Dear AP-WG, While researching for my recent MENOG25 presentation, I noticed a transparency gap around IPv4 leasing — where LIRs delegate a block of address space to third parties who then operate it. A reportedly growing practice in our region and globally, driven by legitimate organisational needs for temporary IPv4 capacity. Yet there are no clear common guidelines for how LIRs should document who actually operates leased space, resulting in inconsistent registration practices. A sample taken of 50 leased prefixes showed multiple status attributes in use, only 26% with abuse contacts, and over half with no identification of the actual operator of the address space (or the ‘lessee’).
- The Problem - Back in 2021, the RIPE Database Requirements Task Force established that registration data should be accurate to "facilitate contact with and identification of the organisation holding the assignment" (RIPE-767). The Task Force also strongly recommended that where a resource holder delegates resources to another entity, this should be documented. Existing registration mechanisms can technically accommodate leasing — LIRs can create assignments or sub-allocations. But without specific guidance, these registrations frequently fail to identify the actual operator or provide functional abuse contacts. Research from the University of Twente estimated 6.1% of routed prefixes were leased in February 2025, and found leased prefixes then were 2.89× more likely to be blocklisted — a disparity that warrants examination regardless of root cause. In practice, this means: 1. Rather than the actual operator of the IP block, abuse complaints frequently reach the LIR/lessor who may have no operational control 2. WHOIS often does not identify ‘who is’ actually operating the address space - The Question - Does the WG believe this transparency gap warrants discussion? With ongoing IPv4 recycling, leasing may well become an increasingly common practice. Establishing clear registration expectations now seems preferable to addressing this retroactively. - Possible Approaches - If the WG sees value in addressing this, potential mechanisms could range from: * A policy principle: where a third party operates leased address space, they should be identifiable * Guidance on what information LIRs should document for consistency, including functional abuse contacts and lease duration * A new status attribute (e.g., "LEASED PA") to explicitly reflect this distinct type of delegation of public IP space from an LIR to a third party - Clarification - 'Standard' assignments — where the LIR provides services and retains operational involvement — are not in scope. This applies only where a third party operates the space without direct involvement from the LIR. No commercial terms or pricing need be disclosed — only who to contact and who is operating the space. - Discussion Points - * Is the transparency gap problematic enough to warrant action? * What information would be operationally useful to capture? * What implementation challenges or unintended consequences should we consider? I have already consulted with stakeholders who see value in this direction, but I'm keen to hear broader perspectives from the WG. Best regards, James Kennedy https://www.kipa.global References: University of Twente — "From Scarcity to Opportunity: Examining Abuse of the IPv4 Leasing Market" (2025): https://ris.utwente.nl/ws/portalfiles/portal/497142547/tma2025_paper18.pdf RIPE Database Requirements Task Force Report (RIPE-767): https://www.ripe.net/publications/docs/ripe-767 ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/address-policy-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
