Hello Terry, Luke, Aftab, et al. Just to throw my 2c in, I do agree with what Aftab is saying. The EC should not reject a component of a proposal purely based on time and costs. Yes, the EC should have come back and said "If we implement this, it will cost X dollars and require Y people-hours to implement". If the community wants to proceed with it, calculate what the cost to each member would be, and put it to a formal member vote. This IMO would have been the right way of doing it. Proposal consultations, discussions and consensus in the community underpins the PDP and certain options should not simply be rejected based purely on cost at the first opportunity. The only time the EC should be able to reject a proposal (or portion thereof) is after all community consensus calls and votes have been exhausted. For example, if a proposal reaches consensus which will result in a substantial expense for the community, this should come back to the community in line with what I said earlier. If the community agrees to the added cost of membership, then it's done, increase fees to cover the additional expenditure. If the fee increase is rejected, then (and only then), should the EC be able to exercise their powers to veto a proposal in whole or part.
In Terry's reply on the topic of Resolution 2025-32, in my view it doesn't highlight risk; it rejects a portion of the proposed solution. In this instance, it should (in theory) go back to the SIG for discussion and afford the author the opportunity to withdraw that component of the solution. I do agree, it is too vague in this sense and policy solutions should be black and white to avoid these issues from arising. I don't believe privacy plays a part in who is accessing WHOIS and RDAP records. If someone is accessing information relating to my resources, I think I have a right to know who is accessing it. What information from a privacy standpoint would be collected as a result of accessing public records? If cost and resourcing is going to be cited as a reason for not proceeding, it should be broken down so the community can understand the logic and demonstrates further transparency where it does not conflict with sensitive information. Regards, Christopher Hawker ________________________________ From: Terry Sweetser <[email protected]> Sent: Tuesday, 20 January 2026 5:31 PM To: Luke Thompson <[email protected]> Cc: Dave Phelan <[email protected]>; [email protected] <[email protected]> Subject: [sig-policy] Re: EC Endorsement - APNIC 60 Hi Luke, Have to agree, the policy is actually sound and the optional extra proved to be too expensive --- effectively the policy has been adopted wholly by EC without any real conflict with the PDP. The flexibility of allowing the EC to exercise duty of care and diligence on the matter is actually a great outcome. Regards, [https://thumbs.about.me/thumbnail/users/t/e/r/terry.sweetser_emailsig.jpg?_1524055396_143] <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> Terry Sweetser about.me/terry.sweetser <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> On Tue, 20 Jan 2026 at 16:10, Luke Thompson <[email protected]> wrote: Hey all, I'm glad that prop-167 has been mostly endorsed. Hopefully I don't misunderstand. I think timing and handling of policy-related actions has been a bit choppy and deserves review, as several have pointed at now. Hopefully that improves. The part about the metadata and potential privacy concerns, I think stats must be visible - to that end it seems nearly all of the proposal text has been endorsed, except the final point about having it also feed into MyAPNIC(?), so this is approved anyway except the web integration part? That seems reasonable given the breadth of what was not refuted, as the same data is to be made available "another way" - at least to my perception - via JSON/CSV/etc. It can easily be argued the EC has relied on the proposal v2 wording of the final (and only rejected) point's wording "if possible", and leveraged their caution against that - because that proposal text did not make it definitive, unlike the approved policy text. They quoted the final point only as refused. The rest was fully endorsed. So given what Terry has outlined, which makes sense in edge cases to protect against self damage/destruction via over-commitment, and based on my above understanding, I think prop-167's outcome is OK in balance. Many thanks, Luke Thompson, CTO The Network Crew P/L E: [email protected] https://tnc.works On 20 January 2026 4:59:20 pm Terry Sweetser <[email protected]<mailto:[email protected]>> wrote: Hi Aftab, We would agree fully if this was purely a debate on policy implementation. And I feel the EC also feels the policy is good and helps with transparency: however policy does not get a blank cheque. And either way, I feel this is not an impasse as Resolution 2025-32 endorses and accepts the policy but highlights the risk and cost of implementing the real time features. I do now wonder what happened with the feasibility step of the policy process and why this matter was not flagged then? Regards, [https://thumbs.about.me/thumbnail/users/t/e/r/terry.sweetser_emailsig.jpg?_1524055396_143] <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> Terry Sweetser about.me/terry.sweetser <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> On Tue, 20 Jan 2026 at 15:41, Aftab Siddiqui <[email protected]<mailto:[email protected]>> wrote: Hey Terry, We have been through this before, but let me put this hear again - EC exercise as the Board of Directors of the APNIC Pty Ltd and have the delegated fiduciary duty. - Yes, the EC has fiduciary duties. According to the APNIC Bylaws, they manages "the activities, functions and affairs of APNIC and the corporation" (Bylaws 30(b)). They establish budgets and determine expenditure ceilings (Bylaws 30(g)). So yes, they have ultimate responsibility for APNIC's financial health. - What has happened is violation of established governance framework. further in next step - If the EC can simply declare "we won't implement this due to XYZ reason or financial constraints," then: Why have a PDP at all? Why spend weeks/months on community consensus? Why not stop the process when secretariat submit their report? What's the point of the "refer back" mechanism in Step 5? - If the EC had genuine concerns about cost/feasibility, the PDP explicitly provides the mechanism. EC could have formally state: "We estimate this will cost $X and require Y staff time, which we cannot accommodate as per current financial standing" so Dear Community, please discuss whether to proceed, modify, or withdraw. This is transparent decision-making - It sets a dangerous precedent, If the EC can selectively implement parts of policies which reached consensus at OPM and then at member meeting based on "practical considerations" or "perceived fiduciary duty" then any policy can be rejected after consensus and most importantly EC becomes the policy-making body, which they certainly are not and community along with member consensus becomes meaningless Regards, Aftab A. Siddiqui On Tue, 20 Jan 2026 at 16:22, Terry Sweetser <[email protected]<mailto:[email protected]>> wrote: Hi Aftab, Alas, it's not as simple as that. The EC, as the Board of Directors, has a fiduciary duty over and above the PDP, and they have ultimate responsibility for the financial resources of APNIC. So, yes, there is now policy, but the Secretariat will not implement it due to the practical considerations around resources needed but not available. This will feed into the fees and finances debate this year, I have no doubt. [https://thumbs.about.me/thumbnail/users/t/e/r/terry.sweetser_emailsig.jpg?_1524055396_143] <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> Terry Sweetser about.me/terry.sweetser <https://about.me/terry.sweetser?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> On Tue, 20 Jan 2026 at 15:08, Aftab Siddiqui <[email protected]<mailto:[email protected]>> wrote: Dear Secretariat, or if anyone from EC would like to comment on this, As per my understanding of the PDP, the EC's Role According to Step 5 clearly states the EC has three options only after the consensus has reached at the OPM and then at AMM/AGM: - Endorse the proposal for implementation - Do not endorse the proposal and refer back to the Policy SIG for further discussion with clearly stated reasons - Do not endorse the proposal and refer the endorsement to a formal vote of adoption by APNIC members It can't be endorsed by EC and then ask secretariat to implement some parts of it. It's a binary function and since this policy has been endorsed by the EC as per the meeting minutes then it has to be implemented as written. Regards, Aftab A. Siddiqui On Tue, 20 Jan 2026 at 13:13, Dave Phelan <[email protected]<mailto:[email protected]>> wrote: Dear Colleagues The APNIC Executive Council endorsed the following proposals, at its meeting on 2-4 December 2025. prop-162: WHOIS Privacy (https://www.apnic.net/community/policy/proposals/prop-162/) prop-166: Revocation of Persistently Non-functional RPKI Certification Authorities (https://www.apnic.net/community/policy/proposals/prop-166/) prop-167: Published Statistics on Directory Service Usage (https://www.apnic.net/community/policy/proposals/prop-167) prop-167 contained the following notes from the EC (full text available in the EC Minutes (https://www.apnic.net/wp-content/uploads/2026/01/APNIC-EC-Meeting-Minutes-December-2025-Complete-Public.pdf): "..with respect to publishing real-time or near-real-time statistics about its directory services usage as set out in the proposal text. Noting that the text of Prop-167-v002 requests APNIC "Include a feature within the MyAPNIC portal allowing resource holders to view how many times their allocated resources (such as IP addresses or ASNs) have been queried in WHOIS and RDAP, broken down by query type and source ASN if possible...”, the Executive Council notes that the cost, resourcing, and potential privacy concerns outweigh the immediate benefit of such functionality and as such does not consider it feasible at this time. " Next steps ---------- The Secretariat will begin the implementation process and inform the community as soon as it is completed. Regards Dave Phelan APNIC Secretariat _______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]<mailto:[email protected]> _______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]<mailto:[email protected]> _______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]<mailto:sig-policy-leave%40lists.apnic.net>
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
