Re: Lightly used IP addresses
On Aug 16, 2010, at 1:44 AM, William Herrin wrote: ... The retort you want to make is that ARIN just wouldn't do that. That's not the kind of people they are. Fine. So update the LRSA so it doesn't carefully and pervasively establish ARIN's legal right to behave that way. Bill - Divide and conquer... I will confirm with the Board that that is the intent of the LRSA (which would then allow us to initiate the task of changing the language accordingly); can you submit this as a suggestion so that this request is not accidentally lost or overlooked? Thanks! /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
On Aug 15, 2010, at 11:31 PM, Jeffrey Lyon wrote: Would the policy process be an appropriate venue for a proposition to change the ARIN mission, restricting it's activities exclusively to registration services while requiring a reduction in fees and budget? Jeffrey - Some historical perspective: ARIN not raised fees to my knowledge, but has actually lowered them 4 or 5 times over its 12 year history. ARIN's mission is set by the Board of Trustees, and lies within the purposes of the articles of incorporation of ARIN. I'll note that the articles encompass remarkable breadth, so the setting the mission turns out to be fairly important to keep ARIN focused appropriately. We have added initiatives in the past (e.g. this years extensive education and outreach regarding IPv4/IPv6) based on input received (predominantly at the Public Policy and Members meeting) and can remove them just as easily, but setting mission does not lie per se within the Policy process; it is a Board function to review and update the mission periodically. (Two minor notes: if you want an *ongoing* restraint on mission scope, it would really need be placed by the Board into the Bylaws with an significant hurdle precluding future revision, and should have some specificity, e.g. exclusively registration services could easily be read as either including or excluding abuse/fraud investigation, depending on the particular reader's inclination) /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
John, That was just the elevator speech, I wouldn't go off and write an entire proposal without a better understanding on how the community at large feels about the issue and exactly where the boundary would be drawn. My intent was not primarily cost, the registration fees are indeed low. I was just musing that limiting scope would have the ripple effect of reducing budget and thus putting more money in the hands of operators. It would be like a stimulus that doesn't cost any tax payer money ;). Best regards, Jeff On Mon, Aug 16, 2010 at 3:32 PM, John Curran jcur...@arin.net wrote: On Aug 15, 2010, at 11:31 PM, Jeffrey Lyon wrote: Would the policy process be an appropriate venue for a proposition to change the ARIN mission, restricting it's activities exclusively to registration services while requiring a reduction in fees and budget? Jeffrey - Some historical perspective: ARIN not raised fees to my knowledge, but has actually lowered them 4 or 5 times over its 12 year history. ARIN's mission is set by the Board of Trustees, and lies within the purposes of the articles of incorporation of ARIN. I'll note that the articles encompass remarkable breadth, so the setting the mission turns out to be fairly important to keep ARIN focused appropriately. We have added initiatives in the past (e.g. this years extensive education and outreach regarding IPv4/IPv6) based on input received (predominantly at the Public Policy and Members meeting) and can remove them just as easily, but setting mission does not lie per se within the Policy process; it is a Board function to review and update the mission periodically. (Two minor notes: if you want an *ongoing* restraint on mission scope, it would really need be placed by the Board into the Bylaws with an significant hurdle precluding future revision, and should have some specificity, e.g. exclusively registration services could easily be read as either including or excluding abuse/fraud investigation, depending on the particular reader's inclination) /John John Curran President and CEO ARIN -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Lightly used IP addresses
The retort you want to make is that ARIN just wouldn't do that. That's not the kind of people they are. Fine. So update the LRSA so it doesn't carefully and pervasively establish ARIN's legal right to behave that way. John/Steve, Bill makes a reasonable point here. Is there a way to, in the next round of LRSA mods, include something to the effect of: Under the ARIN Policy Development Process, the board will not ratify any policy which exclusively affects LRSA signatories in a manner inconsistent with its effect on other resource holders. === That's probably not ideal wording, but, I hope it conveys the general idea and I hope smarter people can find better language. It does seem to me to be a reasonable request and consistent with the intent of the LRSA. If you prefer that I submit this via ACSP I will do so. However, it seems to me it could fall within the same scope as the other clarification John offered earlier. Owen
Re: Lightly used IP addresses
On Aug 16, 2010, at 8:04 AM, Owen DeLong wrote: John/Steve, Just me (we don't pay Steve to read Nanog, although I do forward him legalistic emails depending on content :-) Bill makes a reasonable point here. Is there a way to, in the next round of LRSA mods, include something to the effect of: Under the ARIN Policy Development Process, the board will not ratify any policy which exclusively affects LRSA signatories in a manner inconsistent with its effect on other resource holders. === That's probably not ideal wording, but, I hope it conveys the general idea and I hope smarter people can find better language. It does seem to me to be a reasonable request and consistent with the intent of the LRSA. If you prefer that I submit this via ACSP I will do so. However, it seems to me it could fall within the same scope as the other clarification John offered earlier. I'll run with it, but would ask you send in to the suggestion process so that it doesn't get lost given our level of activity nowadays. Thanks! /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
Randy Bush wrote: and why in hell would i trust these organizations with any control of my routing via rpki certification? they have always said thay would never be involved in routing, but if they control the certification chain, they have a direct stranglehold they can use to extort fees. Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. Joe
Re: Lightly used IP addresses
Randy Bush wrote: Yet most of the bad ideas in the past 15 years have actually come from the IETF (TLA's, no end site multihoming, RA religion), some of which have actually been fixed by the RIR's. no, they were fixed within the ietf. that's my blood you are taking about, and i know where and by whom it was spent. the fracking rirs, in the name of marla and and lee, actually went to the ietf last month with a proposal to push address policy back to the ietf from the ops. and they just did not get thomas's proposal to move more policy from ietf back to ops. randy I would appreciate it greatly if you could elaborate a bit more, perhaps with some links. Joe
Re: Lightly used IP addresses
Joe - Excellent question, and one which I know is getting some public policy attention. There is a session at upcoming Internet Governance Forum (IGF) in Vilnius http://www.intgovforum.org/cms/index.php/component/chronocontact/?chronoformname=WSProposals2010Viewwspid=158 specifically covering some of these issues. I also believe that some of the IETF sidr working group folks have noted the need for local policy support so that ISPs can decide to trust routes, even if not verifiable from their configured Trust Anchor. This is probably an essential control for most ISPs to have, even if never needed. /John John Curran President and CEO ARIN On Aug 16, 2010, at 9:57 AM, Joe Maimon jmai...@ttec.com wrote: ... Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. Joe
RE: Lightly used IP addresses
-Original Message- From: Randy Bush [mailto:ra...@psg.com] Sent: Friday, August 13, 2010 10:13 PM To: Kevin Loch Cc: North American Network Operators Group Subject: Re: Lightly used IP addresses the fracking rirs, in the name of marla and and lee, actually went to the ietf last month with a proposal to push address policy back to the ietf from the ops. and they just did not get thomas's proposal to move more policy from ietf back to ops. You mischaracterize my position. Check the minutes when posted. Check the names on the draft. and, to continue the red herring with jc, i bet you 500 yen that arin paid their travel expenses to go to maastricht nl to do this stupid thing. You lose your bet. Lee randy
Re: Lightly used IP addresses
On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said: Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. I'm not at all convinced this would help all that much. A PKI would allow better verification of authentication - but how many providers currently have doubts about who the other end of their BGP session is? I'm sure most of the ones who care have already set up TCPMD5 and/or TTL hacks, and the rest wouldn't deploy an RPKI. The real problem is authorization - and the same people who don't currently apply filtering of BGP announcements won't deploy a PKI. So the people who care already have other tools to do most of the work, and the ones who don't care won't deploy. Sure it may be nice and allow automation of some parts of the mess, but I'm not seeing a big window here for it being a game-changer. If somebody has a good case for how it *will* be a game-changer, I'm all ears. pgppboS8H7CGA.pgp Description: PGP signature
RE: Lightly used IP addresses
On Sat, 14 Aug 2010, Frank Bulk wrote: This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the only oddball pushing the IPv6 feature requirement. FWIW, I asked the same question. My guy was polite, but w/o info. John Springer
Re: Lightly used IP addresses
valdis.kletni...@vt.edu wrote: On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said: Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. I'm not at all convinced this would help all that much. A PKI would allow better verification of authentication - but how many providers currently have doubts about who the other end of their BGP session is? I'm sure most of the ones who care have already set up TCPMD5 and/or TTL hacks, and the rest wouldn't deploy an RPKI. The real problem is authorization - and the same people who don't currently apply filtering of BGP announcements won't deploy a PKI. So the people who care already have other tools to do most of the work, and the ones who don't care won't deploy. Sure it may be nice and allow automation of some parts of the mess, but I'm not seeing a big window here for it being a game-changer. What you are saying is that you have doubts that there will be a successful implementation of RPKI that will properly secure BGP. If somebody has a good case for how it *will* be a game-changer, I'm all ears. However, Randy's point seemed me to be one I had brought up before. Can the RiR's still pass the theoretical fork test if RPKI were to be successfully and globally deployed? I am glad to hear that others who are likely far more competent than I are seriously examining the issue and seem to have similar concerns. The topic of this sub-thread isnt about the technological challenge of securing BGP and the routing of prefixes, it is about the political implications of successfully doing so and what the resulting impact on operations may be. Joe
Re: Lightly used IP addresses
On 16/08/10 09:47 -0700, John Springer wrote: On Sat, 14 Aug 2010, Frank Bulk wrote: This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the only oddball pushing the IPv6 feature requirement. FWIW, I asked the same question. My guy was polite, but w/o info. John Springer Hi Frank, I was actually told that there was some demand for it, and that they were targeting 2011 for support, which was acknowledged when I brought it up again in a difference conference call. I'll note that they just got bought out, which may change their priorities, for better or worse. -- Dan White
Re: Lightly used IP addresses
and, to continue the red herring with jc, i bet you 500 yen that arin paid their travel expenses to go to maastricht nl to do this stupid thing. You lose your bet. then owe you 500Y. paypal? randy
Re: Lightly used IP addresses
Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. first, let's remember that the rpki is a distributed database which has a number of possible applications. the first technical application on the horizon is route origin validation. I'm not at all convinced this would help all that much. A PKI would allow better verification of authentication - but how many providers currently have doubts about who the other end of their BGP session is? I'm sure most of the ones who care have already set up TCPMD5 and/or TTL hacks, and the rest wouldn't deploy an RPKI. route origin validation is not about authenticating your neighbor. it is about being able to base your routing policy on whether the origin asn of an announcement is authorized to originate a particular prefix. it is stopping fat fingers such as pk/youtube, 7007, and the every day accidental mis-announcements of others' prefixes. randy
Re: Lightly used IP addresses
On 16/08/2010 21:46, Randy Bush wrote: it is stopping fat fingers such as pk/youtube, 7007, and the every day accidental mis-announcements of others' prefixes. I am dying to hear the explanation of why the people who didn't bother with irrdb filters are going to latch on en-masse to rpki thereby preventing a repeat of the 7007/youtube incidents. Nick
Re: Lightly used IP addresses
In message 4c69cb8d.4000...@foobar.org, Nick Hilliard writes: On 16/08/2010 21:46, Randy Bush wrote: it is stopping fat fingers such as pk/youtube, 7007, and the every day accidental mis-announcements of others' prefixes. I am dying to hear the explanation of why the people who didn't bother with irrdb filters are going to latch on en-masse to rpki thereby preventing a repeat of the 7007/youtube incidents. More people will be willing to trust the databases if they know that they can be verified as (mostly) correct rather than hoping that they are correct. Nick -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
participation in process (Re: Lightly used IP addresses)
On Sat, 14 Aug 2010, Chris Grundemann wrote: I highly encourage everyone who has an opinion on Internet numbering policy to do the same. The same goes for IETF and standards, there one doesn't have to go to meetings at all since most work is being done on/via mailing lists openly. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Lightly used IP addresses
On Sat, Aug 14, 2010 at 22:24, valdis.kletni...@vt.edu wrote: Psst.. Hey.. buddy. Over here... wanna score some gen-yoo-ine Rolex integers, cheap? Right, because there is no reason to care about the uniqueness of integers used on the Internet... :/ ~Chris
Re: Lightly used IP addresses
On Aug 15, 2010, at 1:20 AM, David Conrad wrote: It has been depressing to watch participants in ARIN (in particular) suggest all will be well if people would just sign away their rights via an LRSA, ... Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: In the event of any inconsistency between the Policies and this Legacy Agreement, the terms of this Legacy Agreement will prevail, including but not limited to those Policies adopted after this Legacy Agreement is executed. Without signing an LRSA, it's just status quo, which is also seems to fine option at present for those who like things they way they are. The specific LRSA right that most folks are interested in include: ARIN will take no action to reduce the services provided for Included Number Resources that are not currently being utilized by the Legacy Applicant., and additional the $100 annual fee, and with an annual cap on any increases. The Legacy RSA is a voluntary way for legacy block holders to have certainty regarding the registry services including WHOIS, in-addr, etc. It's entirely voluntary, for those who prefer to have contractual rights for an otherwise uncertain situation. Pragmatically speaking, it seems the most likely to be successful way of maintaining stability with the impending resource exhaustion state is to give up pretenses of being regulatory agency and concentrate on the role of being a titles registry. Focusing on becoming a title registry is easily done if the community adopts policy to such effect, but it is an exercise to reader whether that increases or decreases stability depending on the exact policies. The specified transfer policy that developed by the community allows those who needs addresses to receive them from anyone holding them, and keeps ARIN out of the financials of the transaction and focused on recording it. Yes, we do require that the resources first be under RSA/LRSA, because we research each legacy block through that process to make sure we're not otherwise recording a hijacked address block as valid. Pragmatically speaking, I would note that such validation is nearly the textbook role for a title registry, and attempts to record transfers without first doing the historical scrub will nearly guarantee instability. (Followups for this really should be to PPML.) /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: gosh, i must have completely misread section nine as we say in our family, i smell cows. randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 6:06 AM, Randy Bush wrote: Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? as we say in our family, i smell cows. No comment. /John
Re: Lightly used IP addresses
gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? legacy space predates those, and they are not contracts. randy
Re: Lightly used IP addresses
gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? oh, and if you feel that you have those rights by other means than the lrsa, then why is section nine in the lrsa. just remove it. and then maybe more than a few percent of the legacy holders might actually be interested. your lawyer is gonna kill you. randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 6:21 AM, Randy Bush wrote: gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? oh, and if you feel that you have those rights by other means than the lrsa, then why is section nine in the lrsa. just remove it. Easy to do, you can either: 1) Change the appropriate policy language (NRPM 6.4.1) via the ARIN policy development process, in which case the LRSA will be updated as noted, or 2) If you feel that you'd prefer a different forum, you can address this on a more global basis (since each RIR has similar language regarding addresses) by going through the IETF and revising the RFCs, which will likely result in the RIRs all reviewing their documents accordingly. Either route requires that the community comes to a consensus on the change and can give you the results you seek. Or you can enjoy the status quo. /John John Curran President and CEO ARIN p.s. If you want to continue to discuss, can we shortly move this to PPML or ARIN-Discuss for the sake of those not interested in these matters who have different expectations from their NANOG list subscription?
Re: Lightly used IP addresses
gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? oh, and if you feel that you have those rights by other means than the lrsa, then why is section nine in the lrsa. just remove it. Easy to do, you can either: 1) Change the appropriate policy language (NRPM 6.4.1) via the ARIN policy development process, in which case the LRSA will be updated as noted, or 2) If you feel that you'd prefer a different forum, you can address this on a more global basis (since each RIR has similar language regarding addresses) by going through the IETF and revising the RFCs, which will likely result in the RIRs all reviewing their documents accordingly. oh. was section nine of the lrsa done by the policy process? please stop using the community consensus meme to cover for what you, your lawyer, and your board came up with in a back room. p.s. If you want to continue to discuss, can we shortly move this to PPML no thanks. randy
Re: Lightly used IP addresses
and, may i remind you, that the actual point was On Aug 15, 2010, at 1:20 AM, David Conrad wrote: It has been depressing to watch participants in ARIN (in particular) suggest all will be well if people would just sign away their rights via an LRSA, Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: and when i pointed out section nine, you dove for the red herrings. the fact is that the lrsa does require the legacy holder to sign away rights. and if you assert that they have no special/different rights, then why is that clause there? randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 7:28 AM, Randy Bush wrote: oh. was section nine of the lrsa done by the policy process? No, although it's been presented at multiple Public Policy and Member meetings, and has enjoying extensive discussion on the mailing lists. (It's been extensively revised based on the feedback received - see http://www.mail-archive.com/arin-annou...@arin.net/msg00105.html) (later followup from Randy - consolidated response) the fact is that the lrsa does require the legacy holder to sign away rights. and if you assert that they have no special/different rights, then why is that clause there? Section 9 is present in the LRSA because it matches the RSA (so that all address holders are the same basic terms to the extent practical) As noted earlier, the LRSA provides specific contractual rights including precluding ARIN from reducing the services provided for legacy address space, but a legacy holder trying to theorize property rights is working under a set of assumptions likely incompatible with ARIN's mission and articles of incorporation that call for actual management and stewardship of Internet number resources. As noted, the other RIRs have similar language, as do the IETF BCP RFCs in this space. The earlier you go back, the clearer intent of the community on this point, as were Jon's actions as the IANA. While this may not be convenient for folks today who wish otherwise, it does not change reality. I've suggested the RIR processes or the IETF as a way of bringing about the change you want based on community consensus (this is the Internet style of addressing it); feel free to add your choice of multinational organizations or governments if you want to more choices with different decision processes. /John John Curran President and CEO ARIN p.s. If you want to continue to discuss, can we shortly move this to PPML no thanks. p.p.s. My apologies to the list (for my having to respond to direct queries and thus continue the thread here)
Re: Lightly used IP addresses
oh. was section nine of the lrsa done by the policy process? No so, if we think it should be changed we should go through a process which was not used to put it in place. can you even say level playing field? Section 9 is present in the LRSA because it matches the RSA (so that all address holders are the same basic terms to the extent practical) so, on the one hand, you claim legacy holders have no property rights. yet you ask they sign an lrsa wherein they relinquish the rights you say they don't have. amazing. i wonder if that could be construed as an acknowledgement that they actually have those rights. when did the lawyers and the twisty mentality get control? randy, heading for sleep -- p.s. apologies to folk for any suggestion they might have to dirty themselves by joining the ppml list
Re: Lightly used IP addresses
On Sun, Aug 15, 2010 at 12:23 AM, John Curran jcur...@arin.net wrote: https://www.arin.net/about_us/corp_docs/annual_rprt.html In between meetings, this topic is probably best suited for the arin-discuss mailing list as opposed to the nanog list. John, Is arin-discuss still a closed members-only list? I pay ARIN every year for my AS# registration but the last time I asked to join arin-discuss, I was refused because I wasn't a LIR, thus not a member. Please: don't ask folks to take discussions of public concern to a closed forum. On Sun, Aug 15, 2010 at 5:53 AM, John Curran jcur...@arin.net wrote: On Aug 15, 2010, at 1:20 AM, David Conrad wrote: It has been depressing to watch participants in ARIN (in particular) suggest all will be well if people would just sign away their rights via an LRSA, Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: A strict (albeit ridiculous) reading of the LRSA says that if I bit-torrent some music using my LRSA-covered IP addresses and lose in court (4.d.ii) ARIN can terminate the contract (14.b.i) and revoke the numbers (14.e.i). In fact, any way I run afoul of ARIN's ever changing policies (15.d) leads to 14.b and 14.e.1. Not that ARIN would, of course, but the contract gives them the power. https://www.arin.net/resources/agreements/legacy_rsa.pdf Absent the LRSA, the status quo leaves ARIN unable to revoke and reassign legacy IP addresses without placing itself at major risk, requiring a litigious rather than contractual resolution to exactly what rights ARIN and the legacy registrants have. My defacto rights are less certain but rather more extensive than what the LRSA offers. On Sun, Aug 15, 2010 at 7:34 AM, Randy Bush ra...@psg.com wrote: the fact is that the lrsa does require the legacy holder to sign away rights. and if you assert that they have no special/different rights, then why is [section 9] there? Because that's intended to be part of the price, Randy. In exchange for gaining enforceable rights with respect to ARIN's provision of services, you quit any claim to your legacy addresses as property, just like with all the addresses allocated in the last decade and a half. The other part of the price was supposed to be the $100 annual fee. Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: participation in process (Re: Lightly used IP addresses)
Sent from my iPad On Aug 15, 2010, at 2:38 AM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Sat, 14 Aug 2010, Chris Grundemann wrote: I highly encourage everyone who has an opinion on Internet numbering policy to do the same. The same goes for IETF and standards, there one doesn't have to go to meetings at all since most work is being done on/via mailing lists openly. Most of the policy work in ARIN is done openly on PPML. However, the meetings (which can be attended remotely) are also quite useful, much as with IETF. Owen
Re: Lightly used IP addresses
Sent from my iPad On Aug 15, 2010, at 8:54 AM, Randy Bush ra...@psg.com wrote: oh. was section nine of the lrsa done by the policy process? No so, if we think it should be changed we should go through a process which was not used to put it in place. can you even say level playing field? Section 9 is present in the LRSA because it matches the RSA (so that all address holders are the same basic terms to the extent practical) so, on the one hand, you claim legacy holders have no property rights. yet you ask they sign an lrsa wherein they relinquish the rights you say they don't have. A contract which clarifies that you still don't have rights you never had does not constitute relinquishing those non-existent rights no matter how many times you repeat yourself. amazing. i wonder if that could be construed as an acknowledgement that they actually have those rights. when did the lawyers and the twisty mentality get control? randy, heading for sleep -- p.s. apologies to folk for any suggestion they might have to dirty themselves by joining the ppml list
Re: Lightly used IP addresses
Sent from my iPad On Aug 15, 2010, at 11:14 AM, William Herrin b...@herrin.us wrote: On Sun, Aug 15, 2010 at 12:23 AM, John Curran jcur...@arin.net wrote: https://www.arin.net/about_us/corp_docs/annual_rprt.html In between meetings, this topic is probably best suited for the arin-discuss mailing list as opposed to the nanog list. John, Is arin-discuss still a closed members-only list? I pay ARIN every year for my AS# registration but the last time I asked to join arin-discuss, I was refused because I wasn't a LIR, thus not a member. Please: don't ask folks to take discussions of public concern to a closed forum. ARIN fees and budget are a member concern, not a public concern. Non-LIR resource holders can become members for $500 per year. On Sun, Aug 15, 2010 at 5:53 AM, John Curran jcur...@arin.net wrote: On Aug 15, 2010, at 1:20 AM, David Conrad wrote: It has been depressing to watch participants in ARIN (in particular) suggest all will be well if people would just sign away their rights via an LRSA, Actually, you've got it backwards. The Legacy RSA provides specific contractual rights which take precedence over present policy or any policy that might be made which would otherwise limit such rights: A strict (albeit ridiculous) reading of the LRSA says that if I bit-torrent some music using my LRSA-covered IP addresses and lose in court (4.d.ii) ARIN can terminate the contract (14.b.i) and revoke the numbers (14.e.i). In fact, any way I run afoul of ARIN's ever changing policies (15.d) leads to 14.b and 14.e.1. Not that ARIN would, of course, but the contract gives them the power. https://www.arin.net/resources/agreements/legacy_rsa.pdf Absent the LRSA, the status quo leaves ARIN unable to revoke and reassign legacy IP addresses without placing itself at major risk, requiring a litigious rather than contractual resolution to exactly what rights ARIN and the legacy registrants have. My defacto rights are less certain but rather more extensive than what the LRSA offers. You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel himself is on record stating that disused addresses should be returned. On Sun, Aug 15, 2010 at 7:34 AM, Randy Bush ra...@psg.com wrote: the fact is that the lrsa does require the legacy holder to sign away rights. and if you assert that they have no special/different rights, then why is [section 9] there? Because that's intended to be part of the price, Randy. In exchange for gaining enforceable rights with respect to ARIN's provision of services, you quit any claim to your legacy addresses as property, just like with all the addresses allocated in the last decade and a half. The other part of the price was supposed to be the $100 annual fee. I would say you acknowledge the lack of such a claim in the first place rather than quit claim. Thus you are not giving up anything and the only actual price is $100 per year with very limited possible increases over future years. Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. I believe the LRSA limits them primarily to the annual fee payment. It's actually written to make it pretty hard, if not impossible, for policy changes to affect signatories in such a way. Arguably, non-signatories have exactly the same set of rights as RSA signatories, while LRSA signatories enjoy significant additional rights. Any belief that non-signatories enjoy rights not present in the RSA is speculative at best. Owen Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Lightly used IP addresses
On Sun, Aug 15, 2010 at 11:44 AM, Owen DeLong o...@delong.com wrote: ARIN fees and budget are a member concern, not a public concern. Oh really? The money ARIN spends managing the public's IP addresses (and how it collects that money and the privileges conferred on the folks from whom it's collected) are not a matter of public concern? I seem to recall that attitude was how ICANN first started to get in to trouble. Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. I believe the LRSA limits them primarily to the annual fee payment. Do you now. Unfortunately, the plain language of the LRSA does not respect your belief. ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: ARIN will take no action to reduce the services provided for Included Number Resources _that are not currently being utilized_ by the Legacy Applicant. (10.b) and fee shall be $100 per year until the year 2013; no increase per year greater than $25. (6.b) Except for those exclusions, the LRSA includes the Policies which are hereby incorporated by reference (15.d). Those policies are binding upon Legacy Applicant immediately after they are posted on the Website (7). In other words, if the ARIN board adopts a policy that legacy registrants must install some of their addresses on a router on the moon (or perhaps some requirement that's a little less extreme) then failing to is cause for terminating the contract (14.b). Which revokes the IP addresses (14.e.i). Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Lightly used IP addresses
On Sun, Aug 15, 2010 at 11:44:18AM -0400, Owen DeLong wrote: You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel himself is on record stating that disused addresses should be returned. A non-trivial number of people likely believe they have property rights in their legacy address space (or, more precisely, in the entry in the ARIN database that corresponds to their legacy address space) and that those property rights are much more extensive than the rights they have under the LRSA. John points out that the LRSA gives legacy address holders a degree of certainty that they don't otherwise have. That's almost certainly true; I doubt any legancy address holders are in possession of legal advice to the effect of you absolutely have property rights in that allocation; there's absoutely no chance you'd lose should you attempt to assert those rights in court. (On the other hand, no one really knows that ARIN has the authority to make the guarantees it's making under the LRSA. The LRSA only binds ARIN ... there's nothing to say the us Government won't step in an and assert its own authority over legacy space. So, while the LRSA confers a degree of certainty, it doesn't confer absolute certainty, or anything close to it.) But John doesn't seem to want to acknowledge, at least directly, the possibility that that thsoe property rights might be reasonably believed by some to exist. I suspect some entities are in possession of legal advice to the effect of you probably have property rights and probably can do whatever you want with your space and probably get court orders as needed to force ARIN to respond accordingly. If one has gotten such advice from one's lawyers, and one has discussed with those lawyers just how probable probably is, it might well be that signing the LRSA is legitimately perceived as giving up rights. Because that's intended to be part of the price, Randy. In exchange for gaining enforceable rights with respect to ARIN's provision of services, you quit any claim to your legacy addresses as property, I would say you acknowledge the lack of such a claim in the first place rather than quit claim. Thus you are not giving up anything and the only actual price is $100 per year with very limited possible increases over future years. The reality is that *no one knows* whether or not there are property rights. The difference between quit claim any rights you have and acknowledge you never had any rights isn't really relevant. Either way, you go from having whatever property rights you originally had (and no one knows for sure what those rights are) to probably not having any such rights. With either language, if you never had any such rights, you aren't giving up anything. If you did previously have such rights, you probably are giving up something. Whether the language is written presupposing the existance of such rights, or presupposing the non-existance of such rights, has no real effect. OF course ARIN's position is that that clause merely clarifies a situation that already exists. But the fact that ARIN feels it needs clarifying illustrates the ambiguity. Any belief that non-signatories enjoy rights not present in the RSA is speculative at best. I suspect some people are in possession of legal advice to the contrary. (Well, sure, technically, it is speculative. But I'd imagine that some people have a pretty high degree of confidence in their speculation.) Let's put it this way: (This is a hypothetical point; I'm not actually making an offer here.) Say I'm willing to buy, for $10 per /24, any property rights that anyone with legacy space has in their legacy allocation, provided they have not signed an RSA or LRSA with respect to that space, and provided that they agree to never sign any such agreement, or nay similar agreement, with respect to that space. If there's no property rights, that's a free $10 per /24. On the other hand, if there are property rights, then that's a pretty low price for giving me the authority to direct a transfer of the space whenever I feel like it. How many people do you think would rationally take me up on this offer? Would you advise an ISP with a legacy allocation that is temporarily short on cash to engage in such a transaction? If so, are you confident enough in your position that you'd agree to personally indemnify them against any loss they might incur if it turns out that there are property rights and now I hold them? And that's really the crux of this argument. One side assumes there are no property rights and argues from that premise, the other side assumes there are and argues from that premise. But sides' arguments are logically sound (more or less), but they start from different premises, and starting there isn't going to do
Re: Lightly used IP addresses
On Aug 15, 2010, William Herrin wrote: Please: don't ask folks to take discussions of public concern to a closed forum. ... ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: ARIN will take no action to reduce the services provided for Included Number Resources _that are not currently being utilized_ by the Legacy Applicant. Bill - Two quick points - Your concern about arin-discuss is understandable (i.e. you should not have to join ARIN in order to discuss a potential concern of community interest that you have with the agreement). I'll mention this to the Board, and note in the meantime that the PPML mailing list often covers far-ranging discussions such as these in case that becomes necessary. Also, your emphasis above (_that are not currently being utilized_), pointed our we need to clarify that it should include all resources, including those not currently being utilized, i.e. the phrase wasn't intended to exclude *utilized* resources from ARIN will take no action clause. I will have that fixed on the next version of the LRSA. /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
Also, your emphasis above (_that are not currently being utilized_), pointed our we need to clarify that it should include all resources, including those not currently being utilized, i.e. the phrase wasn't intended to exclude *utilized* resources from ARIN will take no action clause. I will have that fixed on the next version of the LRSA. but john, should you not run the change through the policy process? randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 2:32 PM, Randy Bush wrote: Also, your emphasis above (_that are not currently being utilized_), pointed our we need to clarify that it should include all resources, including those not currently being utilized, i.e. the phrase wasn't intended to exclude *utilized* resources from ARIN will take no action clause. I will have that fixed on the next version of the LRSA. but john, should you not run the change through the policy process? Randy - The language ARIN will take no action to reduce the services provided for Included Number Resources that are not currently being utilized by the Legacy Applicant was stated in plain language to make clear the representation ARIN was making to the LRSA applicant. That representation is intended for all included resources, not just unused, so the language should be corrected to the benefit of Legacy holders. Your discourse is often thought provoking, informative, and even colorful, but I'll not let it be to the general detriment of the community. If a new LRSA signatory really wants the old language with a weaker promise from ARIN, we'll readily accommodate them then. /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
john, the bottom line is, changes you like and can justify to yourself with lots of glib words can be made without process. changes you don't like have to go through the policy gauntlet. randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 11:14 AM, William Herrin wrote: Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. Bill - Voluntary termination because ARIN is in breach results in pre-contract status quo, otherwise you are correct. Changing this would be a useful item to discuss at the Public Policy Members meeting in one of the open mike sessions, or to submit to the suggestion process for discussion on the arin-consult mailing list https://www.arin.net/participate/acsp The last round of improvements to the LRSA (version 2.0) added several circumstances that result in pre-contract status quo, and additional ones could be added if the community wants such and the Board concurs. /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
On Aug 15, 2010, at 2:55 PM, Randy Bush wrote: the bottom line is, changes you like and can justify to yourself with lots of glib words can be made without process. changes you don't like have to go through the policy gauntlet. Changes to the ARIN's operations are within my authority; I try to be reachable to the community (and how... :-), but there's also the more formal ARIN Consultation and Suggestion (ACSP) process if desired: https://www.arin.net/participate/acsp. Changes to ARIN's fees, services, and agreements are done after consultation to the ARIN Board, and often go through the ACSP consultation process or are discussed at one of the meetings. Suggestions are also welcomed as per above, just as I asked Mr. Herrin to do earlier regarding the LRSA. Changes to the Number Resource Policy Manual (NRPM) https://www.arin.net/policy/nrpm.html, are made via ARIN's Policy Development Process. My apologies if this was somehow unclear, /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
On Sun, 15 Aug 2010 11:44:18 EDT, Owen DeLong said: You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel himself is on record stating that disused addresses should be returned. We've written RFCs that explain SHOULD != MUST. Keep in mind that he said that back in a long-bygone era where sending an e-mail asking If you're not going to deploy that address range, can you give it back just because it's the Right Thing To Do, even though there's a chance that 15 years from now, you'll be able to sell it for megabucks didn't get 53 levels of management and lawyers involved. On Sun, 15 Aug 2010 11:33:34 EDT, Owen DeLong said: A contract which clarifies that you still don't have rights you never had does not constitute relinquishing those non-existent rights no matter how many times you repeat yourself. Ahh - but here's the kicker. For the contract to clarify the status of that right, it *is* admitting that the right exists and has a definition (even if not spelled out in the contract). A non-existent thing can't be the subject of a contract negotiation. So in the contract, you can agree that you don't have right XYZ, and clarify that you understand you never had right XYZ. But it doesn't make sense if XYZ is nonexistent. pgphROyVXyraY.pgp Description: PGP signature
Re: Lightly used IP addresses
the bottom line is, changes you like and can justify to yourself with lots of glib words can be made without process. changes you don't like have to go through the policy gauntlet. ... Changes to ARIN's fees, services, and agreements are done after consultation to the ARIN Board, and often go through the ACSP consultation process or are discussed at one of the meetings. Suggestions are also welcomed as per above, just as I asked Mr. Herrin to do earlier regarding the LRSA. as a reader of this thread with any memory can clearly see, when i asked about a change to the lrsa (with which you clearly disagree), i was told to submit a suggestion and to go through the policy process. when you want a change to the same agreement, whammy, it can magically be done with a quick internal process. qed. randy
Re: Lightly used IP addresses
On Aug 15, 2010, at 4:06 PM, Randy Bush wrote: as a reader of this thread with any memory can clearly see, when i asked about a change to the lrsa (with which you clearly disagree), i was told to submit a suggestion and to go through the policy process. when you want a change to the same agreement, whammy, it can magically be done with a quick internal process. Randy - I understand your confusion. If you find a typo, or grammatical error, or phrase which is contradictory, I can fix it the next version. If you have a suggestion for LRSA content change, please use the suggestion process or take it up at a meeting as you prefer. For the particular change that you want, I was noting that NRPM 4.1 (not 6.4.1 as I wrote) specifically cites RFC 2050: 4.1.7. RFC 2050 ARIN takes guidance from allocation and assignment policies and procedures set forth in RFC 2050. These guidelines were developed to meet the needs of the larger Internet community in conserving scarce IPv4 address space and allowing continued use of existing Internet routing technologies. and as a result, you should look to the IETF to update the RFC2050 guidance or the Policy Development process to remove the reference. Thanks, /John John Curran President and CEO ARIN Begin forwarded message: From: John Curran jcur...@arin.net Date: August 15, 2010 6:49:12 AM EDT To: Randy Bush ra...@psg.com Cc: North American Network Operators Group nanog@nanog.org Subject: Re: Lightly used IP addresses On Aug 15, 2010, at 6:21 AM, Randy Bush wrote: gosh, i must have completely misread section nine Seeking contractual rights contrary to IETF RFCs 2008 and 2150? oh, and if you feel that you have those rights by other means than the lrsa, then why is section nine in the lrsa. just remove it. Easy to do, you can either: 1) Change the appropriate policy language (NRPM 6.4.1) via the ARIN policy development process, in which case the LRSA will be updated as noted, or 2) If you feel that you'd prefer a different forum, you can address this on a more global basis (since each RIR has similar language regarding addresses) by going through the IETF and revising the RFCs, which will likely result in the RIRs all reviewing their documents accordingly. Either route requires that the community comes to a consensus on the change and can give you the results you seek. Or you can enjoy the status quo. /John John Curran President and CEO ARIN p.s. If you want to continue to discuss, can we shortly move this to PPML or ARIN-Discuss for the sake of those not interested in these matters who have different expectations from their NANOG list subscription?
Re: Lightly used IP addresses
On Sat, 14 Aug 2010, Randy Bush wrote: when the registry work was re-competed and taken from sri to netsol (i think it was called that at the time), rick adams put in a no cost bid to do it all with automated scripts. hindsight tells me we should have supported that much more strongly. I fear the abuse resulting from free domain registration. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ MALIN HEBRIDES: SOUTH 3 OR 4. SLIGHT, OCCASIONALLY MODERATE. OCCASIONAL DRIZZLE THEN RAIN. MODERATE OR GOOD, OCCASIONALLY POOR.
Re: Lightly used IP addresses
On 8/13/2010 19:55, Randy Bush wrote: when the registry work was re-competed and taken from sri to netsol (i think it was called that at the time), rick adams [0] put in a no cost bid to do it all with automated scripts. hindsight tells me we should have supported that much more strongly. and folk who think that would not have scaled, need to know that the netsol lowball solution was mark and scott in a basement with a sun3 and a 56k line. Hah. Automated no-cost registration, meet automated registering script with a dictionary plus random string generator. ~Seth
Re: Lightly used IP addresses
On 8/15/10 6:25 PM, Tony Finch wrote: On Sat, 14 Aug 2010, Randy Bush wrote: when the registry work was re-competed and taken from sri to netsol (i think it was called that at the time), rick adams put in a no cost when we (sri) lost the defense data network nic contract in may '91, disa awarded it to government systems inc., which eventually became netsol. bid to do it all with automated scripts. hindsight tells me we should have supported that much more strongly. I fear the abuse resulting from free domain registration. the price point gsi set was $100/two-years, and later in litigation the portion earmarked to go a public agency was removed, resulting in the $75/two-year price point. of the things to fear, that hadn't happened then, such as the determination that domains are marks (wipo i), and the ancillary exploits, keeping the cost at the green-stamp price-point of zero dollars and zero cents seems a pretty odd thing to fear. yes, we f*cked by failing to keep the allocation mechanism profit neutral. -e
Re: Lightly used IP addresses
On Aug 15, 2010, at 9:20 AM, William Herrin wrote: On Sun, Aug 15, 2010 at 11:44 AM, Owen DeLong o...@delong.com wrote: ARIN fees and budget are a member concern, not a public concern. Oh really? The money ARIN spends managing the public's IP addresses (and how it collects that money and the privileges conferred on the folks from whom it's collected) are not a matter of public concern? I seem to recall that attitude was how ICANN first started to get in to trouble. As I said, they are a matter of member concern. To the best of my knowledge, ICANN membership is not open. If you care about how ARIN spends its money, become a member, speak up, and vote. Membership is open to all and voting membership is open to all resource holders. Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. I believe the LRSA limits them primarily to the annual fee payment. Do you now. Unfortunately, the plain language of the LRSA does not respect your belief. ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: ARIN will take no action to reduce the services provided for Included Number Resources _that are not currently being utilized_ by the Legacy Applicant. (10.b) and fee shall be $100 per year until the year 2013; no increase per year greater than $25. (6.b) Except for those exclusions, the LRSA includes the Policies which are hereby incorporated by reference (15.d). Those policies are binding upon Legacy Applicant immediately after they are posted on the Website (7). In other words, if the ARIN board adopts a policy that legacy registrants must install some of their addresses on a router on the moon (or perhaps some requirement that's a little less extreme) then failing to is cause for terminating the contract (14.b). Which revokes the IP addresses (14.e.i). I think that is a rather bizarre and extreme construction of excerpts of the contract language. More rational construction would lead one to believe that the stated intent is to limit ARIN's ability to raise fees and prevent the revocation of legacy addresses absent a failure to pay fees. The policies incorporated by reference are the same policies which affect every other address holder, so ARIN would have a hard time requiring legacy holders to address devices on the moon without requiring the same thing from all other resource holders. Owen
Re: Lightly used IP addresses
On Aug 15, 2010, at 11:08 AM, Brett Frankenberger wrote: On Sun, Aug 15, 2010 at 11:44:18AM -0400, Owen DeLong wrote: You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel himself is on record stating that disused addresses should be returned. A non-trivial number of people likely believe they have property rights in their legacy address space (or, more precisely, in the entry in the ARIN database that corresponds to their legacy address space) and that those property rights are much more extensive than the rights they have under the LRSA. Once upon a time, a non-trivial number of people believed in a set of $DIETIES we now refer to as greco-roman mythology. That doesn't make those beliefs any more or less correct than the ones who believe in these mystic undocumented property rights. John points out that the LRSA gives legacy address holders a degree of certainty that they don't otherwise have. That's almost certainly true; I doubt any legancy address holders are in possession of legal advice to the effect of you absolutely have property rights in that allocation; there's absoutely no chance you'd lose should you attempt to assert those rights in court. (On the other hand, no one really knows that ARIN has the authority to make the guarantees it's making under the LRSA. The LRSA only binds ARIN ... there's nothing to say the us Government won't step in an and assert its own authority over legacy space. So, while the LRSA confers a degree of certainty, it doesn't confer absolute certainty, or anything close to it.) Since the only assurances the LRSA offers are with regard to what ARIN will or won't do, I would say that ARIN is in a perfectly good position to make those assurances. But John doesn't seem to want to acknowledge, at least directly, the possibility that that thsoe property rights might be reasonably believed by some to exist. I suspect some entities are in possession of legal advice to the effect of you probably have property rights and probably can do whatever you want with your space and probably get court orders as needed to force ARIN to respond accordingly. If one has gotten such advice from one's lawyers, and one has discussed with those lawyers just how probable probably is, it might well be that signing the LRSA is legitimately perceived as giving up rights. Whether or not such belief is reasonable (I'm not inclined that it is as I have seen not one single document that conveys any form of property rights and the concept of owning integers seems utterly bizarre to me) I will leave to the psychologists and psychiatrists to determine. I acknowledge that some people believe this. I believe they are mistaken. I'll leave it to John to speak for himself on the matter. Because that's intended to be part of the price, Randy. In exchange for gaining enforceable rights with respect to ARIN's provision of services, you quit any claim to your legacy addresses as property, I would say you acknowledge the lack of such a claim in the first place rather than quit claim. Thus you are not giving up anything and the only actual price is $100 per year with very limited possible increases over future years. The reality is that *no one knows* whether or not there are property rights. The difference between quit claim any rights you have and acknowledge you never had any rights isn't really relevant. Either way, you go from having whatever property rights you originally had (and no one knows for sure what those rights are) to probably not having any such rights. Not exactly. In the acknowledging you never had rights scenario, you go from having no rights whatsoever to having a defined set of rights which may be less in scope than you imagined your rights to be prior to seeking documentation of said rights and discovering none. With either language, if you never had any such rights, you aren't giving up anything. If you did previously have such rights, you probably are giving up something. Whether the language is written presupposing the existance of such rights, or presupposing the non-existance of such rights, has no real effect. Ah, but, if you never had any such rights and you are gaining some rights (which is actually what the LRSA does) that is quite different from giving up rights. I agree that the perspective of the contractual language is nearly a no-op for the signatories of the contract. OF course ARIN's position is that that clause merely clarifies a situation that already exists. But the fact that ARIN feels it needs clarifying illustrates the ambiguity. Or, perhaps, the fact that ARIN feels it needs clarifying is indicative of ARIN acknowledging wide-spread mythology. I can acknowledge that the greeks believed Hades
Re: Lightly used IP addresses
All (and especially Mr. Curran), Would the policy process be an appropriate venue for a proposition to change the ARIN mission, restricting it's activities exclusively to registration services while requiring a reduction in fees and budget? Best regards, Jeff On Mon, Aug 16, 2010 at 7:35 AM, Owen DeLong o...@delong.com wrote: On Aug 15, 2010, at 9:20 AM, William Herrin wrote: On Sun, Aug 15, 2010 at 11:44 AM, Owen DeLong o...@delong.com wrote: ARIN fees and budget are a member concern, not a public concern. Oh really? The money ARIN spends managing the public's IP addresses (and how it collects that money and the privileges conferred on the folks from whom it's collected) are not a matter of public concern? I seem to recall that attitude was how ICANN first started to get in to trouble. As I said, they are a matter of member concern. To the best of my knowledge, ICANN membership is not open. If you care about how ARIN spends its money, become a member, speak up, and vote. Membership is open to all and voting membership is open to all resource holders. Unfortunately, the LRSA contains another price which I personally consider too high: voluntary termination revokes the IP addresses instead of restoring the pre-contract status quo. Without that balancing check to the contract, I think a steady creep in what ARIN requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. I believe the LRSA limits them primarily to the annual fee payment. Do you now. Unfortunately, the plain language of the LRSA does not respect your belief. ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: ARIN will take no action to reduce the services provided for Included Number Resources _that are not currently being utilized_ by the Legacy Applicant. (10.b) and fee shall be $100 per year until the year 2013; no increase per year greater than $25. (6.b) Except for those exclusions, the LRSA includes the Policies which are hereby incorporated by reference (15.d). Those policies are binding upon Legacy Applicant immediately after they are posted on the Website (7). In other words, if the ARIN board adopts a policy that legacy registrants must install some of their addresses on a router on the moon (or perhaps some requirement that's a little less extreme) then failing to is cause for terminating the contract (14.b). Which revokes the IP addresses (14.e.i). I think that is a rather bizarre and extreme construction of excerpts of the contract language. More rational construction would lead one to believe that the stated intent is to limit ARIN's ability to raise fees and prevent the revocation of legacy addresses absent a failure to pay fees. The policies incorporated by reference are the same policies which affect every other address holder, so ARIN would have a hard time requiring legacy holders to address devices on the moon without requiring the same thing from all other resource holders. Owen -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Lightly used IP addresses
On Aug 15, 2010, at 12:51 PM, valdis.kletni...@vt.edu wrote: On Sun, 15 Aug 2010 11:44:18 EDT, Owen DeLong said: You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel himself is on record stating that disused addresses should be returned. We've written RFCs that explain SHOULD != MUST. Keep in mind that he said that back in a long-bygone era where sending an e-mail asking If you're not going to deploy that address range, can you give it back just because it's the Right Thing To Do, even though there's a chance that 15 years from now, you'll be able to sell it for megabucks didn't get 53 levels of management and lawyers involved. On Sun, 15 Aug 2010 11:33:34 EDT, Owen DeLong said: A contract which clarifies that you still don't have rights you never had does not constitute relinquishing those non-existent rights no matter how many times you repeat yourself. Ahh - but here's the kicker. For the contract to clarify the status of that right, it *is* admitting that the right exists and has a definition (even if not spelled out in the contract). A non-existent thing can't be the subject of a contract negotiation. So in the contract, you can agree that you don't have right XYZ, and clarify that you understand you never had right XYZ. But it doesn't make sense if XYZ is nonexistent. There are lots of contracts which clarify that inaccuracies previously perceived as rights are, indeed, and always were, fictitious in nature. That is possible in a contract and is not as uncommon as one would wish it were. It does not magically lend credence to the prior fiction. Owen
Re: Lightly used IP addresses
On Sun, Aug 15, 2010 at 3:03 PM, John Curran jcur...@arin.net wrote: The last round of improvements to the LRSA (version 2.0) added several circumstances that result in pre-contract status quo, and additional ones could be added if the community wants such and the Board concurs. John, I noticed and I appreciate it. Each round of revisions to the LRSA contract has brought it closer to being a document I could sign. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Lightly used IP addresses
[attribution removed, as I lost track of who said what] Do you now. Unfortunately, the plain language of the LRSA does not respect your belief. ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: ARIN will take no action to reduce the services provided for Included Number Resources _that are not currently being utilized_ by the Legacy Applicant. (10.b) and fee shall be $100 per year until the year 2013; no increase per year greater than $25. (6.b) Except for those exclusions, the LRSA includes the Policies which are hereby incorporated by reference (15.d). Those policies are binding upon Legacy Applicant immediately after they are posted on the Website (7). In other words, if the ARIN board adopts a policy that legacy registrants must install some of their addresses on a router on the moon (or perhaps some requirement that's a little less extreme) then failing to is cause for terminating the contract (14.b). Which revokes the IP addresses (14.e.i). I think that is a rather bizarre and extreme construction of excerpts of the contract language. More rational construction would lead one to believe that the stated intent is to limit ARIN's ability to raise fees and prevent the revocation of legacy addresses absent a failure to pay fees. You could think this 'bizarre', and you might be right. I read it, however, and was convinced - at least to the point where I would advise a client not to sign such an agreement without additional research. Ritual disclaimer - IAAL, but not a very good one, and this isn't legal advice, and, if you take legal advice from a stranger's internet postings, you have bigger problems than ARIN can throw at you. :-) -- _ Nachman Yaakov Ziskind, FSPA, LLM aw...@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: Lightly used IP addresses
On Sun, Aug 15, 2010 at 11:05 PM, Owen DeLong o...@delong.com wrote: On Aug 15, 2010, at 9:20 AM, William Herrin wrote: On Sun, Aug 15, 2010 at 11:44 AM, Owen DeLong o...@delong.com wrote: ARIN fees and budget are a member concern, not a public concern. I seem to recall that attitude was how ICANN first started to get in to trouble. To the best of my knowledge, ICANN membership is not open. Not any more. requires of the signatory is inevitable... and the affirmative actions ARIN can require the registrant to perform in order to maintain the contract are nearly unlimited. I believe the LRSA limits them primarily to the annual fee payment. Put your money where your mouth is Owen. As an ARIN Advisory Council member, ask ARIN Counsel Steve Ryan to issue a legal opinion that ARIN considers itself constrained to limit the requirements placed on LRSA signatories primarily to the annual fee payment regardless of how ARIN policy changes. Until reading such a clarification from someone actually qualified to make it, I have to expect that the contract means what it says when it says that only regular fees and use ratios are excluded from the scope of policy ARIN may apply to legacy registrants under an LRSA. Do you now. Unfortunately, the plain language of the LRSA does not respect your belief. ARIN makes only two promises about the application of existing and new ARIN policies to LRSA signatories: More rational construction would lead one to believe that the stated intent is to limit ARIN's ability The courts are full of people who thought a contract intended to mean something other than the actual text to which their signature was attached. Their rate of success is not great. The policies incorporated by reference are the same policies which affect every other address holder, so ARIN would have a hard time requiring legacy holders to address devices on the moon without requiring the same thing from all other resource holders. ARIN doesn't seem to have any problem differentiating between ISP address holdings and end-user address holdings in the policies, and applying rather substantially different requirements to each. What exactly do you think would prevent policies from differentiating between those two classes and legacy address holdings under an LRSA? The retort you want to make is that ARIN just wouldn't do that. That's not the kind of people they are. Fine. So update the LRSA so it doesn't carefully and pervasively establish ARIN's legal right to behave that way. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Lightly used IP addresses
Watching people snark on mailing lists is occasionally entertaining. Watching them snark on the wrong mailing lists is usually less entertaining. Watching them snark on the wrong mailing list for 100+ posts when the things they are snarking about were voted on by themselves is getting a little silly. Watching them snark about the people they are snarking -to- trying to get them to participate in the process they are snarking -about- is pathetic. If you don't like the way ARIN does things, change them. I don't like people going to the IETF and trying to get the IETF to do things the operators should be doing. I talked to the AC BoD members before I voted, and none of them mentioned this to me. I feel like snarking about that is valid, since I put in time effort, but was still caught by surprise. But instead of snarking, I'm working to change that. How much time effort was spent (wasted?) reading mailing lists that could have been used to put forth proposals to ARIN (or the other RIRs)? Which is more likely to get what you want? Oh, and about ARIN wasting money: Do you really think a 10% or even 50% reduction in ARIN fees will make -any- difference to the companies paying those fees? OTOH, I do believe a 50% reduction in ARIN fees will result in far less outreach, which means less community participation, which I feel is suboptimal. If you disagree, propose a change, get me people who feel as I do outvoted, and things will change. What's more, I will not snark about the fact I got outvoted on NANOG. Or you can post to NANOG and see nothing change. Up to you. -- TTFN, patrick
Re: Lightly used IP addresses
On Aug 13, 2010, at 8:01 PM, Randy Bush wrote: Yet most of the bad ideas in the past 15 years have actually come from the IETF (TLA's, no end site multihoming, RA religion), some of which have actually been fixed by the RIR's. no, they were fixed within the ietf. that's my blood you are taking about, and i know where and by whom it was spent. I'm not sure what is meant by TLAs in this context, so, I'll leave that alone. The lack of end-site multihoming (more specifically the lack of PI for end-sites) was created by the IETF and resolved by the RIRs. The beginning of resolving this was ARIN proposal 2002-3. The RA religion still hasn't been solved. Owen
Re: Lightly used IP addresses
On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote: John et al, I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is no demand. I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see. I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, You're the only one asking for it. I walked up to the vendor and took my turn being told You're the only one asking for it. I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive. Meanwhile, there are hosting companies, dedicated server companies, etc. with /17 and /18 allocations who are either forging justification or wildly abusing the use of that space outside of the declared need. Then those cases should be submitted to the fraud/abuse reporting process so they can be investigated and resolved. Owen
Re: Lightly used IP addresses
On Aug 13, 2010, at 9:33 PM, Franck Martin wrote: Funny! On one hand people talk about ARIN providing IP allocation at nearly zero cost and on the other hand talking that ARIN goes after companies that use their allocation for abuse (which has a non trivial cost and potential expensive lawsuits)... Do you know what you want? Let's clarify the definition of abuse in this context. We are not talking about people who use their IPs to abuse the network. We are talking about resource recipients who use their allocations or assignments in contravention to the policies under which they received them (and thus contrary to the RSA which they signed when they received them). Not that I don't think going after network abuse is worth while, it absolutely is, but, that's not within the current scope of ARIN policy. The community would need to come to consensus on a definition of abuse and the desire for ARIN to take on such a role before it would be possible. For now, ARIN's role is limited to the administration of the address space in the public trust. That includes taking action to resolve situations where addresses are being used in a manner contrary to the ARIN policies developed by the community. Owen
Re: Lightly used IP addresses
On Aug 14, 2010, at 8:05, Owen DeLong o...@delong.com wrote: On Aug 13, 2010, at 8:01 PM, Randy Bush wrote: The lack of end-site multihoming (more specifically the lack of PI for end-sites) was created by the IETF and resolved by the RIRs. The beginning of resolving this was ARIN proposal 2002-3. The RA religion still hasn't been solved. Neither for that matter has the dhcp religion. Autoconfiguration and bootstrapping were not solved problems for ipv4 inn 1994 and in some respects still aren't. The mind boggles that we consider the ipv4 situation so much better than the v6 case... Owen
Re: Lightly used IP addresses
On Aug 14, 2010, at 8:47 AM, Bret Clark wrote: On 08/14/2010 11:27 AM, Owen DeLong wrote: I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, You're the only one asking for it. I walked up to the vendor and took my turn being told You're the only one asking for it. I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive. What company was that? I find it rather odd that any marketing group in any company would tell a sales team to downplay a possible future migration path; especially in the case of IP6 which isn't a possible future migration strategy, but IS a future migration strategy. That's one company I don't want to do business with if that's what they are telling their sales team...shows lack of a road map and a total lack of any understanding of this industry! I won't name names as that company has since changed their tune and there is nothing to be gained by publicly embarrassing them. Owen
Re: Lightly used IP addresses
I think you mistake my meaning. I don't regard RA and SLAAC as a problem. I regard their limited capabilities as a minor issue. I regard the IETF religion that insists on preventing DHCPv6 from having a complete set of capabilities for some form of RA protectionism to be the largest problem. That was my meaning for RA religion. Owen Sent from my iPad On Aug 14, 2010, at 10:30 AM, Joel Jaeggli joe...@bogus.com wrote: On Aug 14, 2010, at 8:05, Owen DeLong o...@delong.com wrote: On Aug 13, 2010, at 8:01 PM, Randy Bush wrote: The lack of end-site multihoming (more specifically the lack of PI for end-sites) was created by the IETF and resolved by the RIRs. The beginning of resolving this was ARIN proposal 2002-3. The RA religion still hasn't been solved. Neither for that matter has the dhcp religion. Autoconfiguration and bootstrapping were not solved problems for ipv4 inn 1994 and in some respects still aren't. The mind boggles that we consider the ipv4 situation so much better than the v6 case... Owen
Re: Lightly used IP addresses
Bill, On Aug 14, 2010, at 8:51 AM, bmann...@vacation.karoshi.com wrote: In the formal ARIN context, there is a distiction between abuse and fraud. abuse:: https://www.arin.net/abuse.html This is a FAQ for folks who are accusing ARIN of abuse of network. With the possible exception of the last item in that FQA, it has nothing to do with the topic at hand. fraud:: https://www.arin.net/resources/fraud/index.html This is the mechanism by which one reports fraud. It would be helpful in clarifing the discussion if folks used the proper terminology. Can you point to where ARIN defines exactly what they consider abuse and/or fraud? Thanks, -drc
Re: Lightly used IP addresses
On Sat, Aug 14, 2010 at 12:32:50PM -0700, David Conrad wrote: Bill, On Aug 14, 2010, at 8:51 AM, bmann...@vacation.karoshi.com wrote: In the formal ARIN context, there is a distiction between abuse and fraud. abuse:: https://www.arin.net/abuse.html This is a FAQ for folks who are accusing ARIN of abuse of network. With the possible exception of the last item in that FQA, it has nothing to do with the topic at hand. fraud:: https://www.arin.net/resources/fraud/index.html This is the mechanism by which one reports fraud. It would be helpful in clarifing the discussion if folks used the proper terminology. Can you point to where ARIN defines exactly what they consider abuse and/or fraud? Thanks, -drc The AC accepted draft proposal below has a definition of abuse in #b Draft Policy 2010-11 Required Resource Reviews Version/Date: 20 July 2010 Policy statement: Replace the text under sections 4-6 in section 12, paragraph 7 with under paragraphs 12.4 through 12.6 Add to section 12 the following text: 10. Except as provided below, resource reviews are conducted at the discretion of the ARIN staff. In any of the circumstances mentioned below, a resource review must be initiated by ARIN staff: a. Report or discovery of an acquisition, merger, transfer, trade or sale in which the infrastructure and customer base of a network move from one organization to another organization, but, the applicable IP resources are not transferred. In this case, the organization retaining the IP resources must be reviewed. The organization receiving the customers may also be reviewed at the discretion of the ARIN staff. b. Upon receipt by ARIN of one or more credible reports of fraud or abuse of an IP address block. Abuse shall be defined as use of the block in violation of the RSA or other ARIN policies and shall not extend to include general reports of host conduct which are not within ARIN's scope. While fraud is outlined here: https://www.arin.net/resources/fraud/index.html Version 1.2 - 18 November 2009 This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. This reporting process is NOT for reporting illegal or fraudulent Internet activity like network abuse, phishing, spam, identity theft, hacking, scams, or any other activity unrelated to the scope of ARIN's mission. so fraud, from ARINs perspective seems to be: - submitting falsified untilization or org info - unauthorized changes to the data in ARINs whois - hijacking number resources in ARINs database - fraudulent transfers a kewpie doll for the first one to point out the circular dependencies! :) --bill
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 15:25, Ken Chase k...@sizone.org wrote: On Fri, Aug 13, 2010 at 05:00:04PM -0400, Jared Mauch said: I know of several large providers that would stop routing such rogue space. Really? They'd take a seriously delinquent (and we're only talking about non payment after several months to Arin, not spammers or other 'criminal' elements) that's still paying for their transit and cut off their prefix announcements? I dont know that that's true for most outfits in these tough times. Nixing a $5000 or $1+ MRC revenue stream probably requires some hard thought at high levels in most outfits. First, in this thread we are not talking about folks who have not paid ARIN their dues, we are talking about folks who sell addresses despite not being authorized to do so by ARIN - aka abuse/fraud. Either way, if ARIN finds strong enough reason to revoke numbers from Org A who is ISP X' customer, ARIN will eventually reassign those numbers. When ISP Y calls ISP X and says hey, your customer Org A is advertising my customer Org B's address space. ISP X will check WHOIS, see that they are telling the truth and filter that block from Org A. If ISP X does not, they will likely see peering and transit options shrink rapidly. So in short - yes, really. ~Chris /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W. -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 21:32, Randy Bush ra...@psg.com wrote: when the 'community' is defined as those policy wannabes who do the flying, take the cruise junkets, ... this is a self-perpetuating steaming load that is not gonna change. Yes, those definitions create a steaming load. But why is it that the folks actually participating in making policy are wannabes in your definition? I suggest the true definition of community includes at least *all* of the non-AC-member participants in the ARIN policy process; the folks who subscribe to the PPML and show up at meetings (or participate remotely at a greatly reduced cost but nearly equal voice). There are 15 AC members and around 150 participants at each meeting... That means that _most_ are *not* being funded by ARIN. For those who claim the system to not be open, I humbly provide myself as a test case. I am not one of the good old boys of ARIN (if there is such a thing) and I have never had ARIN pay my way to a meeting (or for a cruise junket). In fact I am far too young and inexperienced to possibly qualify as any kind of ruling elite who is handing down decrees from above. I have however contributed to the formation of several policies in the ARIN region and to the crafting of several others currently under discussion, one on a global level amongst all 5 RIRs. I attended a meeting, joined the mailing list and spoke up. Simple as that. I highly encourage everyone who has an opinion on Internet numbering policy to do the same. Cheers, ~Chris one start would be for arin to have the guts not to pay travel expenses of non-employees/contractors. randy -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org
Re: Lightly used IP addresses
for the embarrassing wannabe example of the month, marla and lee [0] at the last ietf is just such a shining example. at the mic, they state are from the arin ac and board, like it was their day job and they were speaking fo rarin ploicy. and they propose to roll back a decade of progress getting operatonal policy the bleep out of the ietf. and they don't even understand why they got jumped or why thomas's preso was in the opposite direction and was widely supported. the arin ceo's response to my suggestion that this be curtailed? If you submit it, I will bring it to the Board for consideration. In fairness, I will tell you that I'll also recommend to the that we continue to pay for the travel for the Advisory Council, unless and until there is no need for a policy development process. or ask a grown-up who has the stomach to read the arin ppml list (i could only stomach it so long, and pulled). it is an embarrassment to the internet. randy -- [0] - sweet, well-meaning folk
Re: Lightly used IP addresses
First, in this thread we are not talking about folks who have not paid ARIN their dues, we are talking about folks who sell addresses despite not being authorized to do so by ARIN - aka abuse/fraud. this is less clear-cut than you seem to think it is. but i suspect we will see it in court fairly soon. randy
RE: Lightly used IP addresses
A possible stick for ARIN could be that any AS that advertises space for B and any network that uses that rogue AS would not receive resource requests/changes from ARIN. Perhaps too strong of a stick? Frank -Original Message- From: Ken Chase [mailto:k...@sizone.org] Sent: Friday, August 13, 2010 2:13 PM To: nanog@nanog.org Subject: Re: Lightly used IP addresses On Fri, Aug 13, 2010 at 06:49:35PM +, Nathan Eisenberg said: Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug? I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. Assuming the public even found out about the situation. For ARIN to make good on this community goodwill, they'd have to (1) publish the disrepute of the upstream who refuses to stop announcing the rogue downstream's prefixes. Im not sure what step 2+ is going to be there, but I bet ARIN would become very unpopular with (1) above amongst its customers reselling bandwidth to other ARIN IPv4 block users. How many large carriers on this list would immediately halt announcing a downstream-in-good-financial-standing's prefixes just because ARIN say's they're delinquent? I bet most wont even answer this question to the list here - most likely dont have an official policy for this situation, and if they did, it's likely not going to be publically disclosed. (If any are willing to disclose such publically, I'd love to hear/see the policy's details.) /kc Best Regards, Nathan Eisenberg Atlas Networks, LLC -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
RE: Lightly used IP addresses
This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the only oddball pushing the IPv6 feature requirement. I tried to explain to him that by this time next year IANA will likely have handed out all their IPv4 blocks and that I didn't have the time spend the first half of 2011 implementing IPv6 across my $DAYJOB network, but wanted to spread that work over time. To his credit, it's been on their to-do list for at least 6 months if not a year, it's just been pushed back several quarters. Frank -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Saturday, August 14, 2010 10:27 AM To: Jeffrey Lyon Cc: John Curran; nanog@nanog.org; Ken Chase Subject: Re: Lightly used IP addresses On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote: John et al, I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is no demand. I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see. I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, You're the only one asking for it. I walked up to the vendor and took my turn being told You're the only one asking for it. I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive. snip Owen
Re: Lightly used IP addresses
A possible stick for ARIN could be that any AS that advertises space for B and any network that uses that rogue AS would not receive resource requests/changes from ARIN. Perhaps too strong of a stick? maybe you should not be searching for a stick.
40 x /18's and an ASN - was Re: Lightly used IP addresses
The vendor I referred to earlier that does not support IPv6 explained this in a private meeting, not a sales pitch. We already use their products extensively. The discussion was more to the tune of we developed IPv6 support but stopped including it in the firmware releases because no one was using it. I informed them that we would use it so possibly by EOY we can have IPv6 support (note: I don't know if Telia and BandCon even support IPv6 yet? Yet another hurdle.) Jeff On Sun, Aug 15, 2010 at 7:04 AM, Frank Bulk frnk...@iname.com wrote: This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the only oddball pushing the IPv6 feature requirement. I tried to explain to him that by this time next year IANA will likely have handed out all their IPv4 blocks and that I didn't have the time spend the first half of 2011 implementing IPv6 across my $DAYJOB network, but wanted to spread that work over time. To his credit, it's been on their to-do list for at least 6 months if not a year, it's just been pushed back several quarters. Frank -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Saturday, August 14, 2010 10:27 AM To: Jeffrey Lyon Cc: John Curran; nanog@nanog.org; Ken Chase Subject: Re: Lightly used IP addresses On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote: John et al, I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is no demand. I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see. I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, You're the only one asking for it. I walked up to the vendor and took my turn being told You're the only one asking for it. I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive. snip Owen -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Lightly used IP addresses
Randy Bush wrote: John - you do not get it... vadim, i assure you curran gets it. he has been around as long as you and i. the problem is that he has become a fiduciary of an organization which sees its survival and growth as its principal goal, free business class travel for wannabe policy wonks as secondary, and and the well- being of the internet as tertiary. they're just another itu, except the clothing expenses are lower and the decision making process pretends to be more open, but isn't. Question: Why does it cost $11 million or more per year (going to some $22 million per year after 2013) to run a couple of databases that are Internet-accessible? --Patrick
Re: Lightly used IP addresses
On Aug 14, 2010, at 11:30 PM, Patrick Giagnocavo wrote: Question: Why does it cost $11 million or more per year (going to some $22 million per year after 2013) to run a couple of databases that are Internet-accessible? Patrick - If this is a reference to ARIN, the budget is approximately $15M annually, and is not substantially changing any faster than expected for normal cost-of-living trends (If $22M is a reference to having both IPv4 and IPv6 fees, ARIN charges each organization only once for the larger of IPv4 or IPv6 registration services fee it makes use of) Even so, it's a fair question to ask why it costs $15M annual to run ARIN. That includes the costs for many tasks which might not be obvious, including running the legacy registry system (which handles SWIP email templates), the new ARIN Online system (which is quite a bit more elegant), the public WHOIS servers, bulk WHOIS and FTP services, IN-ADDR services, the public web sites, the polling election systems, the billing/invoicing systems, and the staging, development/QA support for same, and the normal office infrastructure for things like email, mailing lists, replication, business record keeping, and archival. There's some engineering staff to keep all that running, registration services staff to handle incoming requests, member services for running the meetings, elections, and policy process, and outreach thats already been mentioned with respect to trade shows and press, but also includes engagement with our friends at the ITU, international bodies, and governments. The full budget is available in each year's annual report along with the audited financials, and can be found here: https://www.arin.net/about_us/corp_docs/annual_rprt.html Clearly, the budget can be increased or decreased based on the services desired by the community, and this typically discussed on the last day of the ARIN Public Policy Member meeting (twice yearly) during the Financial Services report. In between meetings, this topic is probably best suited for the arin-discuss mailing list as opposed to the nanog list. FYI, /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
On Sat, 14 Aug 2010 17:03:59 MDT, Chris Grundemann said: First, in this thread we are not talking about folks who have not paid ARIN their dues, we are talking about folks who sell addresses despite not being authorized to do so by ARIN - aka abuse/fraud. Psst.. Hey.. buddy. Over here... wanna score some gen-yoo-ine Rolex integers, cheap? pgpCx8dNx9RqZ.pgp Description: PGP signature
Re: Lightly used IP addresses
On 08/14/2010 21:24, valdis.kletni...@vt.edu wrote: On Sat, 14 Aug 2010 17:03:59 MDT, Chris Grundemann said: First, in this thread we are not talking about folks who have not paid ARIN their dues, we are talking about folks who sell addresses despite not being authorized to do so by ARIN - aka abuse/fraud. Psst.. Hey.. buddy. Over here... wanna score some gen-yoo-ine Rolex integers, cheap? ... only if they're prime. -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
Re: Lightly used IP addresses
Owen, On Aug 14, 2010, at 8:40 AM, Owen DeLong wrote: Let's clarify the definition of abuse in this context. We are not talking about people who use their IPs to abuse the network. We are talking about resource recipients who use their allocations or assignments in contravention to the policies under which they received them (and thus contrary to the RSA which they signed when they received them). The challenge ARIN (and to a lesser extent, the other RIRs) faces is that in a very short time, we're going to have a system in which there will be folks barred from entering a market because they signed an RSA while at the same time, there will be others who will act without this restriction. I honestly don't see how this system will be stable and instability breeds all sorts of things (some perhaps positive, most probably negative). When resources were plentiful this dichotomy could be mostly ignored. Resources are soon not to be plentiful. It has been depressing to watch participants in ARIN (in particular) suggest all will be well if people would just sign away their rights via an LRSA, move to IPv6 overnight, abide by increasingly Byzantine rules, accept that folks were always under ARIN's policies and they just didn't know it, etc. Pragmatically speaking, it seems the most likely to be successful way of maintaining stability with the impending resource exhaustion state is to give up pretenses of being a regulatory agency and concentrate on the role of being a titles registry. I figure if the existing RIRs don't do it, someone else will. But perhaps I'm missing something since I too gave up on PPML some time back. Regards, -drc
Re: Lightly used IP addresses
http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 12:36 PM, John Levine jo...@iecc.com wrote: I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? Alternate #4: A rents the space to B without ARIN knowing it, while A continues to claim that the space belongs to them. -- Brandon Galbraith Voice: 630.492.0464
Re: Lightly used IP addresses
On Aug 13, 2010, at 10:36 AM, John Levine wrote: http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 10:44:12AM -0700, Owen DeLong said: 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. How does this step (8) work, this 'reclaiming'? /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: Lightly used IP addresses
9. I could point out so many cases of justification abuse or outright fraudulent justification and I bet nothing would actually transpire. My two cents. Jeff On Fri, Aug 13, 2010 at 10:14 PM, Owen DeLong o...@delong.com wrote: On Aug 13, 2010, at 10:36 AM, John Levine wrote: http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 12:44 PM, Owen DeLong o...@delong.com wrote: 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. So is there a fine line between selling/renting the space to B and providing 1Mbit of bandwidth over a GRE tunnel to B and allowing them to announce the space via any other transit provider? I'm just curious what the difference is (besides a bit of technical work with the latter). It will be interesting to see what happens as the last of the IPv4 space is exhausted. -- Brandon Galbraith Voice: 630.492.0464
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 10:44:12AM -0700, Owen DeLong wrote: On Aug 13, 2010, at 10:36 AM, John Levine wrote: http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John 6.ARIN receives a fraud/abuse complaint that A's space is being used by B. 7.ARIN discovers that A is no longer using the space in accordance with their RSA 8.ARIN reclaims the space and A and B are left to figure out who owes what to whom. could you provide 4 numbers for me please? ) % of ARIN managed resource covered by standard RSA? ) % of ARIN managed legacy resource covered by legacy RSA? ) % of ARIN managed legacy resource not otherwise covered? ) % of ARIN region entities (A B above) that have offices/relationships with other RIRs that have a divergent transfer process in place? I think your analysis might be true for my first bucket, am less sure it would work for the remaining three. --bill
Re: Lightly used IP addresses
Jeff, Go for it. I've always wondered what ARIN had between it's legs. Andrew On 8/13/2010 1:53 PM, Jeffrey Lyon wrote: 9. I could point out so many cases of justification abuse or outright fraudulent justification and I bet nothing would actually transpire. My two cents. Jeff On Fri, Aug 13, 2010 at 10:14 PM, Owen DeLongo...@delong.com wrote: On Aug 13, 2010, at 10:36 AM, John Levine wrote: http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
Re: Lightly used IP addresses
how does ARIN or whomever deal with similar situations where someone is advertising un-allocated, un-assigned by ARIN IP space in NA? do they have a deal/agreement with the 'backbone' providers? -g 6.ARIN receives a fraud/abuse complaint that A's space is being used by B. 7.ARIN discovers that A is no longer using the space in accordance with their RSA 8.ARIN reclaims the space and A and B are left to figure out who owes what to whom.
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 10:23:56PM +0430, Jeffrey Lyon wrote: 9. I could point out so many cases of justification abuse or outright fraudulent justification and I bet nothing would actually transpire. My two cents. Jeff if you have data on abuse, please use the ARIN abuse reporting tools. https://www.arin.net/abuse.html --bill
RE: Lightly used IP addresses
On Aug 13, 2010, at 10:36 AM, John Levine wrote: http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addres ses/ Discuss. :-) I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? R's, John Owen Said: 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. You know I love you Owen. :) 9. A sues ARIN for tortuous contract interference. 10. B sues ARIN for same. 11. C and D join the law suit. 12. Judges step in. 13. ARIN gets mired in lawsuit after lawsuit 14. Dogs and cats start living together
Re: Lightly used IP addresses
On 8/13/10 2:06 PM, Aaron Wendel wrote: You know I love you Owen. :) 9. A sues ARIN for tortuous contract interference. 10. B sues ARIN for same. 11. C and D join the law suit. 12. Judges step in. 13. ARIN gets mired in lawsuit after lawsuit 14. Dogs and cats start living together Can we just cross the streams now, before the walls start bleeding? Jeff
Re: Lightly used IP addresses
I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. 9. A and B ignore ARIN's email and continue to announce what they've been announcing. 10. ARIN attempts to allocate the /20 to someone else, who is not amused. Note that at this point ARIN presumably has no more v4 space left, so a threat never to allocate more space to A or B isn't very scary. Given its limited practical leverage, ARIN is only effective insofar as its members and customers agree that playing by ARIN's rules is more beneficial than ignoring them. R's, John
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 02:15:51PM -0400, John R. Levine said: I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. 9. A and B ignore ARIN's email and continue to announce what they've been announcing. 10. ARIN attempts to allocate the /20 to someone else, who is not amused. Note that at this point ARIN presumably has no more v4 space left, so a threat never to allocate more space to A or B isn't very scary. Given its limited practical leverage, ARIN is only effective insofar as its members and customers agree that playing by ARIN's rules is more beneficial than ignoring them. Right, and Im answering my own question here, for (8) about the reclaiming - what upstream is going to stop carrying prefixes from a downstream that's 'illegally' announcing them? Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? From what I gather, all that ARIN can do is remove the NS records for the i-a.a reverse zone for the offending block, making SMTP a little trickier from the block, but not much else. Unless I didnt see the other large sticks ARIN's carrying? I've never seen them send hired goons to anyone's door... yet? /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
RE: Lightly used IP addresses
Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug? I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. Best Regards, Nathan Eisenberg Atlas Networks, LLC
Re: Lightly used IP addresses
On Aug 13, 2010, at 2:49 PM, Nathan Eisenberg wrote: Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug? It seems to me that most people trust certificates even if there is no certificate authority at all, revocations or no. So if you means the market, I would say the answer is yes. Regards Marshall I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. Best Regards, Nathan Eisenberg Atlas Networks, LLC
RE: Lightly used IP addresses
On Fri, 2010-08-13 at 18:49 +, Nathan Eisenberg wrote: Isn't this a little bit like an SSL daemon? no. One which refuses to process a revocation list on the basis of the function of the certificate is useless. no, it's not. ssl as a form of identity assurance itself is what is useless. The revocation list only has authority if the agent asks for and processes it. most don't do this, because: - most SSL daemons don't serve the revocation lists; - most SSL agents don't know how to download the revocation lists from another source. see previous note about SSL being worthless for identity assurance. Would you use this SSL daemon, knowing that it had this bug? i wouldn't care - see above points. I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. how do you know if the ARIN revocation is proper? with the IPv4 exhaustion becoming very close to happening now, it is possible that ARIN could go rogue. following a corporation (yes, ARIN is a corporation) as if you were a sheep will empower them to do precisely this in the future. william
Re: Lightly used IP addresses
I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. easy to say, but the reality is you may chose not to do so due to logistical, monetary or management/boss reasons which trumps your constitutionally balanced nature. If someone who was downstream from this provider in a similar situation, I'd say there is a stronger propensity for them to not 'do the right thing'. which by the way isn't a law, so who says its right?its a set of guide lines a group of folks put together. -g
Re: Lightly used IP addresses
On Aug 13, 2010, at 2:15 PM, John R. Levine wrote: ... 10. ARIN attempts to allocate the /20 to someone else, who is not amused. Note that at this point ARIN presumably has no more v4 space left, so a threat never to allocate more space to A or B isn't very scary. Given its limited practical leverage, ARIN is only effective insofar as its members and customers agree that playing by ARIN's rules is more beneficial than ignoring them. Thank you John for saying this... As noted, ARIN's just trying to administer the policies that the community has developed. This means that we will revoke the address space for cases of fraud, and will reissue to one of you to use. Now, if that's not the desired outcome, the policies are subject to change via the public policy process. As it is, folks need to expect that they may receive address space that was revoked as a result of such misuse, or change the policies to have ARIN do something else. /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 06:49:35PM +, Nathan Eisenberg said: Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug? I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit. Assuming the public even found out about the situation. For ARIN to make good on this community goodwill, they'd have to (1) publish the disrepute of the upstream who refuses to stop announcing the rogue downstream's prefixes. Im not sure what step 2+ is going to be there, but I bet ARIN would become very unpopular with (1) above amongst its customers reselling bandwidth to other ARIN IPv4 block users. How many large carriers on this list would immediately halt announcing a downstream-in-good-financial-standing's prefixes just because ARIN say's they're delinquent? I bet most wont even answer this question to the list here - most likely dont have an official policy for this situation, and if they did, it's likely not going to be publically disclosed. (If any are willing to disclose such publically, I'd love to hear/see the policy's details.) /kc Best Regards, Nathan Eisenberg Atlas Networks, LLC -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: Lightly used IP addresses
On Aug 13, 2010, at 2:31 PM, Ken Chase wrote: ... Right, and Im answering my own question here, for (8) about the reclaiming - what upstream is going to stop carrying prefixes from a downstream that's 'illegally' announcing them? Is this upstream going to cut that customer off and lose the revenue, just to satisfy ARIN's bleating? From what I gather, all that ARIN can do is remove the NS records for the i-a.a reverse zone for the offending block, making SMTP a little trickier from the block, but not much else. Unless I didnt see the other large sticks ARIN's carrying? I've never seen them send hired goons to anyone's door... yet? Ken - ARIN maintains the WHOIS based on what the community develops for policies; what's happens in routing tables is entirely up to the ISP community. No bleating or large sticks here, just turning the policy crank and managing address space accordingly. ARIN pulls the address space, and then (after holddown) reissues it to another provider. WHOIS reflects this change, as does in-addr. Whether an ISP respect the information in WHOIS is likely to always be a local decision; ARIN's responsibility is to make sure that the information contained therein matches the community's policy not some hypothetical routing enforcement. There will be an ISP attempting to make use of that reassigned address space, and one could imagine that party being let down if the community says one thing in policy but does another when it comes to routing. /John John Curran President and CEO ARIN
Re: Lightly used IP addresses
I've tried to deal with that a few times - mainly by writing up the first upstream AS. Usually they don't care (and every time I have noticed someone blatantly stealing space, it's been spammers). Good filtering at the transit provider border IMNSHO is the best way to solve this problem. Leslie On 8/13/10 10:59 AM, Greg Whynott wrote: how does ARIN or whomever deal with similar situations where someone is advertising un-allocated, un-assigned by ARIN IP space in NA? do they have a deal/agreement with the 'backbone' providers? -g 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 03:17:50PM -0400, John Curran said: Ken - ARIN maintains the WHOIS based on what the community develops for policies; what's happens in routing tables is entirely up to the ISP community. No bleating or large sticks here, just turning the policy crank and managing address space accordingly. ARIN pulls the address space, and then (after holddown) reissues it to another provider. WHOIS reflects this change, as does in-addr. Whether an ISP respect the information in WHOIS is likely to always be a local decision; ARIN's responsibility is to make sure that the information contained therein matches the community's policy not some hypothetical routing enforcement. There will be an ISP attempting to make use of that reassigned address space, and one could imagine that party being let down if the community says one thing in policy but does another when it comes to routing. /John John Curran President and CEO ARIN Thanks John - I realise this. I was merely putting on the hat of those who may try to bend the policies to their advantage through delinquent activity. The common good is at stake here, and I'd rather that ARIN did have some collective 'stick' to effectively apply itself or via its members. I too don't want to deal with announcements for the same prefix from multiple warring AS's or other side effects of the IPv4 crunch. I'm indicating (the probably obvious) that these pressures will certainly increase over time, and as one other member pointed out, the sticks may become neccessary - and the community will have to become more 'constitutionally ethical' in their handling of delinquents on ARIN's/the commmunity's behalf. Not sure what incentives are in play to encourage this, as it will become necessary in a shorter time than we may think. Thanks for your reply and clarifications. /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
RE: Lightly used IP addresses
If someone who was downstream from this provider in a similar situation, I'd say there is a stronger propensity for them to not 'do the right thing'. which by the way isn't a law, so who says its right?its a set of guide lines a group of folks put together. But the reality is that you asserted your intention to follow those guidelines when you requested the allocation, did you not? If an upstream accepts announcements from a revoked block, what is to stop them from accepting announcements for an unallocated block? I realize this precariously borders on committing a slippery slope fallacy, but I think it's a valid question to ask - a provider is either 'in compliance' with the guidelines, or 'not in compliance' with them. Once you're 'not in compliance' a little bit, how can I have a valid trust relationship with you about the rest of it? see previous note about SSL being worthless for identity assurance. Fair enough - serves me right for invoking analogy. following a corporation (yes, ARIN is a corporation) as if you were a sheep will empower them to do precisely this in the future. There's no sheepism here. The proposed situation represents a valid reason for revoking address space under the community developed guidelines. I don't see the problem with following those guidelines, do you? How many large carriers on this list would immediately halt announcing a downstream-in-good-financial-standing's prefixes just because ARIN say's they're delinquent? That depends. I vote with my wallet. How many carriers want my business, and the business of other customers who (reasonably) expect compliance with the standing policies? Do you want to do business with someone who's willing to break the rules everyone else is playing by? Best Regards, Nathan Eisenberg Atlas Networks, LLC
