My understanding at this point is exactly your last point - Simple Reassignment still allows a victim of network abuse (e.g. you or I) to distinguish between teenage-hax0r-on-residential-DSL and compromised-business, which allows us to appropriately set expectations further up our own reporting hierarchies. And if it's an actionable attack (i.e. the lawyers get involved) there's an address to send registered mail to. Meanwhile, the ISP has used a Simple Reassignment because they know (perhaps...) that the customer in question lacks the resources/manpower to take full responsibility for their PD IP space. I'm not thrilled with the current state of affairs, but IMHO it's better than having nothing at all.
Lastly, IPv4 allocation can feed into IPv6 planning and IP space requests, so there is *some* point to the record being there from a number-management perspective... rather weak IMO, but still there. Adam Thompson Consultant, Infrastructure Services MERLIN 100 - 135 Innovation Drive Winnipeg, MB, R3T 6A8 (204) 977-6824 or 1-800-430-6404 (MB only) [email protected] www.merlin.mb.ca -----Original Message----- From: ARIN-PPML <[email protected]> On Behalf Of [email protected] Sent: Tuesday, February 5, 2019 9:11 AM To: [email protected] Subject: Re: [arin-ppml] Revised - Draft Policy ARIN-2018-5: Disallow Third-party Organization Record Creation I agree with this proposal, as I have seen all too many times ISP's creating contact records from purchase orders, leading to validation emails landing in purchasing, instead of IT where they belong. Even when you have already created an ORG ID, they wont look, and go ahead and create another. Forbidding this practice will help a lot, especially for those with multiple sites using many providers. I have a question regarding the use of a simple reassignment. Since this does not have any phone or email contacts, what is its purpose and why do we have it? Is it simply to document use of space by the upstream for when they come back for more space? It does not seem to help the community with abuse reports due to lack of contact information. If it is only to document use by the ISP, why have it since there is no IPv4 free pool? If it is instead for the community for abuse reports, simple reassignment should instead have phone and email, instead of postal contacts for the operators of the Downstream. Currently with a simple, there is no real choice but to send abuse complaints to the upstream, rather than the actual network operators of a given reassignment. Albert Erdmann Network Administrator Paradise On Line Inc. On Mon, 4 Feb 2019, ARIN wrote: > The following has been revised: > > * Draft Policy ARIN-2018-5: Disallow Third-party Organization Record > Creation > > Revised text is below and can be found at: > https://www.arin.net/policy/proposals/2018_5.html > > You are encouraged to discuss all Draft Policies on PPML. The AC will > evaluate the discussion in order to assess the conformance of this > draft policy with ARIN's Principles of Internet number resource policy > as stated in the Policy Development Process (PDP). Specifically, these > principles are: > > * Enabling Fair and Impartial Number Resource Administration > * Technically Sound > * Supported by the Community > > The PDP can be found at: > https://www.arin.net/policy/pdp.html > > Draft Policies and Proposals under discussion can be found at: > https://www.arin.net/policy/proposals/index.html > > Regards, > > Sean Hopkins > Policy Analyst > American Registry for Internet Numbers (ARIN) > > > > Draft Policy ARIN-2018-5: Disallow Third-party Organization Record > Creation > > Problem Statement: > > Since the introduction of simple-reassignment some years ago, it is no > longer necessary to allow for third-parties (such as upstream ISPs) to > create organization records for another entity (such as their > customers). In particular, many entities find that spurious > organization records are routinely created in their name, causing both > confusion and entity + staff time for clean-up. > > Therefore, this policy establishes that organization records shall be > created only by the entity represented by the organization record, and > should be created only through an explicit request to ARIN. ISPs > wishing to reassign space to customers should either ask the customer > for their ORG-ID or shall use the "simple reassignment" method which > does not require nor create new organization records. ISPs wishing to > reallocate space to customers should ask the customer for their ORG-ID. > > Policy Statement: > > Add new section(s) into the NRPM: > > 3.X Directory Service Records > > 3.X.1 Organization Record Creation > > New organization records shall be created upon ARIN receiving a > request directly from an authorized contact representing an entity > that ARIN is able to validate. Organization records shall not be > created upon the request of third-parties. > > Comments: > > Timetable for implementation: Immediate > _______________________________________________ > ARIN-PPML > You are receiving this message because you are subscribed to the ARIN > Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues. > _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues. _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
