Hi Brett, Please see my responses below.
> * Does APNIC believe they can proceed with their proposed EC 2021-09 > implementation without Policy change? Yes. APNIC provides registration services to resource holders, and is entitled to impose a reasonable fee for those services. APNIC fees are a responsibility of the APNIC EC, and not a question of address policy. In the event that registration services are withdrawn due to non-payment, affected resources will be removed from whois and reverse DNS, and designated as “reserved” in order that they are not reallocated. As a consequence of the RPKI AS0 Policy (Prop-132), reserved resources are included in the AS0 ROA. > * Does the EC currently believe, given the current state of the HRM project, > that 1-Jan-2023 is still a reasonable date to begin cutting off at least 160 > thousand active endpoints from the Internet, and they take full > responsibility for the outcomes if enacted? The APNIC Secretariat has advised the EC that 1 January 2023 is still a reasonable deadline, however it is possible that more time will be required to resolve some cases. The Secretariat will take all reasonable efforts to contact each and every historical resource holder, including contact with upstream providers for resources that are routed. While those efforts are continuing for any resource, no action will be taken to reserve that resource, even after 1 January 2023. With this reasonable approach, we do not expect any adverse outcomes that should concern the APNIC EC. Thanks Vivek From: Brett O'Hara <[email protected]> Date: Sunday, 11 September 2022 at 8:41 pm To: Vivek Nigam <[email protected]> Cc: JORDI PALET MARTINEZ <[email protected]>, [email protected] <[email protected]> Subject: Re: [sig-policy] Re: prop-147-v001: Historical Resources Management Hi All, Just clarify what I'm asking for. 5.5.2 States; APNIC will protect all registrations of Historical Internet resources with the APNIC-HM maintainer, a practice consistent with the management of current resources. To ensure integrity of information, APNIC will not update historical information in the APNIC Whois Database until the resource holder demonstrates the organization’s right to the resources and enters a formal agreement with APNIC either as a member account or Non-Member account. The existing 4.2.1 states; A significant number of historical resources registered in the APNIC Whois Database are not announced to the global routing table. To recover these globally un-routed resources and place them back in the free pool for re-delegation, APNIC will contact networks responsible for historical address space in the APNIC region that has not been globally routed since 1 January 1998. To recover un-routed historical AS numbers, APNIC will contact networks responsible for resources not globally used for a reasonable period of time. By my interpretation, under current Policy, APNIC doesn't currently have the power to amend the whois records for Historical Resources and enact the implementation of EC 2021-09 for routed Historical Internet resources as stated by Vivek below. Also, enacting this policy against globally un-routed resources may also not be technically valid. If this is the case, APNIC can not proceed with its implementation from 1-Jan-2023 and needs to enact a change to the APNIC Internet Number Resource Policy to achieve these outcomes. This brings me to prop-147 which replaces 4.2.1 with; [Add] Section 4.3. Historical Resources Management Historical resources that have not been claimed by the custodian will be deleted from the APNIC Whois database after 1st January 2023, and marked as reserved. Historical resources marked as reserved have an additional twelve (12) months to be claimed by their custodians. After that, APNIC will add these resources to the free pool for re-delegation. Furthermore, from 1st January 2023, all historical resources need to be maintained in a current APNIC account. In the event of an account closure, the historical resource will be placed in a quarantine period and then made available for re-delegation similar to current resources. One potential interpretation is that 4.3 invalidates any form of "Original" Historical Resource referred to by 5.5.2 and replaces it with some form of "Claimed" Historical Resource or "Unclaimed" Historical Resource, in which 5.5.2 is no longer relevant. In which case, there is no point in maintaining the clause, and prop-147 should address this point. A clearer interpretation is that they are in conflict and an update to 5.5.2 is required to adopt prop-147. Updates to 5.5.1, 5.5.3 and 5.5.4 should also be considered inline with the proposed implementation. To be clear I am generally in favour of EC 2021-09 and prop-147. The conversation on list about the time a former historical resource spends in Reserved status is something that needs consensus, but less relevant to my concerns. Per Vivek, the impact on Historical resources is around 625 resources or at least 160 thousand potentially active addresses on the public, operational Internet. The potential impact for innocent Internet end-points can not be understated here. I agree that this should be clearly stated under section 5, Advantages/Disadvantages and section 6, Impact on Resource Holders, and not "None". To be able to endorse prop-147, my outstanding questions are; * Does APNIC believe they can proceed with their proposed EC 2021-09 implementation without Policy change? * Does the EC currently believe, given the current state of the HRM project, that 1-Jan-2023 is still a reasonable date to begin cutting off at least 160 thousand active endpoints from the Internet, and they take full responsibility for the outcomes if enacted? * Can the authors please address 5.5.2 and the Impact on Resource Holders assessment? I note time is of the essence. Should prop-147 not reach consensus on this next Thursday, the next date for the Policy SIG to discuss the proposal may be Feb next year. Even if it does pass, the EC Endorsement phase is not until December giving the secretariat very little time to update and publish the new policy before proposed implementation. Regards, Brett O'Hara FJ Networking. On Fri, Sep 9, 2022 at 9:28 PM Brett O'Hara <[email protected]<mailto:[email protected]>> wrote: Hi Vivek, I 100% understand and, within reason, support the EC resolution 2021-09. I have attended many presentations on this topic and have gone through the process to acquire custodianship of my Historical Resources, and as such am not personally concerned about my situation. I just can't see anywhere in the existing APNIC Internet Number Resources Policy that the secretariat currently has the power on the 1st of Jan 2023 to place Historical Resources advertised on the Internet into Reserved status. I may have misread or misinterpreted, and I'm happy to be proved wrong here. Can you please advise where in the Policy APNIC is currently empowered to take this action? Regard, Brett On Fri, Sep 9, 2022 at 8:35 PM Vivek Nigam <[email protected]<mailto:[email protected]>> wrote: Hi Jordi, Aftab, I have summarised the process APNIC uses to add/remove prefixes from APNIC AS0 ROA. This may help explain why you did not find some of the prefixes in AS0 ROA. Once a prefix is marked as 'reserved' it is added into AS0 ROA after 7 days to cause as little disruption as possible and avoid any inadvertent actions. Where possible, we also aggregate the prefixes that are added into AS0 ROA. When a prefix is delegated to a Member, it is removed from AS0 within 5 minute window. As per our implementation of APNIC EC resolution 2021-09, any historical resources that are not maintained under an APNIC account will be removed from whois and marked as reserved on 1 January, 2023. 7 days after that, those reserved prefixes will be added into AS0 ROA. Thanks Vivek From: JORDI PALET MARTINEZ via sig-policy <[email protected]<mailto:[email protected]>> Date: Wednesday, 7 September 2022 at 6:51 pm To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [sig-policy] Re: prop-147-v001: Historical Resources Management Question for the staff on this. Is the AS0 proposal not sufficient to comply with Aftab observation, or it is just something in the backlog of pending secretariat activities, or what is the reason for that? Regards, Jordi @jordipalet El 30/8/22, 3:48, "Aftab Siddiqui" <[email protected]<mailto:[email protected]>> escribió: Hi Vivek, On Mon, 29 Aug 2022 at 18:15, Vivek Nigam <[email protected]<mailto:[email protected]>> wrote: Hi Aftab, APNIC creates RPKI ROAs with origin AS0 for all undelegated address space (marked as “Available” and “Reserved” in the delegated-apnic-extended-latest stats file. It may be worth noting that APNIC publishes these AS0 ROAs in a different Trust Anchor (AS0 TAL) and recommends its Members use APNIC AS0 TAL as a routing information service only. https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/ That is incorrect, there are more than 160 IPv4 prefixes (I haven't checked v6 yet) which are marked as either "reserved" or "available" in the APNIC delegation file and they don't exist in AS-0 ROA. So there must be some policy which is in place. delegate file: 2.3|apnic|20220830|158240||20220829|+1000 AS0 ROA: SigningTime: 2022-08-30T01:10:15Z Regards, Aftab A. Siddiqui ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.theipv6company.com%2F&data=05%7C01%7C%7Ca72084d867ca44dadb2008da93e23c1d%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C637984897134825363%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bJwY5TWl5%2FI1IemuE%2BQ1XZ4zf1VRmix%2BpRjsUkCq0p0%3D&reserved=0> The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. _______________________________________________ sig-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ sig-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
