for 27 January 2004:
      Total size of historical IPv4 address:	15,873 x /24
      Total number of historical ASN:  56
      Whois statistics are being collected, and will be presented in APNIC 17
      To improve the protection of internet resource records in APNIC Whois
      Database, it is proposed that ALL historical inetnums and aut-nums be
      protected with APNIC-HM maintainer. Based on experience from previous
      projects, impact to APNIC members would be minimal, and any subsequent
      request to change the maintainer will be dealt with within 2 business
      days (as long as there is enough evidence and authority to support the
      Existing custodians who wish to modify and maintain their record will
      need to contact APNIC secretariat, and enter a service agreement to
      ensure a clear responsibility and accountability will be undertaken by
      the custodian.
      The current non-member service agreement and fee structure involves a
      maintenance fee of $0.10 per address per year.  It is proposed that
      these fees be capped at a level of USD$100.00 per year per maintainer
      object, for historical resource records only.
      IMPACT TO other RIRs
      Implementation will be started within 30 days after approval by APNIC
      Executive Council.
      The following schedule is proposed:
      -	Develop automated script to change the maintainer to APNIC-HM
      (30 days)
      -	Public announcement (web, mailing list) to be sent 30 days
      before executing the change
      -	Compile the latest list of historical whois objects (1 day)
      -	All historical objects maintainer changed to APNIC-HM (1 day)
      -	Perform data correction as needed, and announce the final result
      to public (web, mailing list, newsletter) (28 days)
      Estimated completion time for all of the above activities: 90 days.
      APNIC secretariat will present the implementation project report in
      APNIC 18.