[sig-db][prop-018-v001] FINAL CALL FOR COMMENTS

  • To: sig-db at apnic dot net
  • Subject: [sig-db][prop-018-v001] FINAL CALL FOR COMMENTS
  • From: APNIC Secretariat <secretariat at apnic dot net>
  • Date: Mon, 08 Mar 2004 16:34:48 +1000
  • List-archive: <http://www.apnic.net/mailing-lists/sig-db/>
  • List-help: <mailto:sig-db-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on whois database issues <sig-db.lists.apnic.net>
  • List-post: <mailto:sig-db@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=unsubscribe>
  • Sender: sig-db-admin@lists.apnic.net
    • ____________________

      Final call for comments: [prop-018-v001]
      "Protecting historical resource records in the APNIC Whois
      Database"
      ____________________

      This is the final call for comments on policy proposal [prop-018-v001]
      "Protecting historical resource records in the APNIC Whois
      Database"

      This proposal was presented at APNIC 17 and consensus was
      reached:

      "to protect historical records in the APNIC whois
      Database with an APNIC maintainer"

      This proposal is now submitted to the sig-policy mailing list for an
      eight week discussion period. At the end of that period, if consensus
      appears to have been achieved, the Chair of the Database SIG will
      ask the Executive Council to endorse the proposal for implementation.

      * Send all comments and questions to: <sig-db at apnic dot net>
      * Deadline for comments: 3 May 2004


      ______________________________________________________________________

      Protecting historical records in the APNIC Whois Database
      ______________________________________________________________________


      Proposed by: Sanjaya, APNIC Secretariat
      Version: 1.0
      Date: 15 January 2004


      Summary
      -------

      This is a proposal to protect historical resource objects (inetnum and
      aut-num) in the APNIC Whois database, in order to prevent unverified
      transfer of resources. This will not prevent the current custodians
      from using the resource, but it will not allow them to change the whois
      information without verification of the update by the APNIC Secretariat
      nder an appropriate services agreement.

      Definition:

      A historical resource object is defined as an object in the whois
      database for which APNIC does not have a formal membership/service
      agreement. The majority of such objects were created before the
      membership structure of APNIC was established.


      Background
      ----------

      Historical ASN and IPv4 address ranges are increasingly becoming a
      source of abusive activities in the Internet. A good summary of how
      this is done can be found at:

      http://www.completewhois.com/hijacked/hijacked_qa.htm

      One common way for an abuser to take over an unused old resource is to
      change the whois record in such a way that the upstream provider
      believes that the resource is delegated to the abuser's organisation.
      This method becomes easier if the whois record has not been maintained
      properly, as no suspicious activities can be detected due to inactive
      maintainer contacts.

      APNIC secretariat is continuously looking for ways to increase the
      information quality of the Whois Database. Protection of data is one of
      the high priority areas due to the high amount of reports/complaints
      received that are related to this issue. This is demonstrated by the
      following list of action items that have received consensus in the
      member's meeting and approved by APNIC Executive Council:

      db-14-001 Proposal to deprecate MAIL-FROM

      db-14-003 Mandatory maintainers for inetnum objects

      db-16-003 Secretariat to implement proposal "Protecting resource
      records in APNIC Whois Database". This will involve
      changing the maintainer of objects protected by
      MAINT-NULL to the maintainer of the parent object as
      well as deprecating NONE in the maintainer's auth
      attribute.

      This proposal is a natural follow-up to these projects. It will further
      improve the data quality and security of APNIC Whois Database.


      Statistics
      ----------

      APNIC secretariat has surveyed the historical ASN and IPv4 address
      ranges and the following results were obtained for 27 January 2004:

      Total size of historical IPv4 address: 15,873 x /24
      Total number of historical ASN: 56

      Whois statistics are being collected, and will be presented in APNIC 17
      meeting.


      Proposal
      --------

      To improve the protection of internet resource records in APNIC Whois
      Database, it is proposed that ALL historical inetnums and aut-nums be
      protected with APNIC-HM maintainer. Based on experience from previous
      projects, impact to APNIC members would be minimal, and any subsequent
      request to change the maintainer will be dealt with within 2 business
      days (as long as there is enough evidence and authority to support the
      request).

      Existing custodians who wish to modify and maintain their record will
      need to contact APNIC secretariat, and enter a service agreement to
      ensure a clear responsibility and accountability will be undertaken by
      the custodian.

      The current non-member service agreement and fee structure involves a
      maintenance fee of $0.10 per address per year. It is proposed that
      these fees be capped at a level of USD$100.00 per year per maintainer
      object, for historical resource records only.


      Impact on NIRs
      --------------

      None


      Impact on other RIRs
      --------------------

      None


      Implementation
      --------------

      Implementation will be started within 30 days after approval by APNIC
      Executive Council.

      The following schedule is proposed:

      - Develop automated script to change the maintainer to APNIC-HM
      (30 days)
      - Public announcement (web, mailing list) to be sent 30 days
      before executing the change
      - Compile the latest list of historical whois objects (1 day)
      - All historical objects maintainer changed to APNIC-HM (1 day)
      - Perform data correction as needed, and announce the final
      result to public (web, mailing list, newsletter) (28 days)

      Estimated completion time for all of the above activities: 90 days.

      APNIC Secretariat will present the implementation project report in
      APNIC 18.

      ______________________________________________________________________

      APNIC Secretariat <secretariat at apnic dot net>
      Asia Pacific Network Information Centre (APNIC) Tel: +61-7-3858-3100
      PO Box 2131 Milton, QLD 4064 Australia Fax: +61-7-3858-3199
      Level 1, 33 Park Road, Milton, QLD http://www.apnic.net
      ______________________________________________________________________