If 2013-6 were passed then those who might abuse ARIN's policies for nefarious means might use other RIRs, possibly (likely?) less cooperative in sharing ownership information than ARIN, which is HQ'ed in the U.S. I don't see how 2013-6 helps U.S. LEA's with the identification of netblock owners because it's just going to drive the bad guys away from using ARIN and to use other RIRs.
Second, I don't believe a US LEA has more or less authority to track or subpoena the actual traffic, or go after nefarious activity, if they're using non-ARIN address space within the US. A corollary, I don't think if the bad guys used ARIN-assigned address space outside the U.S. that a U.S. LEA will have a greater advantage than if the bad guys used non-ARIN assigned space outside the U.S. Honestly, I don't see how 2013-6 aids U.S. LEA in tracking down or taking down the bad guys. Frank From: [email protected] [mailto:[email protected]] On Behalf Of nathalie coupet Sent: Saturday, October 05, 2013 4:05 PM To: [email protected] Cc: [email protected] Subject: Re: [arin-ppml] ARIN-PPML Digest, Vol 100, Issue 2 Hello John, As far as law enforcement agencies are concerned, the problem is not so much a question of depletion of the IPv4 pool but of traceability back to the attacker in case of misuse of the Internet, such as for MitMA or DDoS (many attackers of US websites being located in the APNIC/Middle East Regions). The problem is even more acute for IPv6 addresses, since blocks allocated are larger than those for IPv4. Maybe ARIN's policy should be consistent regarding the allocation of both IPv4 and IPv6 addresses requesting that stakeholders have sufficient attachment to the region prior to receiving IP addresses from ARIN. If we do not take into consideration security concerns into our own hands and decide for ourselves what we tolerate and what we don't, others will enact rules and procedures that might end up affecting the organization in a way that could really detrimental to business. Nathalie Coupet ARIN Member _____ From: "[email protected] <mailto:[email protected]> " <[email protected] <mailto:[email protected]> > To: [email protected] <mailto:[email protected]> Sent: Friday, October 4, 2013 7:32 PM Subject: ARIN-PPML Digest, Vol 100, Issue 2 Send ARIN-PPML mailing list submissions to [email protected] <mailto:[email protected]> To subscribe or unsubscribe via the World Wide Web, visit http://lists.arin.net/mailman/listinfo/arin-ppml or, via email, send a message with subject or body 'help' to [email protected] <mailto:[email protected]> You can reach the person managing the list at [email protected] <mailto:[email protected]> When replying, please edit your Subject line so it is more specific than "Re: Contents of ARIN-PPML digest..." Today's Topics: 1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised (John Curran) 2. Out-of-region overreaction? (Frank Bulk) 3. Re: Out-of-region overreaction? (Scott Leibrand) 4. Re: Out-of-region overreaction? (Jimmy Hess) ---------------------------------------------------------------------- Message: 1 Date: Fri, 4 Oct 2013 19:55:59 +0000 From: John Curran <[email protected] <mailto:[email protected]> > To: Gary Buhrmaster <[email protected] <mailto:[email protected]> > Cc: "[email protected] <mailto:[email protected]> " <[email protected] <mailto:[email protected]> > Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised Message-ID: <[email protected] <mailto:[email protected]> > Content-Type: text/plain; charset="us-ascii" Gary - Since June 2013, there have been 52 requests that would not have been approved under the new policy because these organizations had only some equipment in a data center in the ARIN region, but either all or most of their technical infrastructure outside of the region and most or all of their customers outside of the ARIN region. Total amount of space issued to these 52 organizations: 9,672 /24s, (which is a bit more than a /11 in total) and nearly all organizations were based in the APNIC region. FYI, /John John Curran President and CEO ARIN > On Sep 27, 2013, at 11:37 PM, John Curran <[email protected] <mailto:[email protected]> > wrote: > >> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <[email protected] <mailto:[email protected]> > wrote: >> >>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <[email protected] <mailto:[email protected]> > wrote: >>> ... >>> That is correct (and reflects current practice handling resource requests.) >> >> John, >> >> I support the policy, but I do have a few questions that >> would help finalize my thinking (that I do not recall seeing >> asked or answered). I understand that any answers are >> going to be more WAGs than facts, and you may not >> have the information or ability to provide the answers, >> but any answers would help me (and perhaps others) >> recognize the implications of such a change (if any)? >> I'll accept as many additional caveats you want to add >> to any response. >> >> * If this policy was in place for (say) the last year, what >> is the order of magnitude of number of requests that >> would have been referred to another RIR (1, 10, 100, 1000)? >> >> * If this policy was in place for (say) the last year, can >> you break down the requests by the RIR that the >> requester appeared to be have their plurality? >> >> * If this policy was in place for (say) the last year, what >> is the order of magnitude of the IPv4 numbers that >> would not have been issued by ARIN (/24 ... /8)? > > Gary - > > We're looking into your concerns, and will see whether we > can provide any insights/WAGs can be provided regarding > the potential impact of the policy (as compared to past > requests.) > > Thanks for the thought-provoking questions! > /John > > John Curran > President and CEO > ARIN > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected] <mailto:[email protected]> ). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] <mailto:[email protected]> if you experience any issues. ------------------------------ Message: 2 Date: Fri, 4 Oct 2013 15:31:32 -0500 From: "Frank Bulk" <[email protected] <mailto:[email protected]> > To: <[email protected] <mailto:[email protected]> > Subject: [arin-ppml] Out-of-region overreaction? Message-ID: <[email protected] <mailto:[email protected]> > Content-Type: text/plain; charset="iso-8859-1" I was requesting some ISP IPv6 space and the kindly ARIN staff posted this in their response: Please reply and verify that you will be using the requested number resources within the ARIN region and announcing all routing prefixes of the requested space from within the ARIN region. In accordance with section 2.2 of the NRPM, ARIN issues number resources only for use within its region. ARIN is therefore only able to provide for your in-region numbering needs.? I'm familiar with the concern about out-of-region folk taking advantage of ARIN's current IPv4 supply, but I have a few concerns about the wording of the staff communication. a) It's been my understanding thus far that if I'm an ISP that provides service in multiple places around the world that I may divide my allocation into smaller prefixes and advertise those to area peers. It seems ARIN staff would preclude me from doing any of that. "All" is a pretty strong word, and if ARIN really believes it, a lot of violators could be found. b) It seems that Section 2.2 of the NRPM is being misapplied. 2.2. Regional Internet Registry (RIR) Regional Internet Registries (RIRs) are established and authorized by respective regional communities, and recognized by the IANA to serve and represent large geographical regions. The primary role of RIRs is to manage and distribute public Internet address space within their respective regions. While ARIN does issue numbers within its region, section 2.2 does not say "only for use". If an "only" had be applied, I would suggest that it's "only manage and distribute". If I could be so bold, I'd suggest ARIN to use language something along these lines in their communications: Please reply and verify that you will be using the requested number resources primarily within the ARIN region and announcing the majority of routing prefixes of the requested space from within the ARIN region. In accordance with section 2.2 of the NRPM, ARIN issues number resources within its region. Frank ------------------------------ Message: 3 Date: Fri, 4 Oct 2013 14:42:50 -0700 From: Scott Leibrand <[email protected] <mailto:[email protected]> > To: Frank Bulk <[email protected] <mailto:[email protected]> > Cc: ARIN-PPML List <[email protected] <mailto:[email protected]> > Subject: Re: [arin-ppml] Out-of-region overreaction? Message-ID: <cagkmwz4coch2v8m6hbw4-2n4x_qg9x5dyu8arehow1+86y9...@mail.gmail.com <mailto:[email protected]> > Content-Type: text/plain; charset="iso-8859-1" Agreed. IMO this is *not* was intended by current policy, *particularly* IPv6 policy. If you get a /32, there's no reason you shouldn't be able to use it globally. Thanks for bringing this up. I think we're going to have a lively discussion next week in Phoenix. :-) -Scott On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <[email protected] <mailto:[email protected]> > wrote: > I was requesting some ISP IPv6 space and the kindly ARIN staff posted this > in their response: > > Please reply and verify that you will be using > the requested number resources within the ARIN region > and announcing all routing prefixes of the requested > space from within the ARIN region. In accordance with > section 2.2 of the NRPM, ARIN issues number resources > only for use within its region. ARIN is therefore only > able to provide for your in-region numbering needs. > > I'm familiar with the concern about out-of-region folk taking advantage of > ARIN's current IPv4 supply, but I have a few concerns about the wording of > the staff communication. > > a) It's been my understanding thus far that if I'm an ISP that provides > service in multiple places around the world that I may divide my allocation > into smaller prefixes and advertise those to area peers. It seems ARIN > staff would preclude me from doing any of that. "All" is a pretty strong > word, and if ARIN really believes it, a lot of violators could be found. > > b) It seems that Section 2.2 of the NRPM is being misapplied. > 2.2. Regional Internet Registry (RIR) > > Regional Internet Registries (RIRs) are established and > authorized by respective regional communities, and > recognized by the IANA to serve and represent large > geographical regions. The primary role of RIRs is to > manage and distribute public Internet address space > within their respective regions. > > While ARIN does issue numbers within its region, section 2.2 does not say > "only for use". If an "only" had be applied, I would suggest that it's > "only manage and distribute". > > If I could be so bold, I'd suggest ARIN to use language something along > these lines in their communications: > > Please reply and verify that you will be using > the requested number resources primarily within the > ARIN region and announcing the majority of routing prefixes > of the requested space from within the ARIN region. > In accordance with section 2.2 of the NRPM, ARIN issues > number resources within its region. > > Frank > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected] <mailto:[email protected]> ). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] <mailto:[email protected]> if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/att achment-0001.html> ------------------------------ Message: 4 Date: Fri, 4 Oct 2013 18:25:16 -0500 From: Jimmy Hess <[email protected] <mailto:[email protected]> > To: Frank Bulk <[email protected] <mailto:[email protected]> > Cc: "[email protected] <mailto:[email protected]> " <[email protected] <mailto:[email protected]> > Subject: Re: [arin-ppml] Out-of-region overreaction? Message-ID: <CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=pkydxu2dedj4b...@mail.gmail.com <mailto:[email protected]> > Content-Type: text/plain; charset="iso-8859-1" On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <[email protected] <mailto:[email protected]> > wrote: > > I'm familiar with the concern about out-of-region folk taking advantage of > ARIN's current IPv4 supply, but I have a few concerns about the wording of > the staff communication. > > a) It's been my understanding thus far that if I'm an ISP that provides > service in multiple places around the world that I may divide my allocation > into smaller prefixes and advertise those to area peers. It seems ARIN > No. You can subdelegate portions of your allocation to customers. Your upstreams are not going to necessarily let you pick apart your allocation and advertise every /29; Although ARIN staff should have no objections to this, if your upstreams will allow it, and you show that to be the case. If you are chopping up your block; you do not need a big allocation from ARIN, though, of sufficient size for all your regions. It only makes sense if you intend to keep your block _whole_; and advertise a single block in multiple regions. If you intend to chop up your blocks anyways; then a sensible thing to do is to obtain multiple blocks instead -- from the appropriate regions where they will be used. > staff would preclude me from doing any of that. "All" is a pretty strong > word, and if ARIN really believes it, a lot of violators could be found. > Routing is out of scope of ARIN policy in the first place; you have an option of not advertising your allocation at all. You are allowed to have a privately interconnected network that spans regions. ARIN staff can reject your verification justification for the allocation; if you don't show you have an intention to use a significant amount of resources in the ARIN region While ARIN does issue numbers within its region, section 2.2 does not say > "only for use". If an "only" had be applied, I would suggest that it's > "only manage and distribute". > Policy does not say "only for use"; however there is not policy specifically encouraging ARIN to recognize use outside of the ARIN region. It is not sufficient for use to merely be "allowed"; ARIN has to have procedures for validating and auditing the use. It is possible, that you may be allowed to use out of region, but not be able to cite your out of region networks requirements as justification for obtaining a larger block than if your out-of-region usage did not exist at all, or it may not be accepted as current use to satisfy utilization requirement for a future allocation. > If I could be so bold, I'd suggest ARIN to use language something along > these lines in their communications: > > Please reply and verify that you will be using > the requested number resources primarily within the > ARIN region and announcing the majority of routing prefixes > of the requested space from within the ARIN region. > In accordance with section 2.2 of the NRPM, ARIN issues > number resources within its region. > > This is very similar to the original quote of what they had said....... > Frank > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/att achment.html> ------------------------------ _______________________________________________ ARIN-PPML mailing list [email protected] <mailto:[email protected]> http://lists.arin.net/mailman/listinfo/arin-ppml End of ARIN-PPML Digest, Vol 100, Issue 2 *****************************************
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
