Doug Barton dougb at
Mon Jan 10 18:57:07 CST 2011

On 01/09/2011 10:09, John Curran wrote:
> On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
>> In terms of database size, excluding RIPE, the ARIN IRR is the 8th
>> largest, ahead of ALTDB and about 10% as large as Level3, the second
>> largest IRR database (except RIPE.)  A mass-corruption of the ARIN IRR
>> overnight might be a serious incident causing service impact to a
>> large number of users and businesses, and cause probably thousands of
>> people to be got out of bed in the middle of the night, but clearly it
>> would not be a total disaster.
> Jeff -
>   Please suggest your preferred means of IRR authentication to the ARIN
>   suggestion process:<>
>   Alternatively, point to a best practice document from the operator
>   community for what should be done here. ARIN's work plan is very much
>   driven by community input, so that's what is needed here.


I get what motivates this response, and am even guilty of having 
provided similar responses. So I'm not going to glom onto the criticism 
of this as a response _per se_. However, there is a line beyond which 
some things cross which takes them out of the realm of, "Show me you 
care about this issue by reporting it in triplicate" and into the 
category of "This is bad on its face and I need to use my internal 
channels to get people an answer ASAP." To me (speaking as someone with 
absolutely no dog in this hunt) the issue of "The only authentication 
method available for the ARIN IRR is mail-from" clearly falls into the 
latter category. My reading of the reaction here is incredulity that 
this was not your immediate response, and (once again without trying to 
glom on) this is a reaction that I share.

Now it seems that you acknowledged that further on in this thread, but 
just for fun I decided to try your suggestions-suggestion. I went to the 
site, it requires a login. Well, ok, I think having a method for "I 
don't want to track this I just want to throw it over the wall in case 
someone cares" might be valuable, but everyone wants a login nowadays, 
so fine. I attempt to click the "new user?" link, and at some point I 
realize that the site requires cookies for login stuff. Ok, another 
necessary evil. So I enter my desired information, and click continue, 
and get bounced right back to to the original page. I figure my 
registration was successful and attempt to log in. That fails. I click 
the "assistance" link and enter the e-mail address I used to register, 
it's not registered. So I go back to the registration form, enter my 
information again, and hit Continue. This time I got an error message, 
user names must be at least 6 characters. Um .... ok. So I think of 
another username, click Continue, and get a new error:

The e-mail address you entered appears to be a role account. Please 
enter an e-mail address that contains your name or initials. Note that 
ARIN Web account information will not be published in ARIN's Whois. If 
the e-mail address you entered is not a role account, please contact the 
Registration Services Department at hostmaster at or +1.703.227.0660.

I create e-mail addresses of the form <blah> for all the 
sites that I register on to track whether or not they use my e-mail 
address for nefarious purposes. So yes, "arin at" looks like 
a role account, but it's not. So I'll bite, I'll call the number and 
talk to them. Ooops! I called at 4:01 pm PST, and y'all had closed up 
shop 1 minute earlier. (Yes, I realize that the ARIN office is on the 
East Coast, don't care. My working day is still going on for hours more. 
Must really suck for ops in HI.)

Now admittedly my method of working on line is different from the 
average Internet user, although arguably not _that_ different from a lot 
of the people in your custo^Wmember demographic. So one could make the 
argument that in its current form the suggestions page actually serves 
as a barrier to entry, rather than an effective communications channel.

But soldiering on, I put in my "regular" e-mail address, and hit 
Continue again. It once again bounced me back to the main page, but once 
again, I was not actually registered. So, I started the whole 
registration process all over again, and this time it succeeded. So now...

You must accept the Terms of Service Agreement in order to proceed.

Hmm.. well, 79 very long lines of text, no way to download the document 
for my lawyers to review, and most of it applies to people managing 
information related to services. But what the heck, I'll give it a go.

So now I have to create a web profile. First/Last, Company, and full 
postal address are all mandatory fields. Ok, all done with that, now I 
actually have a web account. *phew*  Wait, what was I going to do with 
it again? Oh yes, I was going to submit a suggestion .... um .... where 
is the link for suggestions? At the top of the page I have Number 
Resources, Participate, Policies, Fees & Invoices, Knowledge, About Us. 
Most of those don't apply to me, so let's see, on the left side we have 
Message Center, Web Account, POC Records, Organization Data, Manage 
Resources, Track Tickets, Listing Service, Downloads, Ask ARIN ... 
neither I nor Firefox can find "suggestions" anywhere on that page. I 
could of course use the "Ask ARIN" link which brings up a 
reasonable-looking form to send my suggestion in the form of a question, 
so I suppose that'll work.

Now in case anyone is still reading this message, my point is _not_ 
"ARIN SUCKS!" My point is simply that saying, "All you have to do is 
...." doesn't always cut it, and as I said (way, way) above there _is_ a 
line where it really is incumbent on the operator community to get 
involved in the process on your turf. Hopefully though you'll take this 
thread as feedback from the operator community that where you have (at 
least up until recently) believed that line to be is not appropriate, or 
even realistic.

best regards,



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the NANOG mailing list