Re: Famous operational issues

2021-02-17 Thread John Curran
(resent - to list this time)
On 16 Feb 2021, at 2:37 PM, John Kristoff mailto:j...@dataplane.org>> wrote:
> 
> Friends,
> 
> I'd like to start a thread about the most famous and widespread Internet
> operational issues, outages or implementation incompatibilities you
> have seen.
> 
> Which examples would make up your top three?

John  - 

I have no idea what outages were most memorable for others, but the Stanford 
transfer switch explosion in October 1996 resulted in a much of the Internet in 
the Bay Area simply not being reachable for several days.   

At the time there were three main power grids feeding Stanford – two from PG 
and one from Stanford’s own CoGen plant – and somehow a rat crawling into one 
of the two 12KVA transfer switches resulted in an the switch disppearing in an 
epic explosion that even took out a portion of the exterior wall of the 
building. 

The ensuing restoration involved lots of industry folks, GE power-on-wheel 
generating stations, anaconda-sized power cables, and all in all was quite the 
adventure. 

FYI,
 /John





Re: [EXTERNAL] dumb question: are any of the RIR's out of IPv4 addresses?

2021-02-17 Thread John Curran
On 16 Feb 2021, at 11:53 PM, Mann, Jason via NANOG 
mailto:nanog@nanog.org>> wrote:

Any recommendations for legitimate ip brokers?

ARIN maintains a list of transfer facilitators - all of these parties have 
agreed to follow our procedures, but please note that we do not otherwise 
qualify or validate them in any manner.

<https://www.arin.net/resources/registry/transfers/stls/registered_facilitators/>

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: [EXTERNAL] dumb question: are any of the RIR's out of IPv4 addresses?

2021-02-17 Thread John Curran
On 16 Feb 2021, at 6:50 PM, Niels Bakker  wrote:
> 
> * nanog@nanog.org (Mann, Jason via NANOG) [Wed 17 Feb 2021, 00:44 CET]:
>> Are their legtimate websites to go to purchase new blocks?
> 
> IPv4 is not like Bitcoin, new addresses aren't being mined using gigantic 
> amounts of electricity at enormous environmental cost.

Niels - 

True, but there is some similarity between IPv4 market and bitcoin due 
to market operations…  i.e.  when the price of bitcoin goes up, folks are 
encouraged to explore additional mining – fFor IPv4, when the price goes up, 
folks invest resources looking for poorly utilized IPv4 blocks (their own or 
others) in order to free them up for monetization.  Given the rich and colorful 
decades of issuance under varying policies, there’s quite a bit of space out 
there to be “mined”

(It’s also worth noting that at a higher price points, parties with 
IPv4 are encouraged to explore IPv6 and IPv4 NAT to free up even their 
well-utilized IPv4 resources – effectively resulting in a very large latent 
“supply” if the price points should get high enough…)

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: DoD IP Space

2021-02-15 Thread John Curran
On 15 Feb 2021, at 2:01 AM, Mark Andrews  wrote:
> ...
> Complain to your vendors about not implementing RFC 8305, RFC 6724, and
> RFC 7078.  RFC 8305 or RFC6724 + RFC 7078 would fix your issue.
> 
> Thats Happy Eyeballs and tuneable address selection rules.

Mark - 

You’ve properly pointed out IPv6 can indeed be readily & safely 
deployed today using modern equipment that supports a reasonable transition 
approach… full agreement there. 

Interestingly enough, you’ve also pointed out the not-so-secret reason 
why it's taken so long to get sizable deployment of IPv6 – that is, despite us 
knowing that we needed "a straightforward transition plan” on day one that 
documented how to move from IPv4 to IPng (aka IPv6), we opted in 1995 to select 
a next generation protocol which lacked any meaningful transition plan and 
instead left that nasty transition topic as an exercise for the reader and/or 
addressed by postulated outputs from newly-defined working groups…  thus the 
underlying reason for the lost decades of creative engineering efforts in 
gap-filling by those who came after and had to actually build working networks 
and applications using IPv6.

For what it’s worth, I do think we’re finally 98 or 99% of the way 
there, but it has resulted some very real costs - rampant industry confusion, 
loss of standards credibility, etc.  There’s some real lessons to be had here – 
as one who was in the IP Directorate at the time (and thus sharing in the 
blame), I know I would have done quite a bit differently, but it’s unclear if 
there’s been any systematic look-back or institutional learning coming out of 
the entire experience.

FYI,
/John 




Re: Internet Routing Registry folks - Important - (Fwd: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR)

2021-02-08 Thread John Curran
Martijn -

Excellent insight.   To be fair, it would be best to if you were to subscribe 
to our arin-consult mailing list and express your views over there so you can 
be part of the discussion (as others there may have useful feedback or suggest 
alternatives that may sway your thoughts on how we should best proceed...)

I’d prefer not to engage in a prolonged discussion here on the nanog mailing 
list, since not everyone here has a high interest in minutiae of ARIN’s 
services – essentially the same reason we have a dedicated list over at ARIN 
for consultation on proposed service changes.

I will note your input whether you join us or not - Thanks again!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 8 Feb 2021, at 11:57 AM, Martijn Schmidt via NANOG 
mailto:nanog@nanog.org>> wrote:

Hi John,

Thanks for the answer. In that case I would recommend to continue providing the 
ARIN-NONAUTH data stream beyond the system shutdown state, while continuing to 
allow for stale objects to be deleted: manually, or automated based on 
Whois-RWS OriginAS data, or automated based on IRR-online data, or automated 
based on RPKI ROA data. Ideally all four, especially the automated ones..

While September 2021 may seem a long time away, you'll probably still impact 
somebody that didn't read the mails by outright removing the ARIN-NONAUTH data 
stream rather than working to clean it up.

Best regards,
Martijn Schmidt
i3D.net<http://i3d.net/> / AS49544
____
From: John Curran mailto:jcur...@arin.net>>
Sent: 08 February 2021 17:25
To: Martijn Schmidt mailto:martijnschm...@i3d.net>>
Cc: nanog list mailto:nanog@nanog.org>>
Subject: Re: Internet Routing Registry folks - Important - (Fwd: 
[arin-announce] Consultation Now Open on the Future of ARIN’s IRR)

Martijn -

This does not affect entries in the ARIN’s Whois system so OriginAS fields are 
unaffected.

The new IRR-online system was a clean slate when announced and all objects 
therein have been freshly created by the authorized party.   Folks with routing 
information in the unauthenticated email-IRR system have the option to port 
their data into the new IRR (see 
https://www.arin.net/announcements/20200610-irr/ for details) until email-IRR 
shutdown at the end of September 2021.   Note that ARIN will not be porting 
that data.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


On 8 Feb 2021, at 11:10 AM, Martijn Schmidt 
mailto:martijnschm...@i3d.net>> wrote:

Hi John,

What happens to the route objects (and for that matter the OriginAS field in 
the Whois-RWS system) that were created before the IRR-online service was 
launched? Are the route objects (and/or OriginAS fields from the Whois-RWS 
system) which were registered by ARIN members for their own directly allocated 
ARIN resources going to be ported along to the new system (e.g. not 
proxy-registered objects), or do we start with a fully clean slate where it is 
expected that everyone re-creates their route objects in the IRR-online service 
before the September 2021 deadline?

Best regards,
Martijn Schmidt
i3D.net<http://i3d.net/> / AS49544


From: NANOG 
mailto:nanog-bounces+martijnschmidt=i3d@nanog.org>>
 on behalf of John Curran mailto:jcur...@arin.net>>
Sent: 08 February 2021 16:57
To: nanog list mailto:nanog@nanog.org>>
Subject: Internet Routing Registry folks - Important - (Fwd: [arin-announce] 
Consultation Now Open on the Future of ARIN’s IRR)

NANOGers -

If you make use of ARIN’s unauthenticated IRR service or the NONAUTH data 
stream in your route filtering, please take note of the following ARIN 
consultation.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR
Date: 8 February 2021 at 10:46:18 AM EST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

ARIN has been engaged in a multi-year project to create and deploy a new and 
improved Internet Routing Registry (IRR). On 10 June 2020 
(https://www.arin.net/announcements/20200610-irr/), we launched IRR-online, an 
authenticated and web-based service designed to make it simple for users to 
publish routing information via ARIN’s website. At that time, the existing 
IRR-email system was temporarily left in place to allow organizations to 
continue using email-based updates to publish routing information (in the 
ARIN-NONAUTH data stream).

On 1 February 2021 (https://www.arin.net/announcements/20210201-rn/), we 
deployed a RESTful API to provide a way to securely automate updates to objects 
in ARIN’s authenticated IRR service.

With the availability of automation for ARIN’s new IRR system, we intend to 
retire ARIN

Re: Internet Routing Registry folks - Important - (Fwd: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR)

2021-02-08 Thread John Curran
Martijn -

This does not affect entries in the ARIN’s Whois system so OriginAS fields are 
unaffected.

The new IRR-online system was a clean slate when announced and all objects 
therein have been freshly created by the authorized party.   Folks with routing 
information in the unauthenticated email-IRR system have the option to port 
their data into the new IRR (see 
https://www.arin.net/announcements/20200610-irr/ for details) until email-IRR 
shutdown at the end of September 2021.   Note that ARIN will not be porting 
that data.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


On 8 Feb 2021, at 11:10 AM, Martijn Schmidt 
mailto:martijnschm...@i3d.net>> wrote:

Hi John,

What happens to the route objects (and for that matter the OriginAS field in 
the Whois-RWS system) that were created before the IRR-online service was 
launched? Are the route objects (and/or OriginAS fields from the Whois-RWS 
system) which were registered by ARIN members for their own directly allocated 
ARIN resources going to be ported along to the new system (e.g. not 
proxy-registered objects), or do we start with a fully clean slate where it is 
expected that everyone re-creates their route objects in the IRR-online service 
before the September 2021 deadline?

Best regards,
Martijn Schmidt
i3D.net<http://i3d.net/> / AS49544

From: NANOG 
mailto:nanog-bounces+martijnschmidt=i3d@nanog.org>>
 on behalf of John Curran mailto:jcur...@arin.net>>
Sent: 08 February 2021 16:57
To: nanog list mailto:nanog@nanog.org>>
Subject: Internet Routing Registry folks - Important - (Fwd: [arin-announce] 
Consultation Now Open on the Future of ARIN’s IRR)

NANOGers -

If you make use of ARIN’s unauthenticated IRR service or the NONAUTH data 
stream in your route filtering, please take note of the following ARIN 
consultation.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR
Date: 8 February 2021 at 10:46:18 AM EST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

ARIN has been engaged in a multi-year project to create and deploy a new and 
improved Internet Routing Registry (IRR). On 10 June 2020 
(https://www.arin.net/announcements/20200610-irr/), we launched IRR-online, an 
authenticated and web-based service designed to make it simple for users to 
publish routing information via ARIN’s website. At that time, the existing 
IRR-email system was temporarily left in place to allow organizations to 
continue using email-based updates to publish routing information (in the 
ARIN-NONAUTH data stream).

On 1 February 2021 (https://www.arin.net/announcements/20210201-rn/), we 
deployed a RESTful API to provide a way to securely automate updates to objects 
in ARIN’s authenticated IRR service.

With the availability of automation for ARIN’s new IRR system, we intend to 
retire ARIN’s previous non-authenticated, email-based IRR service at the end of 
September 2021. We are providing advance notice of this plan so that 
organizations using the non-authenticated and email-based IRR will have time to 
switch publication of their routing registry information to a more current 
solution. Similarly, by establishing a firm end date for the non-authenticated 
and email-based IRR, organizations making use of the outdated and 
non-authenticated IRR data stream can be ready for when ARIN ceases publishing 
the ARIN-NONAUTH data stream.

The authenticated IRR is available to all ARIN resource holders that have 
resources covered by a signed Registration Services Agreement (RSA) or Legacy 
Registration Services Agreement (LRSA). Organizations with resources not 
currently under an RSA/LRSA that wish to use the authenticated IRR may contact 
ARIN’s Registration Services Department for assistance with bringing those 
registrations under an RSA/LRSA.

We recognize that this change will have significant impacts on our customers 
and, as always, we’re interested in your feedback regarding this proposed 
transition. In particular, we would appreciate hearing from the ARIN community 
regarding these aspects of the proposed transition:

1. For those using ARIN’s email-based and non-authenticated IRR system, does 
the proposed shutdown date of 30 September 2021 provide sufficient time for 
migration to another IRR system?

2. For those making use of the ARIN-NONAUTH data stream, is there any reason to 
provide this information beyond the system shutdown date?

The community feedback provided during this consultation will help inform how 
we move forward. Please provide comments to 
arin-cons...@arin.net<mailto:arin-cons...@arin.net>. You can subscribe to this 
mailing list at:

http://lists.arin.net/mailman/listinfo/ari

Internet Routing Registry folks - Important - (Fwd: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR)

2021-02-08 Thread John Curran
NANOGers -

If you make use of ARIN’s unauthenticated IRR service or the NONAUTH data 
stream in your route filtering, please take note of the following ARIN 
consultation.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR
Date: 8 February 2021 at 10:46:18 AM EST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

ARIN has been engaged in a multi-year project to create and deploy a new and 
improved Internet Routing Registry (IRR). On 10 June 2020 
(https://www.arin.net/announcements/20200610-irr/), we launched IRR-online, an 
authenticated and web-based service designed to make it simple for users to 
publish routing information via ARIN’s website. At that time, the existing 
IRR-email system was temporarily left in place to allow organizations to 
continue using email-based updates to publish routing information (in the 
ARIN-NONAUTH data stream).

On 1 February 2021 (https://www.arin.net/announcements/20210201-rn/), we 
deployed a RESTful API to provide a way to securely automate updates to objects 
in ARIN’s authenticated IRR service.

With the availability of automation for ARIN’s new IRR system, we intend to 
retire ARIN’s previous non-authenticated, email-based IRR service at the end of 
September 2021. We are providing advance notice of this plan so that 
organizations using the non-authenticated and email-based IRR will have time to 
switch publication of their routing registry information to a more current 
solution. Similarly, by establishing a firm end date for the non-authenticated 
and email-based IRR, organizations making use of the outdated and 
non-authenticated IRR data stream can be ready for when ARIN ceases publishing 
the ARIN-NONAUTH data stream.

The authenticated IRR is available to all ARIN resource holders that have 
resources covered by a signed Registration Services Agreement (RSA) or Legacy 
Registration Services Agreement (LRSA). Organizations with resources not 
currently under an RSA/LRSA that wish to use the authenticated IRR may contact 
ARIN’s Registration Services Department for assistance with bringing those 
registrations under an RSA/LRSA.

We recognize that this change will have significant impacts on our customers 
and, as always, we’re interested in your feedback regarding this proposed 
transition. In particular, we would appreciate hearing from the ARIN community 
regarding these aspects of the proposed transition:

1. For those using ARIN’s email-based and non-authenticated IRR system, does 
the proposed shutdown date of 30 September 2021 provide sufficient time for 
migration to another IRR system?

2. For those making use of the ARIN-NONAUTH data stream, is there any reason to 
provide this information beyond the system shutdown date?

The community feedback provided during this consultation will help inform how 
we move forward. Please provide comments to 
arin-cons...@arin.net<mailto:arin-cons...@arin.net>. You can subscribe to this 
mailing list at:

http://lists.arin.net/mailman/listinfo/arin-consult

This consultation will remain open through 5:00 PM ET on Monday, 8 March.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)


ARIN Now Accepting Applications to our Virtual Fellowship Program for ARIN 47

2021-02-03 Thread John Curran
NANOGers –

Much like ARIN's upcoming April meeting, our ARIN Fellowship Program will be 
going virtual this year!

If you are aware of someone who is interested in getting more involved in 
number resources & ARIN (or helping spread information about ARIN to others in 
their community) then take note the attached call for applications to ARIN 
Fellowship Program – as the deadline of 12 February is coming up fast!

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Now Accepting Applications to ARIN's Virtual 
Fellowship Program for ARIN 47
Date: 13 January 2021 at 9:19:46 AM EST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

Submit your no-fee application now through 5:00 PM ET Friday, 12 February 2021 
to be a part of ARIN's Virtual Fellowship Program.

The program will consist of four structured 60-90 minute sessions held weekly 
on Thursday afternoons from 25 March - 15 April at 2:00 PM ET, in addition to 
attending ARIN 47 virtually (12-14 April 2021), and it will provide focused 
interaction to develop relationships between Fellows, seasoned technology 
professionals in the community, and ARIN staff and leadership. Two ARIN Fellows 
will be paired with an ARIN community member mentor throughout the program. The 
program will stay committed to broadening awareness about ARIN’s work and 
services and provide opportunities to learn about and participate in ARIN’s 
Policy Development Process (PDP).

The ARIN Fellowship Program is open to all individuals, including past eligible 
ARIN Fellows, interested in Internet number resource policy in the ARIN region. 
Special consideration will be given to those new to the organization who have 
never attended an ARIN meeting before, and present a compelling case for being 
a part of this virtual program.

To be considered, an individual must submit an online application. Prior to 
applying for an ARIN Fellowship, all applicants should first read and be able 
to adhere to ARIN's Fellowship Terms and Conditions found at:

https://www.arin.net/participate/meetings/fellowships/terms/

To learn more about ARIN's Virtual Fellowship Program and selection process, 
please visit:

https://www.arin.net/participate/meetings/fellowships/

To apply now to ARIN's Virtual Fellowship Program, please visit:

https://arin.smapply.net/prog/virtual_fellowship_program_arin_47/

Applicants that require approval from their employer prior to applying may 
request a customizable letter that highlights the benefits of taking part in 
ARIN's Virtual Fellowship Program.

If you have questions, need additional information, or would like to request a 
copy of the letter, please email 
fellowsh...@arin.net<mailto:fellowsh...@arin.net>. ARIN looks forward to 
receiving your application soon!

Regards,

Amanda Gauldin
Community Engagement Coordinator
American Registry for Internet Numbers (ARIN)


Re: DoD IP Space

2021-01-21 Thread John Curran
Chris -

https://search.arin.net/rdap/?query=22.0.0.0  will provide a valid phone number 
for technical & abuse matters.

/John

John Curran
President and CEO
American Registry for Internet Numbers

On 21 Jan 2021, at 12:11 AM, John Lee 
mailto:jllee9...@gmail.com>> wrote:

It is the DISA DOD NIC at:

https://disa.mil/About/Contact

Which will give you the DISA help desk phone number.

John Lee

On Mon, Nov 4, 2019 at 3:57 AM Chris Knipe 
mailto:sav...@savage.za.org>> wrote:
Hi Guys,

Except for the email on ARIN's details, does anyone else have a contact for the 
DoD?

We are experiencing a situation with a 3rd party (direct peer), wanting to 
advertise DoD address space to us, and we need to confirm whether they are 
allowed to do so or not.

Range in question is the 22.0.0.0/8<http://22.0.0.0/8> network, which according 
to ARIN is actively assigned to the DoD (US).

--

Regards,
Chris Knipe



Re: DoD IP Space

2021-01-20 Thread John Curran
Brandon - 

Agreed – the key phrase being "within a more limited scope” …

/John

> On 20 Jan 2021, at 1:26 PM, Brandon Martin  wrote:
> 
> On 1/20/21 12:52 PM, John Curran wrote:
>> 
>>   While route hijacking isn't necessarily an ARIN issue, I will 
>> note that several US law enforcement agencies (FBI & NCIS Cybercrime units) 
>> are quite interested in such events and do investigate them looking for 
>> criminal activity.   
>> 
>> (See 
>> https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf
>>  for details.) 
>> 
> 
> I think the difference is semantic but a very important one nonetheless.
> 
> Announcing a netblock that isn't yours and that you don't have authorization 
> to use to others under the same terms and assumptions as you announce those 
> to which you do hold legitimate rights or otherwise purporting to be a 
> legitimate user of them on what we know as the "public Internet", that is the 
> Internet where numbers are managed by IANA and the relevant RIRs is a "big 
> deal".
> 
> Using numbers in a manner contrary to how they are assigned on the "public 
> Internet" within a more limited scope where everybody agrees that the use of 
> such numbers may be contrary to IANA and relevant RIR assignments is more 
> along the lines of "you operate your network however you want".
> 
> Other things would fall under the same purview.  For example "alternate root" 
> DNS hierarchies with extra TLDs or even TLDs used in contrast to ICANN 
> recommendations would have similar considerations.
> -- 
> Brandon Martin



Re: DoD IP Space

2021-01-20 Thread John Curran
On 20 Jan 2021, at 12:17 PM, Bryan Fields 
mailto:br...@bryanfields.net>> wrote:

AFAIK IANA and the RIR's cannot enforce use of IP space assignments on any
network.

  While route hijacking isn't necessarily an ARIN issue, I will note 
that several US law enforcement agencies (FBI & NCIS Cybercrime units) are 
quite interested in such events and do investigate them looking for criminal 
activity.

(See 
https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf
 for details.)

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Upcoming operational changes to ARIN services (was: Fwd: [arin-announce] Reminder--Upcoming Security Improvements and Change to RDAP URL)

2021-01-20 Thread John Curran
Folks –

Please note upcoming TLS 1.1 deprecation and RDAP URL changes – if you need to 
update your systems, please start this process sufficiently early to avoid 
impacts.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Reminder--Upcoming Security Improvements and Change to 
RDAP URL
Date: 20 January 2021 at 10:09:03 AM EST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

This announcement is to remind you of previously-announced changes that ARIN is 
making, including the following:

- security improvements for Whois-RWS, RDAP, and 
www.arin.net<http://www.arin.net>, scheduled for on or about 19 February 2021
- change of address to the Registration Data Access Protocol (RDAP) bootstrap 
server, scheduled for on or about 30 June 2021

More information is provided in this announcement.

*Security Improvements for WhoWhois-RWS, RDAP, and 
www.arin.net<http://www.arin.net>*

As announced on 22 October 2020 and 2 December 2020, upcoming security 
improvements for Whois-RWS, RDAP, and www.arin.net<http://www.arin.net> are 
scheduled to be completed on or around 19 February 2021. The following 
information is from the previous announcement:

Earlier this year, ARIN implemented security enhancements that included ending 
support for TLS 1.0 for Whois-RWS and RDAP services and improving ciphers used 
in www.arin.net<http://www.arin.net>. As part of our continuing effort to 
improve security, on or around 19 February 2021, we will end support for TLS 
1.1 and weak Diffie-Hellman (DH) key exchange parameters on 
www.arin.net<http://www.arin.net>, Whois-RWS, and RDAP. We will also update the 
ciphers available on Whois-RWS and RDAP to match those on www and 
reg.arin.net<http://reg.arin.net>. The removal of TLS 1.1 may impact the way 
you interface programmatically with ARIN to query and retrieve information from 
Whois-RWS and RDAP.

Changes in our supported versions of TLS are due to well-known security issues 
with this protocol. More information is available at 
https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/  . ARIN 
continues to support TLS 1.2. The cipher update satisfies ACSP Suggestion 
2015.15: Improvements to SSL Security for whois.arin.net<http://whois.arin.net>.

We are providing you advance notice of these changes, as you may need to make 
configuration or code changes on your clients that interface with Whois-RWS and 
RDAP services. We encourage you to make these changes so you will have no 
operational impact when we disable the vulnerable transport protocol version.

*RDAP Bootstrap Server Change of Address*

As announced on 21 November 2020 and 16 December 2020, the ARIN Registration 
Data Access Protocol (RDAP) Bootstrap server address is changing. The following 
information is from the previous announcement:

ARIN is changing the address of our Registration Data Access Protocol (RDAP) 
bootstrap server from https://rdap.arin.net/bootstrap to 
https://rdap-bootstrap.arin.net/bootstrap. A bootstrap server is used to 
forward queries from users seeking registration data for Internet resources to 
another server that can provide more detailed registration information about 
that resource. The address of the bootstrap server is used in the “query URL” 
sent from a client application or entered into a command-line query by a user.

ARIN has set up a redirect to automatically route queries from the old URL to 
the new URL when support for the old URL is ended. The old URL will be retired 
on 30 June 2021, and the redirect will be active. However, it is important to 
note we can’t guarantee the redirect will be respected by all clients. In order 
to avoid any problems, queries should be changed to use the new URL, 
https://rdap-bootstrap.arin.net/bootstrap, as soon as possible.

More information about how the bootstrap URL works and this upcoming change can 
be found on TeamARIN at 
https://teamarin.net/2020/12/11/buckle-up-change-of-address-coming-for-arins-bootstrap-server/.
 If you have questions or comments about this change, please submit an Ask ARIN 
ticket using your ARIN Online account, or contact the Registration Services 
Help Desk by phone Monday through Friday, 7:00 AM to 7:00 PM ET at 
+1.703.227.0660.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Re: DoD IP Space

2021-01-20 Thread John Curran
Indeed.
/John 

> On Jan 20, 2021, at 8:47 AM, Cynthia Revström  wrote:
> 
> But if you do this, make sure you keep track of where you might have put 
> policies like this in, in case the DoD sells some the space or whatever in 
> the future.



Re: DoD IP Space

2021-01-20 Thread John Curran
Tom –

Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause.  

Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations.

/John 

> On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:
> 
> 
> Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
> netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
> treated as one. 
> 
> The DoD does not announce it to the DFZ, as is their choice, but nothing says 
> they may not change that position tomorrow. There are plenty of subnets out 
> there that are properly allocated by an RiR, but the assignees do not send 
> them to the DFZ because of $reasons. 
> 
> In my opinion, creating bogon lists that include allocated but not advertised 
> prefixes is poor practice that is likely to end up biting an operator at one 
> point or another.
> 
>> On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov  wrote:
>> Peace,
>> 
>> On Tue, Nov 5, 2019, 4:55 PM David Conrad  wrote:
>> > On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG  
>> > wrote:
>> >> This thread got me to wondering, is there any
>> >> legitimate reason to see 22/8 on the public
>> >> Internet?  Or would it be okay to treat 22/8
>> >> like a Bogon and drop it at the network edge?
>> >
>> > Given the transfer market for IPv4 addresses,
>> > the spot price for IPv4 addresses, and the need
>> > of even governments to find “free” (as in
>> > unconstrained) money, I’d think treating any
>> > legacy /8 as a bogon would not be prudent.
>> 
>> It has been said before in this thread that the DoD actively uses this
>> network internally.  I believe if the DoD were to cut costs, they
>> would be able to do it much more effectively in many other areas, and
>> their IPv4 networks would be about the last thing they would think of
>> (along with switching off ACs Bernard Ebbers-style).  With that in
>> mind, treating the DoD networks as bogons now makes total sense to me.
>> 
>> --
>> Töma


Re: Parler

2021-01-12 Thread John Curran
On 12 Jan 2021, at 12:40 PM, Andy Ringsmuth  wrote:
> 
> And yet, Amazon will still happily sell you this item:
> 
> https://www.amazon.com/Anarchist-Cookbook-William-Powell/dp/1607966123/
> 
> In fact, it is listed as:  #1 Best Seller in Anarchism

Thanks for the reminder!  (I hadn’t realized it had been updated recently :-) 
/John



CWC advises of a possible fibre fault between Antigua and Guadeloupe on the Xtera-Optima, ECFS.

2020-12-07 Thread John Curran
FYI - https://www.facebook.com/CNC3Television/posts/10159065715522996
/John

=== From CNC3 Television, Trinidad and Tobago

***Broadband outage limits internet access across the region***
A major broadband outage has forced the suspension of online classes, limiting 
internet access and other mobile services across the country and further up the 
Caribbean region.
Two of the country’s main service providers—FLOW and Digicel—have been severely 
impacted by a major ‘fibre fault” on an underground cable. Because of this, 
customers will experience challenges browsing the internet, loading emails, 
sending and receiving WhatsApp messages and making landline calls.
People have reported difficulty using internet services from all corners of the 
country. There are also reports that some schools have been forced to suspend 
online classes because of a lack of internet access.
A broken underwater fibre cable between Antigua and Guadeloupe is suspected to 
be the reason for the outage. A statement by Cable & Wireless Communications 
(CWC) stated:
“CWC advises of a possible fibre fault between Antigua and Guadeloupe on the 
Xtera-Optima, ECFS.”
Digicel customers in Barbados and St. Vincent are also affected by the outage.
Sources at FLOW stated it could take some time before services are fully 
restored. Information from the company’s network operations centre estimate 
full repair will be completed by Thursday, because damage to the underwater 
cables appears to be “major”. They indicated that a temporary solution is 
currently being put in place. While internet will return, customers are likely 
expected to encounter unstable connections with dropouts until the situation is 
rectified.
Digicel posted an advisory to its Facebook page a short while ago.
“Valued customer,
We are aware that some of you may be experiencing an outage with your internet 
services. Preliminary investigations indicate that the cause is a technical 
issue with our international upstream internet suppliers which is affecting 
multiple internet providers across T and the Caribbean.”

===


ARIN RDAP-related changes (was: ARIN Software and System Updates)

2020-11-21 Thread John Curran
NANOGers -

ARIN updated some of its software this morning, and I’d like to call to your 
attention the variety of changes related to RDAP.

In particular, if you utilize ARIN’s RDAP bootstrap server, please pay careful 
attention regarding upcoming deprecation of the prior URL used for access.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN Software and System Updates
Date: 21 November 2020 at 7:00:03 AM HST
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

ARIN recently made updates to its software and systems, including ARIN Online. 
Full release notes are included at the end of this message.

ARIN systems are operating normally. If you have questions, comments, or 
issues, please submit an Ask ARIN ticket using your ARIN Online account, or 
contact the Registration Services Help Desk by phone Monday through Friday, 
7:00 AM to 7:00 PM ET at +1.703.227.0660.

Release Notes
We completed a number of infrastructure improvements and bug fixes, including 
the following updates.

ARIN Online Updates

- Updated financial and billing functions in ARIN Online.
- Fixed zonegen timing issue that caused slow publishing of zones for ERX 
snippets received from other RIRs.

ARIN Whois Updates
The URL for Registration Data Access Protocol (RDAP) bootstrap queries has 
changed to https://rdap-bootstrap.arin.net/bootstrap. If you have queries that 
use our RDAP bootstrap server, please update your links. Note that the current 
URL, https://rdap.arin.net/bootstrap, will be supported for 90 days, and that 
support will end on 18 February, 2021. Please use this 90-day period to migrate 
to the new URL. After 90 days, the old URL (https://rdap.arin.net/bootstrap) 
will no longer be supported.

RDAP Bootstrap Server Software Updates
The new RDAP bootstrap server version 2.0.1 is available on github at 
https://github.com/arineng/rdap_bootstrap_server/releases/tag/2.0.1  and the 
README file is available at 
https://github.com/arineng/rdap_bootstrap_server/blob/2.0.1/README.md

This RDAP server software version includes the following changes:

- Updated IANA bootstrap files to the latest version
- Provided a built-in scheduler to configure downloading of IANA bootstrap 
files at certain intervals (fulfilling a request for this functionality)
- Added ability to build a Docker image of the software
- Added ability to run as a Spring Boot application
- Upgraded to build against Java 11 or higher

Notice of Upcoming nicinfo Release

To comply with the RDAP bootstrap URL update, our RDAP client, nicinfo, will be 
updated soon. We suggest that users update to nicinfo version 1.5.0 when it is 
released. More information about nicinfo is available on github at 
https://github.com/arineng/nicinfo  – if you are logged in to github, you can 
select the Watch icon to be notified of new releases.

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Final day of ARIN 46 to be held tomorrow Friday 23 October!

2020-10-22 Thread John Curran
NANOGers -

ARIN 46’s third and final day will occur tomorrow, and consists of our member 
meeting including our Board and ARIN AC candidate forums and reports on how the 
organization is doing.

Please feel free to join if you are interested - it’s open to all and there’s 
no fee involved (but you do need to register - see details in the message 
below.)

Best wishes!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Don’t Forget to Attend the Third and Final Day of ARIN 
46
Date: 20 October 2020 at 9:59:52 AM EDT
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

In just a few days, we will reconvene for the third and final day of ARIN 46. 
Join us from 12:00 – 3:00 PM ET on Friday, 23 October for the ARIN 46 Members 
Meeting, where we’ll discuss the 2020 ARIN Elections and hear from the 
candidates themselves during the Advisory Council and Board Forums. We’ll also 
hear updates on ARIN financials, the Board of Trustees, and the Advisory 
Council.

Candidate videos will be published on 22 October, so stay tuned and make sure 
to watch for those! Videos will be available at:

https://www.arin.net/elections

As you know, ARIN 46 is being held via Zoom. For more details about attending 
this virtual meeting, visit:

https://www.arin.net/ARIN46_remote

One hour before the meeting starts each day, registered attendees will receive 
an email from “ARIN no-re...@zoom.us<mailto:no-re...@zoom.us>“ with the URL for 
that day’s session. These links are not identical, so be sure you use the 
correct one for each day.

Although we try to stay on schedule as much as we can, note that all times are 
subject to change. View the ARIN 46 agenda and check for updates and any time 
changes at:

https://www.arin.net/ARIN46_agenda

Slides from each session will be posted online at:

https://www.arin.net/ARIN46_materials

Join in the conversation about ARIN 46 by using #ARIN46:

https://twitter.com/hashtag/ARIN46

Please give us feedback on your experience at ARIN 46 by completing the meeting 
survey at:

https://www.surveymonkey.com/r/ARIN46participantsurvey

All entries received by Friday, 30 October will be entered into a raffle to win 
an iPad Air!

Regards,

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



FYI - ARIN 46 Virtual Meeting Starts Today! (was: Fwd: [arin-announce] ARIN 46 Will Be Here Soon – Get Ready!)

2020-10-14 Thread John Curran
NANOGers -

FYI - ARIN 46 Virtual Meeting will start at today at noon ET.

The meeting will be held via Zoom, and details on the schedule policy 
discussions, presentations, meeting materials and registration are attached.

Best wishes!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN 46 Will Be Here Soon – Get Ready!
Date: 13 October 2020 at 3:33:11 PM EDT
To: "arin-annou...@arin.net<mailto:arin-annou...@arin.net>" 
mailto:arin-annou...@arin.net>>

This week kicks off the ARIN 46 Virtual Public Policy and Members Meeting, 
where we will be in the thick of important community discussions on the 
following policies:

- Recommended Draft Policy ARIN-2020-1: Clarify Holding Period for Resources 
Received via 4.1.8 Waitlist
- Recommended Draft Policy ARIN-2020-2: Reinstatement of Organizations Removed 
from Waitlist by Implementation of 2019-16
- Recommended Draft Policy ARIN-2020-3: IPv6 Nano-Allocations
- Recommended Draft Policy ARIN-2020-5: Clarify and Update Requirements for 
Allocations to Downstream Customers
- Draft Policy ARIN-2020-6: Allowance for IPv4 Allocation “Swap” Transactions 
via 8.3 Specified Transfers and 8.4 Inter-RIR Transfers
- Draft Policy ARIN-2020-7: 4.4 gTLD micro-allocation clarification
- Draft Policy ARIN-2020-8: Clarify and Update 4.2.1.2 Annual Renewal Fee

All draft policy text is available at:

https://www.arin.net/participate/policy/drafts/

The ARIN 46 agenda will also feature several other informative sessions, 
including updates on routing security, services, our customer satisfaction 
survey, and much more.

If you attended ARIN 45 in June, you were one of the lucky ones to experience 
our first completely virtual meeting. While we received great feedback on how 
that meeting went, we’re excited to introduce a few enhancements we’ll be 
making to ARIN 46 now that we have more planning time and experience.

- We plan to allow attendees into Zoom 15 minutes before the meeting starts 
each day so folks can say hello to one another. We will be providing some music 
and fun slides during this time for you to enjoy as well!
- During the 30-minute breaks on 14 and 15 October, you can stick around for a 
short, 10-minute seated stretching session at the beginning of each break.
- On 14 October, we’ll be playing “Buzzword Bingo.” Whether you are a rookie or 
a seasoned pro, this is your chance to shine and get comfortable with the 
terminology used in our community. We’ll be sending out bingo boards in 
advance, which you will fill in with a word bank of buzz words you typically 
hear at ARIN meetings.
- On 15 October we’ll be hosting an ARIN Trivia game. Newcomers are welcome to 
join in! It’s a great way to learn more about ARIN.

We will also be hosting six breakout sessions at the end of the day on 14 
October. Participants will be able to visit as many rooms as they want during 
the session and can move around or leave at any point. These will act just like 
the table topics we normally have during lunch. Folks can access all breakout 
rooms by visiting the following URL at the close of the meeting on 14 October:

https://arin.zoom.us/j/92748378149?pwd=UENsQzVqYTgzd0FsVlUvQ1BuOU4rUT09

We want to make sure you can participate in the meeting using all the 
functionality the latest version of Zoom has to offer. For an optimal 
experience, we recommend that you run Zoom Version 5.3.0 or higher.

One hour before the meeting starts each day, registered attendees will receive 
an email from “ARIN no-re...@zoom.us“ with the URL for that day’s session. 
These links are not identical, so be sure you use the correct one for each day.

Leading up to the meeting, we want to make sure you are ready to participate. 
To help you prepare, ARIN has published all of the meeting materials online for 
you to review or download beforehand. Just visit:

https://www.arin.net/ARIN46_materials

Need a refresher on ARIN’s Policy Development Process (PDP) before joining us 
to talk policy? You may want to check out the on-demand version of our PDP 
webinar, which covers the entire process, start to finish:

https://www.arin.net/reference/training/webinars/#the-policy-development-process

View the full agenda and register today for this meeting while there’s still 
time:

https://www.arin.net/ARIN46

Please contact us at meeti...@arin.net if you have any questions. We look 
forward to your participation!

Regards,

American Registry for Internet Numbers (ARIN)



___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



ARIN 46 Registration Now Open

2020-09-22 Thread John Curran
NANOGers -

ARIN 46 Registration is now open!   Note that we will have the Public Policy 
consultations on 14-15 October (before NANOG) and the ARIN Member Meeting 
afterwards on 23 October.

Please register asap for the ARIN meeting if you will be participating!

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN 46 Registration Now Open
Date: 9 September 2020 at 4:10:25 PM EDT
To: mailto:arin-annou...@arin.net>>

Registration is now open for the ARIN 46 Public Policy and Members Meeting, 
which will be held entirely online this October. ARIN is holding this Public 
Policy and Members Meeting so that attendees may gather virtually to discuss 
draft Internet number resource policies and learn more about ARIN services and 
operations.

Register today by visiting:

https://www.arin.net/ARIN46

The ARIN 46 Public Policy and Members Meeting will be spread out over two sets 
of dates: 14-15 October and 23 October. Note that you only have to register 
once to attend any and all meeting dates!

On 14-15 October, we will be conducting policy discussions and providing ARIN 
operational reports during the meeting sessions. Attendees will have the 
opportunity to join topic-based breakout sessions on a range of topics for 
informal conversation and networking. These breakout sessions will take place 
immediately following the conclusion of the meeting on 14 October.

On 23 October, we will reconvene for the Members Meeting, which is open to all 
interested individuals. In addition to updates from the Board and Advisory 
Council, this session will focus on the 2020 ARIN Elections. Attendees will 
hear from the candidates as they answer community-sourced questions in our 
moderated candidate forums.

Don’t forget to save the date for the ARIN 46 Newcomer Orientation and Policy 
Preview! All registrants will be invited to participate in an optional Newcomer 
Orientation and Policy Preview on 7 October. We welcome all first-time ARIN 
meeting attendees to come learn about ARIN and find out how to make the most of 
your meeting experience.

Just like our last virtual meeting, ARIN 46 will be held via Zoom. We will 
provide the same remote participation options for ARIN 46 that we usually do 
for our in-person Public Policy and Members Meetings, utilizing features inside 
the Zoom webinar platform. The meeting will also be webcast with a live 
transcript for unregistered viewing.

Registration is free, and all remote registrants will be listed as registered 
participants on the meeting website and in the archive of the meeting on the 
ARIN website. You must register for the meeting in order to submit comments and 
questions and vote in straw polls. The ARIN 46 chat in the Zoom webinar will be 
monitored to ensure that all participants adhere to the ARIN Participants 
Expected Standards of Behavior:

https://www.arin.net/about/corporate/standards/

Register today at:

https://www.arin.net/ARIN46

A link to access the virtual meeting will be emailed to all registered 
attendees in the days leading up to 14 October.

For more details about remote participation and everything you’ll need to know 
to get ready for ARIN 46, visit:

https://www.arin.net/ARIN46_remote

If you have any questions, please email us at meeti...@arin.net.

Regards,

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



ARIN/LACNIC Inter-RIR Transfers Update

2020-07-22 Thread John Curran
NANOGers –

FYI - LACNIC has adopted a policy for inter-RIR transfers of IPv4 number 
resources, and this policy is compatible with ARIN’s inter-RIR transfer 
policies.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN/LACNIC Inter-RIR Transfers Update
Date: 21 July 2020 at 3:52:59 PM EDT
To: mailto:arin-annou...@arin.net>>

Inter-RIR transfers of IPv4 addresses can now be processed between ARIN and 
LACNIC.

On 21 July, LACNIC announced that they are now able to process inter-RIR IPv4 
transfers.

https://www.lacnic.net/4711/2/lacnic/lacnic-starts-processing-inter-rir-transfers

Because ARIN and LACNIC have reciprocal policies, this means ARIN can now 
conduct inter-RIR IPv4 transfers between the two regions.

Regards,

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce


Tell ARIN how to do a better job! (was: Fwd: [arin-announce] 2020 ARIN Customer Satisfaction Survey Now Open)

2020-07-16 Thread John Curran
NANOGers -

We survey the ARIN user community regularly to find out how we are doing and 
how we can do a better job.

If you use ARIN services, I’d ask that you take a moment to complete our 2020 
Customer Satisfaction Survey per the instructions below.

Thanks (and stay safe!)
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] 2020 ARIN Customer Satisfaction Survey Now Open
Date: 13 July 2020 at 9:39:17 AM EDT
To: mailto:arin-annou...@arin.net>>

ARIN has officially launched our third Customer Satisfaction Survey to 
determine the current level of customer satisfaction with ARIN services. The 
survey is open beginning today, 13 July, through 31 July.

The survey is available at:

https://www.arin.net/customersurvey

Working together with marketing research firm Rockbridge Associates 
(https://rockresearch.com/), we have developed this survey to help us assess 
our performance in all areas of the organization, including Technical Services, 
Registration and Financial Services, Policy Development, and Communications.

Survey objectives include:

- Determine members’ expectations and needs from ARIN
- Assess current satisfaction with ARIN’s services and operations
- Determine any unmet needs members have
- Identify and prioritize areas for improvement
- Assess current perceptions of the organization within the Internet community
- Identify opportunities to better engage the Internet community in terms of 
outreach, education and fostering participation
- Understand how ARIN’s current performance compares to that indicated by the 
previous surveys completed in 2014 and 2017, which can be viewed on our 
website: https://www.arin.net/about/corporate/customer_survey/

The results of this survey will inform how ARIN moves forward when making 
future service improvements. This survey will also enhance the feedback 
collection we already conduct throughout the year using transaction surveys, 
the feedback button on the ARIN website, the ARIN Consultation and Suggestion 
Process, and other feedback mechanisms.

We will randomly select 10 winners to receive a $250 Amazon gift card during 
the survey period. These winners will be selected and announced on a weekly 
basis. If you would like to be eligible to receive a gift card, please provide 
your name and an email address on the final page of the survey. This 
information will only be used for the purposes of randomly selecting and 
contacting survey prize winners.

Your feedback is important to us, and we value your time to help ARIN improve 
our services for you.

Regards,

John Sweeting
Chief Customer Officer
American Registry for Internet Numbers (ARIN)



TIMELY – ARIN 45 Virtual Meeting Starts Later Today!

2020-06-16 Thread John Curran
NANOGers –

Our ARIN 45 Virtual Meeting will be held today and tomorrow, and is starting in 
approximately 5 hours…   There’s plenty of time to register for this free 
event, and participate in the development of the policies by which we manage 
the ARIN registry.

Details available below.

Best wishes (and stay safe!)
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN 45 Will Be Here Soon – Get Ready!
Date: 15 June 2020 at 12:34:01 PM EDT
To: mailto:arin-annou...@arin.net>>

This week is the ARIN 45 Virtual Meeting, where we will be in the thick of 
important community discussions on the following policies:

- Recommended Draft Policy ARIN-2019-1: Clarify Section 4 IPv4 Request 
Requirements
- Recommended Draft Policy ARIN-2019-10: Inter-RIR M
- Recommended Draft Policy ARIN-2019-12: M Legal Jurisdiction Exclusion
- Recommended Draft Policy ARIN-2019-20: Harmonization of Maximum Allocation 
Requirements under Sections 4.1.8 (ARIN Waitlist) and 4.2.2 (Initial Allocation 
to ISPs)
- Recommended Draft Policy ARIN-2019-21: Reserved Pool Replenishment
- Draft Policy ARIN-2020-1: Clarify Holding Period for Resources Received via 
4.1.8 Waitlist
- Draft Policy ARIN-2020-2: Grandfathering of Organizations Removed from 
Waitlist by Implementation of ARIN-2019-16
- Draft Policy ARIN-2020-3: IPv6 Nano-Allocations

All draft policy text is available at:

https://www.arin.net/participate/policy/drafts/

The ARIN 45 agenda will also feature several other informative sessions, 
including updates on ARIN’s IRR and RPKI.

Leading up to the meeting, we want to make sure you are ready to participate. 
To help you prepare, ARIN has published all of the meeting materials online for 
you to review or download beforehand. Just visit:

https://www.arin.net/ARIN45_materials

If this is your first time attending an ARIN meeting, you’ll find the welcome 
handout particularly helpful if you want to familiarize yourself with some of 
the ins and outs of ARIN.

Need a refresher on ARIN’s Policy Development Process (PDP) before joining us 
to talk policy? You may want to check out the on-demand version of our PDP 
webinar, which covers the entire process, start to finish:

https://www.arin.net/reference/training/webinars/#the-policy-development-process

View the full agenda and register today for this meeting while there’s still 
time:

https://www.arin.net/ARIN45

Please contact us at meeti...@arin.net if you have any questions. We look 
forward to your participation!

Regards,

American Registry for Internet Numbers (ARIN)


Re: ARIN

2020-06-12 Thread John Curran
Mehmet -

I shall pass along your praise to the team that does all the real work - and I 
very glad we could help out!

/John

John Curran
President and CEO
American Registry for Internet Numbers

On Jun 12, 2020, at 6:56 PM, Mehmet Akcin  wrote:


hey there,

I just wanted to share my experience dealing with ARIN support this week. I 
think it's not very common to see people taking the time to write something 
like this but I personally think we should do more often.

It has been long time since I had to deal with RIRs and this week I had to do 
several things in ARIN. The support has team was very quick responding, very 
useful with their recommendations to my questions, and had a great attitude 
towards solving problems. I can certainly say they went above and beyond when I 
opened a ticket with wrong request type and they asked me if they can close it 
and open a new one for me? I mean.. this is called going Above and Beyond!

thank you all ARIN support desk and especially Lisa Liedel for this great 
experience. and @John Curran<mailto:jcur...@arin.net> please accept this 
sincere thanks on your team's behalf!

Mehmet


Update your ARIN IRR data access methods (was: Fwd: [arin-announce] New Internet Routing Registry Release)

2020-06-10 Thread John Curran
NANOGers -

ARIN has released its updated IRR system - if you are relying on ARIN’s IRR 
data, please refer to details below and update access methods accordingly.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] New Internet Routing Registry Release
Date: 10 June 2020 at 2:34:55 PM EDT
To: mailto:arin-annou...@arin.net>>

ARIN is pleased to announce the release of new and updated Internet Routing 
Registry (IRR) features. Full release notes are included below this message.

ARIN systems are operating normally. If you have questions, comments, or 
issues, please submit an Ask ARIN ticket using your ARIN Online account, or 
contact the Registration Services Help Desk by phone Monday through Friday, 
7:00 AM to 7:00 PM ET at +1.703.227.0660.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

Release Notes

This release consists of IRR additions and improvements. The following 
information is provided to assist you in using ARIN’s IRR.

Obtaining Routing Information from ARIN’s IRR

Using FTP

ARIN’s IRR information can be obtained from ftp://ftp.arin.net/pub/rr/. The FTP 
site provides two sources that have been migrated from ARIN’s IRR: one for 
authorized objects and one for nonauthorized objects. Authorized objects have 
been verified that the organization is authorized to create the record and that 
the registration associated with the object is under an (L)RSA.

What do I need to change after this IRR deployment to use FTP?

* If you are obtaining IRR information via FTP, to get all ARIN objects, you’ll 
need to access two separate sources: ARIN (arin.db.gz) and ARIN-NONAUTH 
(arin-nonauth.db.gz). Note that the source files are in a new, zipped format 
(.gz).

Using Near Real-Time Monitoring (NRTM)

ARIN provides two NRTM streams: ARIN (which contains authorized objects, as 
previously described) and ARIN-NONAUTH (which contains nonauthorized objects).

What do I need to change after this IRR deployment to use NRTM?

* Add the new NONAUTH stream to your monitoring. The serial number for this 
stream is found at https://ftp.arin.net/pub/rr/ARIN-NONAUTH.CURRENTSERIAL
* Update the current ARIN (authorized) stream serial number; this number is 
found at https://ftp.arin.net/pub/rr/ARIN.CURRENTSERIAL

Whois Port 43: You can access ARIN’s IRR database for both ARIN and 
ARIN-NONAUTH sources (which is running IRR Daemon, or IRRd) by entering 
commands from a terminal window. There are no changes to this functionality 
after the deployment.

Managing Routing Information in ARIN’s IRR

ARIN now provides a new method to manage IRR data directly in ARIN Online by 
selecting IRR Object Records from the main navigation menu. Organizations who 
currently use ARIN’s email-template based system (IRR-email) can continue to 
use that system, but no new organizations will be added to the IRR-email 
system. Your data from the IRR-email system has been migrated and is available 
for viewing in ARIN Online, but migrated IRR objects cannot be modified in ARIN 
Online. (Only IRR objects created in ARIN Online can be modified in ARIN 
Online.)

What do I need to do as a result of these changes?

- If you are currently using IRR-email and you want to continue to use that 
system, no action is needed. (You cannot use both IRR-email and ARIN Online to 
manage your IRR data.)
- If you are currently using IRR-email and you want to start using ARIN Online 
to manage your IRR data, upon your first use of IRR in ARIN Online, you’ll be 
asked to confirm that you want to switch to ARIN Online to manage your IRR 
data. You’ll have to agree to this change before proceeding. If you start using 
IRR-online, you will no longer have access to IRR-email.
___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Fwd: [arin-announce] ARIN 45 Moving to Virtual Meeting Format

2020-03-17 Thread John Curran
FYI - ARIN 45 will be done via remote participation only.
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN 45 Moving to Virtual Meeting Format
Date: 17 March 2020 at 5:03:09 PM EDT
To: mailto:arin-annou...@arin.net>>

In light of the current circumstances related to the rapidly evolving 
coronavirus disease 2019 (COVID-19) outbreak and guidance from Federal and 
state governments, the ARIN 45 Public Policy and Members Meeting will no longer 
have an in-person component as originally scheduled to take place in 
Louisville, Kentucky.

We have been closely monitoring the latest news and guidance related to the 
COVID-19 outbreak from the Centers for Disease Control and Prevention (CDC), 
the World Health Organization (WHO), and local health departments. Following 
the most recent guidance from the CDC, we must prioritize the health of our 
ARIN community members and their families, and thus, the ARIN 45 Public Policy 
and Members Meeting will now proceed entirely as an online-only meeting for all 
participants.

We ask that all participants please save the original dates of Monday, 27 April 
and Tuesday, 28 April while we review our normal policy discussions and related 
meeting programming to select material to be added to the agenda. We will be 
publishing the agenda and how to participate in the near future.

We sincerely apologize for the inconvenience, and thank you for your 
understanding.

If you have any further questions, please reach out to 
meeti...@arin.net<mailto:meeti...@arin.net>.

Regards,

John Curran, President and CEO
Paul Andersen, Chair of the ARIN Board of Trustees
American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Re: Tell me about AS19111

2020-02-07 Thread John Curran
Barry -

FYI – In addition to a regular financial audit, ARIN periodically has a 
third-party operational audit conducted of the registry, including random 
sampling of transactions and detailed review of same.

The results of the audit are used to both reaffirm registry integrity and have 
led to improvements in our processes in multiple areas including internal 
review/signoff practices, transaction logging, and fraud investigation.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 6 Feb 2020, at 1:38 PM, b...@theworld.com<mailto:b...@theworld.com> wrote:


Given events including the IPv4 runout etc perhaps it's long overdue
that the RIRs should hire a professional big-name (we used to call
them Big 5) accounting firm to audit or at least review IP address,
ASN, etc. allocation.

I am not talking about money, I am talking about resource allocation.

That would be a step towards accountability.

It would likely be a lot better than "someone on NANOG noticed a
discrepancy let's shout at each other about it for a few days."

The "rules" really aren't that difficult even if the details of
technical management can be.

A modern accounting firm could find the talent to grasp how it all
should work and review how it has worked and is working.

I've worked with accountants, they know things like what we'd call in
a phrase "game theory" (you cut, I choose, etc) regarding resource
allocation, memorialization (is the record-keeping broken?), "forcing"
organizations to fix outright bugs in rules and record-keeping,
internal accountability (e.g., who has access to critical records?
what's the process when an error or fraud occurs?), proper reporting,
etc.

It wouldn't be cheap.

But as an easy suggestion I'd recommend that ISOC help with the
funding for such a project. There could be other sources.

Or possibly, I haven't a clue how the numbers might work, a $10 or $20
new annual resource allocation surcharge to underwrite such auditing.

It would be a new and potentially valuable service so, within reason,
justified.

--
   -Barry Shein

Software Tool & Die| b...@theworld.com<mailto:b...@theworld.com>
 | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*



Re: Tell me about AS19111

2020-02-06 Thread John Curran
On 5 Feb 2020, at 8:45 PM, Jon Lewis 
mailto:jle...@lewis.org>> wrote:

On Wed, 5 Feb 2020, John Levine wrote:
I believe you, but isn't ARIN's list of North American ASNs supposed to be 
authoritiative?

Other than the funky ASN there doesn't seem anything particularly naughty about 
the site.

If POCs are unresponsive, and the bill goes unpaid, does ARIN note this in 
whois or just delete data from the db?

If POCs are unresponsive, the lack of response is noted in Whois per NRPM 3.6 
<https://www.arin.net/participate/policy/nrpm/#3-6-annual-validation-of-arin-s-public-whois-point-of-contact-data>

If the bill goes unpaid, then the resources will eventually be subject to being 
revoked per the RSA - https://www.arin.net/resources/fees/returns/

Does the answer to that change if the ASN was under an RSA, but allocated 
pre-ARIN?

Makes no difference whatsoever.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: FYI - Suspension of Cogent access to ARIN Whois

2020-01-07 Thread John Curran
On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via NANOG  wrote:
> 
> Out of curiosity, since we aren't affected by this ourselves, I know of cases 
> where Cogent has sub-allocated IP space to its customers but which those 
> customers originate from their own ASN and then announce to multiple upstream 
> providers.
> 
> So while the IP space is registered to Cogent and allocated to its customer, 
> the AS-path might be something like ^174_456$ but it's entirely possible that 
> ARIN would observe it as ^123_456$ instead. Are such IP address blocks 
> affected by the suspension?

As noted earlier, ARIN has suspended service for all Cogent-registered IP 
address blocks - this is being done as a discrete IP block access list applied 
to relevant ARIN Whois services, so the routing of the blocks are immaterial - 
a customer using a suballocation of Cogent space could be affected but 
customers with their own IP blocks blocks that are simply being routed by 
Cogent are not affected. 

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: FYI - Suspension of Cogent access to ARIN Whois

2020-01-06 Thread John Curran
On 6 Jan 2020, at 11:43 PM, Stephen Wilcox 
mailto:swil...@ixreach.com>> wrote:

Out of interest, what does it take to have an ARIN contract or core ARIN 
services revoked? Is there such a threshold, does breach of contract ever 
result in consequential action?

This seems more like a talking point than an act with teeth to it…

Steve -

This action is due to misuse of ARIN’s Whois services: specifically, 
organizations that routinely misuse the Whois data risk losing access to the 
information.

As I noted elsewhere, it is possible for the suspension of access to Whois to 
be technically circumvented, but ARIN still has to take abuse of the data 
seriously because our customers make their contact data available specifically 
for facilitating network operations, and this includes terminating or 
suspending access to the Whois service for those who chronically fail to comply 
with the terms of use, such as those who repeatedly violate the prohibition on 
marketing & solicitation using ARIN Whois data.

It is also possible that such misuse of ARIN Whois is a violation of ARIN’s 
registration services agreement (which provides for more significant recourse 
such as resource revocation), but ARIN is simply suspending access to the Whois 
service as that action directly corresponds to (and helps mitigate) the 
specific terms of use violation.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: FYI - Suspension of Cogent access to ARIN Whois

2020-01-06 Thread John Curran
ARIN has suspended service for all Cogent-registered IP address blocks.  
Customers with their own IP blocks blocks that are simply being announced by 
Cogent are not affected.

/John

John Curran
President and CEO
American Registry for Internet Numbers


On Jan 6, 2020, at 9:44 PM, Ross Tajvar  wrote:

?
Yeah this raises a great point - I'm curious how ARIN is differentiating 
between cogent and cogens customers when monitoring for prohibited access. 
Particularly those customers whose IPs belong to and are announced by Cogent.

On Mon, Jan 6, 2020, 10:38 PM Martin Hannigan 
mailto:hanni...@gmail.com>> wrote:

- shifting a side thread


John,

I have no stake in this, so far, but I have a few questions.

Can you define exactly what services have been blocked? IRR/ROA/TLA registry 
updates, etc? Were they blocked ^174 or 174$? This is a precedent AFAIK. I'd 
like to understand consequences. In case I decide to attend Dave's sales 
training? :-)

Cheers,

-M<



On Mon, Jan 6, 2020 at 10:45 John Curran 
mailto:jcur...@arin.net>> wrote:
On 22 Sep 2019, at 8:52 AM, Tim Burke mailto:t...@tburke.us>> 
wrote:

That is just The Cogent Way(tm), unfortunately. I just had (yet another) Cogent 
rep spam me using an email address that is _only_ used as an ARIN contact, 
trying to sell me bandwidth. When I called him out on it, with 
complia...@arin.net<mailto:complia...@arin.net> CCed, he backpedaled and 
claimed to obtain my information from Google.

ARIN has repeatedly informed Cogent that their use of the ARIN Whois for 
solicitation is contrary to the terms of use and that they must stop.  Despite 
ARIN's multiple written demands to Cogent to cease these prohibited activities, 
ARIN has continued to receive complaints from registrants that Cogent continues 
to engage in these prohibited solicitation activities.

For this reason, ARIN has suspended Cogent Communications' use of ARIN's Whois 
database effective today and continuing for a period of six months.  For 
additional details please refer to 
https://www.arin.net/vault/about_us/corp_docs/20200106_whois_tos_violation.pdf  
  ARIN will restore Cogent's access to the Whois database at an earlier time if 
Cogent meets certain conditions, including instructing its sales personnel not 
to engage in the prohibited solicitation activities.

Given the otherwise general availability of ARIN Whois, it is quite possible 
that Cogent personnel may evade the suspension via various means and continue 
their solicitation.  If that does occur, please inform us (via 
complia...@arin.net<mailto:complia...@arin.net>), as ARIN is prepared to extend 
the suspension and/or bring appropriate legal action.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers








FYI - Suspension of Cogent access to ARIN Whois

2020-01-06 Thread John Curran
ARIN has repeatedly informed Cogent that their use of the ARIN Whois for 
solicitation is contrary to the terms of use and that they must stop.  Despite 
ARIN’s multiple written demands to Cogent to cease these prohibited activities, 
ARIN has continued to receive complaints from registrants that Cogent continues 
to engage in these prohibited solicitation activities.

For this reason, ARIN has suspended Cogent Communications’ use of ARIN’s Whois 
database effective today and continuing for a period of six months.  For 
additional details please refer to 
https://www.arin.net/vault/about_us/corp_docs/20200106_whois_tos_violation.pdf  
  ARIN will restore Cogent’s access to the Whois database at an earlier time if 
Cogent meets certain conditions, including instructing its sales personnel not 
to engage in the prohibited solicitation activities.

Given the otherwise general availability of ARIN Whois, it is quite possible 
that Cogent personnel may evade the suspension via various means and continue 
their solicitation.  If that does occur, please inform us (via 
complia...@arin.net<mailto:complia...@arin.net>), as ARIN is prepared to extend 
the suspension and/or bring appropriate legal action.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

(By request of some readers, this is being resent as separate thread for better 
visibility.)



Suspension of Cogent access to ARIN Whois

2020-01-06 Thread John Curran
On 22 Sep 2019, at 8:52 AM, Tim Burke mailto:t...@tburke.us>> 
wrote:

That is just The Cogent Way™, unfortunately. I just had (yet another) Cogent 
rep spam me using an email address that is _only_ used as an ARIN contact, 
trying to sell me bandwidth. When I called him out on it, with 
complia...@arin.net<mailto:complia...@arin.net> CCed, he backpedaled and 
claimed to obtain my information from Google.

ARIN has repeatedly informed Cogent that their use of the ARIN Whois for 
solicitation is contrary to the terms of use and that they must stop.  Despite 
ARIN’s multiple written demands to Cogent to cease these prohibited activities, 
ARIN has continued to receive complaints from registrants that Cogent continues 
to engage in these prohibited solicitation activities.

For this reason, ARIN has suspended Cogent Communications’ use of ARIN’s Whois 
database effective today and continuing for a period of six months.  For 
additional details please refer to 
https://www.arin.net/vault/about_us/corp_docs/20200106_whois_tos_violation.pdf  
  ARIN will restore Cogent’s access to the Whois database at an earlier time if 
Cogent meets certain conditions, including instructing its sales personnel not 
engage in the prohibited solicitation activities.

Given the otherwise general availability of ARIN Whois, it is quite possible 
that Cogent personnel may evade the suspension via various means and continue 
their solicitation.  If that does occur, please inform us (via 
complia...@arin.net<mailto:complia...@arin.net>), as ARIN is prepared to extend 
the suspension and/or bring appropriate legal action.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers








FYI - Suspension of Cogent access to ARIN Whois

2020-01-06 Thread John Curran
On 22 Sep 2019, at 8:52 AM, Tim Burke mailto:t...@tburke.us>> 
wrote:

That is just The Cogent Way™, unfortunately. I just had (yet another) Cogent 
rep spam me using an email address that is _only_ used as an ARIN contact, 
trying to sell me bandwidth. When I called him out on it, with 
complia...@arin.net<mailto:complia...@arin.net> CCed, he backpedaled and 
claimed to obtain my information from Google.

ARIN has repeatedly informed Cogent that their use of the ARIN Whois for 
solicitation is contrary to the terms of use and that they must stop.  Despite 
ARIN’s multiple written demands to Cogent to cease these prohibited activities, 
ARIN has continued to receive complaints from registrants that Cogent continues 
to engage in these prohibited solicitation activities.

For this reason, ARIN has suspended Cogent Communications’ use of ARIN’s Whois 
database effective today and continuing for a period of six months.  For 
additional details please refer to 
https://www.arin.net/vault/about_us/corp_docs/20200106_whois_tos_violation.pdf  
  ARIN will restore Cogent’s access to the Whois database at an earlier time if 
Cogent meets certain conditions, including instructing its sales personnel not 
to engage in the prohibited solicitation activities.

Given the otherwise general availability of ARIN Whois, it is quite possible 
that Cogent personnel may evade the suspension via various means and continue 
their solicitation.  If that does occur, please inform us (via 
complia...@arin.net<mailto:complia...@arin.net>), as ARIN is prepared to extend 
the suspension and/or bring appropriate legal action.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers








Important re dropping TLS 1.0 support (Reminder: Changes to Whois-RWS and RDAP Scheduled for 12 February 2020)

2019-12-13 Thread John Curran
NANOG Folks -

If you are using programmatic interfaces over TLS 1.0 to access ARIN Whois-RWS 
or ARIN RDAP services, please pay particular attention to this announcement.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Reminder: Changes to Whois-RWS and RDAP Scheduled for 
12 February 2020
Date: 13 December 2019 at 12:28:44 PM CST
To: mailto:arin-annou...@arin.net>>

As we originally announced on 15 October 2019, there will be a change made to 
ARIN’s Whois-RWS and RDAP services on 12 February 2020. This change may impact 
the way you interface programmatically with ARIN to query and retrieve 
information from these services.

ARIN will no longer be supporting TLS 1.0 for Whois-RWS and RDAP services. 
There are well-known security issues with this protocol. We will continue to 
support TLS 1.1 and 1.2. Please make sure your client implementation will 
support TLS 1.1 or 1.2. Read 
https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ for 
further details.

Because these changes will be implemented in about 60 days, we recommend that 
you review your clients that interface with the Whois-RWS and RDAP services, 
and make any required configuration or code changes in advance of this change. 
Both TLS 1.1 and TLS 1.2 are available now. We encourage you to make these 
changes so you will have no operational impact when we disable the vulnerable 
transport protocols.

So that you can plan your upgrades accordingly, we would also like to inform 
you of future planned events for this service. We will be adding TLS 1.3 
support to Whois-RWS and RDAP in the near future. We also anticipate announcing 
end-of-service support for TLS 1.1, with another corresponding 120-day warning 
notice.

Regards,

Mark Kosters
Chief Technology Officer

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Re: IPv4 and Auctions

2019-10-27 Thread John Curran
On 26 Oct 2019, at 8:28 AM, Owen DeLong 
mailto:o...@delong.com>> wrote:
…
The difference is that ARIN charges almost nothing for the rent, so what you 
basically are auctioning is the right too use a free appartment, which is worth 
money.
Even if you don't own the IP addresses, the right to use them is a tangible 
asset.

I’m sure someone from ARIN staff will correct me if I’m wrong about this, but I 
don’t believe that is the case.

ARIN registration is NOT (to the best of my knowledge):
+ A right to use
+ A property right in a set of integers
+ Any sort of right to have your numbers routed on the internet (or anywhere)
+ Any sort of exclusive right to control of a set of integers for a particular 
purpose

ARIN registration is (to the best of my knowledge):
+ A guarantee of unique association of a set of integers to your organization 
within a
cooperating set of databases collectively known as the RIR System.
+ A guarantee of certain property and control rights over said registration 
within that
system. (note that’s the registration, not the registered integers)
+ Unless you are a non-RSA legacy registrant, it is a contractual relationship 
between
you and ARIN (and by extension said RIR system) which provides both rights and
obligations on your conduct with respect to said registration.
+ The right and ability to update certain attributes in the records of your 
registration(s).

So ARIN doesn’t actually rent the right to use an apartment so much as a 
recording of the fact
that certain entities agree that your name goes on the door of said apartment.

Owen -

Actually, that’s quite close.  To be clear on this, I’ll point out that ARIN 
recognizes that those issued IP address blocks have several specific rights –

• The exclusive right to be the registrant of the resources within the ARIN 
database
• The right to use the number resources _within the ARIN database_
• The right to transfer the number resources pursuant to the community’s 
policies.

These rights are provided contractually to all parties with ARIN-issued 
resources, and ARIN will recognize and formalize the rights of those issued 
resources by ARIN’s predecessors (legacy resource holders) by entering into a 
registration services agreement with them if wish clear contractual rights over 
their resources.

Note that these rights cannot be assigned or transferred without ARIN’s consent 
and such consent may not be unreasonably withheld if consistent with the 
policies.

So, if by “the right to use them”, one is referring to being the one listed in 
the ARIN database for the address space and/or use ARIN services applicable to 
those address blocks, then that is indeed a contractual right, but it doesn’t 
get transferred or assigned except as the community policy states.  For 
example, redelegation by ISPs is clearly covered by ARIN policy, so we 
recognize such and even provide services specifically to support same.

If “the right to use them” is rather a reference to ability to route address 
blocks with your various ISP partners, then that’s really a question about the 
business practices of those accepting the routes…

Now, coincidentally and fortunately, the vast majority of ISPs choose to regard 
the data in the
RIR system as an important record of who they will accept prefix advertisements 
from, which
makes it much harder to use numbers that are not associated with your 
organization in the RIR system
for routing on the internet, but that’s actually a coincidental behavior of the 
ISPs and not actually
any sort of right, privilege, or ability issued or managed by ARIN.

Correct.   ARIN’s policies govern the administration of the number resources in 
the registry, and there is no requirement for resource holders to route their 
networks in any particular manner.   During the Anti-hijack policy discussion 
on arin-p...@arin.net<mailto:arin-p...@arin.net>,  I noted that if the 
community really wanted ARIN to require certain routing hygiene, that would 
require changing the RSA, and any changes to ARIN’s RSA going forward (outside 
of conformance to changing law) actually requires a member ratification vote…  
(a particularly high hurdle, but potentially achievable if the community really 
feels that they want additional obligations in this regard.)

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: IPv4 and Auctions

2019-10-26 Thread John Curran
American 
region.”  As such, legacy resource holders are encouraged to participate in the 
policy development process that sets the policy used for management of the 
(now) ARIN registry. Legacy resource holders receive the same services that 
they always have - i.e. those that they were in place at ARIN’s inception, 
without any need for an agreement or payment of any fees.  (Legacy holders that 
want the all ARIN services available today must enter into a RSA and pay the 
modest capped maintenance fees which help support development of same.)  ARIN 
has direct control over the registry including all of the entries therein, and 
this means that when the community adopts a policy, it is indeed applied to all 
entries regardless of their time of issuance. 

Since the ARIN community has developed and adopted more relaxed policies for 
transfers (allowing them to entities who can meet more modest needs 
requirements), all of the resources in the ARIN registry are operated under 
those updated policies rather than the more stringent policy that was in place 
via RFC 2050 prior to ARIN’s formation.  This has, among other things, enabled 
the development of a robust transfer marketplace for unused IPv4 resources in 
the region, thus creating incentive for unused blocks to be brought back into 
productive use within the community and providing some small mitigation for 
those who require additional IPv4 address space at a time when there is very 
little available for free assignment from the registry system. 

Note finally that there is no policy at ARIN regarding “leasing” of IP 
addresses (in many ways, that's precisely what an ISP does with IP addresses 
for its customers, only usually bundled as an element in the overall service), 
so one should not be surprised when leasing occurs in the ARIN region.   

Best wishes - I hope the above helps clarify things - if not, one can find me 
in Austin for more specific questions.  

:-) 
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-15 Thread John Curran
On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette 
mailto:r...@tristatelogic.com>> wrote:


Report it on some webpage and call it "Internet
Resources stolen", document every incident as you do via email, send a
copy to the appropriate RIR and upstream ISP allowing the hijack in
question to show that you did the appropriate effort and we can then
move on.

I can and will stop posting here, and go off an blog about this stuff
instead, if the consensus is that I'm utterly off-topic or utterly
uninteresting and useless.  But a few folks have told me they find
this stuff interesting, and it has operational significance, I think.
So for now, at least, I'd like to continue to share here.

As regards to reporting to RIRs or upstreams, what makes you think that
either of those would care one wit?  The RIRs are not the Internet
Police, or so I am told.

Good morning Ron –

The RIRs are not the Internet Police, but we do care very much about the 
integrity of the Internet number registry system.

Please report to ARIN any instances of number resource records in the ARIN 
registry whose organization you believe to be incorrect – while such records 
are updated only based on appropriate documentation, that doesn’t preclude the 
use of fraudulent documentation that goes undetected.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 11:15 AM, Valdis Klētnieks  wrote:
> 
> On Wed, 14 Aug 2019 02:42:09 -, John Curran said:
> 
>> You might want want to ask them why they are now a problem when they weren’t
>> before (Also worth noting that many of these ISP's own contracts with their
>> customers have rather similar indemnification clauses.)
> 
> Actually, it's probably ARIN that should be doing the asking, and seeing if
> they can change the wording and/or rephrase the issue to allay concerns.
> 
> It sounds to me like ARIN's *intent* was "if you get sued by your customers 
> because
> you screw the pooch on deployment, it's your screw-up to clean up and not our
> problem". Or at least I *hope* that was the intent (see next paragraph)

That is indeed the intent - please deploy routing validation using best 
practices, so that you & your customers don’t suffer any adverse impact when 
ARIN's repository is not available.

> But I suspect a lot of companies are reading it as: "If a spammer sues you 
> for using
> a block list that prevents them from spamming your customers, you can't end up
> owing money to the block list maintainers.  But if you rely on the ARIN TAL, 
> and get
> sued by an address hijacker, you could end up owing money to ARIN”.

It’s is not “you owe money to ARIN’, but it could be “you need to defend both 
yourself and ARIN from your customers’ litigation should you get it wrong."

> (Having said that, John, it takes a special sort of CEO to stand out and be 
> seen
> in situations like this, and the world could probably use more CEO's like 
> that…)

 fairly easy to do if one has a thick skin… ;-)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers




signature.asc
Description: Message signed with OpenPGP


Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 1:21 AM, Ronald F. Guilmette 
mailto:r...@tristatelogic.com>> wrote:

In message 
<06570278-e1ad-4bb0-a9fc-11a77bed7...@arin.net<mailto:06570278-e1ad-4bb0-a9fc-11a77bed7...@arin.net>>,
John Curran mailto:jcur...@arin.net>> wrote:

Even so, we at ARIN are in the midst of a Board-directed review of the RPKI
legal framework to see if any improvements can be made <https://www.arin.net/
vault/participate/meetings/reports/ARIN_43/PDF/PPM/curran_rpki.pdf>  – I will
provide further updates once it is completed.

This is an excellent presentation John, and I'm real glad to see that you
have done such a nice job on it and touched on all of the important points.

In particular, I'm glad that you clarified that if everyone is just doing
what they ought to be doing, i.e. following best practices, then even if
RPKI central and all of its sister satellites should all be simultaneously
hit by metorites, then in theory at least, nobody should be any worse off
than they already are today.

And yes, I can't argue and won't argue that some folks aren't going to be
bozos and screw up their RPKI deployment, and then some of them -may-
possibly want to blame ARIN for -their- screw ups, but I continue to have
trouble envisioning how this would ever traslate into a lawsuit that
wouldn't simply be laughed out of court in about five seconds if handled
properly.

Alas, it’s not those who fail to properly configure RPKI that are likely to be 
litigating, but rather their impacted customers and those customers' business 
partners who all were unable to communicate due to no fault of their own.

Such a matter will not be thrown out of court, but will be the start of a long 
and very expensive process involving claims, discovery, experts, etc.  (a 
recent legal matter that was promptly resolved in ARIN’s favor pre-litigation 
still resulted in more than 1/3 million USD in costs...)   Absent a specific 
reason for dismissal, it is only in actual trial that the preponderance of 
evidence gets considered – and note that in such a dispute, we’d end up with a 
jury of regular folks hearing fairly technical arguments about certificate 
validation, covering ROA’s, caching, etc.In other words, even if handled 
perfectly, your five second estimate is likely off by a year or more (and hence 
the reason for indemnification - it provides a clear basis for ARIN’s exit from 
the matter, as it makes plain that the liability resulting from use of the RPKI 
repository lies with the ISP.)

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: RPKI adoption

2019-08-14 Thread John Curran
On 14 Aug 2019, at 12:51 AM, Hank Nussbacher  wrote:
> …
> Just like to add kudos to John for being open and responsive on this list and 
> other lists to numerous issues and questions in regards to ARIN.  Not many 
> CEOs are willing or able to respond as you do.  

Hank - 

Thanks! – as I work for you (i.e. this collective community), I see it 
as a reasonable obligation to be reachable/answerable regarding how your 
registry is being run.

/John

John Curran
President and CEO
American Registry for Internet Numbers

p.s.  As a reminder, those interested in more prominent/direct role in 
oversight of ARIN should consider running for the Board of Trustees…  
<https://www.arin.net/announcements/20190723/>





Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 2:26 AM, Matthew Petach  wrote:
> ...
> Now, at the risk of bringing down the ire 
> of the community on my head...ARIN could
> consider tying the elements together, at 
> least for ARIN members.  Add the RPKI terms 
> into the RSA document.  You need IP number
> resources, congratulations, once you sign the
> RSA, you're covered for RPKI purposes as well.

Matthew - 

Yes indeed - this is one of several potential improvements that we’re 
also investigating. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 1:01 AM, William Herrin  wrote: 
> ...
> >  I would observe that continued use at that point has been held
> > to indicate agreement on your part [ref: Register.com, Inc. v. Verio, Inc., 
> > 356 F.3d 393 (2d Cir. 2004)]
> 
> In which Verio admitted to the court that they knew they were abusing 
> Register's computers but figured Register's contract with ICANN gave them the 
> right. The court would have reached the same decision regardless of 
> Register's notice: You're abusing computers that aren't yours. Stop it.

BIll - 

The particular finding from Register v. Verio that is relevant was that a user 
made aware of applicable terms with each query (even at the end) is sufficient 
for contractual binding after continued use.  

> Specht v. Netscape Communications Corp, on the other hand, found that, 
> "plaintiffs neither received reasonable notice of the existence of the 
> license terms nor manifested unambiguous assent" to the contract Netscape 
> offered for the use of their software at download-time, including assent to 
> settle disputes through arbitration.

Register v. Verio was after Specht v Netscape, and distinguished the situation 
where the user received terms at the end of each response from those cases 
where a user couldn’t reasonably determine that there were any applicable terms 
and conditions. 

> I'll take any bet you care to offer that the latter precedent applies to 
> casual consumer use of ARIN's whois.

That bet is available to you at any time by violating the terms the ARIN’s 
Whois service, so the question to ask yourself is: "do you feel lucky?”

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread John Curran
On 13 Aug 2019, at 11:03 PM, William Herrin 
mailto:b...@herrin.us>> wrote:

On Tue, Aug 13, 2019 at 7:42 PM John Curran 
mailto:jcur...@arin.net>> wrote:
On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette 
mailto:r...@tristatelogic.com>> wrote:
The last time I looked, RPKI adoption was sitting at around a grand total
of 15% worldwide.  Ah yes, here it is...

  https://rpki-monitor.antd.nist.gov/

I've asked many people and many companies why adoption remains so low, and
why their own companies aren't doing RPKI.  I've gotten the usual assortment
of utterly lame excuses, but the one that I have had the hardest time
trying to counter is the one where a network engineer says to me "Well,
ya know, we were GOING to do that, but then ARIN... unlike the other four
regional authorities... demanded that we sign some silly thing indemnifying
them in case of something.

Interestingly enough, those same indemnification clauses are in the 
registration services agreement that they already signed but apparently they 
were not an issue at all when requesting IP address space or receiving a 
transfer.

I signed no legal agreement either to register my legacy addresses or to do a 
whois lookup to check someone else's addresses. Just sayin’.

Bill -

When you did that Whois look up at the ARIN website, you did agree to terms of 
use for the Whois service which contains indemnification provisions and are 
legally enforceable. <https://www.arin.net/resources/registry/whois/tou/>

If you instead used a command line interface (e.g. "whois -h 
whois.arin.net<http://whois.arin.net> …”), then you received output from ARIN’s 
Whois server along with notice of the applicable terms of service…  I would 
observe that continued use at that point has been held to indicate agreement on 
your part [ref: Register.com<http://Register.com>, Inc. v. Verio, Inc., 356 
F.3d 393 (2d Cir. 2004)]

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread John Curran
On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette 
mailto:r...@tristatelogic.com>> wrote:
...
The last time I looked, RPKI adoption was sitting at around a grand total
of 15% worldwide.  Ah yes, here it is...

  https://rpki-monitor.antd.nist.gov/

I've asked many people and many companies why adoption remains so low, and
why their own companies aren't doing RPKI.  I've gotten the usual assortment
of utterly lame excuses, but the one that I have had the hardest time
trying to counter is the one where a network engineer says to me "Well,
ya know, we were GOING to do that, but then ARIN... unlike the other four
regional authorities... demanded that we sign some silly thing indemnifying
them in case of something.

Interestingly enough, those same indemnification clauses are in the 
registration services agreement that they already signed but apparently they 
were not an issue at all when requesting IP address space or receiving a 
transfer.
You might want want to ask them why they are now a problem when they weren’t 
before (Also worth noting that many of these ISP's own contracts with their 
customers have rather similar indemnification clauses.)

Even so, we at ARIN are in the midst of a Board-directed review of the RPKI 
legal framework to see if any improvements can be made 
<https://www.arin.net/vault/participate/meetings/reports/ARIN_43/PDF/PPM/curran_rpki.pdf>
  – I will provide further updates once it is completed.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: User Unknown (WAS: really amazon?)

2019-08-12 Thread John Curran
On 12 Aug 2019, at 3:26 PM, Rich Kulawiec  wrote:
> 
> On Sun, Aug 04, 2019 at 12:12:48AM -0700, Stephen Satchell wrote:
>> "The rules" have been around for years, and are codified in the RFCs
>> that are widely published and available to all at zero cost.  (That
>> wasn't always true, as it wasn't until the DDN Protocol Handbook volumes
>> were published in 1985 that the RFCs were available to everyone.  I seem
>> to recall there was an FTP site that provided the RFC documents before
>> that, but my memory is hazy on that.)
> 
> IIRC, the CSnet CIC provided an RFC-by-mail service in the mid to late 1980's.
> It allowed anyone to request any RFC by number, e.g., sending it "rfc123" 
> would
> result in a response containing that RFC. 


Indeed - it was the "CSNET Information Server" , and it 
not only served RFCs but also a variety of other DDN/NSF/Merit/IETF internet 
informational documents...  

With the shutdown of the CSNET Coordination and Information Center (CSNET CIC) 
in 1991, the email-based info-server function 
was transferred to the NSF Network Service Center (NNSC) 
 where it operated until of all the various
Internet informational/registry/directory services were transferred into the 
consolidated InterNIC contract. 

FYI,
/John





Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-12 Thread John Curran
On 9 Aug 2019, at 4:09 PM, Ronald F. Guilmette  wrote:
> ...
> Unfortunately, we cannot read too much into this change that was made
> to the block's public-facing WHOIS record.  Neither the new WHOIS info
> nor even the old WHOIS info can be used to reliably infer who or what
> is the legitimate registrant of the block at any point in time.  This
> is because ARIN, like all of the other Regional Internet Registries,
> allows registrants to put essentially any bovine excrement they desire
> into their public-facing WHOIS records.

Ronald - 

That is not the case – ARIN confirms the legal status of organizations 
receiving number resources. 

>  (And, it should be noted, the
> man behind the recent large scale "Micfo" fraud apparently availed
> himself of this exact opportunity far subterfuge, in spades.)

As previously noted on this list, such was only possible because of the use of 
falsely notarized documents. 

> Regardless, the available records suggest that there are only two likely
> possibilities in this case:
> 
> 1) On or about 02-17-2010 HHSI, Inc. (California) transfered the
>registration of the 216.179.128.0/17 block from itself to the
>2009 vintage Delaware entity Azuki, LLC.  If this is what happened,
>then it is likely that the transfer was performed in violation
>of the applicable ARIN trasfer policy that was in force at the time.
>(Azuki, LLC did not simply buy-out HHSI, Inc., lock, stock, and
>barrel in 2010.  California records show that HHSI, Inc. continued
>to be an active California corporation until at least 02/12/2014,
>and probably well beyond that date.)
> 
> 2) Alternatively, on or about 02-17-2010 HHSI, Inc. (California) simply
>altered what would henceforth appear in the public-facing WHOIS
>record for the the 216.179.128.0/17 block to make it appear... to
>everyone except ARIN staff, who knew better... that the block was
>now registered to Azuki, LLC in Delaware.
> 
> Only ARIN staff can tell us which of these possibilities actually applies.
> But due to ARIN's strict adherence to contractual confidentiality with
> respect to all of their resource holders, I do not anticipate that ARIN
> will actually provide any clarity on this case anytime soon.

That is easy to address:  submit a fraud request, and it will be reviewed and 
corrected if it was done fraudulently.

Thanks!
/John 

John Curran
President and CEO
American Registry for Internet Numbers




Re: User Unknown (WAS: really amazon?)

2019-08-04 Thread John Curran
On 4 Aug 2019, at 4:16 AM, Scott Christopher 
mailto:s...@ottie.org>> wrote:
...
What I have been saying is that if ARIN revoked Amazon's resources because of a 
trivial matter of bounced Abuse PoC, even if the small "community" of network 
operators and other interested parties passed a rule supporting this, the 
backlash would be *enormous* and lead to media attention, litigation, police, 
investigation by U.S. Congress, etc.

Scott,

That may be the case – for example anyone can initiate litigation for any 
perceived slight, whereas successful litigation is generally requires actual 
contractual breach or other cause of action.

The interests of the public affected by a global Amazon/AWS outage would 
greatly outweigh the rights of this small "community" which would ultimately be 
stripped away, I'd think.

It is possible, but far more likely an outcome in circumstances where ARIN 
contributed in some manner; e.g. an operational outage which was an element in 
the overall global event.
(hence our particular care in certain areas, e.g. ensuring folks know the 
conditions for use of our RPKI repository, and their duty to handle NOTFOUND 
and fall back appropriately per best practices…)

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: User Unknown (WAS: really amazon?)

2019-08-03 Thread John Curran
On 31 Jul 2019, at 5:31 PM, Scott Christopher 
mailto:s...@ottie.org>> wrote:

...
What I have been saying is that, if ARIN did something so brazen as to revoke 
Amazon's resources because of some bounced PoC emails, the impact would be 
*dramatic* and likely lead to the end of ARIN. Just think about this for a 
minute. :) Obviously this will not happen because ARIN is so righteously 
competent. :)

Scott -

ARIN revokes resources because of other administrative matters (e.g. not paying 
one’s ARIN fees), and while there is obviously quite a bit of process and 
notice to avoid this if all possible, we do indeed revoke and networks go down 
as a result.<https://www.arin.net/resources/fees/returns/#revocation

(This isn’t much different that what happens when an organization fails to 
renew their organizational domain name and then disappears from the net – 
failure to follow contractual terms results in consequences sometimes rather 
dramatic, and it’s not the registry’s fault nor is there meaningful legal 
recourse for halfwitted self-inflicted harm…)

If the community passes a new policy that makes clear that ARIN is to exercise 
contractual authority for violations of that policy, then we will establish a 
similar set of processes (with appropriate notice provisions) and then 
implement.

As I have noted previously, I have zero doubt in the enforceability of the ARIN 
registration services agreements in this regard – so please carefully consider 
proposed policy both from the overall community benefit being sought, and from 
the implications faced as a number resource holder having to comply oneself 
with the new obligations.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: Spam due to new ARIN allocation

2019-08-03 Thread John Curran
Tim -

When you have moment, could you forward both of those Whois spam messages to 
complia...@arin.net<mailto:complia...@arin.net> ?

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers]

On 2 Aug 2019, at 7:32 PM, Tim Burke mailto:t...@tburke.us>> 
wrote:

We recently received a new ASN from ARIN - you know what that means... the 
sales vultures come out to play!

So far, it has resulted in spam from Cogent (which is, of course, to be 
expected), and now another company called "CapCon Networks" - 
http://www.capconnetworks.com. As far as I am aware, this practice is against 
ARIN's Terms of Use. Is it worth reporting to ARIN, or perhaps it's worth 
creating a List of People To Never Do Business With™, complete with these 
jokers, and other vultures that engage in similar tactics?

Regards,
Tim Burke
t...@burke.us<mailto:t...@burke.us>



Re: User Unknown (WAS: really amazon?)

2019-07-30 Thread John Curran
On 30 Jul 2019, at 6:44 AM, Scott Christopher 
mailto:s...@ottie.org>> wrote:

On 30/07/2019 11:59, Chris Knipe wrote:

Then update your ARIN records to reflect that.  Fully agree with Dan on
this one.

Imagine ARIN did a take from RIPE NCC [Policy Proposal Idea?] and a
policy came into effect of validating ALL 'OrgAbuseEmail' objects listed
in the ARIN database. And revoked the resources from those that failed
to respond after multiple attempts.

Then imagine the media attention, public outcry, corporate lawyers from Amazon, 
the pressure from Congress, and an ARIN that would no longer function as an 
independent body anymore. . .

Scott -

Alas, you have a fundamental misunderstanding about the nature of ARIN…  we 
don’t do anything other than implement policies that this community wants.  If 
the community developed a policy to require Abuse POC’s validation, and said 
policy made clear that failure to do so was to result in revocation, then ARIN 
would indeed implement the policy (and that includes revocation for those who 
ignored the policy.)

This is actually exactly the way the US Government asked us to operate in 1997 
- "Creation of ARIN will give the users of IP numbers (mostly Internet service 
providers, corporations and other large institutions) a voice in the policies 
by which they are managed and allocated within the North American region.”  
<https://www.nsf.gov/news/news_summ.jsp?cntn_id=102819>.Further, this 
support was reiterated by the USG recently in 2012 - "The American Registry for 
Internet Numbers (ARIN) is the RIR for Canada, many Caribbean and North 
Atlantic islands, and the United States. The USG participates in the 
development of and is supportive of the policies, processes, and procedures 
agreed upon by the Internet technical community through ARIN.”  
<https://www.ntia.doc.gov/blog/2012/united-states-government-s-internet-protocol-numbering-principles>

We’ve see the lawyer route as well, and I have zero doubt in both the 
enforceability of the ARIN registration services agreements and ARIN’s ability 
to operate the registry according to the community policy.

So, my advice is that this community not make policy that it doesn’t want to 
see implemented (and if you have interest or concern about ARIN policies, then 
I’d recommend get involved in their development – 
https://www.arin.net/get-involved/)

i.e. the good news is that this community gets to decide how IP addresses are 
managed in the region (as opposed to some federal agency) – the consequence is 
that we really do manage the registry as directed by this community, so please 
try to avoid self-immolation if at all possible...

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 9:05 PM, Owen DeLong  wrote:
> ...
> The only thing I dispute here is that I’m pretty sure that the principals of 
> ARDC did request ARIN to make ARDC the controlling organization of the 
> resource. The question here is whether or not it was appropriate or correct 
> for ARIN to do so.
> 
> IMHO, it was not. IMHO, ARIN should have recognized that this particular 
> block was issued for a purpose and not to an organization or individual.

Owen - 

All IP address blocks were issued for some purpose, and this includes quite a 
variety of early networks that were issued for various research purposes.  
There are also blocks that were issued (or made available via community 
process) for special purposes; as noted, you can find that registry here - 
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
 
> That contacts were volunteers from the community that agreed to take on a 
> task. Even if the block ended up contactless, it should not have been open to 
> claim and certainly not to 8.3 or 8.4 partial transfer to another 
> organization away from that purpose.
> 
> Unfortunately, the incremental way in which this was done probably rendered 
> ARIN staff into a situation similar to the proverbial (and apocryphal) frog 
> in a pot of water.

Not at all. 

> At each step, it probably seemed on the edge, but still appropriate. This 
> was, of course exacerbated by the fact that the community didn’t really 
> notice anything amiss until this last step, because the individuals in 
> question were, by and large, trusted members of the community that appeared 
> to be continuing to act in the community’s interest.

Actually, the change in 2011 to ARDC was perfectly appropriate then, and would 
be approved if received today – 

AMPRnet was assigned for Amateur Packet Radio Experimentation (a /8 
research assignment) with Hank Magnuski (or his designated successor) to 
determine how that was to be accomplished.   It is presently registered to 
ARDC, a public benefit not-for-profit whose purposes are “to support, promote, 
and enhance digital communication and broader communication science and 
technology, to promote Amateur Radio, scientific research, experimentation, 
education, development, open access, and innovation in information and 
communication technology”, and this change was made by a designated successor 
(Brian Kantor.)  

You might not like ARDC’s administration due to their apparent lack of 
engagement with the community, but it remains quite clear that any of the 
contacts in the lineage of the block could have requested the same update.
The change was compliant with the purpose of original issuance, and has been 
allowed for other projects/activities which similarly formalized their 
structure over time. 

> Honestly, I doubt most of the community was aware of (I certainly wasn’t) the 
> incorporation of ARDC and the subsequent transfer of control of 44.0.0.0/8 to 
> ARDC — The Enterprise vs. ARDC — The purpose. Had I been aware of that move 
> at the time, I certainly would have scrutinized the governance process for 
> ARDC and likely cried foul on that basis. That’s where I believe ARIN erred 
> most grievously in this process and that’s where I believe these resources 
> were hijacked to the detriment of the amateur radio community.

The resources were registered to a not-for-profit entity of similar purpose per 
the direction of the authorized contact.  In addition to the current contact, 
the organization’s board also contains those who were the authorized contact 
for the number block in the past and have contributed heavily to the amateur 
radio community.   If the same request to update the registration were to 
arrive today, it would be approved, as to do otherwise would require that ARIN 
unilaterally impose policy constraints on an address block that are neither 
documented nor are the output of any community process for the definition of a 
special assignment at the IETF. 

As for whether the recent transfer of a /10 portion was “to the detriment of 
the amateur radio community”, that is likely a topic that the amateur radio 
community should discuss with ARDC, and (as noted earlier) may not be 
particularly relevant to this mailing list or its subscribers. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers









Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 8:47 PM, Valdis Klētnieks  wrote:
> 
> On Mon, 22 Jul 2019 20:36:40 -, John Curran said:
> 
>> There is no such creature as a “special purpose” RIR; Regional Internet
>> Registries serve the general community in a particular geographic regions as
>> described by ICANN ICP-2.
> 
> OK, I'll bite then.  Which RIR allocates address space to trans-national 
> interests
> such as the UN or NATO? Given that Matthew Kaufman states a /15 out of 44/8
> was allocated to a German organization, it certainly sounds like we're well 
> into
> transnational territory here.

Valdis -

International organizations today get IP address blocks generally from 
the RIR which serves their headquarters location.

Prior to ARIN’s inception, international organizations who obtained 
address blocks often obtained them from the InterNIC (which handled IP address 
issuance for all parties not in the RIPE or APNIC regions.)

ARIN continued to serve these early registrations upon its formation, 
and most of those registrations were moved to the appropriate RIR in 2002 as 
part of the "ERX - Early Registration Transfer Project” 
<https://www.arin.net/vault/participate/meetings/reports/ARIN_X/PDF/erx.pdf>

Hope this helps clarify things somewhat - thanks for asking!
/John

John Curran
President and CEO
American Registry for Internet Numbers




signature.asc
Description: Message signed with OpenPGP


Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 4:44 PM, Matthew Kaufman  wrote:
> ...
> There's a bit of magic. If ARIN's board of directors decided to up and start 
> taking people's existing IPv4 allocations and selling them to Amazon to beef 
> up the ARIN scholarship fund, the recourse would include going to IANA and 
> noting that ARIN was no longer behaving as a responsible registrar for the 
> global community it serves.

Hmm – a rather interesting thought exercise.   Rather than belabor the point, I 
shall simply suggest that in such circumstances you might find yourself far 
better making use of mechanisms available both in the ARIN bylaws (and under 
Virginia state law for a non-stock membership organization) to address such a 
matter, but that’s based on my perhaps imperfect knowledge of the situation... 

> Here the amateur radio community has noted that ARDC's board of directors has 
> decided to up and start taking people's existing IPv4 allocations (including 
> a /15 in use by the German amateur radio community) and selling them to 
> Amazon to beef up the ARDC grant fund (without engaging with the global 
> community of radio amateurs who thought that net 44 was being held in trust 
> for them, or engaging with even those entities/individuals who'd already been 
> allocated address space in the block). But because ARDC isn't actually an IP 
> address registrar of global IP space for its community as delegated by IANA, 
> we're left with grasping at ARIN for some accountability here.


It is both touching (and somewhat disquieting) that you view the RIR system 
being the only available source of community accountability, but it is not 
correct – ARDC has significant obligations as non-profit public benefit 
corporation in order to remain a valid legal entity.   I imagine that there is 
now significantly more engagement between the amateur radio community and that 
organization, and one hopes it can be positively directed to further digital 
communication by the amateur radio community. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 4:17 PM, Matthew Kaufman 
mailto:matt...@matthew.at>> wrote:

The change in character/purpose of the network has operational impacts to me, 
and as such should have been done as an IANA action (as the original purpose 
was arguably also set by IANA action, when IANA was Jon Postel, and simply not 
documented very well):

I am the network administrator for a 501(c)(3) amateur radio club that operates 
a digital microwave network licensed via FCC Part 101 (commercial microwave), 
FCC Part 15 ("unlicensed" ISM) and FCC Part 97 (amateur radio). The Part 97 
links are, by law, restricted to amateur radio uses. One way to ensure this is 
to filter based on the fact that 44.0.0.0/8<http://44.0.0.0/8> is for 
international amateur radio use only. That has changed as a result of ARIN's 
consent to a "transfer" to an entity that will not be using these for the 
originally stated purpose. We have a /23 allocated within 
44.0.0.0/8<http://44.0.0.0/8> and it is likely that as we expand we will need 
additional address space, so the transfer of some of the unallocated space is 
of concern for that reason as well.

What *should* have happened at the time of the formation of ARIN and the other 
regional registries is that either 1) the 44.0.0.0/8<http://44.0.0.0/8> block 
have been delegated to a special-purpose RIR incorporated to manage the amateur 
radio allocations within this block (which is what ampr.org<http://ampr.org/> 
has been doing, but not as an IANA-recognized community-managed RIR); or 2) the 
44.0.0.0/8<http://44.0.0.0/8> block have been delegated to another RIR (e.g., 
ARIN) that could have special policies applicable only to that block and 
managed by the community.

There is no such creature as a “special purpose” RIR; Regional Internet 
Registries serve the general community in a particular geographic regions as 
described by ICANN ICP-2.

I would note that ARIN’s original “region” was actually fairly broad 
(everything not in the RIPE or APNIC regions, just as InterNIC had served), and 
this included numerous “unusual" allocations to various international projects 
such as research stations, global airline networks, consortia, and other 
purposes both of formal legal structure and otherwise.  In all cases, the 
entities successfully administer subassignments based on their own unique 
policies; it is not necessary for the IANA or an RIR to be involved in such 
special purpose networks, so long as there is a party appropriately 
administering the sub assignments for the network on behalf of the particular 
community.

I would guess that in either case, the odds that the community would have 
decided to peel off 1/4 of the space and sell it to a commercial entity would 
have been low, and that the odds that IANA would have agreed to go along with 
such a thing at least as low.

Instead we're here, because ARIN treated "Amateur Radio Digital Communications" 
not as a purpose (that happened to not be documented well via RFC or other 
process) but as an organization name that anyone could adopt, given sufficient 
documentation. Despite the fact that the block was already being used in a way 
that you'd expect an RIR to be behaving, not the way the organization has 
behaved.

Matthew - It is completely incorrect that all it took was "an organization name 
that anyone could adopt, given sufficient documentation” –≈ the organization 
name is not sufficient; you need to have the authorized contact for IP address 
block make such a request – as administration of the block was entrusted to the 
contact, and the party requesting needs to be the original registrant or their 
designated successor in a clear chain of authority.

Again, I'm sure that this was all well-intentioned... but nobody from ARDC 
asked any of the hams like me who've been sending TCP/IP over ham radio since 
it was possible, and have active allocations within the 44 net what we thought 
about this idea.
...
 That's why a real RIR for this space would have had a policy development 
process where *the community* could weigh in on ideas like "sell of 1/4 of it 
so we can have a big endowment". Which, heck, we might have all agreed to... if 
there was some transparency.

Those are excellent questions for ADCR regarding its governance and 
accountability plans, but again, none of that requires any special “RIR” magic 
to accomplish; it simply takes a not-for-profit organization that serves its 
community – such entities are quite common but they require an active and 
engaged community and appropriate governance structures.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 3:35 PM, William Herrin 
mailto:b...@herrin.us>> wrote:

On Mon, Jul 22, 2019 at 12:24 PM John Curran 
mailto:jcur...@arin.net>> wrote:
> Nothing in the publicly vetted policies demanded that you attach 
> organizations to the purpose-based allocations

You’ve suggested that this network was some special “purpose-based” allocation, 
but failed to point to any actual policy guidance that distinguishes it in that 
manner.

John,

As admitted at https://www.ampr.org/amprnet/, Hank Magnuski and Jon Postel 
thought it was a swell idea and simply did it.

Bill -

In which case, I’d recommend contacting Hank Magnuski to obtain documentation 
of your particular interpretation, as there are no published policy documents 
which indicate anything other than an allocation from the general purpose IPv4 
space for an "amateur packet radio" research network (and in particular nothing 
that would indicate that stewardship over the allocation should rest with any 
party other than the assigned contact for the block.)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers









Re: 44/8

2019-07-22 Thread John Curran
On 22 Jul 2019, at 1:16 PM, William Herrin  wrote:
> 
> Respectfully John, this wasn't a DBA or an individual figuring the org name 
> field on the old email template couldn't be blank. A class-A was allocated to 
> a _purpose_.

Bill - 

The block in question is a /8 research assignment made with a particular 
network name and a particular responsible technical contact, just as so many 
other research networks during that period; indeed, if that is what you meant 
by “purpose”, then you are correct.   Like so many of those early research 
networks, the evolution of the block over time was under control of the contact 
listed in the registry, and resulted in some being returned, some ending up 
with commercial firms, some with not-for-profit entities, etc.   

In the case of AMRPNET, in 2011 ARIN did approve update of the registration to 
a public benefit not-for-profit at the request of the registered contact.   

> You've not only allowed but encouraged that valuable resource to be 
> reassigned to an organization, this ARDC, and then treated the organization 
> as a proxy for the purpose. No one asked you to do that.

Again, ARIN was specifically requested to do exactly that by the authoritative 
contact, and it was correct to proceed given that the IP block was a general 
purpose IP address block absent any other policy guidance. 

> Nothing in the publicly vetted policies demanded that you attach 
> organizations to the purpose-based allocations

You’ve suggested that this network was some special “purpose-based” allocation, 
but failed to point to any actual policy guidance that distinguishes it in that 
manner.Note that we do have many such documents that identify a variety of 
purpose-based allocations – for example, RFC 5737 ("IPv4 Address Blocks 
Reserved for Documentation”),  RFC 6598 for 'Shared Address Space' for CGN, 
etc.  If you do have a IETF or IANA policy document applicable to AMPRNET that 
somehow has been overlooked, please provide it to ARIN as part of an Internet 
number resource fraud report, and we will promptly review and investigate. 

In the meantime, if you are curious about the actual IPv4 special-purpose 
assignments, you can find the complete list here: 
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
 – there’s quite a few, but AMPRNET is not one of them. 

Thanks, 
/John

John Curran
President and CEO
American Registry for Internet Numbers








Re: 44/8

2019-07-22 Thread John Curran
On 21 Jul 2019, at 7:32 AM, William Herrin  wrote:
> 
> Having read their explanation, I think the folks involved had good reasons 
> and the best intentions but this stinks like fraud to me. Worse, it looks 
> like ARIN was complicit in the fraud -- encouraging and then supporting the 
> folks involved as they established a fiefdom of their own rather than 
> integrating with the organizations that existed.

Bill - 

ARIN routinely deals situations where the point of contact for a number 
resource did not have a formal organization at the time of issuance of the IP 
address block, and we are quite careful to make sure that the appropriate 
pedigree is maintained. 

It is important to realize that ARIN doesn’t automatically consider the 
responsible contact to be authoritative for an early assignment for any change 
requested (i.e. an early administrative contact cannot simply usurp an address 
block for any purpose they desire) but we do indeed recognize organization 
changes (such as incorporation) that are consistent with the original listed 
registrant and supported by the current administrative contact for the 
resource. 

As you are aware, there are individuals and businesses who operate as a “Doing 
Business As/DBA" or on behalf on an unincorporated organization at the time of 
issuance; it is a more common occurrence than one might imagine, and we have to 
deal with the early registrations appropriately based on the particular 
circumstance.   ARIN promptly put processes in place so that such 
registrations, having been made on behalf of a particular purpose or 
organization, do not get misappropriated to become rights solely of the point 
of contact held for personal gain – indeed, there are cases where organizations 
are created with similar names for the purposes of hijacking number resources, 
but such cases don’t generally involve principles who were involved in the 
administration of the resources since issuance nor do they involve 
formalization of the registrant into a public benefit not-for-profit 
organization.

Despite your assertions, it is not for ARIN to judge whether a given early 
number resource was issued to the “best” responsible contact/organization for 
the job; it is our job to simply maintain the registry according the policies 
set by the IETF and this community – to do anything else would result in 
haphazard administration and undermine the stability of the entire registry. 

> The "appearance of impropriety" is then magnified by ARIN deeming the matter 
> a private transaction between it and the alleged registrants to which the 
> pubic is not entitled to a detailed accounting.

As you are aware, Bill, number resource requests to ARIN are private, but the 
results end up quite visible in the public registry and there is a reporting 
process if you believe that any change has been made based on fraudulent 
information. 

If the folks would like number resource requests (such as transfer requests) to 
be public when submitted to ARIN, that is also possible, but would require very 
specific policy directing us accordingly.  I do not know if the community would 
support such a change, but if you are interested in proposing such then you 
should review <https://www.arin.net/participate/policy/pdp/appendix_b/> for 
instructions on submission of a policy proposal. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:50 AM, Matt Harris 
mailto:m...@netfire.net>> wrote:

On Fri, Jul 19, 2019 at 10:41 AM John Curran 
mailto:jcur...@arin.net>> wrote:
On 19 Jul 2019, at 11:34 AM, Matt Harris 
mailto:m...@netfire.net>> wrote:
Hey John, I understand that, however my understanding is that the establishment 
of an ARIN RSA is required prior to the transfer of a block or a portion or a 
block via ARIN (such as the transfer of 44.192/10). Thus, this would mean that 
the 44/8 block is now governed by an (well, more than one, now that it's split) 
ARIN RSA (or LRSA) whereas it was not before.  Is that not correct?

Matt -

ARIN doesn’t discuss details of specific registrations publicly; you need to 
refer any such questions to the registrant.

Without discussing any specific registration whatsoever, my understanding is 
that what I stated is the case as a matter of policy. Was just looking for 
confirmation that my reading of ARIN policy docs was not incorrect. :)

Matt -

Legacy resource holders may transfer a portion of their number resources 
without bringing the entire block under a registration services agreement.

/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:46 AM, Tom Beecher 
mailto:beec...@beecher.cc>> wrote:

Understood on specifics. But can you comment on the general ARIN policy on the 
topic? My understanding was that once a legacy resource was transferred , it 
was permanently removed as a legacy resource.

As noted earlier, general ARIN policy is as follows -

Those who received IPv4 address blocks by InterNIC (or its predecessors) prior 
to the inception of ARIN on 22 December 1997 are legacy resource holders, and 
continue to receive those same registry services for those blocks (Whois, 
reverse DNS, ability to update) without any need for an agreement with ARIN.  
This has been provided without any fee to the original registrants (or their 
legal successors) as recognition of their contributions to the early Internet.

Some legacy resource holders opt to sign a “legacy registration services 
agreement” by which ARIN provides specific and well-defined legal rights to the 
registrant – this is the same RSA as other ARIN customers, but ARIN caps the 
total annual maintenance fees that are incurred by legacy resource holders.  An 
RSA is also required to receive services that the community has funded the 
developed since ARIN’s inception, such as resource certification services.


Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:33 AM, Tom Beecher 
mailto:beec...@beecher.cc>> wrote:

If they choose to they could have (in the ARIN region) signed a LRSA,
but that's even been removed, in favor
of the now much more watered down RSA.

I believe ARCD would have been required to sign an LRSA (if they had not 
previously) in order to transfer the block to Amazon.

Also, a question for perhaps John here.

Organization:   Amazon Technologies Inc. (AT-88-Z)

https://www.arin.net/about/corporate/agreements/rsa_faq/#legacy-resource-holder-faq

How do I know if my legacy number resources are already covered under an LRSA 
or not?
Typically, any legacy number resources that are covered under an LRSA will be 
associated with an Organization ID ending in a “-Z”. If you have any questions 
regarding your legacy resources, please contact ARIN’s Registration Services 
Department. You may contact the Registration Services Help Desk at 
+1.703.227.0660 or by submitting an Ask 
ARIN<https://account.arin.net/public/communication/message/beginQuestion.xhtml> 
ticket via your ARIN Online account.

Unless there was a clerical error somewhere, is this telling us that 
44.192.0.0/10<http://44.192.0.0/10> remains classified as a legacy resource? I 
didn't think that was possible given that Amazon was not the original assignee.

Tom -

ARIN doesn’t discuss details of specific registrations publicly; you need to 
refer any such questions to the registrant.

/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:34 AM, Matt Harris 
mailto:m...@netfire.net>> wrote:

On Fri, Jul 19, 2019 at 10:29 AM John Curran 
mailto:jcur...@arin.net>> wrote:

Matt -

Chris is correct.   Those who received IPv4 address blocks by InterNIC (or its 
predecessors) prior to the inception of ARIN on 22 December 1997 are legacy 
resource holders, and continue to receive those same registry services for 
those blocks (Whois, reverse DNS, ability to update) without any need for an 
agreement with ARIN.  This has been provided without any fee to the original 
registrants (or their legal successors) as recognition of their contributions 
to the early Internet.

Hey John, I understand that, however my understanding is that the establishment 
of an ARIN RSA is required prior to the transfer of a block or a portion or a 
block via ARIN (such as the transfer of 44.192/10). Thus, this would mean that 
the 44/8 block is now governed by an (well, more than one, now that it's split) 
ARIN RSA (or LRSA) whereas it was not before.  Is that not correct?

Matt -

ARIN doesn’t discuss details of specific registrations publicly; you need to 
refer any such questions to the registrant.

/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:12 AM, Christopher Morrow  wrote:
> 
> On Fri, Jul 19, 2019 at 10:58 AM Matt Harris  wrote:
> 
>> Hence it's no longer "legacy" space that isn't covered by an RIR RSA but is 
>> instead now covered by an ARIN RSA.
> 
> 'RIR RSA" is not a thing.
> Legacy blocks are basically drifting in the winds... there's no
> requirement on the holders to do anything really..
> If they choose to they could have (in the ARIN region) signed a LRSA,
> but that's even been removed, in favor
> of the now much more watered down RSA.

Matt - 

Chris is correct.   Those who received IPv4 address blocks by InterNIC (or its 
predecessors) prior to the inception of ARIN on 22 December 1997 are legacy 
resource holders, and continue to receive those same registry services for 
those blocks (Whois, reverse DNS, ability to update) without any need for an 
agreement with ARIN.  This has been provided without any fee to the original 
registrants (or their legal successors) as recognition of their contributions 
to the early Internet.

Some legacy resource holders opt to sign a “legacy registration services 
agreement” by which ARIN provides specific and well-defined legal rights to the 
registrant – this is the same RSA as other ARIN customers, but ARIN caps the 
total annual maintenance fees that are incurred by legacy resource holders.  An 
RSA is also required to receive services that the community has funded the 
developed since ARIN’s inception, such as resource certification services. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers






Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 11:06 AM, Matt Harris  wrote:
> 
> Hey John,
> I think perhaps the relevant questions for ARIN here are:
> ...

Matt - 

ARIN doesn’t publicly discuss details of any specific registration requests; 
you would need to refer any of those questions to the registrant. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: 44/8

2019-07-19 Thread John Curran
On 19 Jul 2019, at 10:37 AM, Brielle mailto:br...@2mbit.com>> 
wrote:

On Jul 19, 2019, at 6:03 AM, John Curran 
mailto:jcur...@arin.net>> wrote:
Be specific in your report regarding what change you believe was in error and 
why – we investigate all such reports and will correct any changes made in 
error.

Actually, I’d love to hear an official statement from ARIN about the state of 
this transfer - it’s legitimacy, ARINs involvement with it, who approved of the 
transfer (if any) etc.

Was ARIN not involved?  If not, why not?  44/8 isn’t like a normal assignment.  
It’s a legacy assignment likely with stipulations from when it was originally 
assigned to the HAM group(s).

As stated before, ARIN did receive and process a request from the 44/8 
registrant to transfer a portion of the block to another party.

For all transfer requests, we review and confirm:

- That the source of the transfer is the legal entity which holds the rights to 
the address block in the registry
- That the transfer is authorized by an registered officer of that legal entity
- That the recipient org has approval per policy to receive an address block of 
the appropriate size

You may have other questions that are better referred to the registrant 
(Amateur Radio Digital Communications); e.g. regarding why the request was made 
–
I will note that the contact information for the block is current in the Whois 
database, and available at <https://search.arin.net/rdap/?query=44.0.0.0>

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

2019-07-19 Thread John Curran
On 11 Jul 2019, at 3:23 PM, Michael Thomas  wrote:
> 
> I used to think that email spam was a law enforcement problem too, but it's 
> become very clear that law enforcement has little to no interest in solving 
> geeks' problems.

Law enforcement deals with legal entities (persons, organizations) and 
jurisdictions (i.e. physical locations) in determining both applicable law and 
appropriate enforcement authority. 

The Internet does not provide reliable attribution of entity or locale, thus 
precluding any efficient use of our existing law enforcement framework – it is 
no surprise that our Internet design choices have such consequences. 

c'est la vie sur Internet,
/John



Re: 44/8

2019-07-19 Thread John Curran
On 18 Jul 2019, at 11:40 PM, Majdi S. Abbas 
mailto:m...@latt.net>> wrote:
...
There are some potential legal title questions around this,
and if ARIN is facilitating transactions with questionable history,
that is something the Internet community might be concerned about.

Majdi -

If you believe that fraud has occurred with respect to an update of the ARIN 
registry, then please report it here - 
https://www.arin.net/reference/tools/fraud_report/

Be specific in your report regarding what change you believe was in error and 
why – we investigate all such reports and will correct any changes made in 
error.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers






Interested in helping to lead ARIN? (was: [arin-announce] 2019 Call for ARIN Board of Trustees, ARIN Advisory Council, and NRO Number Council Nominations)

2019-07-15 Thread John Curran
NANOGers -

ARIN’s Nomination Committee is seeking suitable individuals to run for the ARIN 
Board of Trustees, ARIN Advisory Council, and NRO Number Council.

If you have any interest in doing so, or are aware of others who might wish to, 
there is additional information on the requirements and application process 
below.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] 2019 Call for ARIN Board of Trustees, ARIN Advisory 
Council, and NRO Number Council Nominations
Date: 15 July 2019 at 11:06:12 AM EDT
To: mailto:arin-annou...@arin.net>>

Nominations are being accepted now through 5:00 PM ET, Thursday, 22 August 
2019, to fill two seats on the ARIN Board of Trustees, five seats on the ARIN 
Advisory Council, and one seat on the Number Resource Organization Number 
Council (NRO NC). Candidates are expected to serve three-year terms effective 1 
January 2020 and incumbents may be re-elected for
consecutive terms.

ARIN Trustees and representatives from ARIN’s General Members in Good Standing 
are welcome and strongly encouraged to nominate candidates for seats on the 
ARIN Board of Trustees and Advisory Council. A nominator may nominate 
themselves, a representative from an ARIN Member organization, or from 
non-member organizations consistent with ARIN election processes and may make 
up to three nominations per open seat.

Any individual, regardless of ARIN Member affiliation, may self-nominate or 
nominate one or more candidates to fill one seat on the NRO Number Council. 
Nominees for the NRO Number Council, however, must reside within the ARIN 
region.

Individuals whose terms will conclude on 31 December 2019 are:

•ARIN Board of Trustees: Patrick Gilmore and Bill Sandiford
•ARIN Advisory Council: Owen DeLong, Alyssa Moore, Tina Morris, Joe Provo, 
and Alison Wood
•NRO Number Council: Jason Schiller

To submit a nomination now, please visit:

https://www.surveymonkey.com/r/ARIN2019Nominations

To review initial requirements, qualifications, and/or responsibilities of the 
ARIN Board of Trustees, the ARIN Advisory Council, or the NRO NC, please visit 
the respective page below:

ARIN Board of Trustees: https://www.arin.net/about/welcome/board/requirements/

ARIN Advisory Council: https://www.arin.net/about/welcome/ac/requirements/

NRO Number Council: 
https://www.arin.net/participate/oversight/elections/nronc/#nominee-eligibility-requirements-responsibilities-upon-election

All nominees must confirm that they qualify and are willing to serve if elected 
and that they do not violate the Nomination and Appointment Conflict of 
Interest List found at:

https://www.arin.net/participate/oversight/elections/conflicts/

For detailed information on the ARIN Board of Trustees and Advisory Council 
nomination processes, please visit:

https://www.arin.net/participate/oversight/elections/processes/#nominations

For detailed information on the NRO NC nomination processes, please visit:

https://www.arin.net/participate/oversight/elections/nronc/#nomination-process

The ARIN Board of Trustees and Advisory Council elections have a Nomination 
Committee (NomCom) that is responsible for identifying, recruiting, and 
assessing candidates standing for election to the ARIN Board of Trustees and 
ARIN Advisory Council, in accordance with ARIN Bylaws and the ARIN Election 
Processes. This year’s NomCom members are:

•ARIN Board of Trustees Members
oDan Alexander (NomCom Chair)
oNancy Carter
•General Member Volunteers
oKevin Blumberg
oAndrew Dul
oAndrew Gallo
oByron Holland
oDavid Huberman

For more information on ARIN’s NomCom, please visit:

https://www.arin.net/about/welcome/board/committees/#2019-nomination-committee-nomcom

2019 ARIN Elections will take place online from 31 October through 8 November. 
To vote in this year’s elections, an ARIN Member organization must be a General 
Member in Good Standing and have a Voting Contact with an ARIN Online account 
on file by Monday, 16 September 2019, the published voter eligibility deadline. 
For step-by-step instructions on how to designate a Voting Contact, please 
visit:

https://www.arin.net/participate/oversight/membership/voting/#designating-a-voting-contact

For questions, to confirm your organization’s voting eligibility, or for 
additional information or assistance, please email the ARIN Member Services 
team at memb...@arin.net.

Regards,

Wendy Leedy
Member Engagement Specialist
American Registry for Internet Numbers (ARIN)

Key Election Date Reminders:

15 July – 22 August: Call for ARIN Board of Trustees, ARIN Advisory Council, 
and NRO NC Nominations

16 September: Deadline to Establish Voter Eligibility

31 October – 8 November: ARIN Elections Open

___
ARIN-Announce




Regarding the ARIN Advisory Council and ARIN PDP (was: Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation)

2019-04-27 Thread John Curran
On 26 Apr 2019, at 5:49 PM, JORDI PALET MARTINEZ via NANOG  
wrote:
> ...
> Not only that. I really think they have not invested enough time to read the 
> proposal, check with the authors and then take a decision. We have got some 
> email exchange, but clearly not sufficient. I also must state that the staff 
> has been very helpful and diligent to clarify and support the petition 
> process. Just the point is, should have never been needed, it exposes how bad 
> (in my opinion) is the ARIN AC model.

Jordi - 

I have no views on the particular policy proposal or the petition action, but 
want to be clear regarding some of your characterizations of the ARIN Policy 
Development Process (ARIN PDP).  It is correct that the ARIN Advisory Council 
(a body elected by the ARIN membership) is in charge of administering the 
policy development process, including working with submitters to get their 
proposals accepted as draft policies and revising draft policies based on the 
community discussion. 

In general, policy proposals are discussed at length between the submitter and 
the assigned ARIN Advisory Council (ARIN AC) members, with the goal of making a 
clear and understandable statement of the problem in number resource policy 
that is to be addressed – as that is the required criteria for a Draft Policy.  
Once a policy proposal has a clear problem statement, the ARIN AC accepts it as 
a Draft Policy and it is discussed (often at length) on the ARIN Public Policy 
Mailing List.   The ARIN AC works diligently with submitters to make sure that 
their proposals are clear and adopted as Draft Policies, and this occurs even 
when the assigned AC members don’t necessarily support the merits of the 
particular proposal.   The strength of the ARIN PDP process is that nearly 
anyone can submit an idea for changes to our number resource policy (even with 
no knowledge of ARIN's policy development process) and the ARIN AC becomes 
their advocate in getting a clear draft policy put before the community for 
discussion.   We have had policy proposals made by several segments of the 
Internet community that are not deeply involved in the RIR system or the 
network operator community, but have insight into specific problems in number 
resource policy that they were able to get addressed. 

There is an exception to this process, i.e. a case where the ARIN AC doesn’t 
work on a policy proposal, and it occurs with proposals which lie outside the 
scope of number resource policy.  The ARIN AC does make an initial 
determination of whether the policy proposal is within scope – the reason for 
such an evaluation is to make sure that the community doesn’t spend its time 
working on proposals which aren’t germane to how ARIN administers number 
resources, and I will note the overwhelming majority of policy proposals meet 
this criteria with ease.  Additionally, ARIN’s Policy Development Process 
contains many “checks and balances” to provide for the development of fair and 
impartial policy, and as you are aware, in the case of a policy proposal out of 
scope, there is a petition with a very low threshold (10 supporters) to provide 
for referral to ARIN’s Board of Trustees for review and final determination.  
Having the Board of Trustees handle such determinations makes perfect sense, as 
they are ultimately responsible for determining the scope of ARIN’s mission. 

I understand that your policy proposal has been deemed out of scope, but I’d 
like to point of that such events are a very rare occurrence, and do not 
reflect the circumstances that the vast majority of submitters face when 
working with the ARIN AC and the ARIN Policy Development Process.   You might 
not see the merits of the ARIN Advisory Council administration of ARIN’s policy 
development process, but their efforts are almost universally in support of 
those submitting policy proposals, and the effectiveness of their advocacy 
demonstrated by the long line of clear, technically sound and useful policy 
changes in the ARIN region. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers







"Under the hood" at ARIN (was: ARIN upgrade completed)

2019-03-22 Thread John Curran
And for those looking into a little insight "under the hood" of the new ARIN 
Online system & website, Andy Newton wrote a short blog that highlights some of 
the architecture and framework decisions we made –

https://teamarin.net/2019/03/19/under-the-hood-of-the-new-arin-net/

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 2 Mar 2019, at 4:14 PM, John Curran 
mailto:jcur...@arin.net>> wrote:

Folks -

  The upgrade to www.arin.net<http://www.arin.net/> and the ARIN Online system 
has been completed as scheduled.

  Release notes are online here: https://www.arin.net/announcements/20190302/

Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers




ARIN upgrade completed (was: Re: FYI - Major upgrade this weekend to www.arin.net and ARIN Online)

2019-03-02 Thread John Curran
Folks -

  The upgrade to www.arin.net<http://www.arin.net> and the ARIN Online system 
has been completed as scheduled.

  Release notes are online here: https://www.arin.net/announcements/20190302/

Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 27 Feb 2019, at 12:02 PM, John Curran 
mailto:jcur...@arin.net>> wrote:

Argh - my error on errant truncation.

Correct link is further down the email, but also here -

   https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/

/John

John Curran
President and CEO
American Registry for Internet Numbers


...

From: NANOG mailto:nanog-boun...@nanog.org>> on behalf 
of John Curran mailto:jcur...@arin.net>>
Sent: Wednesday, February 27, 2019 10:56:27 AM
To: nanog list
Subject: FYI - Major upgrade this weekend to www.arin.net<http://www.arin.net/> 
and ARIN Online

NANOGers -

This weekend there will be a major upgrade to 
www.arin.net<http://www.arin.net/> website and the ARIN Online system.

If you routinely use these systems, you might want to read what follows for an 
overview of the upcoming change –
.<https://teamarin.net/%E2%80%A6/02/27/getting-ready-for-the-big-rev%E2%80%A6/>..

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] How Community Input Shaped Our New 
ARIN.NET<http://arin.net/>
Date: 27 February 2019 at 11:50:22 AM EST
To: mailto:arin-annou...@arin.net>>

On 2 March, we will be deploying a new and improved 
www.arin.net<http://www.arin.net/>. This
project is the product of collaboration with our community; user input
was a driving factor at every stage. We encourage you to read our new
blog post about the process and some of the changes you will see when we
go live:

https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net<mailto:i...@arin.net> if you experience any issues.




Re: FYI - Major upgrade this weekend to www.arin.net and ARIN Online

2019-02-27 Thread John Curran
Argh - my error on errant truncation.

Correct link is further down the email, but also here -

   https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/

/John

John Curran
President and CEO
American Registry for Internet Numbers


On 27 Feb 2019, at 11:59 AM, Mitcheltree, Harold B 
mailto:p...@ots.utsystem.edu>> wrote:

Link fails -
ARTICLE NOT FOUN

--Pete

From: NANOG mailto:nanog-boun...@nanog.org>> on behalf 
of John Curran mailto:jcur...@arin.net>>
Sent: Wednesday, February 27, 2019 10:56:27 AM
To: nanog list
Subject: FYI - Major upgrade this weekend to www.arin.net<http://www.arin.net> 
and ARIN Online

NANOGers -

This weekend there will be a major upgrade to 
www.arin.net<http://www.arin.net/> website and the ARIN Online system.

If you routinely use these systems, you might want to read what follows for an 
overview of the upcoming change –
https://teamarin.net/…/02/27/getting-ready-for-the-big-rev…/<https://teamarin.net/%E2%80%A6/02/27/getting-ready-for-the-big-rev%E2%80%A6/>

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] How Community Input Shaped Our New 
ARIN.NET<http://arin.net/>
Date: 27 February 2019 at 11:50:22 AM EST
To: mailto:arin-annou...@arin.net>>

On 2 March, we will be deploying a new and improved 
www.arin.net<http://www.arin.net/>. This
project is the product of collaboration with our community; user input
was a driving factor at every stage. We encourage you to read our new
blog post about the process and some of the changes you will see when we
go live:

https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



FYI - Major upgrade this weekend to www.arin.net and ARIN Online

2019-02-27 Thread John Curran
NANOGers -

This weekend there will be a major upgrade to www.arin.net<http://www.arin.net> 
website and the ARIN Online system.

If you routinely use these systems, you might want to read what follows for an 
overview of the upcoming change –
https://teamarin.net/…/02/27/getting-ready-for-the-big-rev…/<https://teamarin.net/%E2%80%A6/02/27/getting-ready-for-the-big-rev%E2%80%A6/>

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] How Community Input Shaped Our New 
ARIN.NET<http://ARIN.NET>
Date: 27 February 2019 at 11:50:22 AM EST
To: mailto:arin-annou...@arin.net>>

On 2 March, we will be deploying a new and improved 
www.arin.net<http://www.arin.net>. This
project is the product of collaboration with our community; user input
was a driving factor at every stage. We encourage you to read our new
blog post about the process and some of the changes you will see when we
go live:

https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Re: A Zero Spam Mail System [Feedback Request]

2019-02-22 Thread John Curran
On 22 Feb 2019, at 9:58 AM, Miles Fidelman  wrote:
> 
> On 2/22/19 10:07 AM, John Curran wrote:
> 
>> On 22 Feb 2019, at 7:08 AM, Miles Fidelman  
>> wrote:
>>> On 2/22/19 12:03 AM, John Curran wrote:
>>> 
>>>> Either way, until such time your solution is deployed widely enough to 
>>>> significantly impact network operations, it’s unlikely to be a 
>>>> particularly relevant topic for discussion here.
>>>> 
>>> Notable exception:  DMARC.  Broke email lists everywhere - including those 
>>> that folks use to solve problems on the net. Heck, it broke the ietf email 
>>> list.
>> Indeed - while a self-inflicted injury on its customers, the network effects 
>> of massive operating scale effectively transition the problem space from 
>> private actor to public…
>> 
>> hence not an notable exception, but an actual example of "deployed widely 
>> enough”
> 
> Hmmm  But wasn't the initial impact of DMARC that so few senders of email 
> had implemented it? 

If you (or your email service provider) deploy an optional solution (e.g. DMARC 
p=reject) that prevents you from receiving email from mailing lists sending in 
conformance with existing standards, then that’s your choice.

Expecting that others will automatically change their behavior (such as 
wrapping email from mailing lists) isn’t reasonable - you’ve effectively 
decided (or let your provider decide) that you don’t want existing 
communications to work for some categories of standard-compliant email.   The 
alternative is ‘Internet Coordination’, but that requires actually coordination 
before making major changes that will break things. 

> Also, the impact wasn't just on customers, but on trading partners & 
> communities - communications being a two way street and all.

One doesn’t communicate with folks who chose (or let their service provider 
chose) not to receive email accordingly existing standards. 
In any case, irrelevant to the dombox situation, unless/until someone actually 
deploys at a scale large enough to require consideration. 

/John

Re: A Zero Spam Mail System [Feedback Request]

2019-02-22 Thread John Curran
On 22 Feb 2019, at 7:08 AM, Miles Fidelman  wrote:
> 
> On 2/22/19 12:03 AM, John Curran wrote:
> 
>> Either way, until such time your solution is deployed widely enough to 
>> significantly impact network operations, it’s unlikely to be a particularly 
>> relevant topic for discussion here.
>> 
> Notable exception:  DMARC.  Broke email lists everywhere - including those 
> that folks use to solve problems on the net. Heck, it broke the ietf email 
> list.

Indeed - while a self-inflicted injury on its customers, the network effects of 
massive operating scale effectively transition the problem space from private 
actor to public…  

hence not an notable exception, but an actual example of "deployed widely 
enough”

/John





Re: A Zero Spam Mail System [Feedback Request]

2019-02-21 Thread John Curran
On 17 Feb 2019, at 8:03 PM, Viruthagiri Thirumavalavan  wrote:
> ...
> White Paper - https://www.dombox.org/dombox.pdf 
> 
Viruthagiri -

It does not appear that you require anything from this community, as it appears 
from reading your white paper that your proposed solution relies upon existing 
Internet protocols and extensions (e.g. SMTP, SPF, DNS, DNS TXT RR types, etc.) 
  

One of the nice things about the Internet is that folks can generally innovate 
without seeking permission from anyone – the protocols are mostly agnostic 
about the things running over them, so you can implement and promote your 
solution today – nothing prevents you from moving ahead, and if you have 
created something that is truly valuable, then you should have no trouble 
finding investors, customers, and partners for your proposed solution.  If your 
proposed solution doesn’t prove to have a useful return on investment, then 
that instead shall become apparent. 

Either way, until such time your solution is deployed widely enough to 
significantly impact network operations, it’s unlikely to be a particularly 
relevant topic for discussion here. 

/John





Re: A Zero Spam Mail System [Feedback Request]...sendmail.cf

2019-02-21 Thread John Curran
On 20 Feb 2019, at 9:16 PM, b...@theworld.com wrote:
> On February 20, 2019 at 15:29 br...@2mbit.com (Brielle Bruns) wrote:
>> On 2/20/2019 1:22 PM, Matthew Black wrote:
>>> Have you ever created a sendmail.cf without using M4?
> 
> I've certainly maintained them, one usually started with whatever came
> with the source distr or maybe you'd get someone to share something
> with you to bang on.
> 
> One reason sendmail.cf's seem so complicated is because sendmail was
> designed to gateway and route between very different email systems.
> ...

  sendmail.cf was fun, but MMDF channels were so much more amusing –
and rather necessary in order to deal with gatewaying BITNET, phonenet, DECNET, 
X25NET, uunp, and ondemand dialup-ip ppp and cslip domains in a semi-reliable 
manner on the relay.cs.net  and relay2.cs.net 
 servers.  

It didn’t help that many sendmail.cf files in those days shipped relay.cs.net 
 preset as 
their default smtp relay host…  always made for large queues and careful 
editing. 

/John




Fwd: [arin-announce] ARIN Board Suspends Waiting List Issuance Policy

2019-02-07 Thread John Curran
FYI - Relevant to discussion on this list re ARIN IPv4 waiting list.

FYI,
/John

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Date: February 7, 2019 at 4:15:51 PM EST
To: mailto:arin-annou...@arin.net>>
Subject: [arin-announce] ARIN Board Suspends Waiting List Issuance Policy

At their business meeting in January 2019, the ARIN Board of Trustees,
in light of the potential misuse of number resources under NRPM section
4.1.8 (Unmet Requests), suspended issuance of number resources per NRPM
section 4.1.8.2. (Fulfilling unmet needs), and referred NRPM section
4.1.8 to the ARIN Advisory Council for their recommendation. ARIN will
complete open transactions to waiting list organizations where IPv4
addresses have already been approved pending fee payment.

We will continue to accept and process IPv4 requests according to NRPM
4.1.8, and organizations may be added to the waiting list while waiting
list issuance is suspended. All future IPv4 address space issued under
this policy is subject to the outcome of pending policy review.

To view the Board meeting minutes, visit:
https://www.arin.net/about_us/bot/bot2019_0116.html

View NRPM 4.1.8 at:
https://www.arin.net/policy/nrpm.html#four18

Regards,

John Curran
President & CEO
American Registry for Internet Numbers (ARIN)

ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net<mailto:i...@arin.net> if you experience any issues.


ARIN DNSSEC Monitoring enhancement deployed (was: 2019-01-11 ARIN.NET DNSSEC Outage – Post-Mortem)

2019-02-04 Thread John Curran
On 11 Jan 2019, at 3:59 PM, John Curran 
mailto:jcur...@arin.net>> wrote:
...
My apologies for this incident – while ARIN does have some fragility in our 
older systems (which we have been working aggressively to phase out via system 
refresh and replacements), it is not acceptable to have this situation with key 
infrastructure such as our DNS zones.   We will prioritize the necessary alert 
and monitor changes and I will report back to the community once that has been 
completed.

Folks -

I indicated that we would report back once appropriate DNSSEC monitoring is in 
place - this has now been completed (ref: attached announcement of same)

Thanks again for your patience in this matter,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] DNSSEC Monitoring Enhancements
Date: 4 February 2019 at 11:32:25 AM EST
To: mailto:arin-annou...@arin.net>>

On 31 January, ARIN deployed DNSSEC monitoring enhancements, including 
proactive RRSIG expiration checking, zone syntax checking, and DNSSEC 
validation. We are monitoring from various disparate locations across the 
Internet with these checks. This effort was undertaken in response to the 
incident that occurred on 11 January, detailed in the incident report below.

Improved monitoring of DNSSEC and the arin.net<http://arin.net> zone will 
provide earlier alerts of any issues such as Resource Record Signature (RRSIG) 
expiration and any issues with DNSSEC validation. These enhancements will 
provide early warning of potential issues, prevent outages, and improve our 
ability to troubleshoot DNSSEC problems if they occur in the future.

Regards,
Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

Incident Report:

On 11 January 2019, at approximately 8:30 a.m. ET, ARIN monitoring systems 
alerted that some arin.net<http://arin.net> properties were unreachable. All 
users with validating DNS resolvers were unable to look up resources within 
arin.net<http://arin.net> and thus were unable to reach them. ARIN’s 
www.arin.net<http://www.arin.net> and ftp.arin.net<http://ftp.arin.net> sites 
and Whois, RPKI, and DNS services were affected for those users who use 
validating resolvers.

ARIN’s Engineering staff determined that DNSSEC validation for the 
arin.net<http://arin.net> zone was failing and temporarily unpublished 
Delegation Signer (DS) records with our registrar so that we could investigate 
the problem. Upon troubleshooting, ARIN staff discovered that the removal of a 
resource record had created a spurious record, which caused a script to fail to 
reload. New versions of the zone could not be loaded, and the zone file in use 
expired. After determining the cause of the problem, the offending file was 
removed and the zone was reloaded. Delegation Signer (DS) records were 
republished and the zone validated, restoring service at approximately 10:30 
a.m. ET.

___
ARIN-Announce



2019-01-11 ARIN.NET DNSSEC Outage – Post-Mortem (was: Re: ARIN NS down?)

2019-01-11 Thread John Curran
On 11 Jan 2019, at 10:39 AM, John Curran 
mailto:jcur...@arin.net>> wrote:

On Fri, Jan 11, 2019 at 07:57:25PM +0530,
couldn't get address for 'ns1.arin.net<http://ns1.arin.net/>': not found

Folks -

   This has been resolved - arin.net<http://arin.net/> zone is again correctly 
signed.

Post-mortem forthcoming,

Folks -

The ARIN.NET<http://ARIN.NET> zone on our public signed DNS servers are 
populated via an internal DNS server and associated workflow.  As part of 
system maintenance near the end of 2018, the zone file used by the master 
internal DNS server was updated incorrectly, resulting in an invalid zone file. 
 Since the zone file was invalid, the zone did not reload on our internal 
master, and the associated workflow to DNSSEC sign and push this zone to the 
public servers did not execute.  Our monitoring systems reported being green 
until the signatures expired as they presently check that the SOA's match on 
the internal and external nameservers.

At approximately 8:30AM eastern time today (11 January 2019), ARIN operations 
started seeing issues within its monitoring.   Initial review suggested the 
problem was DNSSEC-related due to expired signatures.  We pulled the DS record 
from the zone so that DNSSEC validation would not be performed by those 
validating resolvers that had not already cached our DS records. Upon further 
investigation we determined that it was the result of human error in editing a 
zone file that went undetected and resulted in interruption of our routine zone 
publication process.  The issue was fixed and signed zones where then pushed 
out at 10:25 AM ET.  The DS record was reinstated in the parent at 10:30AM ET.

As a result of this incident, we will add additional alerting to the zone 
loading process for any errors and perform monitoring of zone signature 
lifetimes, with appropriate alerting for any potential expiration of DNSSEC 
signatures.

My apologies for this incident – while ARIN does have some fragility in our 
older systems (which we have been working aggressively to phase out via system 
refresh and replacements), it is not acceptable to have this situation with key 
infrastructure such as our DNS zones.   We will prioritize the necessary alert 
and monitor changes and I will report back to the community once that has been 
completed.

Thank you for your patience in this regard.
/John

John Curran
President and CEO
American Registry for Internet Numbers








Re: ARIN NS down?

2019-01-11 Thread John Curran
On Fri, Jan 11, 2019 at 07:57:25PM +0530,
couldn't get address for 'ns1.arin.net<http://ns1.arin.net>': not found

Folks -

   This has been resolved - arin.net<http://arin.net> zone is again correctly 
signed.

Post-mortem forthcoming,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Re: ARIN NS down?

2019-01-11 Thread John Curran
Suresh -

We’re aware and working the problem.  It looks to me like expired 
RRSIG/DNSKEY’s for the zone, 
so if you’re using a DNSSEC validating resolver (e.g. Google, Cloudflare, 
Cogent) then ARIN.NET <http://arin.net/>
is unreachable.   ARIN’s engineering team is working on resolution now.

/John

John Curran
President and CEO
American Registry for Internet Numbers


> On 11 Jan 2019, at 9:27 AM, Suresh Ramasubramanian  <mailto:ops.li...@gmail.com>> wrote:
> 
> couldn't get address for 'ns1.arin.net <http://ns1.arin.net/>': not found
> couldn't get address for 'ns2.arin.net <http://ns2.arin.net/>': not found
> couldn't get address for 'u.arin.net <http://u.arin.net/>': not found
> couldn't get address for 'ns3.arin.net <http://ns3.arin.net/>': not found
> dig: couldn't get address for 'ns1.arin.net <http://ns1.arin.net/>': no more
> 
> srs@Sureshs-MacBook-Pro-2 19:56:18 <~> $ dig +trace +norec whois.arin.net 
> <http://whois.arin.net/>
> 
> ; <<>> DiG 9.10.6 <<>> +trace +norec whois.arin.net <http://whois.arin.net/>
> ;; global options: +cmd
> . 2230IN  NS  m.root-servers.net 
> <http://m.root-servers.net/>.
> . 2230IN  NS  b.root-servers.net 
> <http://b.root-servers.net/>.
> . 2230IN  NS  c.root-servers.net 
> <http://c.root-servers.net/>.
> . 2230IN  NS  d.root-servers.net 
> <http://d.root-servers.net/>.
> . 2230IN  NS  e.root-servers.net 
> <http://e.root-servers.net/>.
> . 2230IN  NS  f.root-servers.net 
> <http://f.root-servers.net/>.
> . 2230IN  NS  g.root-servers.net 
> <http://g.root-servers.net/>.
> . 2230IN  NS  h.root-servers.net 
> <http://h.root-servers.net/>.
> . 2230IN  NS  i.root-servers.net 
> <http://i.root-servers.net/>.
> . 2230IN  NS  j.root-servers.net 
> <http://j.root-servers.net/>.
> . 2230IN  NS  a.root-servers.net 
> <http://a.root-servers.net/>.
> . 2230IN  NS  k.root-servers.net 
> <http://k.root-servers.net/>.
> . 2230IN  NS  l.root-servers.net 
> <http://l.root-servers.net/>.
> . 2230IN  RRSIG   NS 8 0 518400 2019012105 
> 2019010804 16749 . 
> JqXTRb0qik0Iy1zDpwKRfKr1iZjTeiJRTk1GCfIWh9dFFvhN0c7Fiz6H 
> lbNfhgQbPsacG0b/1I3rguS13H2guX7apppK2w88h+z8mzym2Bw1C1HR 
> ZR3ocj/jHLJbMqHdQ+DFyRdw/AxCXBdhnbX46C8+unhQ03D/MzS0M0t4 
> vgadYi7BN4sa+iZIilwFV56n2dOfpzyO+evVbcnTLRZ6D4bjCHZLCtO8 
> EDziAPUbVAPZWiflb7/Y2dECe5gbOuGYYU/xv/Pal5+v9cjgMjcf8buG 
> S+iTIL/lnus0JJSRDmkM6yzfYMBXC2ZqhOp+Ls+EfvmqFjIZzi394XCi pdKRZw==
> ;; Received 525 bytes from 10.0.0.1#53(10.0.0.1) in 40 ms
> 
> net.  172800  IN  NS  g.gtld-servers.net 
> <http://g.gtld-servers.net/>.
> net.  172800  IN  NS  c.gtld-servers.net 
> <http://c.gtld-servers.net/>.
> net.  172800  IN  NS  j.gtld-servers.net 
> <http://j.gtld-servers.net/>.
> net.  172800  IN  NS  e.gtld-servers.net 
> <http://e.gtld-servers.net/>.
> net.  172800  IN  NS  h.gtld-servers.net 
> <http://h.gtld-servers.net/>.
> net.  172800  IN  NS  k.gtld-servers.net 
> <http://k.gtld-servers.net/>.
> net.  172800  IN  NS  m.gtld-servers.net 
> <http://m.gtld-servers.net/>.
> net.  172800  IN  NS  i.gtld-servers.net 
> <http://i.gtld-servers.net/>.
> net.  172800  IN  NS  f.gtld-servers.net 
> <http://f.gtld-servers.net/>.
> net.  172800  IN  NS  b.gtld-servers.net 
> <http://b.gtld-servers.net/>.
> net.  172800  IN  NS  a.gtld-servers.net 
> <http://a.gtld-servers.net/>.
> net.  172800  IN  NS  d.gtld-servers.net 
> <http://d.gtld-servers.net/>.
> net.  172800  IN  NS  l.gtld-servers.net 
> <http://l.gtld-servers.net/>.
> net.  86400   IN  DS  35886 8 2 
> 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
> net.  86400   IN  RRSIG   DS 8 1 86400 2019012413 
> 201902 16749 . 
> uahpltN27UkKaFJRaAU1on+IpC2lpgZo84XEM7Pk7dQysKfSnqUkaVLY 
> PXQf9kvgW5eOx/+BttQB2O

Re: Salesmen: ARIN Records are NOT Leads

2018-12-19 Thread John Curran
On 19 Dec 2018, at 10:41 AM, Izaac  wrote:
> 
> Just a reminder.

Izaac - 

Feel free to note that companies involved and forward the message to me…

ARIN does pursue misuse of Whois information for marketing purposes.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers




Re: ARIN TAL copyright

2018-10-15 Thread John Curran
On 15 Oct 2018, at 6:13 PM, Baldur Norddahl  wrote:
> 
> I understand the issue is that ARIN wants protection from being sued, should 
> I somehow harm myself with this service. 

To be clear, ARIN would like to make sure that should any network operators 
impact their services through use of the ARIN RPKI repository [something that 
really shouldn’t really be possible given network operators following best 
practices e.g. RFC 7115] that when such operators are litigated by their 
customers (or those trying to reach their customers), the liability remains 
with the network operator.   Obviously if ARIN is acting with malfeasance or is 
grossly negligent, then the liability should be with ARIN, but indemnification 
clauses are generally inapplicable in such circumstances. 

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers





Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

2018-10-13 Thread John Curran
On 25 Sep 2018, at 3:34 PM, Job Snijders  wrote:
> ...
> What I'm hoping for is that there is a way for the ARIN TAL to be
> included in software distributions, without compromising ARIN's legal
> position.
> 
> Perhaps an exception for software distributors would already go a long
> way?
> 
>"You can include the ARIN TAL in your software distribution as long
>as you also include an unmodified copy of the
>https://www.arin.net/resources/rpki/rpa.pdf 
> <https://www.arin.net/resources/rpki/rpa.pdf> file alongside it."
> 
> Kind regards,

Job - 

While not exactly what you seek, we can get a bit closer to the goal – i.e. by 
eliminating the need for the user installing a software package to first go get 
the ARIN TAL and put it in the right place prior to running the installation 
software. 

To that end, the ARIN TAL page <https://www.arin.net/resources/rpki/tal.html 
<https://www.arin.net/resources/rpki/tal.html>> has been revised with specific 
guidance –

Software Installation Tools

Software installation tools may download the ARIN TAL on behalf of a 
user after the user has confirmed their acceptance of the ARIN Relying Party 
Agreement (RPA) on the ARIN website.  This acceptance must require "agreement 
to the ARIN Relying Party Agreement 
(https://www.arin.net/resources/rpki/rpa.pdf)" and obtain a non-ambiguous 
affirmative action by clicking on, or the entry of, a word of agreement (such 
as  "yes" or "accept")

Example:
Attention: This package requires the download of the ARIN TAL and agreement to 
the ARIN Relying Party Agreement (RPA) 
(https://www.arin.net/resources/rpki/rpa.pdf).
Type "yes" to agree, and you can proceed with the ARIN TAL download: yes


We will continue to explore mechanisms for making ARIN’s RPKI repository more 
accessible to the community, but felt that this interim step could be 
accomplished promptly and was worth noting in a timely manner to those 
distributing RPKI software. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers




ARIN Elections close tomorrow – Friday 12 October at 18:00 eastern time!

2018-10-11 Thread John Curran
Folks -

If you are an ARIN Member and have not yet voted in this year’s ARIN 
elections, please do so now!

(To do so, log into ARIN Online and click on the “Vote Now” button; see 
additional details below)

Thanks!
/John

John Curran
President and CEO
ARIN

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Voting Now Open for the 2018 ARIN Board of Trustees, 
ARIN Advisory Council, and NRO NC Elections
Date: 4 October 2018 at 6:00:26 PM EDT
To: mailto:arin-annou...@arin.net>>


Cast your online ballot now in the 2018 ARIN Elections to fill two seats on the 
ARIN Board of Trustees, five seats on the ARIN Advisory Council, and one seat 
on the Number Resource Organization Number Council (NRO NC).

Eligible Voting Contacts from General Members in Good Standing as of the voter 
eligibility deadline of 20 August, may cast an online ballot now through 6:00 
PM EDT, Friday, 12 October. To vote, simply log in to ARIN Online and look for 
the “Vote Now” link on your dashboard.

To view candidate biographies, please view the ARIN Elections 2018 Voter Guide 
at:

https://www.arin.net/participate/elections/candidate_bios.pdf

To view or submit a Statement of Support, please click on the link below. 
Anyone, regardless of voter status, is eligible to submit a Statement of 
Support for a candidate.

https://www.bigpulse.com/p51139/

During the week of 8 October, all eligible Voting Contacts should be aware that 
an ARIN representative will be personally calling them as a gentle reminder to 
please vote and to answer any election-related questions they may have.

Participation in the election process is crucial, requires only minutes of a 
voter’s time, is done online, and is an important member responsibility. A 
single cast ballot provides eligible member organizations an opportunity to 
shape the future of ARIN, our community, and the Internet.

For questions about voting, or if you encounter an issue with the election 
system, please contact a member of the Member Services team immediately via 
email at memb...@arin.net<mailto:memb...@arin.net> or submit a question via 
ARIN Online and direct it to Meetings/Elections.

Regards,

Wendy Leedy
Member Engagement Coordinator
American Registry for Internet Numbers (ARIN)


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List 
(arin-annou...@arin.net<mailto:arin-annou...@arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.



Re: Buying IPv4 blocks

2018-10-02 Thread John Curran
On 1 Oct 2018, at 6:57 PM, Ross Tajvar  wrote:
> 
> Hi all,
> 
> My US-based employer will be starting a new business unit soon that will 
> require IPv4 addresses (aiming for a /22 to start with). I know ARIN has a 
> waitlist (though I'm not sure where they're getting new IPs from), but the 
> faster way is to buy blocks from people who already have them. I'm aware of 
> Hilco Streambank - are there any other auctions? If I want to buy via private 
> sale, does anyone know of ways to find sellers?

Ross - 

No facilitator is necessary, but if you wish to know ones that are aware of 
ARIN’s procedures,
then you can find them here: 
https://www.arin.net/resources/transfer_listing/facilitator_list.html 
<https://www.arin.net/resources/transfer_listing/facilitator_list.html>

Best wishes,
/John

John Curran
President and CEO
ARIN




Re: Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-10-01 Thread John Curran
On 1 Oct 2018, at 9:44 AM, Nick Hilliard  wrote:
> 
> John Curran wrote on 01/10/2018 00:21:
>> There is likely some on the nanog mailing list who have a view on this 
>> matter, so I pose the question of "who should be responsible" for 
>> consequences of RPKI RIR CA failure to this list for further discussion.
> 
> other replies in this thread have assumed that RPKI CA failure modes are 
> restricted to loss of availability, but there are others failure modes, for 
> example:
> 
> - fraud: rogue CA employee / external threat actor signs ROAs illegitimately
> 
> - negligence: CA accidentally signs illegitimate ROAs due to e.g. software bug
> 
> - force majeure: e.g. court orders CA to sign prefix with AS0, complicated by 
> NIR RPKI delegation in jurisdictions which may have difficult relations with 
> other parts of the world.

Nick - 

Agreed…  My question was specific to liability consequential to an operational 
outage of an RIR CA, since the community’s view of the proper allocation of 
liability from loss of availability will significantly shape the necessary 
legalities.  (Liability from fraud or gross negligence is unlikely to respect 
such terms in any case)

> Otherwise, as other people have pointed out, catastrophic systems failure at 
> the CA is designed to be fail-safe.  I.e. if the CA goes away, ROAs will be 
> evaluated as "unknown" and life will continue on.  If people misconfigure 
> their networks and do silly things with this specific failure mode, that's 
> their problem.  

One would expect as much (i.e. it’s their problem for networks doing silly 
things), but we’ve heard some folks suggest it should be the RIR's problem 
(given the RIR CA's role in triggering events by going unavailable.)

Thanks!
/John

John Curran
President and CEO
ARIN





Re: Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-10-01 Thread John Curran
On 1 Oct 2018, at 1:20 AM, Mark Tinka 
mailto:mark.ti...@seacom.mu>> wrote:
On 1/Oct/18 01:21, John Curran wrote:

It is possible to architect the various legalities surrounding RPKI to support 
any of the above outcomes, but it first requires a shared understanding of what 
the network community believes is the correct outcome.   There is likely some 
on the nanog mailing list who have a view on this matter, so I pose the 
question of "who should be responsible" for consequences of RPKI RIR CA failure 
to this list for further discussion.

John, in the instance where all RIR's transition to a single "All Resource" TA, 
what would, in your mind, be the (potential) liability considerations?

Mark -

If there were to be an RIR CA outage, it would not appear that the RIRs use of 
“All Resources” TAs would materially affect the resulting operational impact to 
the Internet.  (As noted earlier, the impact would be predominantly 
proportional to the number of ISPs that fail to follow best practices in route 
processing and fall back properly when their received routes end up with status 
NotFound, i.e. no longer match against their cache of validate ROAs since the 
cache has expired)

The “All Resources” TA used by each RIR done to avoiding CA invalidation due to 
overclaiming (as detailed in https://datatracker.ietf.org/doc/rfc8360) – it 
reduces the probability of a different and hopefully rare RPKI failure scenario 
(involving the possible accidental invalidation of an RIR CA) until such time 
as a slightly different RPKI validation algorithm can be deployed that would 
limit any such invalidation solely to the resources in the overlap.

(That’s my high-level understanding of the situation; comments on this question 
from those closer to the actual network bits would be most welcome…)

Thanks!
/John

John Curran
President and CEO
ARIN




Re: Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-10-01 Thread John Curran
On 1 Oct 2018, at 12:47 AM, Alex Band  wrote:
> 
> Hello,
> 
> To avoid any misunderstanding in this discussion going forward, I would like 
> to reiterate that an RPKI ROA is a positive attestation. An unavailable, 
> expired or invalid ROA will result in a BGP announcement with the status 
> NotFound. The announcement will *not* become INVALID, thereby being dropped.
> 
> Please read Section 5 of RFC 7115 that John linked carefully:
> ...
> 
> Thus, a continued outage of an RPKI CA (or publication server) will result in 
> announcements with status NotFound. This means that the prefixes held by this 
> CA will no longer benefit from protection by the RPKI. However, since only 
> *invalid* announcements should be dropped, this should not lead to large 
> scale outages in routing.

Alex - 

Yes – ISPs who have configured RPKI route validation and are using it to 
preference routes should continue to utilize routes that are have NotFound 
status due to lack of RPKI repository data.   As RFC 7115 notes - 

 " Hence, an operator's policy should not be
   overly strict and should prefer Valid announcements; it should attach
   a lower preference to, but still use, NotFound announcements, and
   drop or give a very low preference to Invalid announcements. "

Of course, this presumes correct routing configuration by the ISP when setting 
up RPKI route validation; while one would hope that the vast majority handle 
this situation correctly, there is no assurance that will be true without 
exception. If RPKI routing validation is widely deployed, tens of thousands of 
ISPs will be setting up such a configuration, with customer impact during an 
RPKI CA outage occurring for those who somehow failure to fall back to using 
NotFound routes.  If only a small percentage get this wrong, it will still 
represent dozens of ISPs going dark as a result. 

> It is important to be aware of the impact of such an outage when considering 
> questions of liability.

Indeed… Hence the question of liability during a RIR CA outage, should the 
liability for misconfigured ISPs (those handful of ISPs who do not properly 
fall back to using state NotFound routes) be the responsibility of each ISP, or 
perhaps those who announce ROAs, or should be with the RIR?

Thanks!
/John

John Curran
President and CEO
ARIN



   




Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-09-30 Thread John Curran
cted parties are those customers of ISPs that improperly 
handled the unavailability of RPKI data; thus escalating situation into a 
network-affecting outage.  Under these circumstances, directing the claims from 
customers of all the improperly-configured ISP’s to the RIR completely ignores 
the responsibility of these ISPs to prepare for this precise eventuality, as 
was done by the fellow network operators.

 B) One of the more interesting theories on who should be held liable is 
that those who are publishing ROA’s are the appropriate responsible parties in 
the event of RPKI CA failure; one can achieve such a position on the logic that 
they consciously decided to use RPKA CA services and thus asserted globally 
that they would henceforth have validated routes – an RPKI CA failure is a case 
of their “vendor" (the RIR) letting them down on the publication. This also has 
equity issues, since those publishing ROA information don’t have a clear 
contributory role, and the damages accruing to them are coming from customers 
from those operators who failed their duty.

 C) Another potential answer for the party that should be responsible is 
that each of the ISPs that failed to appropriately configure their route 
validation and thus experience a network outage should be responsible for their 
own customers impacted as a result.  In addition to keeping the liability 
proportional to the customers served, this encourages each such ISP to consider 
appropriate corrective measures.

It is possible to architect the various legalities surrounding RPKI to support 
any of the above outcomes, but it first requires a shared understanding of what 
the network community believes is the correct outcome.   There is likely some 
on the nanog mailing list who have a view on this matter, so I pose the 
question of "who should be responsible" for consequences of RPKI RIR CA failure 
to this list for further discussion.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

[1] https://www.ietf.org/mail-archive/web/sidr/current/msg05621.html
[2] https://www.rfc-editor.org/rfc/rfc7115.txt




Re: ARIN RPKI TAL deployment issues

2018-09-27 Thread John Curran
On 26 Sep 2018, at 5:18 PM, Mark Milhollan  wrote:
> On Tue, 25 Sep 2018, Job Snijders wrote:
> 
>> We really need to bring it back down to "apt install rpki-cache-validator"
> 
> You say this as if no packager has a way to display and perhaps require 
> approval of the license nor any way to fetch something remote as part of 
> the installation process, e.g., the Microsoft "freely" supplied TTF 
> files …
> ...
> I bet apt, dnf, pacman, pkg_add, yum, etc., do as well -- actually I 
> know some of those do.  Perhaps fetching as part of installing is less 
> desireable than already present at the outset, but it might appease ARIN 
> and be workable (or superior) for many.

Mark - 

Agreed: operationally it should be relatively straightforward with most 
installation tools, but ARIN could help significantly be making it clear this 
sort of approach is acceptable with its service terms and detailing any 
specific requirements (as none of that is clear at present.) 

I’m working on this issue now, and should be able to report back shortly 
regarding specifics necessary to allow easier access to the ARIN TAL during 
package installation. 

Thanks!
/John

John Curran
President and CEO
ARIN



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On Sep 26, 2018, at 3:58 PM, Baldur Norddahl 
mailto:baldur.nordd...@gmail.com>> wrote:
This seems silly. Please find a way to make RPKI useful also in the ARIN region.
Baldur -

RPKI in the ARIN region is useable (by definition, as there are indeed people 
in the region using it.)

The question is whether to _improve_ its usability / accessibility, and the 
tradeoffs involved in doing so.  While you may find some of those present 
tradeoffs “silly”, they have real legal basis and thus cannot be simply 
discarded but must be carefully considered.

(As noted earlier on this thread, there is such an analysis going on presently 
and we’ll hear about its findings in a session at NANOG this coming Monday.)

Thanks,
/John

John Curran
President and CEO
ARIN



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 11:02 AM, Tony Finch mailto:d...@dotat.at>> 
wrote:

John Curran mailto:jcur...@arin.net>> wrote:

From 
<https://www.apnic.net/manage-ip/myapnic/digital-certificates/ca-terms-conditions/>

"CA Terms & Conditions

APNIC’s Certification Authority (CA) services are provided under the
following terms and conditions: ...

• The recipient of any Digital Certificates issued by the APNIC CA
service will indemnify APNIC against any and all claims by third parties
for damages of any kind arising from the use of that certificate.”

That's about certificates, not about trust anchors. It applies to APNIC
members and account holders, not to relying parties.

Tony -

Interesting assertion… while APNIC does issue digital certificates to APNIC 
customers for identity authentication purposes, it also issues digital 
certificates for RPKI.

It’s possible that the intent that the term “Digital Certificates” 
(capitalized) in the CA Terms and Conditions refers to only to those within 
APNIC’s identity CA, but the argument against that would be APNIC’s online 
information about "Digital Certificates" -

=== From 
<https://www.apnic.net/manage-ip/myapnic/digital-certificates/about-cas/>)

What is a Digital Certificate?

Digital Certificates bind an identity to a pair of electronic keys that can be 
used to encrypt and sign digital information. APNIC uses electronic 
certificates to prove its own identity, the identity of its Members, and the 
right-of-use over Internet resources.

APNIC issues regular Public Key Infrastructure (PKI) certificates for access 
control to APNIC services such as the MyAPNIC Member services website.

In the case of Resource Certification, APNIC issues Resource Public Key 
Infrastructure (RPKI) certificates that have ‘Certificate Extensions’ added. 
These Certificate Extensions carry the Internet number resources allocated or 
assigned to the APNIC Member who is the subject of the Resource Certificate. 
These Resource Certificates are different to the identity certificates used for 
Web system access, and may only be used in the context of verifying an entity’s 
“right-of-use” over an IP address or AS. As a result, APNIC now manages two 
independent certificate authorities, one for Member services, and the second 
for Resource Certification.
…
===

Given that APNIC explicitly mentions the RPKI electronic certificates in their 
explanation of what Digital Certificates are (and further noting that ROA’s do 
indeed contain within them end-entity resource certificates with keys for 
verification), APNIC”s overall CA Terms and Conditions, including the 
referenced indemnification clause, would appear to be applicable to their RPKI 
CA services.

If the intent was indeed to limit the scope, then then APNIC could have easily 
used the term “Identity Certificates” in the indemnification clause to make 
clear its limited scope; i.e. if you’re particularly concerned about liability 
from the resulting indemnification, it might be best to get this clarified one 
way or the other from APNIC.

Thanks!
/John

John Curran
President and CEO
ARIN





Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 9:26 AM, Jared Mauch  wrote:
>> On Sep 26, 2018, at 7:16 AM, John Curran  wrote:
>> 
>> On 26 Sep 2018, at 3:29 AM, Jared Mauch  wrote:
>>> 
>>> The process for lets encrypt is fairly straightforward, it collects some 
>>> minimal information (eg: e-mail address, domain name) and then does all the 
>>> voodoo necessary.  If ARIN were to make this request of the developers of 
>>> RPKI software, it would seem reasonable to have that passed to ARIN via 
>>> some API saying “b...@example.com” typed “Agree” to the ARIN TAL as part of 
>>> the initial installation of the software.
>> 
>> Jared - 
>> 
>> Interesting point – thank you for the very clear elaboration of this 
>> particular issue. 
> 
> John,
> 
> Thank you for listening :-)

Jared -

No problem at all – I work for you (i.e. the collective “you" on this mailing 
list.)

>> Would it suffice if ARIN made clear in its RPKI information that software 
>> installation tools may download the ARIN TAL on behalf of a party so long as 
>> the parry agrees to statement displayed which reads “This software utilizes 
>> information from the ARIN Certificate Authority, and such usage is subject 
>> to the ARIN Relying Party Agreement.  Type ‘Agree’ to proceed” ?
> 
> I think this would help, but ideally you would allow people (software 
> vendors) to package the TAL and if they type ‘Agree’ it would allow use of it.

Got it - I’ll look to this approach if at all possible.

>>> Please work with the developers for a suitable method to include the ARIN 
>>> TAL by default.  Come up with the click-accept legalese necessary.
>>> 
>>> Since you asked, here’s what they did with the CertBot that’s commonly used 
>>> by Lets Encrypt:
>>> 
>>>  (The first time you run the command, it will make an account, and ask for 
>>> an email and agreement to the Let’s Encrypt Subscriber Agreement; you can 
>>> automate those with --email and --agree-tos)
>> 
>> Acknowledged; I believe that allowing something similar to enable software 
>> installation tools to download the ARIN TAL for a party should be relatively 
>> straightforward – I will research that asap.
> 
> Thank you!  This and/or guidance to software developers about this being a 
> permissible action on their part.  This should help improve things.

Thanks for the thoughtful discussion - very helpful! 
/John

John Curran
President and CEO
ARIN




Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 8:21 AM, Job Snijders mailto:j...@ntt.net>> 
wrote:

ARIN and APNIC go further by having indemnification by parties using
information in the CA; in ARIN’s case, this requires an explicit act
of acceptance to be legally valid.

Are you sure about APNIC? The APNIC TAL is available here in a plain and
simple format:  
https://www.apnic.net/community/security/resource-certification/apnic-rpki-trust-anchor-locator/
no mention of indemnification, restrictions, liability, limitations or
an agreement

Job -

From 
<https://www.apnic.net/manage-ip/myapnic/digital-certificates/ca-terms-conditions/>

"CA Terms & Conditions

APNIC’s Certification Authority (CA) services are provided under the following 
terms and conditions:
...
• The recipient of any Digital Certificates issued by the APNIC CA service will 
indemnify APNIC against any and all claims by third parties for damages of any 
kind arising from the use of that certificate.”

I imagine that folks are not aware of that (just as they are unaware of the 
indemnification in most RIR service agreements) due to absence of any 
requirement to explicitly acknowledge same.

What makes ARIN's situation unique compared to other PKI systems and
certificate authorities? I only see examples where relying parties are
accomodated in every possible way for access to the root certificates.

The requirement upon relying parties is not unique among RIRs - see above re 
APNIC.   There is nothing inherent to PKI that requires specific terms (e.g. 
indemnification for damages arising from use), but it should not be surprising 
that the PKI use for routing validation poses the opportunity for very 
significant damage claims if not done by every network operator according to 
best practices.   In the case of ARIN, this does necessitate indemnification in 
order to reduce risk exposure to the overall RIR mission.

Thanks,
/John

John Curran
President and CEO
ARIN



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 3:29 AM, Jared Mauch  wrote:
> 
> The process for lets encrypt is fairly straightforward, it collects some 
> minimal information (eg: e-mail address, domain name) and then does all the 
> voodoo necessary.  If ARIN were to make this request of the developers of 
> RPKI software, it would seem reasonable to have that passed to ARIN via some 
> API saying “b...@example.com” typed “Agree” to the ARIN TAL as part of the 
> initial installation of the software.

Jared - 

Interesting point – thank you for the very clear elaboration of this particular 
issue. 

Would it suffice if ARIN made clear in its RPKI information that software 
installation tools may download the ARIN TAL on behalf of a party so long as 
the parry agrees to statement displayed which reads “This software utilizes 
information from the ARIN Certificate Authority, and such usage is subject to 
the ARIN Relying Party Agreement.  Type ‘Agree’ to proceed” ?

> Please work with the developers for a suitable method to include the ARIN TAL 
> by default.  Come up with the click-accept legalese necessary.
> 
> Since you asked, here’s what they did with the CertBot that’s commonly used 
> by Lets Encrypt:
> 
>(The first time you run the command, it will make an account, and ask for 
> an email and agreement to the Let’s Encrypt Subscriber Agreement; you can 
> automate those with --email and --agree-tos)

Acknowledged; I believe that allowing something similar to enable software 
installation tools to download the ARIN TAL for a party should be relatively 
straightforward – I will research that asap.

Thanks!
/John

John Curran
President and CEO
ARIN



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 6:42 AM, Tony Finch  wrote:
> 
> John Curran  wrote:
>> On 26 Sep 2018, at 2:09 AM, Christopher Morrow 
>> mailto:morrowc.li...@gmail.com>> wrote:
>>> 
>>> how is arin's problem here different from that which 'lets encrypt' is
>>> facing with their Cert things?
>> 
>> The “Let’s encrypt” subscriber agreement (current version 1.2, 15 Nov
>> 2018) includes "indemnify and hold harmless” clause, and parties
>> affirmatively agree to those terms by requesting that ISRG issue a
>> "Let’s Encrypt” Certificate to you.
> 
> The difference is that the Let's Encrypt agreement is for people obtaining
> certificates from them. The ARIN equivalent would be the agreement for
> ARIN members.
> 
> Let's Encrypt does not require an agreement from relying parties (i.e.
> browser users), whereas ARIN does.


Tony - 

That is correct; I did not say that they were parallel situations, only 
pointing out that the Let’s Encrypt folks also go beyond simply providing 
services “as is”, and require indemnification from those engaging their CA 
services, just as ARIN, RIPE, APNIC do…  

ARIN and APNIC go further by having indemnification by parties using 
information in the CA; in ARIN’s case, this requires an explicit act of 
acceptance to be legally valid.

Thanks!
/John

John Curran
President and CEO
ARIN


 



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 2:09 AM, Christopher Morrow 
mailto:morrowc.li...@gmail.com>> wrote:

(I'm going to regret posting this later, but...)

On Tue, Sep 25, 2018 at 10:57 PM John Curran 
mailto:jcur...@arin.net>> wrote:

The significant difference for ARIN is that we operate under a different legal 
regime, and as a matter of US law, it appears that we cannot rely only upon 
terms and conditions published in our website as evidence of informed 
agreement; i.e. within the US legal framework, we need a specific act of 
acceptance in order to have a binding agreement.

how is arin's problem here different from that which 'lets encrypt' is facing 
with their Cert things?

Chris -

The “Let’s encrypt” subscriber agreement (current version 1.2, 15 Nov 2018) 
includes "indemnify and hold harmless” clause, and parties affirmatively agree 
to those terms by requesting that ISRG issue a "Let’s Encrypt” Certificate to 
you.

(I don’t know whether that process is particularly more or less onerous 
technically than the effort to download the ARIN TAL.)

FYI,
/John

John Curran
President and CEO
ARIN



Re: ARIN RPKI TAL deployment issues

2018-09-26 Thread John Curran
On 26 Sep 2018, at 1:14 AM, Benson Schliesser  wrote:
> Without venturing too far off topic, can you briefly compare this situation 
> versus e.g. licensing of open source software? Often, such software is 
> (apparently) licensed without express agreement - using bundled license 
> files, comments inside source files, etc - and seems to accommodate the IPR 
> and liability needs of developers and their supporting organizations. Is it 
> ARIN's understanding that this approach is not useful for RPKI data in the 
> US, etc?

Benson - 

Excellent question.

First and foremost, an RIR agreement which provide indemnification (such as 
RIPE’s RPKI publisher terms, APNIC’s Certificate user terms, and ARIN’s RPA) 
provides an affirmative defense regarding liability claims; i.e. effectively we 
are able to point out at the very beginning of proceedings that parties using 
RPKI data per the respective agreement definitively have all of the associated 
liability from such use, not the RIR.  This allows for a timely disposition by 
a judge of any liability claims against an RIR regarding such use, which is 
definitely not the case of a software license agreement. 

In the latter case of a software license agreement, if an RIR should suffer an 
RPKI outage (e.g. RIPE Feb 2013 – 
https://www.ietf.org/mail-archive/web/sidr/current/msg05621.html), it will be 
necessary to show that any parties making claims of damages were harmed as the 
result an an ISP which had a duty to act with a certain level of care with 
regard to use of RPKI information and who failed in that duty, as opposed to 
the being the result of the RIR outage.Such an argument must be made to the 
satisfaction of a jury based on the preponderance of evidence – i.e. even 
though each ISPs would have signed an agreement to use the RPKI information “as 
is”, that would not preclude any case proceeding to trial and would not 
necessarily be sufficient for an RIR to avoid significant liability in the 
event of an outage and despite the clear disclaimer of “as is” provision of 
RPKI data. 

> In any case, I also look forward to hearing the Overcoming Legal Barriers to 
> RPKI Adoption talk next week (on Monday afternoon, IIRC), and I hope that the 
> Q discussion (and evening follow-up) will be helpful.

Indeed – note that your question regarding a comparison to “licensing of open 
source software” might also be asked during that Monday session in order to 
gain better insight from an actual attorney (rather than my offhand knowledge 
of such matters...)

Thanks!
/John 

John Curran 
President and CEO
ARIN




  1   2   3   4   5   6   >