______________________________________________________________________

Protecting historical records in the APNIC Whois Database
______________________________________________________________________


Proposed by: Sanjaya, APNIC Secretariat
Version: 1.0
Date: 15 January 2004


Summary
-------

This is a proposal to protect historical resource objects (inetnum and
aut-num) in the APNIC Whois database, in order to prevent unverified 
transfer of resources. This will not prevent the current custodians 
from using the resource, but it will not allow them to change the whois
information without verification of the update by the APNIC Secretariat
 nder an appropriate services agreement.  
	
Definition:

A historical resource object is defined as an object in the whois 
database for which APNIC does not have a formal membership/service 
agreement. The majority of such objects were created before the 
membership structure of APNIC was established.


Background
----------

Historical ASN and IPv4 address ranges are increasingly becoming a 
source of abusive activities in the Internet. A good summary of how 
this is done can be found at:

    http://www.completewhois.com/hijacked/hijacked_qa.htm

One common way for an abuser to take over an unused old resource is to 
change the whois record in such a way that the upstream provider
believes that the resource is delegated to the abuser's organisation. 
This method becomes easier if the whois record has not been maintained 
properly, as no suspicious activities can be detected due to inactive 
maintainer contacts.

APNIC secretariat is continuously looking for ways to increase the 
information quality of the Whois Database. Protection of data is one of 
the high priority areas due to the high amount of reports/complaints 
received that are related to this issue. This is demonstrated by the 
following list of action items that have received consensus in the 
member's meeting and approved by APNIC Executive Council:

    db-14-001   Proposal to deprecate MAIL-FROM

    db-14-003   Mandatory maintainers for inetnum objects

    db-16-003   Secretariat to implement proposal "Protecting resource 
                records in APNIC Whois Database". This will involve 
                changing the maintainer of objects protected by 
                MAINT-NULL to the maintainer of the parent object as
                well as deprecating NONE in the maintainer's auth 
                attribute.

This proposal is a natural follow-up to these projects. It will further
improve the data quality and security of APNIC Whois Database.


Statistics
----------

APNIC secretariat has surveyed the historical ASN and IPv4 address
ranges and the following results were obtained for 27 January 2004:

    Total size of historical IPv4 address:    15,873 x /24
    Total number of historical ASN:           56

Whois statistics are being collected, and will be presented in APNIC 17 
meeting.
 
 
Proposal
--------

To improve the protection of internet resource records in APNIC Whois
Database, it is proposed that ALL historical inetnums and aut-nums be
protected with APNIC-HM maintainer. Based on experience from previous
projects, impact to APNIC members would be minimal, and any subsequent
request to change the maintainer will be dealt with within 2 business
days (as long as there is enough evidence and authority to support the 
request).

Existing custodians who wish to modify and maintain their record will 
need to contact APNIC secretariat, and enter a service agreement to 
ensure a clear responsibility and accountability will be undertaken by 
the custodian.

The current non-member service agreement and fee structure involves a 
maintenance fee of $0.10 per address per year.  It is proposed that
these fees be capped at a level of USD$100.00 per year per maintainer
object, for historical resource records only.


Impact on NIRs
--------------

None


Impact on other RIRs
--------------------

None


Implementation
--------------

Implementation will be started within 30 days after approval by APNIC 
Executive Council.

The following schedule is proposed:

    - Develop automated script to change the maintainer to APNIC-HM                                                   (30
                                                           (30 days)
    - Public announcement (web, mailing list) to be sent 30 days
      before executing the change
    - Compile the latest list of historical whois objects   (1 day)
    - All historical objects maintainer changed to APNIC-HM (1 day)
    - Perform data correction as needed, and announce the final 
      result to public (web, mailing list, newsletter)    (28 days)

Estimated completion time for all of the above activities: 90 days.

APNIC Secretariat will present the implementation project report in
APNIC 18.