From frnkblk at iname.com Mon Apr 2 09:00:30 2018 From: frnkblk at iname.com (frnkblk at iname.com) Date: Mon, 2 Apr 2018 08:00:30 -0500 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> Message-ID: <002401d3ca82$949e7c10$bddb7430$@iname.com> There?s been some great discussion on this topic. I?d like to suggest the following approach: * No auto-redirection at this time * But stop redirecting https://whois.arin.net to http://whois.arin.net/ui/, rather redirect them to https://whois.arin.net/ui. If they chose to go to the secure site, being redirected to the insecure site does not seem like a good idea. * Make sure that all links from ARIN?s other sites to whois.arin.net are referring to the HTTPS one (that may already be the case, but I don?t know) * Enable HSTS for whois.arin.net ? if a web browser hits it intentionally then just keep doing it automatically. * Provide some subtle feedback (perhaps an extra line/bar at the top of the page) to those web browsing the HTTP version of whois.arin.net to alert them that they are searching in the clear and provide a link to the secure version. * Develop a long-term goal to migrate programmatic access to HTTPS Frank From: ARIN-consult On Behalf Of David Farmer Sent: Friday, March 30, 2018 12:07 PM To: Rob Seastrom Cc: Subject: Re: [ARIN-consult] Consultation on ACSP 2018.3 See inline; On Thu, Mar 29, 2018 at 9:23 AM, Rob Seastrom > wrote: > On Mar 29, 2018, at 5:44 AM, Job Snijders > wrote: > > On Wed, Mar 28, 2018 at 04:33:22PM -0500, David Farmer wrote: >> On Wed, Mar 28, 2018 at 4:16 PM, ARIN > wrote: >>> ... >>> Question: Should ARIN automatically redirect user Whois queries made >>> via "http" to "https"? >> >> No, ARIN should not automatically redirect Whois queries made via >> "http" to "https". Insecure Whois queries made via "http", need to be >> allowed. > > Do you have any supporting arguments for your statement? That's a fair question and my answer to the question above was probably a little too terse. I intended to not repeat what I had said in the thread regarding the original suggestion and I ended up proving just my answer insufficient justification for it. Rob summarizes my feelings on the subject well. More below; Hi Job, I suppose I wouldn't have any problems with automatic redirects for anything that had a user-agent that looked like a modern browser. I did a cursory look and couldn't find the slide deck, but my recollection from a presentation by Mark Kosters is that there are a significant number of things hitting the REST interface that are not browsers; they may even outnumber the human visitors - and it's the same host, whois.arin.net . Neither you nor I has any idea how well those clients will handle redirects and https. One would earnestly hope that by and large folks are using standard libraries that will magically do the right thing, yet repeated experiences with password hash dumps wherein a homemade (and cryptographically poor) KDF has been employed shows that the DIY spirit is alive and well and I would not expect it to be any different here. So there's a balance of harms argument to be had: is forcibly encrypting traffic that has historically been of marginal privacy concern worth breaking client software in the field? Bear in mind that if someone chooses to use https:// then things will be encrypted just fine; there is nothing forcing the client to be unencrypted when they'd rather be encrypted, and deploying HSTS will make modern browser users sticky to https://. I submit that David has articulated the right balance to strike and that redirects are a poor idea. If we advertise for some number of years that we're sunsetting non-https access to whois (if events haven't been overtaken by RDAP at that point), then I'll probably feel differently about this. Note that I'm generally in favor of encryption. In January 2015 I submitted an ACSP proposal asking for HSTS where practicable and in October 2015 I mentioned at the members' meeting that HSTS on the REST-Whois seemed to have been overlooked (see https://www.rwhois.net/vault/participate/meetings/reports/ARIN_36/mem_transcript.html ). I'm just not a fan of intentionally breaking things, even if they're crappy software, without a lot of forethought and deliberate intent. Upon reflection, and building on Rob's comments, I'm changing my answer, ARIN should adopt a goal of redirecting all "http" traffic to "https" for whois.arin.net. However, I don't think "http" access to whois.arin.net, especially programmatic access to the Whois REST API, should be precipitously terminated. Therefore a sufficiently generous sunset date needs to be given for the discontinuation of "http" access to whois.arin.net and the redirecting all "http" traffic to "https", I'd say at least a year. However, the date for final discontinuation of "http" access should be driven by data about the amount of use of the "http" version of whois.arin.net, and not some inflexible sunset date. On the other hand, I'm not saying access to the "http" version of whois.arin.net needs to get to zero before it can be terminated either, but we need to understand and accept the potential damage caused by the event before it happens. In the meantime providing HSTS policy and redirecting "http" traffic for most known browser user agents should begin ASAP. Thanks -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Mon Apr 2 09:07:20 2018 From: jcurran at arin.net (John Curran) Date: Mon, 2 Apr 2018 13:07:20 +0000 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <002401d3ca82$949e7c10$bddb7430$@iname.com> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> Message-ID: <975ADA41-E693-445E-BD68-8790183BA083@arin.net> On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote: There?s been some great discussion on this topic. I?d like to suggest the following approach: * No auto-redirection at this time * But stop redirecting https://whois.arin.net to http://whois.arin.net/ui/, rather redirect them to https://whois.arin.net/ui. If they chose to go to the secure site, being redirected to the insecure site does not seem like a good idea. * Make sure that all links from ARIN?s other sites to whois.arin.net are referring to the HTTPS one (that may already be the case, but I don?t know) * Enable HSTS for whois.arin.net ? if a web browser hits it intentionally then just keep doing it automatically. * Provide some subtle feedback (perhaps an extra line/bar at the top of the page) to those web browsing the HTTP version of whois.arin.net to alert them that they are searching in the clear and provide a link to the secure version. * Develop a long-term goal to migrate programmatic access to HTTPS Frank - Excellent strawman proposal for moving forward - thank you for taking the time to express it with clarity! All - Any specific objections or concerns with ARIN proceeding as proposed above? Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevinb at thewire.ca Mon Apr 2 12:55:17 2018 From: kevinb at thewire.ca (Kevin Blumberg) Date: Mon, 2 Apr 2018 16:55:17 +0000 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <975ADA41-E693-445E-BD68-8790183BA083@arin.net> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> <975ADA41-E693-445E-BD68-8790183BA083@arin.net> Message-ID: <7E7773B523E82C478734E793E58F69E7A5D12D06@SBS2011.thewireinc.local> John, The blueprint that Frank laid out is very sensible and doesn?t impact programmatic access. This should be an ongoing process of improvement. Once implemented you should have a much better sense of how often requests are coming in that are not https. Thanks, Kevin Blumberg From: ARIN-consult On Behalf Of John Curran Sent: Monday, April 2, 2018 9:07 AM To: frnkblk at iname.com Cc: Subject: Re: [ARIN-consult] Consultation on ACSP 2018.3 Importance: High On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote: There?s been some great discussion on this topic. I?d like to suggest the following approach: * No auto-redirection at this time * But stop redirecting https://whois.arin.net to http://whois.arin.net/ui/, rather redirect them to https://whois.arin.net/ui. If they chose to go to the secure site, being redirected to the insecure site does not seem like a good idea. * Make sure that all links from ARIN?s other sites to whois.arin.net are referring to the HTTPS one (that may already be the case, but I don?t know) * Enable HSTS for whois.arin.net ? if a web browser hits it intentionally then just keep doing it automatically. * Provide some subtle feedback (perhaps an extra line/bar at the top of the page) to those web browsing the HTTP version of whois.arin.net to alert them that they are searching in the clear and provide a link to the secure version. * Develop a long-term goal to migrate programmatic access to HTTPS Frank - Excellent strawman proposal for moving forward - thank you for taking the time to express it with clarity! All - Any specific objections or concerns with ARIN proceeding as proposed above? Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Mon Apr 2 13:07:12 2018 From: bill at herrin.us (William Herrin) Date: Mon, 2 Apr 2018 13:07:12 -0400 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <975ADA41-E693-445E-BD68-8790183BA083@arin.net> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> <975ADA41-E693-445E-BD68-8790183BA083@arin.net> Message-ID: On Mon, Apr 2, 2018 at 9:07 AM, John Curran wrote: > On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote: > > There?s been some great discussion on this topic. I?d like to suggest the > following approach: > > 1. No auto-redirection at this time > 2. But stop redirecting https://whois.arin.net to http://whois.arin.net/ui/, > rather redirect them to https://whois.arin.net/ui. If they chose to go to > the secure site, being redirected to the insecure site does not seem like a > good idea. > 3. Make sure that all links from ARIN?s other sites to whois.arin.net are > referring to the HTTPS one (that may already be the case, but I don?t know) > 4. Enable HSTS for whois.arin.net ? if a web browser hits it intentionally then > just keep doing it automatically. > 5. Provide some subtle feedback (perhaps an extra line/bar at the top of the > page) to those web browsing the HTTP version of whois.arin.net to alert them > that they are searching in the clear and provide a link to the secure > version. > 6. Develop a long-term goal to migrate programmatic access to HTTPS > > > > All - > > Any specific objections or concerns with ARIN proceeding as proposed > above? Hi John, I agree with points 1, 2, 3 and 5. I disagree with points 4 and 6 per my analysis here: http://lists.arin.net/pipermail/arin-consult/2018-March/000969.html TLDR: core security principle - don't spend more (directly and indirectly) protecting something than the value of what you're protecting. HSTS and migration to HTTPS for whois information violates this core principle resulting in worse, not better security. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From farmer at umn.edu Mon Apr 2 13:51:35 2018 From: farmer at umn.edu (David Farmer) Date: Mon, 2 Apr 2018 12:51:35 -0500 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <7E7773B523E82C478734E793E58F69E7A5D12D06@SBS2011.thewireinc.local> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> <975ADA41-E693-445E-BD68-8790183BA083@arin.net> <7E7773B523E82C478734E793E58F69E7A5D12D06@SBS2011.thewireinc.local> Message-ID: The only thing I would add is a bullet for regular reporting. Stats should get reported at every ARIN meeting for while, like maybe the next 3-5 meetings. In the past, Mark Kosters regularly reported Whois stats for a while, Classic Whois (TCP port 43) vs. http (REST) Whois, if I remember correctly. Maybe report on Classic Whois vs. http Whois vs. https Whois. I'll also note that I personally doubt Classic Whois will every completely go away, at least not anytime soon. So while Classic Whois (TCP port 43) remains available, unencrypted access to Whois will remain available even if all http Whois is eventually redirected to https Whois. Thanks. On Mon, Apr 2, 2018 at 11:55 AM, Kevin Blumberg wrote: > John, > > > > The blueprint that Frank laid out is very sensible and doesn?t impact > programmatic access. > > > This should be an ongoing process of improvement. Once implemented you > should have a much better sense of how often requests are coming in that > are not https. > > > Thanks, > > > > Kevin Blumberg > > > > > > > > > > > > > > > > *From:* ARIN-consult *On Behalf Of *John > Curran > *Sent:* Monday, April 2, 2018 9:07 AM > *To:* frnkblk at iname.com > *Cc:* > *Subject:* Re: [ARIN-consult] Consultation on ACSP 2018.3 > *Importance:* High > > > > On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote: > > > > There?s been some great discussion on this topic. I?d like to suggest the > following approach: > > - No auto-redirection at this time > - But stop redirecting https://whois.arin.net to http://whois.arin. > net/ui/, rather redirect them to https://whois.arin.net/ui. If they > chose to go to the secure site, being redirected to the insecure site does > not seem like a good idea. > - Make sure that all links from ARIN?s other sites to whois.arin.net are > referring to the HTTPS one (that may already be the case, but I don?t know) > - Enable HSTS for whois.arin.net ? if a web browser hits it > intentionally then just keep doing it automatically. > - Provide some subtle feedback (perhaps an extra line/bar at the top > of the page) to those web browsing the HTTP version of whois.arin.net to > alert them that they are searching in the clear and provide a link to the > secure version. > - Develop a long-term goal to migrate programmatic access to HTTPS > > > > > > Frank - > > > > Excellent strawman proposal for moving forward - thank you for taking > the time to express it with clarity! > > > > All - > > > > Any specific objections or concerns with ARIN proceeding as proposed > above? > > > > Thanks! > > /John > > > > John Curran > > President and CEO > > ARIN > > > > > > > > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From bjones at vt.edu Mon Apr 2 14:07:45 2018 From: bjones at vt.edu (Brian Jones) Date: Mon, 02 Apr 2018 18:07:45 +0000 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <002401d3ca82$949e7c10$bddb7430$@iname.com> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> Message-ID: +1 Frank's suggestions. They seem to be a reasonable step forward. Brian Jones On Mon, Apr 2, 2018, 09:00 wrote: > There?s been some great discussion on this topic. I?d like to suggest the > following approach: > > - No auto-redirection at this time > - But stop redirecting https://whois.arin.net to > http://whois.arin.net/ui/, rather redirect them to > https://whois.arin.net/ui. If they chose to go to the secure site, > being redirected to the insecure site does not seem like a good idea. > - Make sure that all links from ARIN?s other sites to whois.arin.net > are referring to the HTTPS one (that may already be the case, but I don?t > know) > - Enable HSTS for whois.arin.net ? if a web browser hits it > intentionally then just keep doing it automatically. > - Provide some subtle feedback (perhaps an extra line/bar at the top > of the page) to those web browsing the HTTP version of whois.arin.net > to alert them that they are searching in the clear and provide a link to > the secure version. > - Develop a long-term goal to migrate programmatic access to HTTPS > > > > Frank > > > > *From:* ARIN-consult *On Behalf Of *David > Farmer > *Sent:* Friday, March 30, 2018 12:07 PM > *To:* Rob Seastrom > *Cc:* > *Subject:* Re: [ARIN-consult] Consultation on ACSP 2018.3 > > > > > See inline; > > > > On Thu, Mar 29, 2018 at 9:23 AM, Rob Seastrom wrote: > > > > On Mar 29, 2018, at 5:44 AM, Job Snijders wrote: > > > > On Wed, Mar 28, 2018 at 04:33:22PM -0500, David Farmer wrote: > >> On Wed, Mar 28, 2018 at 4:16 PM, ARIN wrote: > >>> ... > >>> Question: Should ARIN automatically redirect user Whois queries made > >>> via "http" to "https"? > >> > >> No, ARIN should not automatically redirect Whois queries made via > >> "http" to "https". Insecure Whois queries made via "http", need to be > >> allowed. > > > > Do you have any supporting arguments for your statement? > > > That's a fair question and my answer to the question above was probably a > little too terse. I intended to not repeat what I had said in the thread > regarding the original suggestion and I ended up proving just my answer > insufficient justification for it. Rob summarizes my feelings on the > subject well. > > > > More below; > > > > Hi Job, > > I suppose I wouldn't have any problems with automatic redirects for > anything that had a user-agent that looked like a modern browser. > > I did a cursory look and couldn't find the slide deck, but my recollection > from a presentation by Mark Kosters is that there are a significant number > of things hitting the REST interface that are not browsers; they may even > outnumber the human visitors - and it's the same host, whois.arin.net. > > Neither you nor I has any idea how well those clients will handle > redirects and https. One would earnestly hope that by and large folks are > using standard libraries that will magically do the right thing, yet > repeated experiences with password hash dumps wherein a homemade (and > cryptographically poor) KDF has been employed shows that the DIY spirit is > alive and well and I would not expect it to be any different here. > > So there's a balance of harms argument to be had: is forcibly encrypting > traffic that has historically been of marginal privacy concern worth > breaking client software in the field? Bear in mind that if someone > chooses to use https:// then things will be encrypted just fine; there is > nothing forcing the client to be unencrypted when they'd rather be > encrypted, and deploying HSTS will make modern browser users sticky to > https://. > > I submit that David has articulated the right balance to strike and that > redirects are a poor idea. If we advertise for some number of years that > we're sunsetting non-https access to whois (if events haven't been > overtaken by RDAP at that point), then I'll probably feel differently about > this. > > Note that I'm generally in favor of encryption. In January 2015 I > submitted an ACSP proposal asking for HSTS where practicable and in October > 2015 I mentioned at the members' meeting that HSTS on the REST-Whois seemed > to have been overlooked (see > https://www.rwhois.net/vault/participate/meetings/reports/ARIN_36/mem_transcript.html > ). I'm just not a fan of intentionally breaking things, even if they're > crappy software, without a lot of forethought and deliberate intent. > > > > Upon reflection, and building on Rob's comments, I'm changing my answer, > ARIN should adopt a goal of redirecting all "http" traffic to "https" for > whois.arin.net. However, I don't think "http" access to whois.arin.net, > especially programmatic access to the Whois REST API, should > be precipitously terminated. Therefore a sufficiently generous sunset > date needs to be given for the discontinuation of "http" access to > whois.arin.net and the redirecting all "http" traffic to "https", I'd say > at least a year. However, the date for final discontinuation of "http" > access should be driven by data about the amount of use of the "http" > version of whois.arin.net, and not some inflexible sunset date. On the > other hand, I'm not saying access to the "http" version of whois.arin.net needs > to get to zero before it can be terminated either, but we need to > understand and accept the potential damage caused by the event before it > happens. > > > > In the meantime providing HSTS policy and redirecting "http" traffic > for most known browser user agents should begin ASAP. > > > > Thanks > > > > -- > > =============================================== > David Farmer Email:farmer at umn.edu > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 612-626-0815 <(612)%20626-0815> > Minneapolis, MN 55414-3029 Cell: 612-812-9952 <(612)%20812-9952> > =============================================== > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Tue Apr 3 02:01:16 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 2 Apr 2018 23:01:16 -0700 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: <7E7773B523E82C478734E793E58F69E7A5D12D06@SBS2011.thewireinc.local> References: <20180329094443.GD61030@vurt.meerval.net> <05CD921F-349C-48EA-AB27-0D00BA40167C@seastrom.com> <002401d3ca82$949e7c10$bddb7430$@iname.com> <975ADA41-E693-445E-BD68-8790183BA083@arin.net> <7E7773B523E82C478734E793E58F69E7A5D12D06@SBS2011.thewireinc.local> Message-ID: <8C552CEE-EFE9-4C6C-BE48-558B180628AB@delong.com> I agree with Bill Herrin. Yes to 1,2,3, 5. No to 4, 6. (No to HSTS and no to Long term goal to push programmatic access to HTTPS) Owen > On Apr 2, 2018, at 09:55 , Kevin Blumberg wrote: > > John, > > The blueprint that Frank laid out is very sensible and doesn?t impact programmatic access. > > This should be an ongoing process of improvement. Once implemented you should have a much better sense of how often requests are coming in that are not https. > > Thanks, > > Kevin Blumberg > > > > > > > > From: ARIN-consult > On Behalf Of John Curran > Sent: Monday, April 2, 2018 9:07 AM > To: frnkblk at iname.com > Cc: > > > Subject: Re: [ARIN-consult] Consultation on ACSP 2018.3 > Importance: High > > On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote: > > There?s been some great discussion on this topic. I?d like to suggest the following approach: > No auto-redirection at this time > But stop redirecting https://whois.arin.net to http://whois.arin.net/ui/ , rather redirect them to https://whois.arin.net/ui . If they chose to go to the secure site, being redirected to the insecure site does not seem like a good idea. > Make sure that all links from ARIN?s other sites to whois.arin.net are referring to the HTTPS one (that may already be the case, but I don?t know) > Enable HSTS for whois.arin.net ? if a web browser hits it intentionally then just keep doing it automatically. > Provide some subtle feedback (perhaps an extra line/bar at the top of the page) to those web browsing the HTTP version of whois.arin.net to alert them that they are searching in the clear and provide a link to the secure version. > Develop a long-term goal to migrate programmatic access to HTTPS > > > Frank - > > Excellent strawman proposal for moving forward - thank you for taking the time to express it with clarity! > > All - > > Any specific objections or concerns with ARIN proceeding as proposed above? > > Thanks! > /John > > John Curran > President and CEO > ARIN > > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net ). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mysidia at gmail.com Tue Apr 3 05:31:01 2018 From: mysidia at gmail.com (Jimmy Hess) Date: Tue, 3 Apr 2018 04:31:01 -0500 Subject: [ARIN-consult] Consultation on ACSP 2018.3 In-Reply-To: References: Message-ID: On Wed, Mar 28, 2018 at 4:16 PM, ARIN wrote: > Question: If ARIN redirects http to https requests, should ARIN then > use HSTS for web-based Whois queries? -ARIN should send HSTS headers If and Only If: ALL web-based traffic to that hostname used with HTTP are mandated to be over HTTPS. -HSTS headers should not be sent for whois.arin.net if Non-HTTPS whois queries are allowed. -Non-HTTPs Whois queries should be allowed, and Non-HTTPs should be the default for simple queries of WHOIS information. Rationale: The WHOIS database is public information, and the use of HTTPS creates potential access issues or impairments for some browsers, and requires additional resources related to the CPU cost of encryption and Certificate Revokation checks. > Question: Should ARIN automatically redirect user Whois queries made > via "http" to "https"? Should not redirect. The WHOIS protocol itself does not provide secrecy. The web WHOIS query interface is an alternative interface to the WHOIS data...; Furthermore, there is not a reasonable expectation of privacy regarding what users lookup in WHOIS --- heavy WHOIS users ought to be monitored carefully and be subject to the possibility of public reporting and transprency on their individual usage querying the public service by their IP and/or lookup history or patterns, as there is a high potential for abusive activities such as automated data mining or harvesting e-mail address contacts to spam. So long as the WHOIS protocol itself continues to be supported -- it seems pretty unreasonable to force HTTP users to access the data over TLS while not allowing visitors the option to access WHOIS over plain HTTP when the WHOIS over WHOIS continues to be allowed and is equal to plain HTTP. The forced redirect would surely cause some WHOIS queries to fail, as some users will eventually be running browsers that cannot reach agreement with ARIN's https servers over a secure protocol version and/or ciphers. The WHOIS database is supplying information listed as publicly available, and there is no expectation of privacy within the contents of the public information -- It could be very useful for ARIN to provide digitally signed WHOIS listings to confirm their authenticity, and ensure WHOIS data is not tampered with on storage medium or before/during transit; However, the HTTPS protocol is not capable of fully providing this level of assurance. For operating on public WHOIS data it is more suitable to provide digitally signed query responses, and a verifiable digital signature for each record. API requests capable of modifying records ought to be required to be digitally signed requests by an authorized user (HTTPS / TLS does not provide this) ---- > Question: If ARIN redirects http to https requests, should ARIN then > use HSTS for web-based Whois queries? > > The feedback you provide during this consultation will help inform how > ARIN will proceed in response to ACSP 2018.3. All messages that have > been sent to the arin-consult mailing lists in response to this > suggestion prior to the opening of this consultation will be included in > our feedback collection resulting from this consultation. Thank you for > your participation in the ARIN Consultation and Suggestion Process. > > Please provide comments to arin-consult at arin.net. > > Discussion on arin-consult at arin.net will close on 30 April 2018. If you > have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN > Member Services > Help Desk at info at arin.net if you experience any issues. -- -JH From info at arin.net Fri Apr 6 14:14:31 2018 From: info at arin.net (ARIN) Date: Fri, 6 Apr 2018 14:14:31 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees Message-ID: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> In May 2017, the ARIN Board of Trustees proposed expansion of the size of the Board of Trustees in order to increase opportunities for diversity in the background of Board members, including geographical and gender representation. This proposal was the topic of an energetic community consultation with mixed outcome indicating both support and concerns with such a change. The ARIN Board considered the outcome of the consultation, but ultimately the measure did not achieve the four-fifths approval threshold necessary for changing ARIN's Bylaws. In February of this year, the ARIN Board discussed an additional issue related to the present size of the Board: specifically, the challenge that a smaller Board poses when engaging in strategic discussions, for example in regard to long-term direction or relationships with other Internet organizations. While many of these topics are discussed with the community prior to decision (e.g. formation of the NRO, support for the IANA Stewardship Transition), it is often up to the ARIN Board of Trustees to decide whether to explore these initiatives when they are at an early stage. There is a very wide diversity of the Internet ecosystem that can be affected by ARIN's strategic direction and this includes Internet service providers of all sizes and types (transit, access, etc.), Internet online and content industries, data center and cloud operators, educational and government networks, commercial firms, and civil society. While the Trustees elected by the community often have a broad knowledge of the Internet ecosystem, seven Trustees is a relatively small group to evaluate impacts across the entire Internet ecosystem. As a result of this discussion, the ARIN Board agreed to initiate a new community consultation to expand the number of elected Board members from six to nine, in order to allow for wider representation of the Internet community during Board discussions. *Board proposal:* ARIN should add three more elected voting seats to the Board of Trustees, raising the current six (two elected per year) to nine (three elected per year). New Board seats are to be added to the Board in a phased manner ? one per year in the 2018 thru 2020 elections as noted below * October 2018: 3 Board members will be elected for 2019; 8 Trustee board (9 if the appointed seat is used) * October 2019: 3 Board members will be elected for 2020; 9 Trustee board (10 if the appointed seat is used) * October 2020: 3 Board members will be elected for 2021; 10 Trustee board (11 if the appointed seat is used) We are seeking community feedback on this proposed change to the size of the ARIN Board of Trustees. This consultation will remain open for at least 30 days. Please provide comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 14 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) -------------- next part -------------- An HTML attachment was scrubbed... URL: From woody at pch.net Fri Apr 6 14:40:14 2018 From: woody at pch.net (Bill Woodcock) Date: Fri, 6 Apr 2018 11:40:14 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: There have, for a long time, been a minority of ARIN board members who believe that increasing board size will somehow magically fix problems of diversity, representation, or mediocrity. And so they keep bringing it up for discussion. Again, and again, and again, without a respite between. I?ve served on many boards, including ones much smaller than ARIN?s (several boards of three people) and ones much larger (once as many as 22). I?ve found that, without exception, the larger the board, the less functional it is. At seven, ARIN?s board has always (at least in the fifteen years I sat on it) struggled with keeping all members engaged and contributing productively. It?s been rare that more than four or five members were really paying attention to the issues we needed to work on, showing up for meetings, and speaking their minds. Likewise, the ARIN board has a diversity problem, the one that led me to conclude that, as yet-another-white-guy, I could not in good faith continue to participate in the board until it represented our membership in gender and national origin. Increasing the board size does not increase diversity. In the last election, every seat which could possibly have been given to a white guy was given to a white guy. More seats doesn?t change that, it just means a bigger, even less functional, echo chamber. Really, at its base, the problem I have is with mediocrity and poor decision-making. A larger board makes those problems worse, just as a board which excludes all but one gender and race makes those problems worse. So. Don?t fall for the red-herring ?bigger board will improve diversity.? There?s no connection, it doesn?t, you can do the math yourself. Ask yourself instead, ?what problem, if any, would this solve?? I?ve asked that question each time it?s been brought up, and I?ve never received an answer. The unstated reason, that it would allow more friends of the current in-group to add another check-box item to their resumes, is never advanced. In the absence of a really good reason for doing it, the huge cost of decreased effectiveness shouldn?t be incurred. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From bill at herrin.us Fri Apr 6 14:40:33 2018 From: bill at herrin.us (William Herrin) Date: Fri, 6 Apr 2018 14:40:33 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: On Fri, Apr 6, 2018 at 2:14 PM, ARIN wrote: > it is often up to the ARIN Board of Trustees to > decide whether to explore these initiatives when they are at an early stage. Mission creep. > ARIN should add three more elected voting seats to the Board of Trustees, > raising the current six (two elected per year) to nine (three elected per > year). New Board seats are to be added to the Board in a phased manner ? one > per year in the 2018 thru 2020 elections as noted below Still "no" for the same reasons expressed last year. The bigger the board, the worse the paralysis at one end and groupthink at the other. Optimal board sizes, in general, have been studied. A lot. The 7 you have is already on the high edge of optimal. If 7 people can't get it done, then either we've elected people who aren't willing to spend the time, ARIN has strayed too far from the core mission or ARIN has added too much paper-pushing overhead (too much "process") to the board's work. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From woody at pch.net Fri Apr 6 14:49:36 2018 From: woody at pch.net (Bill Woodcock) Date: Fri, 6 Apr 2018 11:49:36 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <7C4376D8-B96D-4492-AB91-7E77DF21C586@pch.net> > On Fri, Apr 6, 2018 at 2:14 PM, ARIN wrote: >> it is often up to the ARIN Board of Trustees to >> decide whether to explore these initiatives when they are at an early stage. > > Mission creep. Yeah. And misdirection, in that this is nowhere near an early stage. A few people have been bringing this up, unremittingly, for a decade. The majority have never been in favor of it, for exactly the reasons Bill states below. On Apr 6, 2018, at 11:40 AM, William Herrin wrote: > Still "no" for the same reasons expressed last year. The bigger the > board, the worse the paralysis at one end and groupthink at the other. > > Optimal board sizes, in general, have been studied. A lot. The 7 you > have is already on the high edge of optimal. If 7 people can't get it > done, then either we've elected people who aren't willing to spend the > time, ARIN has strayed too far from the core mission or ARIN has added > too much paper-pushing overhead (too much "process") to the board's > work. Yep, exactly. A board of four or five would be an improvement, going from seven to ten would be a good long slide further down into mediocrity and non-functionality. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From austin.murkland at qscend.com Fri Apr 6 14:52:54 2018 From: austin.murkland at qscend.com (Austin Murkland) Date: Fri, 6 Apr 2018 14:52:54 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: I'm in full agreement with Mr. Herrin and Mr. Woodcock on this, I fail to see how a larger Board of Trustees will help ARIN, the community, or the present board accomplish tasks set before them. Thanks, Austin Murkland On Fri, Apr 6, 2018 at 2:40 PM, William Herrin wrote: > On Fri, Apr 6, 2018 at 2:14 PM, ARIN wrote: > > it is often up to the ARIN Board of Trustees to > > decide whether to explore these initiatives when they are at an early > stage. > > Mission creep. > > > ARIN should add three more elected voting seats to the Board of Trustees, > > raising the current six (two elected per year) to nine (three elected per > > year). New Board seats are to be added to the Board in a phased manner ? > one > > per year in the 2018 thru 2020 elections as noted below > > Still "no" for the same reasons expressed last year. The bigger the > board, the worse the paralysis at one end and groupthink at the other. > > Optimal board sizes, in general, have been studied. A lot. The 7 you > have is already on the high edge of optimal. If 7 people can't get it > done, then either we've elected people who aren't willing to spend the > time, ARIN has strayed too far from the core mission or ARIN has added > too much paper-pushing overhead (too much "process") to the board's > work. > > Regards, > Bill Herrin > > > > > -- > William Herrin ................ herrin at dirtside.com bill at herrin.us > Dirtside Systems ......... Web: > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Fri Apr 6 15:35:47 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 19:35:47 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> On 6 Apr 2018, at 2:40 PM, William Herrin wrote: >> it is often up to the ARIN Board of Trustees to >> decide whether to explore these initiatives when they are at an early stage. >> > Mission creep. > ... > Optimal board sizes, in general, have been studied. A lot. The 7 you > have is already on the high edge of optimal. If 7 people can't get it > done, then either we've elected people who aren't willing to spend the > time, ARIN has strayed too far from the core mission or ARIN has added > too much paper-pushing overhead (too much "process") to the board's > work. Bill - The consultation notes a concern which is rather specific and not at all related to the amount of total time/effort or paperwork/process involved in ARIN Board work. Specifically, the question is simply how small of a Board does the ARIN community feel comfortable when it comes to setting strategic direction in sensitive matters that are too early to engage with the full community. A fine example is the recent IANA Stewardship Transition activities, whereby the ARIN Board had to decide very early on whether we would even explore the possibility of transitioning the stewardship of the IANA Internet number registries from NTIA to the Internet numbers community. The final outcome was quite productive and was actually developed by the Internet numbers community, but would not have been possible without the early direction from the ARIN Board ? direction that was not without risk to the entire Internet ecosystem. The ARIN Board faces similar strategic decisions each year, while I believe ARIN has enjoyed a history of Board members of both extremely high calibre and with exceptional breath of experience in many parts of the Internet, such strength and breath of understanding is not assured with six elected Board members. Review of our past remarkable successes is what drives my concern that it is possible for a competent and diverse Board of six well-qualified members to nonetheless lack similar deep understanding of key portions of the Internet ecosystem, simply because the Internet of today has many more layers involved in service delivery and six skilled Board members can only span so much industry knowledge. This is not about expanding ARIN?s scope or mission, quite the opposite, since a larger Board is also more likely to bring better awareness of other initiatives already underway in any given Internet space, thus enabling collaboration over duplication. We function quite well today with a small Board, and we can continue to do so. Moving to a slightly larger Board reduces the possibility of gaps in the Board?s overall understanding of the Internet ecosystem for those situations when the Board must act on behalf of the ARIN community. Thanks! /John John Curran President and CEO ARIN From jcurran at arin.net Fri Apr 6 15:50:10 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 19:50:10 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <96045965-E3A1-4C5C-9FD6-C4D95A465415@arin.net> On 6 Apr 2018, at 2:40 PM, Bill Woodcock wrote: > I?ve served on many boards, including ones much smaller than ARIN?s (several boards of three people) and ones much larger (once as many as 22). I?ve found that, without exception, the larger the board, the less functional it is. At seven, ARIN?s board has always (at least in the fifteen years I sat on it) struggled with keeping all members engaged and contributing productively. It?s been rare that more than four or five members were really paying attention to the issues we needed to work on, showing up for meetings, and speaking their minds. Indeed Bill? you are certainly one of the folks I had in mind when I wrote the phrase "a history of Board members of both extremely high calibre and with exceptional breath of experience in many parts of the Internet?. Three Board members of such broad experience and knowledge might indeed do fine in setting strategic direction for fundamental organization such as ARIN, but three of less than stellar background and knowledge could be quite a disaster in the making. > Ask yourself instead, ?what problem, if any, would this solve?? I?ve asked that question each time it?s been brought up, and I?ve never received an answer. There are only so many Bill Woodcocks, Scott Bradners, Paul Vixies, Vint Cerfs, etc. in the world, and it?s unlikely going forward that we?ll have quite as many folks involved who have similarly been involved in every aspect of the Internet since its inception. Combine that with the fact that the Internet is itself adding new layers (such as clouds, social media, and CDN?s?), and you have set extremely high expectations if you want to good breadth of understanding of the Internet ecosystem that ARIN affects in only six people, even if all of them are quite well-qualified. Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 874 bytes Desc: Message signed with OpenPGP URL: From bill at herrin.us Fri Apr 6 16:07:11 2018 From: bill at herrin.us (William Herrin) Date: Fri, 6 Apr 2018 16:07:11 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: On Fri, Apr 6, 2018 at 3:35 PM, John Curran wrote: > Specifically, the question is simply how small of a Board does the ARIN > community feel comfortable when it comes to setting strategic direction > in sensitive matters that are too early to engage with the full community. John, that's mission creep. The community doesn't want ARIN or its board to set a strategic direction for the Internet or any part of it. That's not the proper role of a *registry*. A registry records and reports. They don't "direct." > Review of our past remarkable successes is what drives my concern > that it is possible for a competent and diverse Board of six well-qualified > members to nonetheless lack similar deep understanding of key portions > of the Internet ecosystem, simply because the Internet of today has > many more layers involved in service delivery and six skilled Board > members can only span so much industry knowledge. Respectfully, if ARIN's board lacks any breadth it is most likely because the membership who elected them reflect a similar breadth. That's a problem with the selection process for the board, not its size. As we also discussed last year. > Moving to a slightly larger Board reduces the possibility of gaps in > the Board?s overall understanding of the Internet ecosystem I've heard no credible reason to suppose that adding more board members with the same selection criteria would have a positive impact on this goal. Didn't hear it last year. Not hearing it this year. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From vgcerf at gmail.com Fri Apr 6 15:59:06 2018 From: vgcerf at gmail.com (vinton cerf) Date: Fri, 6 Apr 2018 15:59:06 -0400 Subject: [ARIN-consult] Expanding the Board Message-ID: I am strongly in favor of the 9 member board plan. It provides increased opportunity for a diversity of perspectives, geographic and gender participation, and increases the pool of experienced board members in the community as they cycle from board service. This is not a massive expansion and should not become an impediment to quorum formation. There is a modest increase in travel expense but worth it for the other benefits this modest expansion brings. As a former Board chair and member of the Board, I would not have found the increase difficult to manage and would have welcomed the addition of diverse views. Vint Cerf -------------- next part -------------- An HTML attachment was scrubbed... URL: From woody at pch.net Fri Apr 6 16:15:36 2018 From: woody at pch.net (Bill Woodcock) Date: Fri, 6 Apr 2018 13:15:36 -0700 Subject: [ARIN-consult] Expanding the Board In-Reply-To: References: Message-ID: You mean to ten members, as John is proposing, or is this a separate proposal to go to nine, adding two to the current seven? -Bill > On Apr 6, 2018, at 13:10, vinton cerf wrote: > > I am strongly in favor of the 9 member board plan. It provides increased opportunity for a diversity of perspectives, geographic and gender participation, and increases the pool of experienced board members in the community as they cycle from board service. This is not a massive expansion and should not become an impediment to quorum formation. There is a modest increase in travel expense but worth it for the other benefits this modest expansion brings. As a former Board chair and member of the Board, I would not have found the increase difficult to manage and would have welcomed the addition of diverse views. > > Vint Cerf > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From jcurran at arin.net Fri Apr 6 16:29:56 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 20:29:56 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: On 6 Apr 2018, at 4:07 PM, William Herrin wrote: > > On Fri, Apr 6, 2018 at 3:35 PM, John Curran wrote: >> Specifically, the question is simply how small of a Board does the ARIN >> community feel comfortable when it comes to setting strategic direction >> in sensitive matters that are too early to engage with the full community. > > John, that's mission creep. The community doesn't want ARIN or its > board to set a strategic direction for the Internet or any part of it. > That's not the proper role of a *registry*. A registry records and > reports. They don't "direct.? Alas, ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. The impacted parties from such changes includes a significant portion of the Internet infrastructure, since they all rely in part upon our services for their success. While we work hard to consult with the ARIN community regarding direction, it is not always possible for some of the more sensitive matters, and hence the breath of Internet knowledge of the ARIN Board can be crucial. For example, in the case of the IANA stewardship transition, simply entertaining discussion of the potential could have resulted in legislative or regulatory responses that would have impacted not only the Internet number registry system, but other parts of the ecosystem including the DNS community, ICANN, and the IETF. Understanding such potential risks isn?t possible unless you have Board of broad experience, more so than simply internet registry services. > Respectfully, if ARIN's board lacks any breadth it is most likely > because the membership who elected them reflect a similar breadth. > That's a problem with the selection process for the board, not its > size. As we also discussed last year. It would be challenging, no matter how broad the ARIN community, to have a Board of three which covered all of the various portions of the affected Internet ecosystem, and that refutes the idea that the diversity of the community can assure breadth of knowledge of the resulting Board. We have had truly incredible Board members with great breadth of knowledge in the past, and six elected Board members of such quality have sufficed, but even that?s uncertain going forward given less involvement from those who have led the Internet since day one and additional complexity of new layers such as cloud, mobile, CDN?s, and social media. Thanks, /John John Curran President and CEO ARIN From vgcerf at gmail.com Fri Apr 6 16:32:34 2018 From: vgcerf at gmail.com (vinton cerf) Date: Fri, 6 Apr 2018 16:32:34 -0400 Subject: [ARIN-consult] Expanding the Board In-Reply-To: References: Message-ID: I misread the proposal forgetting that John is the tenth member ex officio, so I agree with ten. vint On Fri, Apr 6, 2018 at 4:15 PM, Bill Woodcock wrote: > You mean to ten members, as John is proposing, or is this a separate > proposal to go to nine, adding two to the current seven? > > -Bill > > > > On Apr 6, 2018, at 13:10, vinton cerf wrote: > > > > I am strongly in favor of the 9 member board plan. It provides increased > opportunity for a diversity of perspectives, geographic and gender > participation, and increases the pool of experienced board members in the > community as they cycle from board service. This is not a massive expansion > and should not become an impediment to quorum formation. There is a modest > increase in travel expense but worth it for the other benefits this modest > expansion brings. As a former Board chair and member of the Board, I would > not have found the increase difficult to manage and would have welcomed the > addition of diverse views. > > > > Vint Cerf > > > > _______________________________________________ > > ARIN-Consult > > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > > List (ARIN-consult at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > > Help Desk at info at arin.net if you experience any issues. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at comfortconsulting.com Fri Apr 6 16:35:38 2018 From: john at comfortconsulting.com (John Comfort) Date: Fri, 6 Apr 2018 13:35:38 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: Does a six-member board not already provide a diversity of perspectives, geographic and gender participation? It seems we're just re-iterating last year's "Diversity" agenda using more ambiguous language. As WilliamH & BillW mentioned larger groups are less optimal. However, BillW's "white-guy" comment is irrelevant. Please stop adding race to the discussion. The issue on expanding the board should not be based on gender, race or sexual orientation. On the contrary, it should be based on efficiency, merit, experience, competence, or other requirements such as quorum. If the board at six members cannot approve a measure with a minimum quorum because only half of the six show up at a meeting, then perhaps nine-member boards would suffice when there requires a certain minimum vote whether or not all are present. JohnC On Fri, Apr 6, 2018 at 1:29 PM, John Curran wrote: > On 6 Apr 2018, at 4:07 PM, William Herrin wrote: > > > > On Fri, Apr 6, 2018 at 3:35 PM, John Curran wrote: > >> Specifically, the question is simply how small of a Board does the ARIN > >> community feel comfortable when it comes to setting strategic direction > >> in sensitive matters that are too early to engage with the full > community. > > > > John, that's mission creep. The community doesn't want ARIN or its > > board to set a strategic direction for the Internet or any part of it. > > That's not the proper role of a *registry*. A registry records and > > reports. They don't "direct.? > > Alas, ARIN (along with the other RIRs) is inevitably involved in setting > the strategic direction for the evolution of the Internet Number registry > system. The impacted parties from such changes includes a significant > portion of the Internet infrastructure, since they all rely in part upon > our services for their success. While we work hard to consult with the > ARIN community regarding direction, it is not always possible for some of > the more sensitive matters, and hence the breath of Internet knowledge of > the ARIN Board can be crucial. > > For example, in the case of the IANA stewardship transition, simply > entertaining discussion of the potential could have resulted in legislative > or regulatory responses that would have impacted not only the Internet > number registry system, but other parts of the ecosystem including the DNS > community, ICANN, and the IETF. Understanding such potential risks isn?t > possible unless you have Board of broad experience, more so than simply > internet registry services. > > > Respectfully, if ARIN's board lacks any breadth it is most likely > > because the membership who elected them reflect a similar breadth. > > That's a problem with the selection process for the board, not its > > size. As we also discussed last year. > > It would be challenging, no matter how broad the ARIN community, to have a > Board of three which covered all of the various portions of the affected > Internet ecosystem, and that refutes the idea that the diversity of the > community can assure breadth of knowledge of the resulting Board. > > We have had truly incredible Board members with great breadth of knowledge > in the past, and six elected Board members of such quality have sufficed, > but even that?s uncertain going forward given less involvement from those > who have led the Internet since day one and additional complexity of new > layers such as cloud, mobile, CDN?s, and social media. > > Thanks, > /John > > John Curran > President and CEO > ARIN > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Mel.Stotyn at sjrb.ca Fri Apr 6 16:52:05 2018 From: Mel.Stotyn at sjrb.ca (Mel Stotyn) Date: Fri, 6 Apr 2018 20:52:05 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: John Curran said: > ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. This example of why a larger and (hopefully) more diverse board would be helpful seems to me an odd example. ?ARIN (along with the other RIRs)? results in a larger group with more diverse experience and certainly geographically diverse outlooks. A few more on one of the geographic participants doesn?t seem to be necessary in this case. Mel Stotyn From: ARIN-consult On Behalf Of John Comfort Sent: Friday, April 6, 2018 2:36 PM To: John Curran Cc: Subject: Re: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees Does a six-member board not already provide a diversity of perspectives, geographic and gender participation? It seems we're just re-iterating last year's "Diversity" agenda using more ambiguous language. As WilliamH & BillW mentioned larger groups are less optimal. However, BillW's "white-guy" comment is irrelevant. Please stop adding race to the discussion. The issue on expanding the board should not be based on gender, race or sexual orientation. On the contrary, it should be based on efficiency, merit, experience, competence, or other requirements such as quorum. If the board at six members cannot approve a measure with a minimum quorum because only half of the six show up at a meeting, then perhaps nine-member boards would suffice when there requires a certain minimum vote whether or not all are present. JohnC On Fri, Apr 6, 2018 at 1:29 PM, John Curran > wrote: On 6 Apr 2018, at 4:07 PM, William Herrin > wrote: > > On Fri, Apr 6, 2018 at 3:35 PM, John Curran > wrote: >> Specifically, the question is simply how small of a Board does the ARIN >> community feel comfortable when it comes to setting strategic direction >> in sensitive matters that are too early to engage with the full community. > > John, that's mission creep. The community doesn't want ARIN or its > board to set a strategic direction for the Internet or any part of it. > That's not the proper role of a *registry*. A registry records and > reports. They don't "direct.? Alas, ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. The impacted parties from such changes includes a significant portion of the Internet infrastructure, since they all rely in part upon our services for their success. While we work hard to consult with the ARIN community regarding direction, it is not always possible for some of the more sensitive matters, and hence the breath of Internet knowledge of the ARIN Board can be crucial. For example, in the case of the IANA stewardship transition, simply entertaining discussion of the potential could have resulted in legislative or regulatory responses that would have impacted not only the Internet number registry system, but other parts of the ecosystem including the DNS community, ICANN, and the IETF. Understanding such potential risks isn?t possible unless you have Board of broad experience, more so than simply internet registry services. > Respectfully, if ARIN's board lacks any breadth it is most likely > because the membership who elected them reflect a similar breadth. > That's a problem with the selection process for the board, not its > size. As we also discussed last year. It would be challenging, no matter how broad the ARIN community, to have a Board of three which covered all of the various portions of the affected Internet ecosystem, and that refutes the idea that the diversity of the community can assure breadth of knowledge of the resulting Board. We have had truly incredible Board members with great breadth of knowledge in the past, and six elected Board members of such quality have sufficed, but even that?s uncertain going forward given less involvement from those who have led the Internet since day one and additional complexity of new layers such as cloud, mobile, CDN?s, and social media. Thanks, /John John Curran President and CEO ARIN _______________________________________________ ARIN-Consult You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Fri Apr 6 16:59:32 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 20:59:32 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: On 6 Apr 2018, at 4:35 PM, John Comfort > wrote: If the board at six members cannot approve a measure with a minimum quorum because only half of the six show up at a meeting, then perhaps nine-member boards would suffice when there requires a certain minimum vote whether or not all are present. John - We don?t have a quorum or engagement problem with the current Board; i.e. we generally have all (or all but one due to conflict) members present for our meetings and teleconferences. Furthermore, routine business is taken care of promptly throughout the year by Board members who are generally attentive to their duties. The concern raised in this community consultation on Board expansion is quite specific, and relates to the breadth of knowledge of the Board when it comes to setting ARIN?s strategic direction. Often such discussions must start at the Board, in order to obtain sufficient approval to develop them further, since even the act of exploring them can have ramifications to ARIN mission. For example, when the NANOG community was maturing and the concept of having a formal NANOG organization was raised, the ARIN Board had to discuss various options, such as supporting the initiative (which was the ultimate decision including initial organizational and financial support), but the options discussed also included possible directions that could have adversely impacted the initiative simply by being brought before the entire ARIN community. While we had a Board which had sufficient breadth of knowledge to consider the options in confidence, that was not assure to be the case given its relatively modest size. I hope this helps clarify the consultation question - thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Fri Apr 6 17:16:33 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 21:16:33 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: <41930BC3-B0EA-49A3-9023-441EAE3F6554@arin.net> On 6 Apr 2018, at 4:52 PM, Mel Stotyn > wrote: John Curran said: > ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. This example of why a larger and (hopefully) more diverse board would be helpful seems to me an odd example. ?ARIN (along with the other RIRs)? results in a larger group with more diverse experience and certainly geographically diverse outlooks. A few more on one of the geographic participants doesn?t seem to be necessary in this case. Mel - Excellent point - while the RIRs collectively set the Internet number registry system direction, that?s actually the outcome of the individual RIR processes. Our coordination with the other RIRs is primarily operational activities based on the NRO and ASO MOU?s that we have in place ? our strategic alignment occurs because each community sets a similar direction as developed via its own RIR processes, or as the result of public processes that we set up for a specific purpose (such as the IANA Stewardship Transition plan development.) There?s good anti-trust reasons that each RIR must set its own direction, and additionally we routinely face topics that must be considered in confidence but principally affect only the ARIN-region community (such as the NANOG formation example.) This combination of factors limits our ability to utilize other RIR Boards when weighing ARIN decisions about strategic matters. Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Fri Apr 6 17:19:00 2018 From: bill at herrin.us (William Herrin) Date: Fri, 6 Apr 2018 17:19:00 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: On Fri, Apr 6, 2018 at 4:59 PM, John Curran wrote: > For example, when the NANOG community was maturing and the concept of having > a formal NANOG organization was raised, the ARIN Board had to discuss > various options, such as supporting the initiative (which was the ultimate > decision including initial organizational and financial support), but the > options discussed also included possible directions that could have > adversely impacted the initiative simply by being brought before the entire > ARIN community. While we had a Board which had sufficient breadth of > knowledge to consider the options in confidence, that was not assure to be > the case given its relatively modest size. Respectfully, this is a perfect example of mission creep. ARIN was long ago asked to coordinate meetings with NANOG for the convenience of folks who wish to attend both. Greater interaction exceeded ARIN's mission scope. There was no call for the ARIN board to debate anything at all about whether NANOG decided to move out from under MERIT. Far from offering a bulwark, more board members would offer idle hands to exacerbate this problem. Regards. Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From john at comfortconsulting.com Fri Apr 6 17:26:19 2018 From: john at comfortconsulting.com (John Comfort) Date: Fri, 6 Apr 2018 14:26:19 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <41930BC3-B0EA-49A3-9023-441EAE3F6554@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> <41930BC3-B0EA-49A3-9023-441EAE3F6554@arin.net> Message-ID: Thank you John Curran for the explanation. To recap then, the consideration to increase the size of the board was initiated by a need to expand the "breath of knowledge" in matters discussed within the board meetings, correct? I ask this question because I want to make sure we are clear on our objectives and motives. You have my support if "breadth of knowledge" is the reason for this consultation. I do not support this initiative if it involves cherry-picking a race or gender to align with politically motivated agendas. Thank you again, John On Fri, Apr 6, 2018 at 2:16 PM, John Curran wrote: > On 6 Apr 2018, at 4:52 PM, Mel Stotyn wrote: > > > John Curran said: > > ARIN (along with the other RIRs) is inevitably involved in setting the > strategic direction for the evolution of the Internet Number registry > system. > > This example of why a larger and (hopefully) more diverse board would be > helpful seems to me an odd example. ?ARIN (along with the other RIRs)? > results in a larger group with more diverse experience and certainly > geographically diverse outlooks. A few more on one of the geographic > participants doesn?t seem to be necessary in this case. > > > Mel - > > Excellent point - while the RIRs collectively set the Internet number > registry system direction, that?s actually the outcome of the individual > RIR processes. > > Our coordination with the other RIRs is primarily operational activities > based on the NRO and ASO MOU?s that we have in place ? our strategic > alignment occurs because each community sets a similar direction as > developed via its own RIR processes, or as the result of public processes > that we set up for a specific purpose (such as the IANA Stewardship > Transition plan development.) > > There?s good anti-trust reasons that each RIR must set its own > direction, and additionally we routinely face topics that must be > considered in confidence but principally affect only the ARIN-region > community (such as the NANOG formation example.) This combination of > factors limits our ability to utilize other RIR Boards when weighing ARIN > decisions about strategic matters. > > Thanks! > /John > > John Curran > President and CEO > ARIN > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Fri Apr 6 17:28:43 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 21:28:43 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: <3B859383-5953-449D-8189-AE6D5A0EDE47@arin.net> On 6 Apr 2018, at 5:19 PM, William Herrin wrote: > > On Fri, Apr 6, 2018 at 4:59 PM, John Curran wrote: >> For example, when the NANOG community was maturing and the concept of having >> a formal NANOG organization was raised, the ARIN Board had to discuss >> various options, such as supporting the initiative (which was the ultimate >> decision including initial organizational and financial support), but the >> options discussed also included possible directions that could have >> adversely impacted the initiative simply by being brought before the entire >> ARIN community. While we had a Board which had sufficient breadth of >> knowledge to consider the options in confidence, that was not assure to be >> the case given its relatively modest size. > > Respectfully, this is a perfect example of mission creep. ARIN was > long ago asked to coordinate meetings with NANOG for the convenience > of folks who wish to attend both. Greater interaction exceeded ARIN's > mission scope. I disagree: it was quite important for ARIN to consider whether aid the transition, such lending NANOG the initial funds it needed for operation, agreeing to be its hotel contractor for first few meetings (as the new organization lacked credit history), etc. Even making a decision _not_ to provide such support would have equally required confidential Board discussion, so it would appear that the breadth of the Board is important regardless of your view of the right outcome. > There was no call for the ARIN board to debate anything > at all about whether NANOG decided to move out from under MERIT. See above. > Far from offering a bulwark, more board members would offer idle hands > to exacerbate this problem. I?m unaware of how more Board members would automatically create more Board activities at ARIN; there?s very little considered by the ARIN Board that isn't initiated from myself, the Board Chair, or the members (e.g. via the consultation/suggestion process) Thanks, /John John Curran President and CEO ARIN From jcurran at arin.net Fri Apr 6 17:30:59 2018 From: jcurran at arin.net (John Curran) Date: Fri, 6 Apr 2018 21:30:59 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> <41930BC3-B0EA-49A3-9023-441EAE3F6554@arin.net> Message-ID: On 6 Apr 2018, at 5:26 PM, John Comfort > wrote: Thank you John Curran for the explanation. To recap then, the consideration to increase the size of the board was initiated by a need to expand the "breath of knowledge" in matters discussed within the board meetings, correct? Yes, that is correct. I ask this question because I want to make sure we are clear on our objectives and motives. You have my support if "breadth of knowledge" is the reason for this consultation. Also correct - " While the Trustees elected by the community often have a broad knowledge of the Internet ecosystem, seven Trustees is a relatively small group to evaluate impacts across the entire Internet ecosystem.? Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From cja at daydream.com Fri Apr 6 17:31:21 2018 From: cja at daydream.com (Cj Aronson) Date: Fri, 6 Apr 2018 15:31:21 -0600 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: I think increasing the size of the board is a fine idea. It all comes down to the nomcom. The nomcom needs to deliver an appropriately diverse slate of candidates. The board needs to let the nomcom and the community know what expertise is needed. If this doesn't happen then we end up with a bigger board that doesn't meet the needs of the organization and is not more diverse. It has historically been the case that if a candidate is not well known in the ARIN community they lose elections regardless of how qualified they are or how much the board needs their expertise. Thanks! -----Cathy {?,?} (( )) ? ? On Fri, Apr 6, 2018 at 12:14 PM, ARIN wrote: > In May 2017, the ARIN Board of Trustees proposed expansion of the size of > the Board of Trustees in order to increase opportunities for diversity in > the background of Board members, including geographical and gender > representation. This proposal was the topic of an energetic community > consultation with mixed outcome indicating both support and concerns with > such a change. The ARIN Board considered the outcome of the consultation, > but ultimately the measure did not achieve the four-fifths approval > threshold necessary for changing ARIN's Bylaws. > > In February of this year, the ARIN Board discussed an additional issue > related to the present size of the Board: specifically, the challenge that > a smaller Board poses when engaging in strategic discussions, for example > in regard to long-term direction or relationships with other Internet > organizations. While many of these topics are discussed with the community > prior to decision (e.g. formation of the NRO, support for the IANA > Stewardship Transition), it is often up to the ARIN Board of Trustees to > decide whether to explore these initiatives when they are at an early > stage. There is a very wide diversity of the Internet ecosystem that can be > affected by ARIN's strategic direction and this includes Internet service > providers of all sizes and types (transit, access, etc.), Internet online > and content industries, data center and cloud operators, educational and > government networks, commercial firms, and civil society. While the > Trustees elected by the community often have a broad knowledge of the > Internet ecosystem, seven Trustees is a relatively small group to evaluate > impacts across the entire Internet ecosystem. > > As a result of this discussion, the ARIN Board agreed to initiate a new > community consultation to expand the number of elected Board members from > six to nine, in order to allow for wider representation of the Internet > community during Board discussions. > > *Board proposal:* > > ARIN should add three more elected voting seats to the Board of Trustees, > raising the current six (two elected per year) to nine (three elected per > year). New Board seats are to be added to the Board in a phased manner ? > one per year in the 2018 thru 2020 elections as noted below > > * October 2018: 3 Board members will be elected for 2019; 8 Trustee > board (9 if the appointed seat is used) > * October 2019: 3 Board members will be elected for 2020; 9 Trustee > board (10 if the appointed seat is used) > * October 2020: 3 Board members will be elected for 2021; 10 Trustee > board (11 if the appointed seat is used) > > We are seeking community feedback on this proposed change to the size of > the ARIN Board of Trustees. This consultation will remain open for at least > 30 days. > > Please provide comments to arin-consult at arin.net. > > Discussion on arin-consult at arin.net will close on 14 May 2018. > > If you have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at comfortconsulting.com Fri Apr 6 17:40:19 2018 From: john at comfortconsulting.com (John Comfort) Date: Fri, 6 Apr 2018 14:40:19 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: Have you identified the specific areas of knowledge that are not present on the existing 7-member board? On Fri, Apr 6, 2018 at 2:31 PM, Cj Aronson wrote: > I think increasing the size of the board is a fine idea. It all comes > down to the nomcom. The nomcom needs to deliver an appropriately diverse > slate of candidates. The board needs to let the nomcom and the community > know what expertise is needed. If this doesn't happen then we end up > with a bigger board that doesn't meet the needs of the organization and is > not more diverse. It has historically been the case that if a candidate is > not well known in the ARIN community they lose elections regardless of how > qualified they are or how much the board needs their expertise. > > Thanks! > -----Cathy > > > {?,?} > (( )) > ? ? > > On Fri, Apr 6, 2018 at 12:14 PM, ARIN wrote: > >> In May 2017, the ARIN Board of Trustees proposed expansion of the size of >> the Board of Trustees in order to increase opportunities for diversity in >> the background of Board members, including geographical and gender >> representation. This proposal was the topic of an energetic community >> consultation with mixed outcome indicating both support and concerns with >> such a change. The ARIN Board considered the outcome of the consultation, >> but ultimately the measure did not achieve the four-fifths approval >> threshold necessary for changing ARIN's Bylaws. >> >> In February of this year, the ARIN Board discussed an additional issue >> related to the present size of the Board: specifically, the challenge that >> a smaller Board poses when engaging in strategic discussions, for example >> in regard to long-term direction or relationships with other Internet >> organizations. While many of these topics are discussed with the community >> prior to decision (e.g. formation of the NRO, support for the IANA >> Stewardship Transition), it is often up to the ARIN Board of Trustees to >> decide whether to explore these initiatives when they are at an early >> stage. There is a very wide diversity of the Internet ecosystem that can be >> affected by ARIN's strategic direction and this includes Internet service >> providers of all sizes and types (transit, access, etc.), Internet online >> and content industries, data center and cloud operators, educational and >> government networks, commercial firms, and civil society. While the >> Trustees elected by the community often have a broad knowledge of the >> Internet ecosystem, seven Trustees is a relatively small group to evaluate >> impacts across the entire Internet ecosystem. >> >> As a result of this discussion, the ARIN Board agreed to initiate a new >> community consultation to expand the number of elected Board members from >> six to nine, in order to allow for wider representation of the Internet >> community during Board discussions. >> >> *Board proposal:* >> >> ARIN should add three more elected voting seats to the Board of Trustees, >> raising the current six (two elected per year) to nine (three elected per >> year). New Board seats are to be added to the Board in a phased manner ? >> one per year in the 2018 thru 2020 elections as noted below >> >> * October 2018: 3 Board members will be elected for 2019; 8 Trustee >> board (9 if the appointed seat is used) >> * October 2019: 3 Board members will be elected for 2020; 9 Trustee >> board (10 if the appointed seat is used) >> * October 2020: 3 Board members will be elected for 2021; 10 Trustee >> board (11 if the appointed seat is used) >> >> We are seeking community feedback on this proposed change to the size of >> the ARIN Board of Trustees. This consultation will remain open for at least >> 30 days. >> >> Please provide comments to arin-consult at arin.net. >> >> Discussion on arin-consult at arin.net will close on 14 May 2018. >> >> If you have any questions, please contact us at info at arin.net. >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> >> >> >> _______________________________________________ >> ARIN-Consult >> You are receiving this message because you are subscribed to the ARIN >> Consult Mailing >> List (ARIN-consult at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the >> ARIN Member Services >> Help Desk at info at arin.net if you experience any issues. >> > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Rob.Evans at jisc.ac.uk Fri Apr 6 17:46:40 2018 From: Rob.Evans at jisc.ac.uk (Rob Evans) Date: Fri, 6 Apr 2018 21:46:40 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> , Message-ID: > Have you identified the specific areas of knowledge that are not present on the existing 7-member board? This is a ?known unknowns? question, right? Cheers, Rob Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. From john at comfortconsulting.com Fri Apr 6 17:53:40 2018 From: john at comfortconsulting.com (John Comfort) Date: Fri, 6 Apr 2018 14:53:40 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: Not necessarily. If the body of knowledge of the existing 7-member board is grossly deficient given today's internet ecosystem, then perhaps three additional seats would not be an adequate increase. If the current board found that there were areas of expertise consistently requiring outside consultation then it should be fairly easy to identify at least a few areas of expertise that would be an asset to board's decision making. For example: technical expertise, legal expertise, expertise in governmental matters, etc. On Fri, Apr 6, 2018 at 2:46 PM, Rob Evans wrote: > > > Have you identified the specific areas of knowledge that are not present > on the existing 7-member board? > > This is a ?known unknowns? question, right? > > Cheers, > Rob > > Jisc is a registered charity (number 1149740) and a company limited by > guarantee which is registered in England under Company No. 5747339, VAT No. > GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, > Bristol, BS2 0JA. T 0203 697 5800. > > Jisc Services Limited is a wholly owned Jisc subsidiary and a company > limited by guarantee which is registered in England under company number > 2881024, VAT number GB 197 0632 86. The registered office is: One Castle > Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From frnkblk at iname.com Sat Apr 7 16:39:22 2018 From: frnkblk at iname.com (Frank Bulk) Date: Sat, 7 Apr 2018 15:39:22 -0500 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <019f01d3ceb0$82c48700$884d9500$@iname.com> In order to actually achieve the diversity (?Internet service providers of all sizes and types (transit, access, etc.), Internet online and content industries, data center and cloud operators, educational and government networks, commercial firms, and civil society?) desired by the proposal, would it be appropriate to more formally identify those areas of the ecosystem where representation is desired and then have people run for seats representing those areas of the ecosystem? For example: Seat 1: Small ISPs Seat 2: Large ISPs Seat 3: Data centers Seat 4: CDNs Seat 5: Educational & gov?t networks Seat 6: Commerical Seat 7: Civil Society Seat 8: At large #1 Seat 9: At large #2 Seat 10: ARIN CEO Frank From: ARIN-consult On Behalf Of John Comfort Sent: Friday, April 06, 2018 4:54 PM To: Rob Evans Cc: Subject: Re: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees Not necessarily. If the body of knowledge of the existing 7-member board is grossly deficient given today's internet ecosystem, then perhaps three additional seats would not be an adequate increase. If the current board found that there were areas of expertise consistently requiring outside consultation then it should be fairly easy to identify at least a few areas of expertise that would be an asset to board's decision making. For example: technical expertise, legal expertise, expertise in governmental matters, etc. On Fri, Apr 6, 2018 at 2:46 PM, Rob Evans > wrote: > Have you identified the specific areas of knowledge that are not present on the existing 7-member board? This is a ?known unknowns? question, right? Cheers, Rob Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Sat Apr 7 21:23:46 2018 From: owen at delong.com (Owen DeLong) Date: Sat, 7 Apr 2018 18:23:46 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: <7D72EC19-D4FD-4854-9A00-E3838B2438AA@delong.com> All of the arguments being offered in favor of a larger board so far have only served to further convince me that the board should not be enlarged. It won?t help with diversity. The limited pool of high quality individuals available only serves to ensure that the larger the board, the more people of lower caliber we will have on the board. So once again, I express opposition to expanding the ARIN board. Owen > On Apr 6, 2018, at 13:52, Mel Stotyn wrote: > > John Curran said: > > ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. > > This example of why a larger and (hopefully) more diverse board would be helpful seems to me an odd example. ?ARIN (along with the other RIRs)? results in a larger group with more diverse experience and certainly geographically diverse outlooks. A few more on one of the geographic participants doesn?t seem to be necessary in this case. > > Mel Stotyn > > From: ARIN-consult On Behalf Of John Comfort > Sent: Friday, April 6, 2018 2:36 PM > To: John Curran > Cc: > Subject: Re: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees > > Does a six-member board not already provide a diversity of perspectives, geographic and gender participation? It seems we're just re-iterating last year's "Diversity" agenda using more ambiguous language. As WilliamH & BillW mentioned larger groups are less optimal. However, BillW's "white-guy" comment is irrelevant. Please stop adding race to the discussion. > > The issue on expanding the board should not be based on gender, race or sexual orientation. On the contrary, it should be based on efficiency, merit, experience, competence, or other requirements such as quorum. > > If the board at six members cannot approve a measure with a minimum quorum because only half of the six show up at a meeting, then perhaps nine-member boards would suffice when there requires a certain minimum vote whether or not all are present. > > JohnC > > > > On Fri, Apr 6, 2018 at 1:29 PM, John Curran wrote: > On 6 Apr 2018, at 4:07 PM, William Herrin wrote: > > > > On Fri, Apr 6, 2018 at 3:35 PM, John Curran wrote: > >> Specifically, the question is simply how small of a Board does the ARIN > >> community feel comfortable when it comes to setting strategic direction > >> in sensitive matters that are too early to engage with the full community. > > > > John, that's mission creep. The community doesn't want ARIN or its > > board to set a strategic direction for the Internet or any part of it. > > That's not the proper role of a *registry*. A registry records and > > reports. They don't "direct.? > > Alas, ARIN (along with the other RIRs) is inevitably involved in setting the strategic direction for the evolution of the Internet Number registry system. The impacted parties from such changes includes a significant portion of the Internet infrastructure, since they all rely in part upon our services for their success. While we work hard to consult with the ARIN community regarding direction, it is not always possible for some of the more sensitive matters, and hence the breath of Internet knowledge of the ARIN Board can be crucial. > > For example, in the case of the IANA stewardship transition, simply entertaining discussion of the potential could have resulted in legislative or regulatory responses that would have impacted not only the Internet number registry system, but other parts of the ecosystem including the DNS community, ICANN, and the IETF. Understanding such potential risks isn?t possible unless you have Board of broad experience, more so than simply internet registry services. > > > Respectfully, if ARIN's board lacks any breadth it is most likely > > because the membership who elected them reflect a similar breadth. > > That's a problem with the selection process for the board, not its > > size. As we also discussed last year. > > It would be challenging, no matter how broad the ARIN community, to have a Board of three which covered all of the various portions of the affected Internet ecosystem, and that refutes the idea that the diversity of the community can assure breadth of knowledge of the resulting Board. > > We have had truly incredible Board members with great breadth of knowledge in the past, and six elected Board members of such quality have sufficed, but even that?s uncertain going forward given less involvement from those who have led the Internet since day one and additional complexity of new layers such as cloud, mobile, CDN?s, and social media. > > Thanks, > /John > > John Curran > President and CEO > ARIN > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Sat Apr 7 21:31:02 2018 From: owen at delong.com (Owen DeLong) Date: Sat, 7 Apr 2018 18:31:02 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> <41930BC3-B0EA-49A3-9023-441EAE3F6554@arin.net> Message-ID: <40A52D39-95AB-45DD-A6FA-8EED64EFEC04@delong.com> To be clear, the board is elected by the members, which are a small subset of the much larger community. Now if the board wants to look into better and broader representation of the community, this might be something to look at. I think an expanded electorate would be far more useful than an expanded board. Owen > On Apr 6, 2018, at 14:30, John Curran wrote: > >> On 6 Apr 2018, at 5:26 PM, John Comfort wrote: >> >> Thank you John Curran for the explanation. >> >> To recap then, the consideration to increase the size of the board was initiated by a need to expand the "breath of knowledge" in matters discussed within the board meetings, correct? > > Yes, that is correct. > >> I ask this question because I want to make sure we are clear on our objectives and motives. You have my support if "breadth of knowledge" is the reason for this consultation. > > Also correct - " While the Trustees elected by the community often have a broad knowledge of the Internet ecosystem, seven Trustees is a relatively small group to evaluate impacts across the entire Internet ecosystem.? > > Thanks! > /John > > John Curran > President and CEO > ARIN > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From woody at pch.net Sat Apr 7 21:36:46 2018 From: woody at pch.net (Bill Woodcock) Date: Sat, 7 Apr 2018 18:36:46 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <96045965-E3A1-4C5C-9FD6-C4D95A465415@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <96045965-E3A1-4C5C-9FD6-C4D95A465415@arin.net> Message-ID: >> Ask yourself instead, ?what problem, if any, would this solve?? I?ve asked that question each time it?s been brought up, and I?ve never received an answer. > > It?s unlikely going forward that we?ll have quite as many folks involved who have similarly been involved in every aspect of the Internet since its inception. As Owen has pointed out, adding more people who you believe to be unqualified doesn?t make it easier for the people you believe to be qualified to get the work done, it just saddles them with more committees to entertain. Myself, I believe that there are plenty of good candidates, but I believe that nomcoms haven?t done a great job of putting them on slates. Again, a larger board doesn?t solve that problem. So, I?m still looking for a problem that increased board size solves. Because I?m very aware of the costs. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From woody at pch.net Sat Apr 7 22:29:27 2018 From: woody at pch.net (Bill Woodcock) Date: Sat, 7 Apr 2018 19:29:27 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> Message-ID: <1F9E03BA-68B9-4ACF-93D6-20CCC3FC00FB@pch.net> > On Apr 6, 2018, at 1:35 PM, John Comfort wrote: > Does a six-member board not already provide a diversity of perspectives, geographic and gender participation? It seems we're just re-iterating last year's "Diversity" agenda using more ambiguous language. My argument was, I believe, in line with yours. I said that diversity was not an argument in favor of larger board size. That they are orthogonal, and that if someone claims that a larger board is, by nature, more diverse, that they are attempting to mislead people by confusing two unrelated issues. So, I believe we?re in agreement: diversity is not an argument in favor of a larger board. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From woody at pch.net Sat Apr 7 22:42:43 2018 From: woody at pch.net (Bill Woodcock) Date: Sat, 7 Apr 2018 19:42:43 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: > On Apr 6, 2018, at 2:46 PM, Rob Evans wrote: > >> Have you identified the specific areas of knowledge that are not present on the existing 7-member board? > > This is a ?known unknowns? question, right? No? While I agree that the board will certainly face unknown challenges which would benefit from not-currently-anticipatable expertise, there are some basic things that are always helpful: experience running non-profits. Experience participating in other RIR meetings enough to understand their politics and how those will impact ARIN (inter-regional transfers, ?global policies,? NRO/IANA stuff, etc.). Financial management (which expertise Nancy clearly brings to the table, so it?s a good thing she?s serving as treasurer). A little legal experience, not necessarily as a lawyer, but as someone who?s been responsible for a company that was being sued, or suing, or involved in some sort of intellectual property dispute, gives a little useful perspective. We have a lot of expertise on the board with the Canadian situation, which differs somewhat from the US one in politics and how networks interrelate; but we have never had similar expertise with regard to the Caribbean, which is equally a part of our region, and differs more from the US in law and network topology and economics than does Canada. Experience managing the operational budget of an Internet network, such that things like fee structure can be put in context and viewed from a member?s point of view. All of those are valuable, in my opinion. We?ve had some of those, but not all of them, on the board thus far. Thus far the nomcom has done essentially nothing to select slates based on needed criteria, but that?s probably because the nomcom has rarely, if ever, been given very explicit instructions about what would be useful. So, Cathy?s right about that: the nomcom really needs to do more of the work of making sure that the slate that?s put forward to the voters includes people who can contribute usefully to the board, rather than just people who are popular. Popular doesn?t count for much when work needs doing. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From bill at herrin.us Sun Apr 8 01:29:10 2018 From: bill at herrin.us (William Herrin) Date: Sun, 8 Apr 2018 01:29:10 -0400 Subject: [ARIN-consult] Expanding the Board In-Reply-To: References: Message-ID: On Fri, Apr 6, 2018 at 4:32 PM, vinton cerf wrote: > I misread the proposal forgetting that John is the tenth member ex officio, > so I agree with ten. > > vint Greetings, A Google search for "effective decision making group size" reveals as its first hit this paper: https://sheilamargolis.com/2011/01/24/what-is-the-optimal-group-size-for-decision-making/ Which concludes, "if you?re looking for the best size for a team, consider an odd number close to five." Another top hit references the book, "Decide & Deliver: 5 Steps to Breakthrough Performance in Your Organization." The authors found that, "Once you've got 7 people in a group, each additional member reduces decision effectiveness by 10%." Also, even numbers (like 10) are bad for decision making. A google search of, "decision making even odd" finds as its first hit: http://www.governinggood.ca/is-your-board-odd-4/ This research reports, "boards with an odd number of members may make better decisions." So having spent a little time reviewing published research on optimal board sizes, I respectfully disagree with your support of ARIN's 10-member board plan. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From vgcerf at gmail.com Sun Apr 8 10:00:07 2018 From: vgcerf at gmail.com (vinton cerf) Date: Sun, 8 Apr 2018 10:00:07 -0400 Subject: [ARIN-consult] Expanding the Board In-Reply-To: References: Message-ID: I have managed boards with 15-21 members and while a challenge was able to make it work. 10 gives a great deal of scope without losing ability to achieve consensus. vint On Sun, Apr 8, 2018 at 1:29 AM, William Herrin wrote: > On Fri, Apr 6, 2018 at 4:32 PM, vinton cerf wrote: > > I misread the proposal forgetting that John is the tenth member ex > officio, > > so I agree with ten. > > > > vint > > Greetings, > > A Google search for "effective decision making group size" reveals as > its first hit this paper: > > https://sheilamargolis.com/2011/01/24/what-is-the-optimal-group-size-for- > decision-making/ > > Which concludes, "if you?re looking for the best size for a team, > consider an odd number close to five." > > Another top hit references the book, "Decide & Deliver: 5 Steps to > Breakthrough Performance in Your Organization." The authors found > that, "Once you've got 7 people in a group, each additional member > reduces decision effectiveness by 10%." > > > Also, even numbers (like 10) are bad for decision making. A google > search of, "decision making even odd" finds as its first hit: > http://www.governinggood.ca/is-your-board-odd-4/ > > This research reports, "boards with an odd number of members may make > better decisions." > > > So having spent a little time reviewing published research on optimal > board sizes, I respectfully disagree with your support of ARIN's > 10-member board plan. > > Regards, > Bill Herrin > > > -- > William Herrin ................ herrin at dirtside.com bill at herrin.us > Dirtside Systems ......... Web: > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ronald.v.dasilva at gmail.com Sun Apr 8 14:06:19 2018 From: ronald.v.dasilva at gmail.com (Ron da Silva) Date: Sun, 8 Apr 2018 14:06:19 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: Message-ID: Two implementation questions, - Would the 10th ex-officio CEO seat be voting or not? Best practices say no, especially in not-for-profit space.. but not a requirement. Issues either way.. - Would the exclusions for Board members be lifted or changed/updated (thought there was another consult on that back at the end of last year..) to help increase the ?diversity? pool? -ron From vgcerf at gmail.com Sun Apr 8 14:33:44 2018 From: vgcerf at gmail.com (vinton cerf) Date: Sun, 8 Apr 2018 14:33:44 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: Message-ID: in the past, I have favored allowing Ex Officio members the right to vote if they wish. v On Sun, Apr 8, 2018 at 2:06 PM, Ron da Silva wrote: > Two implementation questions, > > - Would the 10th ex-officio CEO seat be voting or not? Best practices say > no, especially in not-for-profit space.. but not a requirement. Issues > either way.. > > - Would the exclusions for Board members be lifted or changed/updated > (thought there was another consult on that back at the end of last year..) > to help increase the ?diversity? pool? > > -ron > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bzs at theworld.com Sun Apr 8 14:42:51 2018 From: bzs at theworld.com (bzs at theworld.com) Date: Sun, 8 Apr 2018 14:42:51 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <7D72EC19-D4FD-4854-9A00-E3838B2438AA@delong.com> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> <7D72EC19-D4FD-4854-9A00-E3838B2438AA@delong.com> Message-ID: <23242.25259.537189.252627@gargle.gargle.HOWL> I have no particular problem with expanding the board, let a thousand flowers bloom (or ten anyhow.) HOWEVER, my unsolicited idea is why not create either multiple kinds of board positions, where by "multiple" I'm thinking two at least to begin, voting/non-voting or similar. Or another (small) "advisory" -- pick a word, let's not get hung up on terminology -- board with enough teeth that it's not just token. I'd argue, for starters, just being in the room and having a role and access to the same information would be enough to make it more than just token. A lot of diversity depends on just being heard effectively as much as specific voting/veto powers. This idea would probably make more sense if the specific diversifications desired were assigned to these new roles. That could even be a transitional change, something to do for some number of years, review the result, and take up expanding the board per se, or not, at a later date. P.S. I do realize this would be more work in terms of organizational and by-laws changes, etc than just expanding the existing board. It's not as simple as changing a number. The new structures would have to be defined and incorporated into existing structures including no doubt legal considerations (e.g., how would such a newly defined role be indemnified?) -- -Barry Shein Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo* From info at arin.net Mon Apr 9 09:43:50 2018 From: info at arin.net (ARIN) Date: Mon, 9 Apr 2018 09:43:50 -0400 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes Message-ID: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> ARIN?s Strategic Plan calls for ARIN to recover costs in a fair and equitable manner via appropriate fees to maintain adequate funds for the long-term stability of the organization. ARIN has increased operating costs in recent years to meet customer demand for improved and broader services, and upon review, the Board of Trustees has called for both strategic cost management by the organization and some fee increases in order to preserve long-term organizational reserves. https://www.arin.net/about_us/corp_docs/stratplan-2018-2019.pdf The ARIN Board is proposing the following fee changes: * Increasing the annual registry maintenance fee paid by end users for each IPv4 address block, IPv6 address block, and Autonomous System Number (?ASN?) from $100 to $150 per object. Registration Services Plan customers do not pay these annual registry maintenance fees as all services are already covered in their plan. * Increasing the annual Legacy maintenance fee for each IPv4 address block and ASN from $100 to $150 per object ? i.e., the same change as proposed for end-user maintenance fees. The Legacy maintenance fee is to cover costs associated with Internet number resources held under a Legacy Registration Services Agreement (?LRSA?). (Note also that some very early LRSA agreements include a limit on the annual increase of total maintenance fees; ARIN will implement any fee increase consistent with the terms of those agreements.) * Increasing the initial and annual registration fee for ARIN Transfer Facilitators from $100 to $1,000, in order to cover rising costs associated with services. We are seeking community feedback on these modifications to ARIN?s Fee schedule that we intend to implement sometime mid-year 2018. This consultation will remain open for forty-five (45) days, after which time the Board will evaluate community feedback and determine appropriate changes to the fee schedule. Please provide comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 25 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From woody at pch.net Mon Apr 9 10:07:27 2018 From: woody at pch.net (Bill Woodcock) Date: Mon, 9 Apr 2018 07:07:27 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> > On Apr 9, 2018, at 6:43 AM, ARIN wrote: > ARIN has increased operating costs in recent years to meet > customer demand for improved and broader services The membership seem to be relatively clear that they?re not in favor of scope-creep. And there are already 88 staff, the majority of whom are in Engineering. The theory was that they were supposed to be temporary contractors, doing one-time projects to automate ARIN registry functions. Yet the ?temporary? part never seems to come to a conclusion. Can you present the budget, and explain what specific new services you?re proposing to perform with this additional money, and give us a status-update on the progress being made toward specific goals by the existing 45 engineers? -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From farmer at umn.edu Mon Apr 9 11:13:56 2018 From: farmer at umn.edu (David Farmer) Date: Mon, 9 Apr 2018 10:13:56 -0500 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: My initial impression is that these increases seem reasonable. However, this announcement does not include any data to justify why these two service areas are the focus for fee increases. Are these service areas under recovering their associated costs? Are the increased operating costs mentioned specifically related to these two service areas? Are there projections for the increased revenue from these changes? Basically why is it e On Mon, Apr 9, 2018 at 8:43 AM, ARIN wrote: > ARIN?s Strategic Plan calls for ARIN to recover costs in a fair and > equitable manner via appropriate > fees to maintain adequate funds for the long-term stability of the > organization. ARIN has increased operating costs in recent years to meet > customer demand for improved and broader services, and upon review, the > Board of Trustees has called for both strategic cost management by the > organization and some fee increases in order to preserve long-term > organizational reserves. > > https://www.arin.net/about_us/corp_docs/stratplan-2018-2019.pdf > > The ARIN Board is proposing the following fee changes: > > * Increasing the annual registry maintenance fee paid by end users > for each IPv4 address block, IPv6 address block, and Autonomous System > Number (?ASN?) from $100 to $150 per object. Registration Services Plan > customers do not pay these annual registry maintenance fees as all > services are already covered in their plan. > * Increasing the annual Legacy maintenance fee for each IPv4 address > block and ASN from $100 to $150 per object ? i.e., the same change as > proposed for end-user maintenance fees. The Legacy maintenance fee is to > cover costs associated with Internet number resources held under a > Legacy Registration Services Agreement (?LRSA?). (Note also that some > very early LRSA agreements include a limit on the annual increase of > total maintenance fees; ARIN will implement any fee increase consistent > with the terms of those agreements.) > * Increasing the initial and annual registration fee for ARIN > Transfer Facilitators from $100 to $1,000, in order to cover rising > costs associated with services. > > We are seeking community feedback on these modifications to ARIN?s Fee > schedule that we intend to implement sometime mid-year 2018. > > This consultation will remain open for forty-five (45) days, after which > time the Board will evaluate community feedback and determine > appropriate changes to the fee schedule. > > Please provide comments to arin-consult at arin.net. > > Discussion on arin-consult at arin.net will close on 25 May 2018. > > If you have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From farmer at umn.edu Mon Apr 9 11:17:04 2018 From: farmer at umn.edu (David Farmer) Date: Mon, 9 Apr 2018 10:17:04 -0500 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: Sorry, that escaped early, let's try again; My initial impression is that these increases seem reasonable. However, this announcement does not include any data to justify why these two service areas are the focus for fee increases. Are these service areas under recovering their associated costs? Are the increased operating costs mentioned specifically related to these two service areas? Are there projections for the increased revenue from these changes? Basically, why is it equitable to increase these two service areas and not others? Thanks. On Mon, Apr 9, 2018 at 10:13 AM, David Farmer wrote: > My initial impression is that these increases seem reasonable. However, > this announcement does not include any data to justify why these two > service areas are the focus for fee increases. Are these service areas > under recovering their associated costs? Are the increased operating costs > mentioned specifically related to these two service areas? Are there > projections for the increased revenue from these changes? Basically why is > it e > > On Mon, Apr 9, 2018 at 8:43 AM, ARIN wrote: > >> ARIN?s Strategic Plan calls for ARIN to recover costs in a fair and >> equitable manner via appropriate >> fees to maintain adequate funds for the long-term stability of the >> organization. ARIN has increased operating costs in recent years to meet >> customer demand for improved and broader services, and upon review, the >> Board of Trustees has called for both strategic cost management by the >> organization and some fee increases in order to preserve long-term >> organizational reserves. >> >> https://www.arin.net/about_us/corp_docs/stratplan-2018-2019.pdf >> >> The ARIN Board is proposing the following fee changes: >> >> * Increasing the annual registry maintenance fee paid by end users >> for each IPv4 address block, IPv6 address block, and Autonomous System >> Number (?ASN?) from $100 to $150 per object. Registration Services Plan >> customers do not pay these annual registry maintenance fees as all >> services are already covered in their plan. >> * Increasing the annual Legacy maintenance fee for each IPv4 address >> block and ASN from $100 to $150 per object ? i.e., the same change as >> proposed for end-user maintenance fees. The Legacy maintenance fee is to >> cover costs associated with Internet number resources held under a >> Legacy Registration Services Agreement (?LRSA?). (Note also that some >> very early LRSA agreements include a limit on the annual increase of >> total maintenance fees; ARIN will implement any fee increase consistent >> with the terms of those agreements.) >> * Increasing the initial and annual registration fee for ARIN >> Transfer Facilitators from $100 to $1,000, in order to cover rising >> costs associated with services. >> >> We are seeking community feedback on these modifications to ARIN?s Fee >> schedule that we intend to implement sometime mid-year 2018. >> >> This consultation will remain open for forty-five (45) days, after which >> time the Board will evaluate community feedback and determine >> appropriate changes to the fee schedule. >> >> Please provide comments to arin-consult at arin.net. >> >> Discussion on arin-consult at arin.net will close on 25 May 2018. >> >> If you have any questions, please contact us at info at arin.net. >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> >> >> _______________________________________________ >> ARIN-Consult >> You are receiving this message because you are subscribed to the ARIN >> Consult Mailing >> List (ARIN-consult at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the >> ARIN Member Services >> Help Desk at info at arin.net if you experience any issues. > > > > > -- > =============================================== > David Farmer Email:farmer at umn.edu > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 612-626-0815 > Minneapolis, MN 55414-3029 Cell: 612-812-9952 > =============================================== > -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Mon Apr 9 11:59:43 2018 From: jcurran at arin.net (John Curran) Date: Mon, 9 Apr 2018 15:59:43 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> Message-ID: On 9 Apr 2018, at 10:07 AM, Bill Woodcock wrote: > >> On Apr 9, 2018, at 6:43 AM, ARIN wrote: >> ARIN has increased operating costs in recent years to meet >> customer demand for improved and broader services > > The membership seem to be relatively clear that they?re not in favor of scope-creep. And there are already 88 staff, the majority of whom are in Engineering. The theory was that they were supposed to be temporary contractors, doing one-time projects to automate ARIN registry functions. Yet the ?temporary? part never seems to come to a conclusion. > > Can you present the budget, and explain what specific new services you?re proposing to perform with this additional money, and give us a status-update on the progress being made toward specific goals by the existing 45 engineers? Bill (and David) - Both the specific deliverables accomplished, as well as the upcoming deliverables can be found online here >, and here > respectively. The budget is always available online here > along with the Strategic Plan and two-year operating plans which includes our annual objectives. For 2018, we anticipate revenues of $20.9 USD million and expenses of $23.8 USD million, thus we are impacting our reserves in the short term. Our base model does (as you note) include additional engineering ?surge" staffing and this continues through 2018, although this does not continue in 2019. Even with that adjustment, ARIN will be operating at approximately at $1.3 million USD net-to-reserves position each year on a going-forward basis. So while ARIN?s present medium-term (5 year) financial outlook is solid, it not as robust as the Board has traditionally sought ? specifically, with present plan and fee schedule we?ll be taking our reserves from $25.9 million to approximately $21.6 million though 2022. This downward trajectory is likely to continue over the long-term, and could even accelerate, since our annual revenue includes about $1.4M of investment income that will drop in a corresponding manner with a declining reserve balance; hence why addressing the gap is a simpler matter if done sooner rather than later. The proposed fee change would provide the following net increase in annual revenues: ? Facilitator fee - net revenue increase + $34,000 ? End-user Maintenance fee: net revenue increase + $1,400,000 ? LRSA holders Maintenance fees: net revenue increase + $33,500 The total annual revenue increase with the proposed fee schedule change is 1.47M USD, which would have ARIN be net neutral to the reserves for the foreseeable future. The increase to facilitator fees was deemed appropriate because we are seeing significant increased costs related to maintenance of that program (specifically in addressing parties who are not actual participants but still call themselves ?ARIN Facilitators?. ) Regarding the maintenance fee increases, our end-user community engages in significant ongoing interactions with ARIN and yet is approximately one fifth of ARIN's total revenue. Our investment in systems (such as ARIN Online) benefit the entire ARIN community, and that community is disproportionately end-users. In fact, much of our most improvements have been ?easy-of-use? related for the benefit of those smaller organizations that are new to ARIN and doing requests for the first time. For the vast majority end-users, the fee change results in a modest $100 to $150 annual increase ?depending on whether the organization has only one of IPv4 or IPv6 and an ASN, or both IPv4 block, IPv6 block, and an ASN. While the total impact is still quite small in terms of individual end-user invoice, it is true that it could be deemed a very significant increase when viewed on a percentage basis. This increase is not without corresponding value, as the services provided have been quite enhanced over time (including improvements to ARIN Online allowing easier administration, addition two-factor authentication, streamlined request and ticket sections, etc.) so those using ARIN services have indeed benefitted from ARIN?s investments in staff and systems in recent years. I will cover this material in more detail at ARIN 41, but felt that the communities consideration of this matter would be more productive with some fo the budget, development progress, and fee distribution information that was being sought in the interim. Please do not hesitate ask any additional questions that would help in consideration of this consultation. Thanks! /John John Curran President and CEO American Registry for Internet Numbers (ARIN) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 874 bytes Desc: Message signed with OpenPGP URL: From owen at delong.com Mon Apr 9 13:38:24 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 9 Apr 2018 10:38:24 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> Message-ID: John, With all due respect, speaking as an end user who would face not a $100->$150 increase, but a $300->$450 increase mostly predicated on resources which are legacy and which weren?t costing me anything until ARIN restructured the way it charges end-users to convert me from paying one fee as an end-user to paying 3 fees (a change which, had I known was even possible, I would NOT have done the community-minded thing and signed the LRSA, keeping 2 of my 3 resources in the FREE category in perpetuity). This so-called ?modest? $150/year increase in my fees is neither desired, nor appreciated and frankly, no, I?m not seeing a significant expansion in recent years of the ARIN services I use or of the number of interactions I carry out with ARIN annually in relation to my resources (which, if you don?t count paying my invoices) is approximately zero. I realize that since end-users don?t have voting rights unless they subscribe to an additional $500/year poll tax, we are easy targets here, but I do not support the proposed increase being borne entirely by the end-user with no impact on ISPs. Owen > On Apr 9, 2018, at 08:59 , John Curran wrote: > > On 9 Apr 2018, at 10:07 AM, Bill Woodcock > wrote: >> >>> On Apr 9, 2018, at 6:43 AM, ARIN > wrote: >>> ARIN has increased operating costs in recent years to meet >>> customer demand for improved and broader services >> >> The membership seem to be relatively clear that they?re not in favor of scope-creep. And there are already 88 staff, the majority of whom are in Engineering. The theory was that they were supposed to be temporary contractors, doing one-time projects to automate ARIN registry functions. Yet the ?temporary? part never seems to come to a conclusion. >> >> Can you present the budget, and explain what specific new services you?re proposing to perform with this additional money, and give us a status-update on the progress being made toward specific goals by the existing 45 engineers? > > Bill (and David) - > > Both the specific deliverables accomplished, as well as the upcoming deliverables can be found online here > >, and here > respectively. > > The budget is always available online here > > along with the Strategic Plan and two-year operating plans which includes our annual objectives. For 2018, > we anticipate revenues of $20.9 USD million and expenses of $23.8 USD million, thus we are impacting our > reserves in the short term. Our base model does (as you note) include additional engineering ?surge" staffing > and this continues through 2018, although this does not continue in 2019. Even with that adjustment, ARIN > will be operating at approximately at $1.3 million USD net-to-reserves position each year on a going-forward > basis. > > So while ARIN?s present medium-term (5 year) financial outlook is solid, it not as robust as the Board has > traditionally sought ? specifically, with present plan and fee schedule we?ll be taking our reserves from $25.9 > million to approximately $21.6 million though 2022. This downward trajectory is likely to continue over the > long-term, and could even accelerate, since our annual revenue includes about $1.4M of investment income > that will drop in a corresponding manner with a declining reserve balance; hence why addressing the gap > is a simpler matter if done sooner rather than later. > > The proposed fee change would provide the following net increase in annual revenues: > > ? Facilitator fee - net revenue increase + $34,000 > ? End-user Maintenance fee: net revenue increase + $1,400,000 > ? LRSA holders Maintenance fees: net revenue increase + $33,500 > > The total annual revenue increase with the proposed fee schedule change is 1.47M USD, which would have ARIN > be net neutral to the reserves for the foreseeable future. The increase to facilitator fees was deemed appropriate > because we are seeing significant increased costs related to maintenance of that program (specifically in addressing > parties who are not actual participants but still call themselves ?ARIN Facilitators?. ) > > Regarding the maintenance fee increases, our end-user community engages in significant ongoing interactions with > ARIN and yet is approximately one fifth of ARIN's total revenue. Our investment in systems (such as ARIN Online) > benefit the entire ARIN community, and that community is disproportionately end-users. In fact, much of our most > improvements have been ?easy-of-use? related for the benefit of those smaller organizations that are new to ARIN > and doing requests for the first time. > > For the vast majority end-users, the fee change results in a modest $100 to $150 annual increase ?depending on > whether the organization has only one of IPv4 or IPv6 and an ASN, or both IPv4 block, IPv6 block, and an ASN. > While the total impact is still quite small in terms of individual end-user invoice, it is true that it could be deemed > a very significant increase when viewed on a percentage basis. This increase is not without corresponding value, > as the services provided have been quite enhanced over time (including improvements to ARIN Online allowing > easier administration, addition two-factor authentication, streamlined request and ticket sections, etc.) so those > using ARIN services have indeed benefitted from ARIN?s investments in staff and systems in recent years. > > I will cover this material in more detail at ARIN 41, but felt that the communities consideration of this matter > would be more productive with some fo the budget, development progress, and fee distribution information > that was being sought in the interim. Please do not hesitate ask any additional questions that would help > in consideration of this consultation. > > Thanks! > /John > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Mon Apr 9 13:53:24 2018 From: bill at herrin.us (William Herrin) Date: Mon, 9 Apr 2018 13:53:24 -0400 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: On Mon, Apr 9, 2018 at 9:43 AM, ARIN wrote: > The ARIN Board is proposing the following fee changes: > > * Increasing the annual registry maintenance fee paid by end users > for each IPv4 address block, IPv6 address block, and Autonomous System > Number (?ASN?) from $100 to $150 per object. Registration Services Plan > customers do not pay these annual registry maintenance fees as all > services are already covered in their plan. > * Increasing the annual Legacy maintenance fee for each IPv4 address > * Increasing the initial and annual registration fee for ARIN > Transfer Facilitators from $100 to $1,000, in order to cover rising > costs associated with services. > > We are seeking community feedback on these modifications to ARIN?s Fee > schedule that we intend to implement sometime mid-year 2018. Howdy, Some thoughts and questions: 1. Would you give us a historical perspective on the budget? What has ARIN spent each year since its inception in 1997? It would be helpful to see it in both actual and 2018 dollars. 2. The communications and outreach budgets total more than 1.5M which excludes member meetings and travel. What are they spent on? 3. Are Bill Woodcock's 88 staff and 45 engineer numbers correct? Would you elaborate? The folks I work for run an operation whose technical complexity is in the same ballpark as ARIN's but we do it with 15 engineers (operations and software development). 4. Would you break down the $1.5M travel budget? 5. What are you depreciating at more than 15% of the budget? 6. What alternatives to increasing end-user registration fees did the board evaluate? Why does it recommend increasing end-user fees instead of those alternatives? Thanks, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From jschiller at google.com Mon Apr 9 13:55:08 2018 From: jschiller at google.com (Jason Schiller) Date: Mon, 09 Apr 2018 17:55:08 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <23242.25259.537189.252627@gargle.gargle.HOWL> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <6F82871F-F3FF-45D5-8E18-8404359F6BD2@arin.net> <7D72EC19-D4FD-4854-9A00-E3838B2438AA@delong.com> <23242.25259.537189.252627@gargle.gargle.HOWL> Message-ID: One of the things that came up in the last consultation to expand the board was a specific ask wrt restrictions with the newly added seats, such as ensuring regionality (Canada, US, Caribbean), Gender, representative of member types (large IPS, small ISP, content provider, rural)... I think this whole discussion would be more fruitful if as you say, we agreed on requirements wrt the new board seats (and possibly some or all of the old ones). "This idea would probably make more sense if the specific diversifications desired were assigned to these new roles." I am less concerned about if these new board seats are voting or non-voting, so long as the have equal access to the board discussions and presence at the votes. In short, what wider representation of the Internet community is needed, and what restriction would be applied to the seats to ensure that. __Jason On Sun, Apr 8, 2018 at 2:43 PM wrote: > > I have no particular problem with expanding the board, let a thousand > flowers bloom (or ten anyhow.) > > HOWEVER, my unsolicited idea is why not create either multiple kinds > of board positions, where by "multiple" I'm thinking two at least to > begin, voting/non-voting or similar. > > Or another (small) "advisory" -- pick a word, let's not get hung up on > terminology -- board with enough teeth that it's not just token. > > I'd argue, for starters, just being in the room and having a role and > access to the same information would be enough to make it more than > just token. > > A lot of diversity depends on just being heard effectively as much as > specific voting/veto powers. > > This idea would probably make more sense if the specific > diversifications desired were assigned to these new roles. > > That could even be a transitional change, something to do for some > number of years, review the result, and take up expanding the board > per se, or not, at a later date. > > P.S. I do realize this would be more work in terms of organizational > and by-laws changes, etc than just expanding the existing board. It's > not as simple as changing a number. The new structures would have to > be defined and incorporated into existing structures including no > doubt legal considerations (e.g., how would such a newly defined role > be indemnified?) > > -- > -Barry Shein > > Software Tool & Die | bzs at TheWorld.com | > http://www.TheWorld.com > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD > The World: Since 1989 | A Public Information Utility | *oo* > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -- _______________________________________________________ Jason Schiller|NetOps|jschiller at google.com|571-266-0006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Mon Apr 9 14:15:29 2018 From: jcurran at arin.net (John Curran) Date: Mon, 9 Apr 2018 18:15:29 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> Message-ID: <2E047216-05E4-495D-84B5-63EF1C22A350@arin.net> On 9 Apr 2018, at 1:38 PM, Owen DeLong wrote: > > This so-called ?modest? $150/year increase in my fees is neither desired, nor appreciated and frankly, no, I?m not seeing > a significant expansion in recent years of the ARIN services I use or of the number of interactions I carry out with ARIN > annually in relation to my resources (which, if you don?t count paying my invoices) is approximately zero. Owen - Indeed ? those who have had their resources for some time are likely to have less interactions with ARIN, but we still get requests for changes due to changing circumstances, and the average party coming to us is not quite as familiar with ARIN and its processes as you are... > I realize that since end-users don?t have voting rights unless they subscribe to an additional $500/year poll tax, we are easy targets here, but I do not support the proposed increase being borne entirely by the end-user with no impact on ISPs. While end-users do not have voting rights, our community consultation processes are open to all (just as our policy development processes), so end-users have significant input into ARIN direction regardless ? also note that organizations can consolidation their resources under a single agreement, pay as the appropriate size registration services plan (which may be less in some cases the per-object maintainance fees, and become a voting ARIN member in the process.) Thanks! /John John Curran President and CEO ARIN From woody at pch.net Mon Apr 9 14:19:44 2018 From: woody at pch.net (Bill Woodcock) Date: Mon, 9 Apr 2018 11:19:44 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: <0BADF50E-CD66-4CCA-8527-2FE93C0F58C8@pch.net> > 3. Are Bill Woodcock's 88 staff and 45 engineer numbers correct? Would > you elaborate? The folks I work for run an operation whose technical > complexity is in the same ballpark as ARIN's but we do it with 15 > engineers (operations and software development). I just pulled it off the web site. I don?t know how up-to-date it is. I was surprised that the number was that large. https://www.arin.net/about_us/org_chart.html -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From owen at delong.com Mon Apr 9 14:30:14 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 9 Apr 2018 11:30:14 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <2E047216-05E4-495D-84B5-63EF1C22A350@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <2E047216-05E4-495D-84B5-63EF1C22A350@arin.net> Message-ID: <6985BEBF-3637-457B-B823-03E13DA30C02@delong.com> > On Apr 9, 2018, at 11:15 , John Curran wrote: > > On 9 Apr 2018, at 1:38 PM, Owen DeLong wrote: >> >> This so-called ?modest? $150/year increase in my fees is neither desired, nor appreciated and frankly, no, I?m not seeing >> a significant expansion in recent years of the ARIN services I use or of the number of interactions I carry out with ARIN >> annually in relation to my resources (which, if you don?t count paying my invoices) is approximately zero. > > Owen - > > Indeed ? those who have had their resources for some time are likely to have less interactions with ARIN, but we still get requests for changes due to changing circumstances, and the average party coming to us is not quite as familiar with ARIN and its processes as you are? Correct me if I am wrong, but the majority of these ?enhanced? services have been generated not at the best of (nor primarily used by) end-users, but more by subscriber members? If that?s the case, then I suggest you seek to bill them for the increased costs. If you believe that end-users are using a disproportionately high fraction of these enhanced services that are running up the budget, then I?d like to see what that is based on. >> I realize that since end-users don?t have voting rights unless they subscribe to an additional $500/year poll tax, we are easy targets here, but I do not support the proposed increase being borne entirely by the end-user with no impact on ISPs. > > > While end-users do not have voting rights, our community consultation processes are open to all (just as our policy development processes), so end-users have significant input into ARIN direction regardless ? also note that organizations can consolidation their resources under a single agreement, pay as the appropriate size registration services plan (which may be less in some cases the per-object maintainance fees, and become a voting ARIN member in the process.) Well? If this increase goes through, then in a few years, you?ll have narrowed my gap to $50, but you won?t let me consolidate under the existing agreement I prefer, instead wanting to force me into one of the more current agreements. Forgive me after already being shafted once by signing an ARIN agreement for being a bit gun-shy on signing a new ?improved? ARIN agreement. Hopefully I only have to deal with this pain for a few more years before I can discard or sell my antiquated 32-bit numbers and migrate to a v6-only network, but alas, when it comes to that, I am largely at the mercy of others. Owen From owen at delong.com Mon Apr 9 14:36:00 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 9 Apr 2018 11:36:00 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <6985BEBF-3637-457B-B823-03E13DA30C02@delong.com> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <2E047216-05E4-495D-84B5-63EF1C22A350@arin.net> <6985BEBF-3637-457B-B823-03E13DA30C02@delong.com> Message-ID: > On Apr 9, 2018, at 11:30 , Owen DeLong wrote: > > > >> On Apr 9, 2018, at 11:15 , John Curran wrote: >> >> On 9 Apr 2018, at 1:38 PM, Owen DeLong wrote: >>> >>> This so-called ?modest? $150/year increase in my fees is neither desired, nor appreciated and frankly, no, I?m not seeing >>> a significant expansion in recent years of the ARIN services I use or of the number of interactions I carry out with ARIN >>> annually in relation to my resources (which, if you don?t count paying my invoices) is approximately zero. >> >> Owen - >> >> Indeed ? those who have had their resources for some time are likely to have less interactions with ARIN, but we still get requests for changes due to changing circumstances, and the average party coming to us is not quite as familiar with ARIN and its processes as you are? > > Correct me if I am wrong, but the majority of these ?enhanced? services have been generated not at the best of (nor primarily used by) end-users, but more by subscriber members? That should read ??not at the behest?? > > If that?s the case, then I suggest you seek to bill them for the increased costs. > > If you believe that end-users are using a disproportionately high fraction of these enhanced services that are running up the budget, then I?d like to see what that is based on. > >>> I realize that since end-users don?t have voting rights unless they subscribe to an additional $500/year poll tax, we are easy targets here, but I do not support the proposed increase being borne entirely by the end-user with no impact on ISPs. >> >> >> While end-users do not have voting rights, our community consultation processes are open to all (just as our policy development processes), so end-users have significant input into ARIN direction regardless ? also note that organizations can consolidation their resources under a single agreement, pay as the appropriate size registration services plan (which may be less in some cases the per-object maintainance fees, and become a voting ARIN member in the process.) > > Well? If this increase goes through, then in a few years, you?ll have narrowed my gap to $50, but you won?t let me consolidate under the existing agreement I prefer, instead wanting to force me into one of the more current agreements. > > Forgive me after already being shafted once by signing an ARIN agreement for being a bit gun-shy on signing a new ?improved? ARIN agreement. > > Hopefully I only have to deal with this pain for a few more years before I can discard or sell my antiquated 32-bit numbers and migrate to a v6-only network, but alas, when it comes to that, I am largely at the mercy of others. > > Owen > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From jcurran at arin.net Mon Apr 9 14:50:24 2018 From: jcurran at arin.net (John Curran) Date: Mon, 9 Apr 2018 18:50:24 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: On 9 Apr 2018, at 1:53 PM, William Herrin > wrote: Some thoughts and questions: 1. Would you give us a historical perspective on the budget? What has ARIN spent each year since its inception in 1997? It would be helpful to see it in both actual and 2018 dollars. Bill - The entire set of annual reports are all available online here: 2. The communications and outreach budgets total more than 1.5M which excludes member meetings and travel. What are they spent on? Communications is probably better read as ?Telecommunications? (i.e. composed of our main computing collocation sites and circuits interconnecting same, and our additional public-facing-sites colocated in Bay Area and Carribbean.) Outreach includes costs of supporting events such as ARIN One the Road series ARIN presence at speaking events such as HostingCon, ISPCA, WISPA, and the miscellaneous support for organizations that we are present at such as the US Internet governance forum (IGF), Caribbean IGF, etc. 3. Are Bill Woodcock's 88 staff and 45 engineer numbers correct? Would you elaborate? Yes, it is approximately correct. 4. Would you break down the $1.5M travel budget? That includes travel performed by the ARIN Board of Trustees, ARIN Advisory Council, ARIN ASO/AC members, and ARIN staff across all departments. 5. What are you depreciating at more than 15% of the budget? As reported in ARIN?s audited financials, ARIN depreciates major system software development costs over 5 years with straight-line depreciation. (Post-implementation and operational costs are expensed as incurred.) 6. What alternatives to increasing end-user registration fees did the board evaluate? Why does it recommend increasing end-user fees instead of those alternatives? As I noted in previous email, the Board considered the alternative of not raising the fees and facing a slow erosion of the reserves over time; given the reduction in engineering surge staffing planned in 2019, the annual net-to-reserves impact is modest enough that a change is maintenance fees is not absolutely required, but simply prudent if we wish to maintain level reserves. Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From snoble at sonn.com Mon Apr 9 15:49:46 2018 From: snoble at sonn.com (Steve Noble) Date: Mon, 09 Apr 2018 12:49:46 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> Message-ID: <5ACBC3DA.6090602@sonn.com> Hi John, This is a significant change and while you may personally view it as "modest increase", calling it so for those of us with a single object, is incorrect. I have personally been forced to pay this fee even when ARIN refused to provide any services to me and note: ARIN has not refunded the money paid while you refused to provide any services, especially the ones you list below. If you are claiming that it costs $150 a year to have an entry in a whois server, I disagree, if nothing else it should be going down. If you are saying that we should all pay the same whether we have more objects or need more help, I also disagree, you should charge end users based on their usage. Looking at your tax filings, In 2015, you reported that more than half of your expenses were compensation at 9.1MM. For 2016 the number appears to be 10.8MM. As Mr. Herrin noted, other organizations that have the same level of complexity, can do the work with significantly less engineers. As a non-profit you should be focused on delivering value to your customers, not charging more for the same service. For those who are interested, you can find the 990 filings for ARIN here : https://projects.propublica.org/nonprofits/organizations/541860956 John Curran wrote: > For the vast majority end-users, the fee change results in a > modest $100 to $150 annual increase ?depending on > whether the organization has only one of IPv4 or IPv6 and an ASN, > or both IPv4 block, IPv6 block, and an ASN. > While the total impact is still quite small in terms of individual > end-user invoice, it is true that it could be deemed > a very significant increase when viewed on a percentage basis. > This increase is not without corresponding value, > as the services provided have been quite enhanced over time > (including improvements to ARIN Online allowing > easier administration, addition two-factor authentication, > streamlined request and ticket sections, etc.) so those > using ARIN services have indeed benefitted from ARIN?s investments > in staff and systems in recent years. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rs at seastrom.com Mon Apr 9 16:07:36 2018 From: rs at seastrom.com (Rob Seastrom) Date: Mon, 9 Apr 2018 16:07:36 -0400 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: > On Apr 9, 2018, at 9:43 AM, ARIN wrote: > > * Increasing the annual registry maintenance fee paid by end users > for each IPv4 address block, IPv6 address block, and Autonomous System > Number (?ASN?) from $100 to $150 per object. Registration Services Plan > customers do not pay these annual registry maintenance fees as all > services are already covered in their plan. I would support this if it came with a modification of the LRSA to allow signatories to unravel it and return to their previous status without surrendering resources. -r From info at arin.net Mon Apr 9 16:42:02 2018 From: info at arin.net (ARIN) Date: Mon, 9 Apr 2018 16:42:02 -0400 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> On 9 April, the Consultation on Board Size was amended to include the link to the proposed Bylaws amendment necessary to effect the proposed change: https://www.arin.net/about_us/bot/20180216/exhibit_e.pdf Regards, Communications and Member Services American Registry for Internet Numbers (ARIN) On 4/6/18 2:14 PM, ARIN wrote: > In May 2017, the ARIN Board of Trustees proposed expansion of the size > of the Board of Trustees in order to increase opportunities for > diversity in the background of Board members, including geographical > and gender representation. This proposal was the topic of an energetic > community consultation with mixed outcome indicating both support and > concerns with such a change. The ARIN Board considered the outcome of > the consultation, but ultimately the measure did not achieve the > four-fifths approval threshold necessary for changing ARIN's Bylaws. > > In February of this year, the ARIN Board discussed an additional issue > related to the present size of the Board: specifically, the challenge > that a smaller Board poses when engaging in strategic discussions, for > example in regard to long-term direction or relationships with other > Internet organizations. While many of these topics are discussed with > the community prior to decision (e.g. formation of the NRO, support > for the IANA Stewardship Transition), it is often up to the ARIN Board > of Trustees to decide whether to explore these initiatives when they > are at an early stage. There is a very wide diversity of the Internet > ecosystem that can be affected by ARIN's strategic direction and this > includes Internet service providers of all sizes and types (transit, > access, etc.), Internet online and content industries, data center and > cloud operators, educational and government networks, commercial > firms, and civil society. While the Trustees elected by the community > often have a broad knowledge of the Internet ecosystem, seven Trustees > is a relatively small group to evaluate impacts across the entire > Internet ecosystem. > > As a result of this discussion, the ARIN Board agreed to initiate a > new community consultation to expand the number of elected Board > members from six to nine, in order to allow for wider representation > of the Internet community during Board discussions. > > *Board proposal:* > > ARIN should add three more elected voting seats to the Board of > Trustees, raising the current six (two elected per year) to nine > (three elected per year). New Board seats are to be added to the Board > in a phased manner ? one per year in the 2018 thru 2020 elections as > noted below > > * October 2018: 3 Board members will be elected for 2019; 8 > Trustee board (9 if the appointed seat is used) > * October 2019: 3 Board members will be elected for 2020; 9 > Trustee board (10 if the appointed seat is used) > * October 2020: 3 Board members will be elected for 2021; 10 > Trustee board (11 if the appointed seat is used) > > We are seeking community feedback on this proposed change to the size > of the ARIN Board of Trustees. This consultation will remain open for > at least 30 days. > > Please provide comments to arin-consult at arin.net. > > Discussion on arin-consult at arin.net will close on 14 May 2018. > > If you have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Mon Apr 9 17:23:07 2018 From: jcurran at arin.net (John Curran) Date: Mon, 9 Apr 2018 21:23:07 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <5ACBC3DA.6090602@sonn.com> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <5ACBC3DA.6090602@sonn.com> Message-ID: On 9 Apr 2018, at 3:49 PM, Steve Noble > wrote: Hi John, This is a significant change and while you may personally view it as "modest increase", calling it so for those of us with a single object, is incorrect. I have personally been forced to pay this fee even when ARIN refused to provide any services to me and note: ARIN has not refunded the money paid while you refused to provide any services, especially the ones you list below. Steve - As discussed perviously on several ARIN mailing lists with you, ARIN does prevent parties with no clear association with a resource from making changes. I believe that the specific issue has been cleared up in your case, but recognize that ARIN is also subject to parties attempting to hijack resources and thus is somewhat pedantic in this regard. If you are claiming that it costs $150 a year to have an entry in a whois server, I disagree, if nothing else it should be going down. At this time, we charge $100 per year maintenance fee for all end-user resource records, and that is approximately 15% of ARIN?s total revenue (estimated $2.9M USD of ARIN?s $20.4M total revenue plan in 2019) We charge ISPs (and others who opt for it) under a registration services plan that is based on total number resource holdings, and in total is approximate 75% of ARIN annual revenue (estimated $14.4M USD of our $20.4M total revenue plan in 2019) We presently do not bill either customer category separately for making changes, interacting with ARIN, etc. We could do so, but starting back in 2014 the community spent several years discussing fee models and ultimately came down to this simple model of having two major categories: ISP/registration services plan and End-users with Maintenance fees. That model has generally worked well, but over the next five years will result in a gradual reduction of ARIN?s financial reserves to approximately 50% of our annual budget. Note that there are have been times in the past when we had the opposite problem, with reserves growing beyond our intended range (and ARIN customers concerned that we weren't fast enough in addressing their requests for improvements to our systems...) We did add additional staff and have made great progress in improvements to our systems ? this can be seen in both the list of accomplished functionality as well as the results of our most recent customer satisfaction survey, which we will talk about in more detail next week at ARIN 41 in MIami. The question now posed by the ARIN Board of Trustees is whether the facilitator fees and end-user maintenance fees should be raised, as this would result in approximately $1.4M per year revenue and allow the organization to maintain a steady reserves position. Looking at your tax filings, In 2015, you reported that more than half of your expenses were compensation at 9.1MM. For 2016 the number appears to be 10.8MM. As Mr. Herrin noted, other organizations that have the same level of complexity, can do the work with significantly less engineers. As a non-profit you should be focused on delivering value to your customers, not charging more for the same service. ARIN is indeed focused on delivering more value to its customers ? You may not utilize our two-factor authentication system, our RPKI services, our improved interface for making resource requests and transfers, our RESTful interface to the registry, our RDAP services or now-being-refreshed IRR services, but even if you do not use these services yourself, they make for a better and more accurate registry, and thus improve the value received by everyone. The Board of Trustees ultimately has to decide the rate that we invest in our services, the best fee structure for recovery, and the most appropriate financial position ? hence this consultation seeking input on changing the fee schedule as proposed. Thank you, /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Mon Apr 9 17:31:24 2018 From: bill at herrin.us (William Herrin) Date: Mon, 9 Apr 2018 17:31:24 -0400 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: On Mon, Apr 9, 2018 at 2:50 PM, John Curran wrote: > On 9 Apr 2018, at 1:53 PM, William Herrin wrote: > 1. Would you give us a historical perspective on the budget? What has > ARIN spent each year since its inception in 1997? It would be helpful > to see it in both actual and 2018 dollars. > > The entire set of annual reports are all available online here: > Thanks John, I'll spare everyone else the effort of digging it out: Year: ARIN expenses, ARIN expenses approximated in 2018 dollars 1999: $2,239,707, $3,390,000 2000: $2,806,837, $4,116,000 2001: $3,754,738, $5,318,000 2002: $6,120,209, $8,570,000 2003: $6,357,298, $8,645,000 2004: $6,883,258, $9,204,000 2005: $7,590,880, $9,854,000 2006: $8,653,757, $10,844,000 2007: $9,825,489, $12,021,000 2008: $11,256,656, $13,277,000 2009: $12,141,253, $14,317,000 2010: $13,175,097, $15,139,000 2011: $14,366,655, $16,242,000 2012: $15,551,514, $17,082,000 2013: $15,520,000, $16,781,000 2014: $16,329,920, $17,381,000 2015: $18,039,970, $19,218,000 2016: $21,937,057, $23,055,000 2017: $23,700,000 (projected) 2018: $23,866,000 (projected) I used https://data.bls.gov/cgi-bin/cpicalc.pl to estimate 2018 dollars. Other estimating tools give slightly different, typically smaller numbers. > Communications is probably better read as ?Telecommunications? > (i.e. composed of our main computing collocation sites and circuits > interconnecting same, and our additional public-facing-sites colocated > in Bay Area and Carribbean.) Probably better written as Telecommunications then. Folks reading financial reports understand communications to mean something different. > 5. What are you depreciating at more than 15% of the budget? > > As reported in ARIN?s audited financials, ARIN depreciates major system > software > development costs over 5 years with straight-line depreciation. > (Post-implementation > and operational costs are expensed as incurred.) I understand this to mean that over the past 5 years ARIN has incurred approximately $19,000,000 of software development expenses IN ADDITION TO paying staff software engineer salaries, benefits and similar employee costs. Is that accurate? > 6. What alternatives to increasing end-user registration fees did the > board evaluate? Why does it recommend increasing end-user fees instead > of those alternatives? > > As I noted in previous email, the Board considered the alternative of not > raising the fees > and facing a slow erosion of the reserves over time; given the reduction > in engineering > surge staffing planned in 2019, the annual net-to-reserves impact is > modest enough that > a change is maintenance fees is not absolutely required, but simply > prudent if we wish to > maintain level reserves. Just so I'm clear, no other form of fee change was tabled or considered? Thanks, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From owen at delong.com Mon Apr 9 18:46:16 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 9 Apr 2018 15:46:16 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <5ACBC3DA.6090602@sonn.com> Message-ID: > On Apr 9, 2018, at 14:23 , John Curran wrote: > > On 9 Apr 2018, at 3:49 PM, Steve Noble > wrote: >> Hi John, >> >> This is a significant change and while you may personally view it as "modest increase", calling it so for those of us with a single object, is incorrect. I have personally been forced to pay this fee even when ARIN refused to provide any services to me and note: ARIN has not refunded the money paid while you refused to provide any services, especially the ones you list below. > > Steve - > > As discussed perviously on several ARIN mailing lists with you, ARIN does prevent > parties with no clear association with a resource from making changes. I believe that > the specific issue has been cleared up in your case, but recognize that ARIN is also > subject to parties attempting to hijack resources and thus is somewhat pedantic in this > regard. Sure, but asking for a refund during the time that you ?couldn?t clearly associate him? for managing the resources, yet clearly enough associated him to take his money does seem like a reasonable request, since clearly even though he was paid in good standing, he was being refused ARIN services. >> If you are claiming that it costs $150 a year to have an entry in a whois server, I disagree, if nothing else it should be going down. > > At this time, we charge $100 per year maintenance fee for all end-user resource records, > and that is approximately 15% of ARIN?s total revenue (estimated $2.9M USD of ARIN?s > $20.4M total revenue plan in 2019) > > We charge ISPs (and others who opt for it) under a registration services plan that is based > on total number resource holdings, and in total is approximate 75% of ARIN annual revenue > (estimated $14.4M USD of our $20.4M total revenue plan in 2019) > > We presently do not bill either customer category separately for making changes, interacting > with ARIN, etc. We could do so, but starting back in 2014 the community spent several > years discussing fee models and ultimately came down to this simple model of having two > major categories: ISP/registration services plan and End-users with Maintenance fees. > > That model has generally worked well, but over the next five years will result in a gradual > reduction of ARIN?s financial reserves to approximately 50% of our annual budget. Note > that there are have been times in the past when we had the opposite problem, with reserves > growing beyond our intended range (and ARIN customers concerned that we weren't fast > enough in addressing their requests for improvements to our systems?) And you (and the board) somehow felt that sticking the entirety of this fee increase to the 15% without any changes to the other 75% was a good idea why? > We did add additional staff and have made great progress in improvements to our systems ? > this can be seen in both the list of accomplished functionality > > as well as the results of our most recent customer satisfaction survey, which we will talk > about in more detail next week at ARIN 41 in MIami. And what fraction of those additional staff are serving the end-users that generate 15% of current revenue? > The question now posed by the ARIN Board of Trustees is whether the facilitator fees and > end-user maintenance fees should be raised, as this would result in approximately $1.4M > per year revenue and allow the organization to maintain a steady reserves position. Why isn?t the board asking about a corresponding increase to ISP fees? If we spread this increase across all constituents instead of just end-users and facilitators, seems to me that the increase per ORG would be significantly less, would it not? >> Looking at your tax filings, In 2015, you reported that more than half of your expenses were compensation at 9.1MM. For 2016 the number appears to be 10.8MM. As Mr. Herrin noted, other organizations that have the same level of complexity, can do the work with significantly less engineers. As a non-profit you should be focused on delivering value to your customers, not charging more for the same service. > > ARIN is indeed focused on delivering more value to its customers ? > > You may not utilize our two-factor authentication system, our RPKI services, our improved > interface for making resource requests and transfers, our RESTful interface to the registry, > our RDAP services or now-being-refreshed IRR services, but even if you do not use these > services yourself, they make for a better and more accurate registry, and thus improve the > value received by everyone. The Board of Trustees ultimately has to decide the rate that we > invest in our services, the best fee structure for recovery, and the most appropriate financial > position ? hence this consultation seeking input on changing the fee schedule as proposed. RESTful shouldn?t be costing more at this point. It?s a completed project. RDAP should be nearing completion, so that shouldn?t be an ongoing cost increase (or at least not a significant one). Similarly with RPKI, but, if I have to choose between discarding RPKI and paying more per year, that?s an easy choice and RPKI doesn?t win. In it?s current (and likely permanent) state, RPKI is little more than a cryptographically signed indicator of what to prepend to your spoofed announcements. Please explain how that provides a better and/or more accurate registry or improves the value received by anyone? I agree the surge was necessary while there were some serious problems with legacy systems that needed to be retired. However, that effort should be approaching completion and as such, I?d rather see us un-surge even if it delays implementation of some new or upcoming features. Owen -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Mon Apr 9 18:49:40 2018 From: owen at delong.com (Owen DeLong) Date: Mon, 9 Apr 2018 15:49:40 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: +1 Owen > On Apr 9, 2018, at 13:07 , Rob Seastrom wrote: > > > >> On Apr 9, 2018, at 9:43 AM, ARIN wrote: >> >> * Increasing the annual registry maintenance fee paid by end users >> for each IPv4 address block, IPv6 address block, and Autonomous System >> Number (?ASN?) from $100 to $150 per object. Registration Services Plan >> customers do not pay these annual registry maintenance fees as all >> services are already covered in their plan. > > I would support this if it came with a modification of the LRSA to allow signatories to unravel it and return to their previous status without surrendering resources. > > -r > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From woody at pch.net Mon Apr 9 19:02:02 2018 From: woody at pch.net (Bill Woodcock) Date: Mon, 9 Apr 2018 16:02:02 -0700 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: This whole conversation feels very much cart-leading-the-horse to me, and it always did while I was on the board, as well? I?ve handled budgets for dozens of companies over the last thirty, about half-and-half for-profit and non-profit, and in all that time, ARIN is the ONLY one in which the CEO said what he wanted to spend, and everyone else hopped to it to produce that much money. In EVERY other organization in which I?ve been involved with the finances, the board set a budget target, and the CEO produced a budget which met that target, whatever it might be. I don?t understand what makes ARIN so fundamentally different from every other organization, that we can?t behave normally. Does the board have some reason to WANT to spend more money this year? If so, why? What?s the policy goal of spending more money than we have? If there?s no goal, then that?s the cart leading the horse. Define your goals, and then work to achieve them. Don?t do random stuff because it feels nice, and then have to play catch-up to pay for it. That?s amateur-hour. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From jcurran at arin.net Mon Apr 9 20:48:57 2018 From: jcurran at arin.net (John Curran) Date: Tue, 10 Apr 2018 00:48:57 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> Message-ID: <47F9DBCC-851C-47B0-8DDD-1FBC44DA366A@arin.net> On 9 Apr 2018, at 7:02 PM, Bill Woodcock wrote: > > This whole conversation feels very much cart-leading-the-horse to me, and it always did while I was on the board, as well? I?ve handled budgets for dozens of companies over the last thirty, about half-and-half for-profit and non-profit, and in all that time, ARIN is the ONLY one in which the CEO said what he wanted to spend, and everyone else hopped to it to produce that much money. In EVERY other organization in which I?ve been involved with the finances, the board set a budget target, and the CEO produced a budget which met that target, whatever it might be. I don?t understand what makes ARIN so fundamentally different from every other organization, that we can?t behave normally. Bill - Actually, ARIN isn?t all that different than other organizations, and that?s because we?ve worked diligently over the last 5 years to establish a more traditional planning and budgeting process (prior to that time there was not a clear process for setting ARIN objectives or budget priorities) There is nothing that stops the ARIN Board from setting a two-year budget target that is lower than previous year's during our August strategy planning session ? I will certainly provide a budget that fits what requirement is provided. During the 2017 budget planning process, I proposed reducing expenses for ARIN significantly starting at the beginning of 2018, but the Board (of which you were a member) provided guidance that in 2018 we would conserve expenses where possible but continue at present staffing levels, in order to continue the significant progress being made with engineering deliverables, and look to year-end 2018/early 2019 for more significant reductions in expenses. > Does the board have some reason to WANT to spend more money this year? If so, why? The current two-year budget does incorporate a year-over-year staff reduction at the end of 2018. As a result, ARIN?s 2019 expenses will be significantly closer to revenues even under the current fee schedule ? i.e. rather than $2.8M USD reduction in reserves, the annual impact to reserves in 2019 and going forward will be about half that (approximately $1.4M USD.) ARIN?s reserves are quite sufficient to sustain that burn rate for short-term, but not indefinitely. One way to address the remaining misalignment would be to have further reductions in expenses, and that can be done but obviously would have some impact to the goals and objectives that can be achieved. The proposed fee increase is another way possible way to address the mismatch, and labelling it as ?wanting to spend more money? is a rather poor characterization given that 2019 has lower expenses than 2018. The sole reason I brought the fee increase proposal forth is to address the other financial priority expressed by the Board during the same budget planning process: specifically, to balance ARIN revenues and expenses over the long-term. Thanks, /John John Curran President and CEO ARIN -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 874 bytes Desc: Message signed with OpenPGP URL: From jcurran at arin.net Mon Apr 9 21:23:43 2018 From: jcurran at arin.net (John Curran) Date: Tue, 10 Apr 2018 01:23:43 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <5ACBC3DA.6090602@sonn.com> Message-ID: <07B7069A-3082-441E-A1D3-A4150DD69F6A@arin.net> On 9 Apr 2018, at 6:46 PM, Owen DeLong wrote: > > And you (and the board) somehow felt that sticking the entirety of this fee increase to the 15% > without any changes to the other 75% was a good idea why? ARIN?s expenses are principally recovered from the 5,750 registration services plan organizations; these organizations pay fees ranging from $250 year to $256,000 USD per year, i.e. just over $2500 each on average and about $14.4M USD annually in total. There are approximately 15 thousand ARIN end-user customers who collectively pay $2.9M in fees; approximately $200 annually on average, and that would rise to $300 annually on average with the proposed fee increase. If there is to be a fee increase, than an increase to the end-user fees has the benefit of being spread over more organizations and yields a more equitable recovery ARIN?s expenses while still operating under the current fee framework. ARIN has significant fixed expenses and while one can argue that end-users who don?t need anything other than stable registry operations shouldn?t have to pay more to ARIN, one could just as easily argue that IP addresses for ISPs that don?t need any services in a year shouldn?t result in their significantly larger fees. In the end, it is clear that all customers benefit from the registry, even if no makes a single change or request all year. > Why isn?t the board asking about a corresponding increase to ISP fees? > > If we spread this increase across all constituents instead of just end-users and facilitators, > seems to me that the increase per ORG would be significantly less, would it not? Obviously one could vary the allocation of revenue increase among the two constituencies to achieve any desired outcome, but If evenly spread by number of organizations, it would not yield a significantly different outcome (changing the divisor from 15000 to 20000 total would mean a $35/year per object maintenance increase instead of a $50/year per object increase.) Thanks, /John John Curran President and CEO American Registry for Internet Numbers (ARIN) From bill at herrin.us Mon Apr 9 23:41:03 2018 From: bill at herrin.us (William Herrin) Date: Mon, 9 Apr 2018 23:41:03 -0400 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: <07B7069A-3082-441E-A1D3-A4150DD69F6A@arin.net> References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <5ACBC3DA.6090602@sonn.com> <07B7069A-3082-441E-A1D3-A4150DD69F6A@arin.net> Message-ID: On Mon, Apr 9, 2018 at 9:23 PM, John Curran wrote: > ARIN has significant fixed expenses and while one can argue that end-users who don?t need anything > other than stable registry operations shouldn?t have to pay more to ARIN, one could just as easily argue > that IP addresses for ISPs that don?t need any services in a year shouldn?t result in their significantly > larger fees. Or argue that there shouldn't be two classes of registrant, just one with fees scaling in direct proportion to the number holdings. Or retort that if the fees are directly proportional, the votes should be too. But this just rehashes old arguments. Maybe we should throw ideas out there, even if they're dumb ideas, as long as they're fresh. Here's one: Pain point: Lack of diversity in the voting membership yields lack of diversity on the board Pain point: End users with a /24 asked to pay two orders of magnitude more per address held than ISPs with /9's. Pain point: ISPs really hate to publish customer information via SWIP. They'd rather act as privacy agents like the DNS providers do. Pain point: slow IPv6 adoption. Tie them together and: single type of registrant, all voting members with one vote per organization. Fees assessed based on number of IPv4 addresses held but not permanently reassigned to third parties. Fixed dollar amount per address times number of addresses. Addresses considered reassigned (excepted from fee) only when SWIPed with complete and accurate public information about the assignee. Ephemeral assignments (dynamic IPs) are not considered reassigned. Some minimum floor fee like $100. Fees ignore AS numbers and IPv6 addresses (for now). Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From jschiller at google.com Tue Apr 10 00:25:46 2018 From: jschiller at google.com (Jason Schiller) Date: Tue, 10 Apr 2018 04:25:46 +0000 Subject: [ARIN-consult] Consultation on Proposed 2018 Fee Schedule Changes In-Reply-To: References: <8b692b62-277e-4be8-fed6-8d7f8c12e9a4@arin.net> <61F9666B-FBF1-492C-BD7D-2458DA95104B@pch.net> <5ACBC3DA.6090602@sonn.com> <07B7069A-3082-441E-A1D3-A4150DD69F6A@arin.net> Message-ID: 1. I generally support increased fees if it means continuing to get the IT development that the community wants. 2. Please dear god, do not make fees scaling. 3. The smallest organizations should not see a fee increase. 1. I generally support increased fees if it means continuing to get the IT development that the community wants. (I lament the fact we lack a services document) (please fix IRR and closely couple it to whois) (Close out all the ACSP) 2. Please dear god, do not make fees scaling. I like the predictability of knowing how much a large will pay next year, and how much an extra large will pay next year. I have a good idea if in a given year I'm going to cross into a bigger fee category, and can thus plan budgets year over year easily. Please do not require me to regularly adjust my anticipated spend each time the my IP holdings change, using some web based IP calculator. 3. The smallest organizations should not see a fee increase. For the very small organizations, the fees can be burdensome, and an increase of 50% is significant. Very small is arbitrary, but for sake of argument, I'd say any one with less than two IPv4 blocks, one IPv6 block, one ASN , and no registration services (no delegations), should not see a fee increase. In fact I'd like to see this category go down in price. You think an organization with a single /8 and no registration services isn't small and should pay more than $100/year, then make some sort of exception like total holding must be less than 2X-small service category. The larger categories can absorb and off set these fees. You want to scale the increase in fees proportionally by size of the various buckets? fine. You want to scale the increase in fees proportionally by size of the various buckets, but limit the increase to XL and above? fine. You want to scale the increase in fees proportionally by size of the various buckets, but limit the increase to 3-XL and above? fine. ___Jason On Mon, Apr 9, 2018 at 11:41 PM William Herrin wrote: > On Mon, Apr 9, 2018 at 9:23 PM, John Curran wrote: > > ARIN has significant fixed expenses and while one can argue that > end-users who don?t need anything > > other than stable registry operations shouldn?t have to pay more to > ARIN, one could just as easily argue > > that IP addresses for ISPs that don?t need any services in a year > shouldn?t result in their significantly > > larger fees. > > Or argue that there shouldn't be two classes of registrant, just one > with fees scaling in direct proportion to the number holdings. > > Or retort that if the fees are directly proportional, the votes should be > too. > > But this just rehashes old arguments. Maybe we should throw ideas out > there, even if they're dumb ideas, as long as they're fresh. Here's > one: > > > Pain point: Lack of diversity in the voting membership yields lack of > diversity on the board > > Pain point: End users with a /24 asked to pay two orders of magnitude > more per address held than ISPs with /9's. > > Pain point: ISPs really hate to publish customer information via SWIP. > They'd rather act as privacy agents like the DNS providers do. > > Pain point: slow IPv6 adoption. > > > Tie them together and: single type of registrant, all voting members > with one vote per organization. Fees assessed based on number of IPv4 > addresses held but not permanently reassigned to third parties. Fixed > dollar amount per address times number of addresses. Addresses > considered reassigned (excepted from fee) only when SWIPed with > complete and accurate public information about the assignee. Ephemeral > assignments (dynamic IPs) are not considered reassigned. Some minimum > floor fee like $100. Fees ignore AS numbers and IPv6 addresses (for > now). > > > Regards, > Bill Herrin > > > -- > William Herrin ................ herrin at dirtside.com bill at herrin.us > Dirtside Systems ......... Web: > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -- _______________________________________________________ Jason Schiller|NetOps|jschiller at google.com|571-266-0006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Tue Apr 10 09:40:11 2018 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Apr 2018 06:40:11 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> Message-ID: Given that one of the proposed reasons for expanding the ARIN board is the theory that this is necessary in order to achieve Caribbean representation, might it not be prudent to see what comes of items 3 and 4 from the March 23 Board meeting? https://www.arin.net/about_us/bot/bot2018_0323.html In particular, Item 4 which is the following motion which was passed in a 5:1:1 vote (Dan Alexander opposing, John Curran abstaining): "Resolved, the ARIN Board of Trustees recognizes the need to improve Board diversity with regard to Caribbean background, and hereby appoints Patrick Gilmore, Dan Alexander, and, Bill Sandiford, with Bill Sandiford as Chair, to a special "2018 Appointment Candidate Committee" that shall be charged with recruiting, reviewing, and recommending candidates for appointment to the ARIN Board per the ARIN Board Appointment Process to address this concern.? Owen > On Apr 9, 2018, at 13:42 , ARIN wrote: > > On 9 April, the Consultation on Board Size was amended to include the link to the proposed Bylaws amendment necessary to effect the proposed change: > > https://www.arin.net/about_us/bot/20180216/exhibit_e.pdf > > Regards, > > Communications and Member Services > American Registry for Internet Numbers (ARIN) > > On 4/6/18 2:14 PM, ARIN wrote: >> In May 2017, the ARIN Board of Trustees proposed expansion of the size of the Board of Trustees in order to increase opportunities for diversity in the background of Board members, including geographical and gender representation. This proposal was the topic of an energetic community consultation with mixed outcome indicating both support and concerns with such a change. The ARIN Board considered the outcome of the consultation, but ultimately the measure did not achieve the four-fifths approval threshold necessary for changing ARIN's Bylaws. >> >> In February of this year, the ARIN Board discussed an additional issue related to the present size of the Board: specifically, the challenge that a smaller Board poses when engaging in strategic discussions, for example in regard to long-term direction or relationships with other Internet organizations. While many of these topics are discussed with the community prior to decision (e.g. formation of the NRO, support for the IANA Stewardship Transition), it is often up to the ARIN Board of Trustees to decide whether to explore these initiatives when they are at an early stage. There is a very wide diversity of the Internet ecosystem that can be affected by ARIN's strategic direction and this includes Internet service providers of all sizes and types (transit, access, etc.), Internet online and content industries, data center and cloud operators, educational and government networks, commercial firms, and civil society. While the Trustees elected by the community often have a broad knowledge of the Internet ecosystem, seven Trustees is a relatively small group to evaluate impacts across the entire Internet ecosystem. >> >> As a result of this discussion, the ARIN Board agreed to initiate a new community consultation to expand the number of elected Board members from six to nine, in order to allow for wider representation of the Internet community during Board discussions. >> >> *Board proposal:* >> >> ARIN should add three more elected voting seats to the Board of Trustees, raising the current six (two elected per year) to nine (three elected per year). New Board seats are to be added to the Board in a phased manner ? one per year in the 2018 thru 2020 elections as noted below >> >> * October 2018: 3 Board members will be elected for 2019; 8 Trustee board (9 if the appointed seat is used) >> * October 2019: 3 Board members will be elected for 2020; 9 Trustee board (10 if the appointed seat is used) >> * October 2020: 3 Board members will be elected for 2021; 10 Trustee board (11 if the appointed seat is used) >> >> We are seeking community feedback on this proposed change to the size of the ARIN Board of Trustees. This consultation will remain open for at least 30 days. >> >> Please provide comments to arin-consult at arin.net . >> >> Discussion on arin-consult at arin.net will close on 14 May 2018. >> >> If you have any questions, please contact us at info at arin.net . >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> >> >> > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Tue Apr 10 09:59:06 2018 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Apr 2018 06:59:06 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> Message-ID: <41AA0E3B-8358-4A91-A8C6-58074529F0B2@delong.com> If we do decide to move forward with this, rather than having a complex process forever enshrined in Article VI section 4, might it not be more prudent to treat this as any other board shortage due to (e.g. resignation)? That is, upon the decision to increase the board from 6 to 9, rather than phasing in over 3 years, instruct the nominating committee to expand the candidate slate in the next election and then process the election results as follows: The top three candidates receiving the most votes are elected to three year terms. The next candidate is elected to a 2 year term. The candidate receiving the fifth highest number of votes is elected to a 1 year term. (This is already documented in section 7 of the bylaws) This could be handled with minimal modification to section 4 (I suggest modifying section 3 to reflect ?one third of each body? being elected each year so that it doesn?t require update every time we change the numbers in either body. Proposed resulting language: Section 4. Terms of Service. The standard term of office of elected Trustees and Advisory Council members shall be three (3) years and shall comence on the first day of January following the completion of the election process. One third of the elected seats of each body shall be elected in rotating serial order each year. Trustees and Advisory Council members may be elected to serve multiple terms. The proposed language for Article VI Section 1 paragraph b seems reasonable. I would propose, however, that to facilitate the use of the propopsed language in section 4, a new section be inserted between Section 2 and Section 3 as follows: Section X. Changes in size of the Board or Advisory Council. a. Any change in the size of either of these bodies shall be accomplished by a corresponding change to the above sections of the bylaws (Section 1 b for the Board, Section 2 b for the Advisory Council). b. A decrease in the number of members of the body shall be accomplished by reducing the number of open slots in the next 3 elections (or fewer if reducing by fewer than 3 members). The number of slots shall be reduced by 1/3rd of the total reduction being enacted, with any remainder being added to the first one or two elections. c. An increase in the number shall be handled through the same process used to fill vacancies due to resignation or removal of a member from the body in question. (See section 7). Alternatively, Section 7 could be modified to incorporate the above procedures and expanded to cover the additional use cases. Owen > On Apr 9, 2018, at 13:42 , ARIN wrote: > > On 9 April, the Consultation on Board Size was amended to include the link to the proposed Bylaws amendment necessary to effect the proposed change: > > https://www.arin.net/about_us/bot/20180216/exhibit_e.pdf > > Regards, > > Communications and Member Services > American Registry for Internet Numbers (ARIN) > > On 4/6/18 2:14 PM, ARIN wrote: >> In May 2017, the ARIN Board of Trustees proposed expansion of the size of the Board of Trustees in order to increase opportunities for diversity in the background of Board members, including geographical and gender representation. This proposal was the topic of an energetic community consultation with mixed outcome indicating both support and concerns with such a change. The ARIN Board considered the outcome of the consultation, but ultimately the measure did not achieve the four-fifths approval threshold necessary for changing ARIN's Bylaws. >> >> In February of this year, the ARIN Board discussed an additional issue related to the present size of the Board: specifically, the challenge that a smaller Board poses when engaging in strategic discussions, for example in regard to long-term direction or relationships with other Internet organizations. While many of these topics are discussed with the community prior to decision (e.g. formation of the NRO, support for the IANA Stewardship Transition), it is often up to the ARIN Board of Trustees to decide whether to explore these initiatives when they are at an early stage. There is a very wide diversity of the Internet ecosystem that can be affected by ARIN's strategic direction and this includes Internet service providers of all sizes and types (transit, access, etc.), Internet online and content industries, data center and cloud operators, educational and government networks, commercial firms, and civil society. While the Trustees elected by the community often have a broad knowledge of the Internet ecosystem, seven Trustees is a relatively small group to evaluate impacts across the entire Internet ecosystem. >> >> As a result of this discussion, the ARIN Board agreed to initiate a new community consultation to expand the number of elected Board members from six to nine, in order to allow for wider representation of the Internet community during Board discussions. >> >> *Board proposal:* >> >> ARIN should add three more elected voting seats to the Board of Trustees, raising the current six (two elected per year) to nine (three elected per year). New Board seats are to be added to the Board in a phased manner ? one per year in the 2018 thru 2020 elections as noted below >> >> * October 2018: 3 Board members will be elected for 2019; 8 Trustee board (9 if the appointed seat is used) >> * October 2019: 3 Board members will be elected for 2020; 9 Trustee board (10 if the appointed seat is used) >> * October 2020: 3 Board members will be elected for 2021; 10 Trustee board (11 if the appointed seat is used) >> >> We are seeking community feedback on this proposed change to the size of the ARIN Board of Trustees. This consultation will remain open for at least 30 days. >> >> Please provide comments to arin-consult at arin.net . >> >> Discussion on arin-consult at arin.net will close on 14 May 2018. >> >> If you have any questions, please contact us at info at arin.net . >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> >> >> > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Apr 10 11:04:36 2018 From: jcurran at arin.net (John Curran) Date: Tue, 10 Apr 2018 15:04:36 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <41AA0E3B-8358-4A91-A8C6-58074529F0B2@delong.com> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <9b1e42d9-b867-9472-7ad8-249943292275@arin.net> <41AA0E3B-8358-4A91-A8C6-58074529F0B2@delong.com> Message-ID: <2CDA3E5D-2437-4D36-87D5-93B2D6752913@arin.net> On 10 Apr 2018, at 9:59 AM, Owen DeLong wrote: > > If we do decide to move forward with this, rather than having a complex process forever enshrined in Article VI section 4, might it not be more prudent to treat this as any other board shortage due to (e.g. resignation)? > > That is, upon the decision to increase the board from 6 to 9, rather than phasing in over 3 years, instruct the nominating committee to expand the candidate slate in the next election and then process the election results as follows: > The top three candidates receiving the most votes are elected to three year terms. > The next candidate is elected to a 2 year term. > The candidate receiving the fifth highest number of votes is elected to a 1 year term. > > (This is already documented in section 7 of the bylaws) Owen - Indeed, that would be a simpler approach. Upon drafting the change in a rather similar manner, it was pointed out to me during legal review that the recommendaed practice is to phase in the new board seats over time, as this provides for easier acclimation of new Board members, prevents sudden shifts in direction that could come from a dramatic shift in composition, and avoids creating a potential capture opportunity when adding a large number of seats in one election. While the transition language does remain in the Bylaws after its fulfilled its usefulness, this is quite common (and can always be cleaned up in any subsequent Bylaws update.) Thanks, /John John Curran President and CEO ARIN From adam at solidnetwork.org Tue Apr 10 11:21:53 2018 From: adam at solidnetwork.org (Adam Brenner) Date: Tue, 10 Apr 2018 08:21:53 -0700 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> Message-ID: <7c269988-aaab-a58c-dedc-13ffe2e0e462@solidnetwork.org> On 04/06/2018 11:14 AM, ARIN wrote: > In May 2017, the ARIN Board of Trustees proposed expansion of the size > of the Board of Trustees in order to increase opportunities for > diversity in the background of Board members, including geographical and > gender representation. As an ARIN member who holds IPv4, IPv6 and AS resources, I do NOT agree with this. If given the chance, I will vote NO. I will give the same response I did last time when this was mentioned to the community: The first and *only* priority from ARIN should be seeking candidates who are qualified for the position; diversity should not be in that conversation. In general: If you are NOT qualified to do the work you are either NOT hired for the position or you are fired from it. This is what happens around the world in every business. ARIN's board should not be any different. Is it up to the community (everyone) to decide which candidate should represent them via the current ARIN voting process. Any person may choose to vote on a candidate based on what ever factors *they* believe in. This could be: qualification, diversity, background, random guess, what region they are from, etc. ARIN simply needs to administer this process. This process *is already fair* -- we the community nominate/volunteer to run for the board AND elect the board. It has been like that for years, the entire community voting on who gets into the board. It is the ultimate democratic and fair process. Nothing needs to change and no additional board seats should be added in order to reach diversity. As said by others, simply adding more seats does NOT guarantee a diverse board. -- Adam Brenner, Chief Executive Officer SolidNetwork Technologies, Inc. From mysidia at gmail.com Tue Apr 10 12:48:16 2018 From: mysidia at gmail.com (Jimmy Hess) Date: Tue, 10 Apr 2018 11:48:16 -0500 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: <7c269988-aaab-a58c-dedc-13ffe2e0e462@solidnetwork.org> References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <7c269988-aaab-a58c-dedc-13ffe2e0e462@solidnetwork.org> Message-ID: On Tue, Apr 10, 2018 at 10:21 AM, Adam Brenner wrote: > The first and *only* priority from ARIN should be seeking candidates who are > qualified for the position; diversity should not be in that conversation. Agreed. A level of diversity in the demographics of board members is not necessary, and representation is not a superficial quality --- a board member from any region, culture, and demographic can represent ARIN members who are from any region, culture, or demographic. Qualified board members have the ability to represent the membership regardless of their own physical characteristics, or which region the board member happens to come from through their own experiences and through discussions with those they represent at public meetings, etc. Diversity is not a good reason for expanding the board which also incurs more annual expenses for ARIN to maintain a larger board, and may have undesirable result of reducing the effectiveness of a board which is currently effective, since larger committees have more difficulties coming into agreement. Expanding the size also increases the risk of members voting in a less-qualified or non-qualified candidate onto the board, Because there are fewer qualified candidates than openings available to nominate, and the voting system will pick up someone with the most votes, even if that is 1 vote. -- -JH From alyssa at alyssamoore.ca Tue Apr 10 14:00:59 2018 From: alyssa at alyssamoore.ca (Alyssa Moore) Date: Tue, 10 Apr 2018 18:00:59 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <3b14c137-01cf-dca5-5da6-3adb752ee976@arin.net> <7c269988-aaab-a58c-dedc-13ffe2e0e462@solidnetwork.org> Message-ID: Much of this conversation has veered into the weeds of diversity in terms of things like gender and region, while it seems to me the proposal before us has to do with increasing the diversity of professional backgrounds and organizational representation. There's a provision in the bylaws for appointing one seat per year. Rather than adding traditional elected seats, perhaps that number could be increased and constraints around appointments relaxed. This way the Board could use it, when necessary (and perhaps it will be necessary most years) to fill any vacuums they've identified. In an ideal democracy the community would simply elect a group with a perfectly balanced skill-set for known and unknown challenges they may face, but I don't think any of us live in that world. My $0.02 CAD (or $0.016 USD). On Tue, Apr 10, 2018 at 10:48 AM Jimmy Hess wrote: > On Tue, Apr 10, 2018 at 10:21 AM, Adam Brenner > wrote: > > > The first and *only* priority from ARIN should be seeking candidates who > are > > qualified for the position; diversity should not be in that conversation. > > Agreed. A level of diversity in the demographics of board members > is not necessary, and > representation is not a superficial quality --- a board member from > any region, culture, and > demographic can represent ARIN members who are from any region, > culture, or demographic. > > Qualified board members have the ability to represent the membership > regardless of their > own physical characteristics, or which region the board member > happens to come from through > their own experiences and through discussions with those they > represent at public meetings, > etc. > > Diversity is not a good reason for expanding the board which also > incurs more annual expenses for ARIN > to maintain a larger board, and may have undesirable result of > reducing the effectiveness of > a board which is currently effective, since larger committees have > more difficulties coming into agreement. > > Expanding the size also increases the risk of members voting in a > less-qualified or non-qualified > candidate onto the board, Because there are fewer qualified > candidates than openings available to > nominate, and the voting system will pick up someone with the most > votes, even if that is 1 vote. > > > -- > -JH > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -- Alyssa Moore Policy & Strategy Advisor Cybera -------------- next part -------------- An HTML attachment was scrubbed... URL: From farmer at umn.edu Tue Apr 10 14:13:31 2018 From: farmer at umn.edu (David Farmer) Date: Tue, 10 Apr 2018 13:13:31 -0500 Subject: [ARIN-consult] Amended ACSP Consultation: Expanding the Size of the ARIN Board of Trustees In-Reply-To: <20180410150011.36BD960350@hive.arin.net> References: <20180410150011.36BD960350@hive.arin.net> Message-ID: I am not opposed to the idea of expanding the board, a change from six to nine elected board members with the CEO as an ex officio member seems reasonable to me. However, I cannot support the current proposal as written. The primary flaw I see in the current proposal is that it simply expands the board without modifying how the board is selected. I believe the issue at hand is as much about how the board is selected as much as it is about the size of the board. Currently, a combined slate of candidates is proposed by the nominating committee for the two board positions up for election each year, and the two candidates with the most votes from the combined slate are selected. This sometimes degrades into a popularity contest. Name recognition plays as big a role as the qualifications of a candidate in determining who prevails, potentially leaving the board without necessary expertise even though the slate may have included candidates with the necessary expertise. Just adding another position selected by this same process, selecting the three candidates with the most votes from the combined slate, I fear will only have a nominal effect on the composition of the board, and simply result in a larger board with many of the same issues. In addition to expanding the board, I suggest each of the three board positions up for election have a separate slate of two or more candidates each year, instead of the current process with it's combined slate. This allows the nominating committee, with advice from the board, to select candidates with the expertise needed by the board to compete for a single position and ensure a candidate with the necessary expertise will prevail in the election. I don't think criteria for each position should be enshrined in the bylaws, as the needs of the board will change and evolve over time, but many of the issues discussed recently should be considered; sector representation, organization types, etc... Thanks. On Tue, Apr 10, 2018 at 10:00 AM, ARIN wrote: > (You are only receiving this final version.) > > In May 2017, the ARIN Board of Trustees proposed expansion of the size of > the Board of Trustees in order to increase opportunities for diversity in > the background of Board members, including geographical and gender > representation. This proposal was the topic of an energetic community > consultation with mixed outcome indicating both support and concerns with > such a change. The ARIN Board considered the outcome of the consultation, > but ultimately the measure did not achieve the four-fifths approval > threshold necessary for changing ARIN's Bylaws. > > In February of this year, the ARIN Board discussed an additional issue > related to the present size of the Board: specifically, the challenge that > a smaller Board poses when engaging in strategic discussions, for example > in regard to long-term direction or relationships with other Internet > organizations. While many of these topics are discussed with the community > prior to decision (e.g. formation of the NRO, support for the IANA > Stewardship Transition), it is often up to the ARIN Board of Trustees to > decide whether to explore these initiatives when they are at an early > stage. There is a very wide diversity of the Internet ecosystem that can be > affected by ARIN's strategic direction and this includes Internet service > providers of all sizes and types (transit, access, etc.), Internet online > and content industries, data center and cloud operators, educational and > government networks, commercial firms, and civil society. While the > Trustees elected by the community often have a bro > ad knowledge of the Internet ecosystem, seven Trustees is a relatively > small group to evaluate impacts across the entire Internet ecosystem. > > As a result of this discussion, the ARIN Board agreed to initiate a new > community consultation to expand the number of elected Board members from > six to nine, in order to allow for wider representation of the Internet > community during Board discussions. > Board proposal: > > ARIN should add three more elected voting seats to the Board of Trustees, > raising the current six (two elected per year) to nine (three elected per > year). New Board seats are to be added to the Board in a phased manner - > one per year in the 2018 thru 2020 elections as noted below > * October 2018: 3 Board members will be elected for 2019; 8 Trustee > board (9 if the appointed seat is used) > * October 2019: 3 Board members will be elected for 2020; 9 Trustee > board (10 if the appointed seat is used) > * October 2020: 3 Board members will be elected for 2021; 10 Trustee > board (11 if the appointed seat is used) > > The link to the proposed Bylaws amendment necessary to effect such a > change can be viewed at: https://www.arin.net/about_us/ > bot/20180216/exhibit_e.pdf > > We are seeking community feedback on this proposed change to the size of > the ARIN Board of Trustees. This consultation will remain open for at least > 30 days. > > Please provide comments to arin-consult at arin.net. You can subscribe to > this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult. > > Discussion on arin-consult at arin.net will close on 14 May 2018. > > If you have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From vgcerf at gmail.com Tue Apr 10 16:04:29 2018 From: vgcerf at gmail.com (vinton cerf) Date: Tue, 10 Apr 2018 16:04:29 -0400 Subject: [ARIN-consult] Amended ACSP Consultation: Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <20180410150011.36BD960350@hive.arin.net> Message-ID: David, that's a very interesting way to try to reach many of our goals for Board make up and perhaps gives useful guidance to the nominating committee. vint On Tue, Apr 10, 2018 at 2:13 PM, David Farmer wrote: > I am not opposed to the idea of expanding the board, a change from six to > nine elected board members with the CEO as an ex officio member seems > reasonable to me. However, I cannot support the current proposal as > written. The primary flaw I see in the current proposal is that it simply > expands the board without modifying how the board is selected. I believe > the issue at hand is as much about how the board is selected as much as it > is about the size of the board. > > Currently, a combined slate of candidates is proposed by the nominating > committee for the two board positions up for election each year, and the > two candidates with the most votes from the combined slate are selected. > This sometimes degrades into a popularity contest. Name recognition plays > as big a role as the qualifications of a candidate in determining who > prevails, potentially leaving the board without necessary expertise even > though the slate may have included candidates with the necessary > expertise. Just adding another position selected by this same process, selecting > the three candidates with the most votes from the combined slate, I fear > will only have a nominal effect on the composition of the board, and simply > result in a larger board with many of the same issues. > > In addition to expanding the board, I suggest each of the three board > positions up for election have a separate slate of two or more candidates > each year, instead of the current process with it's combined slate. > This allows the nominating committee, with advice from the board, to select > candidates with the expertise needed by the board to compete for a single > position and ensure a candidate with the necessary expertise will prevail > in the election. I don't think criteria for each position should be > enshrined in the bylaws, as the needs of the board will change and evolve > over time, but many of the issues discussed recently should be considered; > sector representation, organization types, etc... > > Thanks. > > On Tue, Apr 10, 2018 at 10:00 AM, ARIN wrote: > >> (You are only receiving this final version.) >> >> In May 2017, the ARIN Board of Trustees proposed expansion of the size of >> the Board of Trustees in order to increase opportunities for diversity in >> the background of Board members, including geographical and gender >> representation. This proposal was the topic of an energetic community >> consultation with mixed outcome indicating both support and concerns with >> such a change. The ARIN Board considered the outcome of the consultation, >> but ultimately the measure did not achieve the four-fifths approval >> threshold necessary for changing ARIN's Bylaws. >> >> In February of this year, the ARIN Board discussed an additional issue >> related to the present size of the Board: specifically, the challenge that >> a smaller Board poses when engaging in strategic discussions, for example >> in regard to long-term direction or relationships with other Internet >> organizations. While many of these topics are discussed with the community >> prior to decision (e.g. formation of the NRO, support for the IANA >> Stewardship Transition), it is often up to the ARIN Board of Trustees to >> decide whether to explore these initiatives when they are at an early >> stage. There is a very wide diversity of the Internet ecosystem that can be >> affected by ARIN's strategic direction and this includes Internet service >> providers of all sizes and types (transit, access, etc.), Internet online >> and content industries, data center and cloud operators, educational and >> government networks, commercial firms, and civil society. While the >> Trustees elected by the community often have a bro >> ad knowledge of the Internet ecosystem, seven Trustees is a relatively >> small group to evaluate impacts across the entire Internet ecosystem. >> >> As a result of this discussion, the ARIN Board agreed to initiate a new >> community consultation to expand the number of elected Board members from >> six to nine, in order to allow for wider representation of the Internet >> community during Board discussions. >> Board proposal: >> >> ARIN should add three more elected voting seats to the Board of Trustees, >> raising the current six (two elected per year) to nine (three elected per >> year). New Board seats are to be added to the Board in a phased manner - >> one per year in the 2018 thru 2020 elections as noted below >> * October 2018: 3 Board members will be elected for 2019; 8 Trustee >> board (9 if the appointed seat is used) >> * October 2019: 3 Board members will be elected for 2020; 9 Trustee >> board (10 if the appointed seat is used) >> * October 2020: 3 Board members will be elected for 2021; 10 >> Trustee board (11 if the appointed seat is used) >> >> The link to the proposed Bylaws amendment necessary to effect such a >> change can be viewed at: https://www.arin.net/about_us/ >> bot/20180216/exhibit_e.pdf >> >> We are seeking community feedback on this proposed change to the size of >> the ARIN Board of Trustees. This consultation will remain open for at least >> 30 days. >> >> Please provide comments to arin-consult at arin.net. You can subscribe to >> this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult >> . >> >> Discussion on arin-consult at arin.net will close on 14 May 2018. >> >> If you have any questions, please contact us at info at arin.net. >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> > > > -- > =============================================== > David Farmer Email:farmer at umn.edu > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 612-626-0815 > Minneapolis, MN 55414-3029 Cell: 612-812-9952 > =============================================== > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew.dul at quark.net Tue Apr 10 17:21:07 2018 From: andrew.dul at quark.net (Andrew Dul) Date: Tue, 10 Apr 2018 14:21:07 -0700 Subject: [ARIN-consult] Amended ACSP Consultation: Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <20180410150011.36BD960350@hive.arin.net> Message-ID: <9c9d04c0-6819-f609-2718-460528dbb406@quark.net> David, You have enumerated an idea that I have been considering writing about the past couple of days after reading through some of the comments on this consultation.? That is if the board believes that they need some sort of skill or representation that should be expressed through having the board notate to the nomcom the skills/representation needed and then candidates with those skills/representation would be placed onto the ballot with candidates of similar skills/representation. Practically this might look like (assuming no change in board size) Board Seat #1 (board requests candidate with financial skills) - Candidate A, Candidate B Board Seat #2 (board requests candidate with representation for large provider/cdn space) - Candidate C, Candidate D The membership would then select either Candidate A or B for seat #1 and similarly for seat #2. This does not provide for breadth or depth of skill/representation for which the board is not aware it needs, but does provide the membership an opportunity to express their preference for a candidate within a subset of candidates which meets a need or desire.? This does give more responsibility to the nomcom, so other changes to the nomcom maybe needed to facilitate this responsibility.? I too am not strictly opposed to growing the board size, but am inclined to not support just a growth in the size of the board without other changes to how board members are elected. Andrew On 4/10/2018 1:04 PM, vinton cerf wrote: > David, that's a very interesting way to try to reach many of our goals > for Board make up and perhaps gives useful guidance to the nominating > committee. > > vint > > > On Tue, Apr 10, 2018 at 2:13 PM, David Farmer > wrote: > > I am not opposed to the idea of expanding?the board, a change from > six to nine elected board members with the CEO as an ex > officio?member?seems reasonable to me. However, I cannot support > the current proposal as written.? The primary flaw I see in the > current proposal is that it simply expands the board without > modifying how the board is selected. I believe the issue at hand > is as much about how the board is selected as much as it is about > the size of the board. > > Currently, a combined slate of candidates is proposed by the > nominating committee for the two board positions up for election > each year, and the two candidates with the most votes from the > combined?slate?are selected. This sometimes degrades into a > popularity contest.? Name recognition plays as big a role as the > qualifications of a candidate in determining who prevails, > potentially leaving the board without necessary expertise even > though the slate may have included candidates?with the > necessary?expertise.? Just adding another position selected?by > this same process,?selecting the three?candidates with the most > votes from the combined slate,?I fear will only have a nominal > effect on the composition?of the board, and simply result?in a > larger board with many of the same issues. > > In addition?to expanding the?board, I suggest each of the three > board positions up for election have a separate?slate of?two or > more candidates each year, instead of?the current process with > it's combined slate. This?allows the nominating committee, with > advice from the board, to select candidates?with the expertise > needed by the board to compete for a single position and ensure > a?candidate?with the necessary expertise?will prevail in the > election. I don't think?criteria for each position should be > enshrined in the bylaws, as the needs of the board will change and > evolve over time, but many of the issues discussed recently should > be considered; sector representation, organization?types, etc... > > Thanks. > > On Tue, Apr 10, 2018 at 10:00 AM, ARIN > wrote: > > (You are only receiving this final version.) > > In May 2017, the ARIN Board of Trustees proposed expansion of > the size of the Board of Trustees in order to increase > opportunities for diversity in the background of Board > members, including geographical and gender representation. > This proposal was the topic of an energetic community > consultation with mixed outcome indicating both support and > concerns with such a change. The ARIN Board considered the > outcome of the consultation, but ultimately the measure did > not achieve the four-fifths approval threshold necessary for > changing ARIN's Bylaws. > > In February of this year, the ARIN Board discussed an > additional issue related to the present size of the Board: > specifically, the challenge that a smaller Board poses when > engaging in strategic discussions, for example in regard to > long-term direction or relationships with other Internet > organizations. While many of these topics are discussed with > the community prior to decision (e.g. formation of the NRO, > support for the IANA Stewardship Transition), it is often up > to the ARIN Board of Trustees to decide whether to explore > these initiatives when they are at an early stage. There is a > very wide diversity of the Internet ecosystem that can be > affected by ARIN's strategic direction and this includes > Internet service providers of all sizes and types (transit, > access, etc.), Internet online and content industries, data > center and cloud operators, educational and government > networks, commercial firms, and civil society. While the > Trustees elected by the community often have a bro > ?ad knowledge of the Internet ecosystem, seven Trustees is a > relatively small group to evaluate impacts across the entire > Internet ecosystem. > > As a result of this discussion, the ARIN Board agreed to > initiate a new community consultation to expand the number of > elected Board members from six to nine, in order to allow for > wider representation of the Internet community during Board > discussions. > Board proposal: > > ARIN should add three more elected voting seats to the Board > of Trustees, raising the current six (two elected per year) to > nine (three elected per year). New Board seats are to be added > to the Board in a phased manner - one per year in the 2018 > thru 2020 elections as noted below > *? ? ? ?October 2018: 3 Board members will be elected for > 2019; 8 Trustee board (9 if the appointed seat is used) > *? ? ? ?October 2019: 3 Board members will be elected for > 2020; 9 Trustee board (10 if the appointed seat is used) > *? ? ? ?October 2020: 3 Board members will be elected for > 2021; 10 Trustee board (11 if the appointed seat is used) > > The link to the proposed Bylaws amendment necessary to effect > such a change can be viewed at: > https://www.arin.net/about_us/bot/20180216/exhibit_e.pdf > > > We are seeking community feedback on this proposed change to > the size of the ARIN Board of Trustees. This consultation will > remain open for at least 30 days. > > Please provide comments to arin-consult at arin.net > . You can subscribe to this > mailing list at: > http://lists.arin.net/mailman/listinfo/arin-consult > . > > Discussion on arin-consult at arin.net > will close on 14 May 2018. > > If you have any questions, please contact us at info at arin.net > . > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > > -- > =============================================== > David Farmer? ? ? ? ? ? ?? Email:farmer at umn.edu > > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota?? > 2218 University Ave SE? ? ? ? Phone: 612-626-0815 > Minneapolis, MN 55414-3029?? Cell: 612-812-9952 > =============================================== > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the > ARIN Consult Mailing > List (ARIN-consult at arin.net ). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult > Please > contact the ARIN Member Services > Help Desk at info at arin.net if you > experience any issues. > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Apr 10 17:31:07 2018 From: jcurran at arin.net (John Curran) Date: Tue, 10 Apr 2018 21:31:07 +0000 Subject: [ARIN-consult] Amended ACSP Consultation: Expanding the Size of the ARIN Board of Trustees In-Reply-To: <9c9d04c0-6819-f609-2718-460528dbb406@quark.net> References: <20180410150011.36BD960350@hive.arin.net> <9c9d04c0-6819-f609-2718-460528dbb406@quark.net> Message-ID: <1B23EE1A-BF84-40E5-A3F7-1BA8A9BE77DA@arin.net> On 10 Apr 2018, at 5:21 PM, Andrew Dul wrote: > That is if the board believes that they need some sort of skill or representation that should be expressed through having the board notate to the nomcom the skills/representation needed and then candidates with those skills/representation would be placed onto the ballot with candidates of similar skills/representation. Andrew - Interestingly enough, such a mechanism exists today within the Nomination Committee charter. While to date it has only been used to encourage an improvement in overall diversity in the composition of the candidate slates, nothing precludes it from being used to make more specific requests. The guidance within the 2018 NomCom charter reads as follows - "ARIN Board Guidance to the 2018 NomCom The ARIN Board of Trustees notes that diversity in the composition of the Board and the Advisory Council (including but not limited to gender, industry, and geographic diversity) is encouraged, and provides this guidance to the NomCom for its consideration in the development of the candidate slates.? FYI, /John John Curran President and CEO ARIN From info at arin.net Wed Apr 11 11:54:49 2018 From: info at arin.net (ARIN) Date: Wed, 11 Apr 2018 11:54:49 -0400 Subject: [ARIN-consult] Consultation on Open ACSP Suggestions Message-ID: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> Through 11 May, we will be collecting feedback from the community on many of the open ACSP Suggestions that are not currently on the ARIN 2018 Work Plan. There is a survey available at https://www.surveymonkey.com/r/OpenACSP2018 where you can rank suggestions by category (type of improvement), and you also have the option to rate the value of each open suggestion. The information gleaned from the survey will be one of the inputs used to help determine which suggestions will be included ARIN's 2019 Work Plan. For your reference, the suggestions included in the survey have been grouped as follows: New Account Management Functionality: * 2017.16 - Allow registered brokers to be added to transfer tickets * 2017.21 - Display Account Type of Org IDs * 2017.24 - Allow NET objects of Simple Reassignments to hold POC objects * 2017.25 - Allow Changes to Org Handle in a Detailed Reassignment Without Requiring Deletion Account Management Improvements: * 2013.16 - Association of Multiple Networks With A Customer * 2017.3 - Allow Multiple Primary Billing Contacts New ARIN Online Features: * 2015.20 - Marking ARIN Online Messages as Read * 2016.8 - List All Related Unvalidated POCs * 2017.13 - Sorting of Allocations / Assignments by org-id in ARIN Online ARIN Online Improvements: * 2013.28 - POC Validation Message Removal Upon Validation * 2017.28 - Improvements to POC Searches Within ARIN Online Billing Functionality Improvements: * 2012.5 - Bulk Billing Management * 2016.06 - Add PO Field to Invoices in ARIN Online * 2016.12 - Interactive Fee Calculator Reporting Improvements: * 2018.2 - Improvements to Whois Inaccuracy Reporting RESTful Web Services (RWS) Improvements: * 2011.17 - Define access restrictions for APIs * 2012.20 - Remove result limit for Whois-RWS child network queries * 2015.18 - Sort Order For Utilization reports from RESTful Whois * 2016.11 - Improvements to RESTful Web Services * 2017.22 - Disable OT&E API keys (RegRWS) in Production Systems * 2017.23 - Changes To RegRWS Access With API Key Authentication Security Improvements: * 2017.1 - Two-factor functionality improvement Website Improvements: * 2017.9 - Changes to IP Address Widget * 2017.8 - Chat button for ARIN.NET website * 2016.03 - Provide Web UI for RDAP Please provide any additional comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 11 May 2018. If you have any questions, please contact us at info at arin.net. We look forward to hearing your thoughts as we set future development and service priorities. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN) From jcurran at arin.net Wed Apr 11 12:29:05 2018 From: jcurran at arin.net (John Curran) Date: Wed, 11 Apr 2018 16:29:05 +0000 Subject: [ARIN-consult] Consultation on Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: Message-ID: <1A6EAFB3-8637-4AA9-B8B0-70A85239DDC6@arin.net> On 8 Apr 2018, at 2:06 PM, Ron da Silva > wrote: Two implementation questions, - Would the 10th ex-officio CEO seat be voting or not? Best practices say no, especially in not-for-profit space.. but not a requirement. Issues either way.. Ron - Presently, the President of ARIN is a voting member of the Board of Trustees, and the proposed change to increase the number of elected Trustees from 6 to 9 would not change that. - Would the exclusions for Board members be lifted or changed/updated (thought there was another consult on that back at the end of last year..) to help increase the ?diversity? pool? The ARIN Board of Trustees passed the Nomination and Appointment Conflict of Interest List to disqualify persons serving in specific leadership roles in other organizations (e.g. the governing Board of another RIR) from also serving as member of the ARIN Board of Trustees and other ARIN leadership roles. It is not clear that increasing the size of the ARIN Board of Trustees will change the potential for conflict of interest with serving on the ARIN Board, but for avoidance of doubt I will bring the conflict of interest list to the ARIN Board for review if the proposed change to increase the number of elected Trustees is adopted. Thanks! /John John Curran President and CEO American Registry for Internet Numbers -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Wed Apr 11 12:40:09 2018 From: owen at delong.com (Owen DeLong) Date: Wed, 11 Apr 2018 09:40:09 -0700 Subject: [ARIN-consult] Consultation on Open ACSP Suggestions In-Reply-To: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> References: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> Message-ID: <0506D4FC-873F-4313-AA6C-8DB5B0F936CF@delong.com> > On Apr 11, 2018, at 08:54 , ARIN wrote: > > Through 11 May, we will be collecting feedback from the community on > many of the open ACSP Suggestions that are not currently on the ARIN > 2018 Work Plan. > > There is a survey available at > https://www.surveymonkey.com/r/OpenACSP2018 where you can rank > suggestions by category (type of improvement), and you also have the > option to rate the value of each open suggestion. > > The information gleaned from the survey will be one of the inputs used > to help determine which suggestions will be included ARIN's 2019 Work > Plan. For your reference, the suggestions included in the survey have > been grouped as follows: > > New Account Management Functionality: > > * 2017.16 - Allow registered brokers to be added to transfer tickets Support > * 2017.21 - Display Account Type of Org IDs Support > * 2017.24 - Allow NET objects of Simple Reassignments to hold POC objects Neutral, slightly opposed. Don?t see the benefit and therefore question the value of doing so. > * 2017.25 - Allow Changes to Org Handle in a Detailed Reassignment Without Requiring Deletion Support > Account Management Improvements: > > * 2013.16 - Association of Multiple Networks With A Customer Not entirely clear on the problem being solved or the benefit. > * 2017.3 - Allow Multiple Primary Billing Contacts Confused. Multiple billing contacts makes sense to me. By definition, primary implies a singular value. > New ARIN Online Features: > > * 2015.20 - Marking ARIN Online Messages as Read Support > * 2016.8 - List All Related Unvalidated POCs Support > * 2017.13 - Sorting of Allocations / Assignments by org-id in ARIN Online Support > ARIN Online Improvements: > > * 2013.28 - POC Validation Message Removal Upon Validation Support > * 2017.28 - Improvements to POC Searches Within ARIN Online Support > Billing Functionality Improvements: > > * 2012.5 - Bulk Billing Management Support > * 2016.06 - Add PO Field to Invoices in ARIN Online Neutral > * 2016.12 - Interactive Fee Calculator Neutral, but opposed to a fee increase to enable it. > Reporting Improvements: > > * 2018.2 - Improvements to Whois Inaccuracy Reporting Support > RESTful Web Services (RWS) Improvements: > > * 2011.17 - Define access restrictions for APIs Neutral to slightly opposed. Do not see sufficient benefit for expense. > * 2012.20 - Remove result limit for Whois-RWS child network queries Support > * 2015.18 - Sort Order For Utilization reports from RESTful Whois Support > * 2016.11 - Improvements to RESTful Web Services Support > * 2017.22 - Disable OT&E API keys (RegRWS) in Production Systems Support > * 2017.23 - Changes To RegRWS Access With API Key Authentication Neutral > Security Improvements: > > * 2017.1 - Two-factor functionality improvement Neutral > Website Improvements: > > * 2017.9 - Changes to IP Address Widget Neutral > * 2017.8 - Chat button for ARIN.NET website Support > * 2016.03 - Provide Web UI for RDAP Neutral to slightly opposed. Don?t see sufficient benefit vs. cost unless it essentially comes automatically with RDAP. In reality, there will be plenty of external RDAP Web-UIs created by third parties, so I don?t see much point here unless it replaces Whois-RWS and/or Reg-RWS and those products are EOLd as a result. Owen From jcurran at arin.net Wed Apr 11 12:48:03 2018 From: jcurran at arin.net (John Curran) Date: Wed, 11 Apr 2018 16:48:03 +0000 Subject: [ARIN-consult] Consultation on Open ACSP Suggestions In-Reply-To: <0506D4FC-873F-4313-AA6C-8DB5B0F936CF@delong.com> References: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> <0506D4FC-873F-4313-AA6C-8DB5B0F936CF@delong.com> Message-ID: <5D749CEC-1350-4DEA-8440-716226CC943E@arin.net> Owen - It would be most helpful if you (and others) could complete the referenced survey , as that allows for relative prioritization (e.g. please set higher those items you support) and allow us to develop a work plan for 2019 that accomplishes what the community most desires. Thanks! /John John Curran President and CEO ARIN On 11 Apr 2018, at 12:40 PM, Owen DeLong > wrote: On Apr 11, 2018, at 08:54 , ARIN > wrote: Through 11 May, we will be collecting feedback from the community on many of the open ACSP Suggestions that are not currently on the ARIN 2018 Work Plan. There is a survey available at https://www.surveymonkey.com/r/OpenACSP2018 where you can rank suggestions by category (type of improvement), and you also have the option to rate the value of each open suggestion. The information gleaned from the survey will be one of the inputs used to help determine which suggestions will be included ARIN's 2019 Work Plan. For your reference, the suggestions included in the survey have been grouped as follows: New Account Management Functionality: * 2017.16 - Allow registered brokers to be added to transfer tickets Support * 2017.21 - Display Account Type of Org IDs Support * 2017.24 - Allow NET objects of Simple Reassignments to hold POC objects Neutral, slightly opposed. Don?t see the benefit and therefore question the value of doing so. * 2017.25 - Allow Changes to Org Handle in a Detailed Reassignment Without Requiring Deletion Support Account Management Improvements: * 2013.16 - Association of Multiple Networks With A Customer Not entirely clear on the problem being solved or the benefit. * 2017.3 - Allow Multiple Primary Billing Contacts Confused. Multiple billing contacts makes sense to me. By definition, primary implies a singular value. New ARIN Online Features: * 2015.20 - Marking ARIN Online Messages as Read Support * 2016.8 - List All Related Unvalidated POCs Support * 2017.13 - Sorting of Allocations / Assignments by org-id in ARIN Online Support ARIN Online Improvements: * 2013.28 - POC Validation Message Removal Upon Validation Support * 2017.28 - Improvements to POC Searches Within ARIN Online Support Billing Functionality Improvements: * 2012.5 - Bulk Billing Management Support * 2016.06 - Add PO Field to Invoices in ARIN Online Neutral * 2016.12 - Interactive Fee Calculator Neutral, but opposed to a fee increase to enable it. Reporting Improvements: * 2018.2 - Improvements to Whois Inaccuracy Reporting Support RESTful Web Services (RWS) Improvements: * 2011.17 - Define access restrictions for APIs Neutral to slightly opposed. Do not see sufficient benefit for expense. * 2012.20 - Remove result limit for Whois-RWS child network queries Support * 2015.18 - Sort Order For Utilization reports from RESTful Whois Support * 2016.11 - Improvements to RESTful Web Services Support * 2017.22 - Disable OT&E API keys (RegRWS) in Production Systems Support * 2017.23 - Changes To RegRWS Access With API Key Authentication Neutral Security Improvements: * 2017.1 - Two-factor functionality improvement Neutral Website Improvements: * 2017.9 - Changes to IP Address Widget Neutral * 2017.8 - Chat button for ARIN.NET website Support * 2016.03 - Provide Web UI for RDAP Neutral to slightly opposed. Don?t see sufficient benefit vs. cost unless it essentially comes automatically with RDAP. In reality, there will be plenty of external RDAP Web-UIs created by third parties, so I don?t see much point here unless it replaces Whois-RWS and/or Reg-RWS and those products are EOLd as a result. Owen _______________________________________________ ARIN-Consult You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bjones at vt.edu Wed Apr 11 13:26:32 2018 From: bjones at vt.edu (Brian Jones) Date: Wed, 11 Apr 2018 13:26:32 -0400 Subject: [ARIN-consult] Amended ACSP Consultation: Expanding the Size of the ARIN Board of Trustees In-Reply-To: References: <20180410150011.36BD960350@hive.arin.net> Message-ID: See inline On Tue, Apr 10, 2018 at 2:13 PM, David Farmer wrote: > I am not opposed to the idea of expanding the board, a change from six to > nine elected board members with the CEO as an ex officio member seems > reasonable to me. However, I cannot support the current proposal as > written. The primary flaw I see in the current proposal is that it simply > expands the board without modifying how the board is selected. I believe > the issue at hand is as much about how the board is selected as much as it > is about the size of the board. > > Currently, a combined slate of candidates is proposed by the nominating > committee for the two board positions up for election each year, and the > two candidates with the most votes from the combined slate are selected. > This sometimes degrades into a popularity contest. Name recognition plays > as big a role as the qualifications of a candidate in determining who > prevails, potentially leaving the board without necessary expertise even > though the slate may have included candidates with the necessary > expertise. Just adding another position selected by this same process, selecting > the three candidates with the most votes from the combined slate, I fear > will only have a nominal effect on the composition of the board, and simply > result in a larger board with many of the same issues. > > In addition to expanding the board, I suggest each of the three board > positions up for election have a separate slate of two or more candidates > each year, instead of the current process with it's combined slate. > This allows the nominating committee, with advice from the board, to select > candidates with the expertise needed by the board to compete for a single > position and ensure a candidate with the necessary expertise will prevail > in the election. I don't think criteria for each position should be > enshrined in the bylaws, as the needs of the board will change and evolve > over time, but many of the issues discussed recently should be considered; > sector representation, organization types, etc... > ?+1 David's comments. I believe this is the way forward if the board needs expanding in size. There should also be more specific instructions from the board to the nomination committee about specific needs or skill sets expected for the positions.? -- Brian > > Thanks. > > On Tue, Apr 10, 2018 at 10:00 AM, ARIN wrote: > >> (You are only receiving this final version.) >> >> In May 2017, the ARIN Board of Trustees proposed expansion of the size of >> the Board of Trustees in order to increase opportunities for diversity in >> the background of Board members, including geographical and gender >> representation. This proposal was the topic of an energetic community >> consultation with mixed outcome indicating both support and concerns with >> such a change. The ARIN Board considered the outcome of the consultation, >> but ultimately the measure did not achieve the four-fifths approval >> threshold necessary for changing ARIN's Bylaws. >> >> In February of this year, the ARIN Board discussed an additional issue >> related to the present size of the Board: specifically, the challenge that >> a smaller Board poses when engaging in strategic discussions, for example >> in regard to long-term direction or relationships with other Internet >> organizations. While many of these topics are discussed with the community >> prior to decision (e.g. formation of the NRO, support for the IANA >> Stewardship Transition), it is often up to the ARIN Board of Trustees to >> decide whether to explore these initiatives when they are at an early >> stage. There is a very wide diversity of the Internet ecosystem that can be >> affected by ARIN's strategic direction and this includes Internet service >> providers of all sizes and types (transit, access, etc.), Internet online >> and content industries, data center and cloud operators, educational and >> government networks, commercial firms, and civil society. While the >> Trustees elected by the community often have a bro >> ad knowledge of the Internet ecosystem, seven Trustees is a relatively >> small group to evaluate impacts across the entire Internet ecosystem. >> >> As a result of this discussion, the ARIN Board agreed to initiate a new >> community consultation to expand the number of elected Board members from >> six to nine, in order to allow for wider representation of the Internet >> community during Board discussions. >> Board proposal: >> >> ARIN should add three more elected voting seats to the Board of Trustees, >> raising the current six (two elected per year) to nine (three elected per >> year). New Board seats are to be added to the Board in a phased manner - >> one per year in the 2018 thru 2020 elections as noted below >> * October 2018: 3 Board members will be elected for 2019; 8 Trustee >> board (9 if the appointed seat is used) >> * October 2019: 3 Board members will be elected for 2020; 9 Trustee >> board (10 if the appointed seat is used) >> * October 2020: 3 Board members will be elected for 2021; 10 >> Trustee board (11 if the appointed seat is used) >> >> The link to the proposed Bylaws amendment necessary to effect such a >> change can be viewed at: https://www.arin.net/about_us/ >> bot/20180216/exhibit_e.pdf >> >> We are seeking community feedback on this proposed change to the size of >> the ARIN Board of Trustees. This consultation will remain open for at least >> 30 days. >> >> Please provide comments to arin-consult at arin.net. You can subscribe to >> this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult >> . >> >> Discussion on arin-consult at arin.net will close on 14 May 2018. >> >> If you have any questions, please contact us at info at arin.net. >> >> Regards, >> >> John Curran >> President and CEO >> American Registry for Internet Numbers (ARIN) >> >> > > > -- > =============================================== > David Farmer Email:farmer at umn.edu > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 612-626-0815 > Minneapolis, MN 55414-3029 Cell: 612-812-9952 > =============================================== > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Wed Apr 11 13:34:42 2018 From: owen at delong.com (Owen DeLong) Date: Wed, 11 Apr 2018 10:34:42 -0700 Subject: [ARIN-consult] Consultation on Open ACSP Suggestions In-Reply-To: <5D749CEC-1350-4DEA-8440-716226CC943E@arin.net> References: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> <0506D4FC-873F-4313-AA6C-8DB5B0F936CF@delong.com> <5D749CEC-1350-4DEA-8440-716226CC943E@arin.net> Message-ID: John, The first question in the survey is an utter failure from my perspective as I don?t see priorities in terms of categories. There are some things in each category which I consider relatively higher priority vs. other things in those same categories. For example, I would consider the following to be relatively high priority (In email order. not necessarily priority order): 2017.16 2017.21 2015.20 2016.8 2013.28 2017.28 2017.22 2017.8 You?ll notice that those are spread all over the categories. Owen > On Apr 11, 2018, at 09:48 , John Curran wrote: > > Owen - > > It would be most helpful if you (and others) could complete the referenced survey >, as that allows for relative prioritization (e.g. please set higher those items you support) and allow us to develop a work plan for 2019 that accomplishes what the community most desires. > > Thanks! > /John > > John Curran > President and CEO > ARIN > >> On 11 Apr 2018, at 12:40 PM, Owen DeLong > wrote: >> >> >> >>> On Apr 11, 2018, at 08:54 , ARIN > wrote: >>> >>> Through 11 May, we will be collecting feedback from the community on >>> many of the open ACSP Suggestions that are not currently on the ARIN >>> 2018 Work Plan. >>> >>> There is a survey available at >>> https://www.surveymonkey.com/r/OpenACSP2018 where you can rank >>> suggestions by category (type of improvement), and you also have the >>> option to rate the value of each open suggestion. >>> >>> The information gleaned from the survey will be one of the inputs used >>> to help determine which suggestions will be included ARIN's 2019 Work >>> Plan. For your reference, the suggestions included in the survey have >>> been grouped as follows: >>> >>> New Account Management Functionality: >>> >>> * 2017.16 - Allow registered brokers to be added to transfer tickets >> >> Support >> >>> * 2017.21 - Display Account Type of Org IDs >> >> Support >> >>> * 2017.24 - Allow NET objects of Simple Reassignments to hold POC objects >> >> Neutral, slightly opposed. Don?t see the benefit and therefore question the value >> of doing so. >> >>> * 2017.25 - Allow Changes to Org Handle in a Detailed Reassignment Without Requiring Deletion >> >> Support >> >>> Account Management Improvements: >>> >>> * 2013.16 - Association of Multiple Networks With A Customer >> >> Not entirely clear on the problem being solved or the benefit. >> >>> * 2017.3 - Allow Multiple Primary Billing Contacts >> >> Confused. Multiple billing contacts makes sense to me. By definition, primary implies a singular value. >> >>> New ARIN Online Features: >>> >>> * 2015.20 - Marking ARIN Online Messages as Read >> >> Support >> >>> * 2016.8 - List All Related Unvalidated POCs >> >> Support >> >>> * 2017.13 - Sorting of Allocations / Assignments by org-id in ARIN Online >> >> Support >> >>> ARIN Online Improvements: >>> >>> * 2013.28 - POC Validation Message Removal Upon Validation >> >> Support >> >>> * 2017.28 - Improvements to POC Searches Within ARIN Online >> >> Support >> >>> Billing Functionality Improvements: >>> >>> * 2012.5 - Bulk Billing Management >> >> Support >> >>> * 2016.06 - Add PO Field to Invoices in ARIN Online >> >> Neutral >> >>> * 2016.12 - Interactive Fee Calculator >> >> Neutral, but opposed to a fee increase to enable it. >> >>> Reporting Improvements: >>> >>> * 2018.2 - Improvements to Whois Inaccuracy Reporting >> >> Support >> >>> RESTful Web Services (RWS) Improvements: >>> >>> * 2011.17 - Define access restrictions for APIs >> >> Neutral to slightly opposed. Do not see sufficient benefit for expense. >> >>> * 2012.20 - Remove result limit for Whois-RWS child network queries >> >> Support >> >>> * 2015.18 - Sort Order For Utilization reports from RESTful Whois >> >> Support >> >>> * 2016.11 - Improvements to RESTful Web Services >> >> Support >> >>> * 2017.22 - Disable OT&E API keys (RegRWS) in Production Systems >> >> Support >> >>> * 2017.23 - Changes To RegRWS Access With API Key Authentication >> >> Neutral >> >>> Security Improvements: >>> >>> * 2017.1 - Two-factor functionality improvement >> >> Neutral >> >>> Website Improvements: >>> >>> * 2017.9 - Changes to IP Address Widget >> >> Neutral >> >>> * 2017.8 - Chat button for ARIN.NET website >> >> Support >> >>> * 2016.03 - Provide Web UI for RDAP >> >> Neutral to slightly opposed. Don?t see sufficient benefit vs. cost unless it >> essentially comes automatically with RDAP. In reality, there will be plenty of >> external RDAP Web-UIs created by third parties, so I don?t see much point here >> unless it replaces Whois-RWS and/or Reg-RWS and those products are EOLd as a >> result. >> >> Owen >> >> >> _______________________________________________ >> ARIN-Consult >> You are receiving this message because you are subscribed to the ARIN Consult Mailing >> List (ARIN-consult at arin.net ). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services >> Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Wed Apr 11 13:48:13 2018 From: jcurran at arin.net (John Curran) Date: Wed, 11 Apr 2018 17:48:13 +0000 Subject: [ARIN-consult] Consultation on Open ACSP Suggestions In-Reply-To: References: <596f6e80-426d-1695-3a69-2a938d963011@arin.net> <0506D4FC-873F-4313-AA6C-8DB5B0F936CF@delong.com> <5D749CEC-1350-4DEA-8440-716226CC943E@arin.net> Message-ID: <7273CC56-0498-4B76-9C51-6D07A6CD0968@arin.net> On 11 Apr 2018, at 1:34 PM, Owen DeLong wrote: > > John, > > The first question in the survey is an utter failure from my perspective as I don?t see priorities in terms of categories. > > There are some things in each category which I consider relatively higher priority vs. other things in those same categories. Owen - Rather than have everyone be forced to prioritize 24 items individually (not a quick task at all), it was felt that having them prioritize a smaller set of categories would yield a higher response rate. Given your desire for more detailed input, please complete the both the first survey question (as best you are able), and then also complete the rating of relative importance of open suggestions in each category which follows. Thanks! /John John Curran President and CEO ARIN From jschiller at google.com Mon Apr 16 11:27:34 2018 From: jschiller at google.com (Jason Schiller) Date: Mon, 16 Apr 2018 15:27:34 +0000 Subject: [ARIN-consult] ASO Review Consultation 2018 In-Reply-To: References: <9550F7A6-A4BD-45AC-A97E-6831ACA0EBB8@pch.net> Message-ID: *Woody and Alyssa make three very good points.1. When NTIA stepped away from oversight of ICANN, we (names, numbers and protocols communities) had to figure out how the community would take over that oversight. The numbers community sorted this issue by:- the RIRs paying directly for the IANA numbers services operations- having an SLA for IANA numbers services operations - having an IANA Review Committee which - is made up from the community - ensure bottom up, community involvement in assessing that the IANA numbers services operations meet the needs of the numbers community. 2. The ASO is an ICANN ?supporting organization (SO)? and as such, it gets dragged into a lot of ICANN work as a matter of convention, like any other ICANN supporting organization (SO) or ICANN advisory committee (AC). Most of this work has no direct relevance to global number policy, number policy in general, or the numbers community. The amount of work has increased dramatically in the post IANA transition phase as names community tries to sort out proper community oversight (which the numbers community has already addressed -- see point 1).3. The important work of the ASO, supporting global policy and recognition of new RIRs happens sporadically and infrequently.While the new SLA and oversight through the community supported IANA Review Committee has greatly reduced the dependency of the numbers community on ICANN, it has not in any way changed the responsibility, role, or importance of the ASO AC.The work of shepherding global policy remains unchanged with the addition of the IANA SLA and the IANA RC. While that work still depends on ratification of the ICANN board, then it must be completed within the ICANN system. If global policy is no longer ratified by the ICANN board, then the work of shepherding global policy would need to be recreated outside the ICANN system. Likely this means chartering the NRO NC, building the appropriate operating procedures, and figuring out what interaction and community oversight is needed with the new ratifying party.This leaves me with two questions:1. What is the value of keeping names, numbers, and protocols under the single umbrella of ICANN? Is the value that ICANN provides worth the level of work that an ICANN Supporting Organization or Advisory Committee requires?2. If not, then can we get ICANN to recognize the strange nature of the ASO, and ensure ICANN strives to limit ASO involvement to only things that impact global numbers policy, and the numbers community in general? This means ICANN will necessarily need to carve out the ASO from the things that normal parts of ICANN participate in, and restrict changes to the by-laws to not impact the ASO except when they specifically relate to the numbers community and in those cases the involvement of the ASO in developing those rules is required. If the answer to both of these are no, then we must seek to move global policy ratification, and hence the global policy shepherding work outside ICANN. * ___Jason On Thu, Mar 1, 2018 at 5:34 PM Alyssa Moore wrote: > It has taken me over two years to wrap my head around the > responsibilities, structure and difference between the ASO, ASO AC, NRO, > and NRO EC. > > I have to agree with Woody here on redundancy. > > Regarding clarity and complexity, it still remains unclear that the ASO is > an ICANN Supporting Organization, whose functions are carried out by the > NRO, and that the NRO NC and the ASO AC are the same people. And that the > NRO EC is part of the ASO, but is separate from the ASO AC, etc. > > > The ASO also plays an advisory role, and not a policy development role > like the other two Supporting Organizations within ICANN. If it?s an > advisory role, shouldn?t it be an Advisory Committee? Or why can?t that > advice come from outside the ICANN structure from the NRO itself? To that > end, the vast majority of RIR policy development is all done outside the > constraints of the ICANN system on a regional basis. > > The new IANA SLA replaces the ASO MoU in terms of defining the > relationship between ICANN and the RIRs, which has moved away from policy > development and coordination toward an operator/clients relationship. The > primary role of the ASO - forwarding global policy proposals for > ratification to the ICANN Board - is an extremely rare occurrence. Does > there need to be a supporting organization for that work? The NRO performs > this policy coordination function already. > > All of that being said, despite the increased volunteer time required in > the wake of the Empowered Community, I must say the ASO is probably one of > the more efficient creatures of ICANN considering the sheer number of > network operators it represents. > > > On Thu, Mar 1, 2018 at 9:46 AM Bill Woodcock wrote: > >> >> >> > On Feb 2, 2018, at 5:59 AM, ARIN wrote: >> > >> > As a part of the Number Resource Organization (NRO), ARIN is seeking >> > community input on the NRO community consultation on the ASO review. >> >> Now that there?s a contractual relationship with the IANA Functions >> Operator, with its own heavyweight oversight process in place, the ASO/AC >> is completely redundant, since it interfaces with ICANN, and unlike the >> Names community, we and Protocols don?t do our policymaking within ICANN, >> we do it ourselves. So, no reason to continue to have an ASO/AC. It would >> just be looking for a purpose and confusing people. >> >> -Bill >> >> _______________________________________________ >> ARIN-Consult >> You are receiving this message because you are subscribed to the ARIN >> Consult Mailing >> List (ARIN-consult at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the >> ARIN Member Services >> Help Desk at info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -- _______________________________________________________ Jason Schiller|NetOps|jschiller at google.com|571-266-0006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at arin.net Tue Apr 24 08:21:36 2018 From: info at arin.net (ARIN) Date: Tue, 24 Apr 2018 08:21:36 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists Message-ID: ARIN has received a suggestion requesting attachments be prohibited on ARIN public mailing lists, including PPML. * Question:? Should attachments be prohibited on ARIN public mailing lists? * Question:? If yes, should this include all ARIN public mailing lists, or only select lists? https://www.arin.net/participate/mailing_lists/index.html The feedback you provide during this consultation will help inform how ARIN will proceed in response to ACSP 2018.11. All messages that have been sent to ARIN mailing lists on this topic in the last week, and prior to the opening of this consultation, will be included in our feedback collection resulting from this consultation. Thank you for your participation in the ARIN Consultation and Suggestion Process. Please provide comments to arin-consult at arin.net. Discussion on arin-consult at arin.net will close on 7 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From gert at space.net Tue Apr 24 08:23:59 2018 From: gert at space.net (Gert Doering) Date: Tue, 24 Apr 2018 14:23:59 +0200 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: <20180424122359.GH89741@Space.Net> Hi, On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > * Question:? Should attachments be prohibited on ARIN public > mailing lists? I do not have a particular opinion on that, but *if* you disallow attachments, please make it smart enough to not break PGP-signed mails in MIME format (which come with an "attachment" for the signature) in the process. Like this one :) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From kevinb at thewire.ca Tue Apr 24 10:44:34 2018 From: kevinb at thewire.ca (Kevin Blumberg) Date: Tue, 24 Apr 2018 14:44:34 +0000 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424122359.GH89741@Space.Net> References: <20180424122359.GH89741@Space.Net> Message-ID: <7E7773B523E82C478734E793E58F69E7A5D3442E@SBS2011.thewireinc.local> I don't support the wholesale removal of all attachments. I have seen authors and Shepherds use PDF and Word documents in the past to show redline versions of Policy, which has been very beneficial. I would support limiting the types of attachments that are allowed. Thanks, Kevin Blumberg -----Original Message----- From: ARIN-consult On Behalf Of Gert Doering Sent: Tuesday, April 24, 2018 8:24 AM To: ARIN Cc: arin-consult at arin.net Subject: Re: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists Hi, On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > * Question:? Should attachments be prohibited on ARIN public mailing > lists? I do not have a particular opinion on that, but *if* you disallow attachments, please make it smart enough to not break PGP-signed mails in MIME format (which come with an "attachment" for the signature) in the process. Like this one :) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 From bill at herrin.us Tue Apr 24 10:56:06 2018 From: bill at herrin.us (William Herrin) Date: Tue, 24 Apr 2018 10:56:06 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424122359.GH89741@Space.Net> References: <20180424122359.GH89741@Space.Net> Message-ID: On Tue, Apr 24, 2018 at 8:23 AM, Gert Doering wrote: > On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: >> * Question: Should attachments be prohibited on ARIN public >> mailing lists? > > I do not have a particular opinion on that, but *if* you disallow attachments, > please make it smart enough to not break PGP-signed mails in MIME format > (which come with an "attachment" for the signature) in the process. Hi Gert, "Not break" as in maintain the signature or "not break" as in don't strip the signature and then keep the multipart/signed content-type breaking the validator? Personally, I wouldn't mind seeing all emails squashed to a single MIME text/plain part. It might even improve the quoting mess where a lot of mail software can't figure out how to mark the components of the mail or sometimes indents an entire paragraph unwrapped instead of indenting the lines. On the rare occasions where we want to communicate something more complicated than plain text allows, it's not that hard to find a place to host it or to offer to mail copies directly to those few lost souls whose internal IT is cruel enough to block the web. I'm very much not a fan of allowing content types that must be virus-scanned because they allow programs and other dangerous features to be embedded within them. Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From mcr at sandelman.ca Tue Apr 24 11:32:28 2018 From: mcr at sandelman.ca (Michael Richardson) Date: Tue, 24 Apr 2018 11:32:28 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424122359.GH89741@Space.Net> References: <20180424122359.GH89741@Space.Net> Message-ID: <20744.1524583948@obiwan.sandelman.ca> Gert Doering wrote: > On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: >> * Question:? Should attachments be prohibited on ARIN public >> mailing lists? > I do not have a particular opinion on that, but *if* you disallow attachments, > please make it smart enough to not break PGP-signed mails in MIME format > (which come with an "attachment" for the signature) in the process. +1 > Like this one :) and this. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 464 bytes Desc: not available URL: From gert at space.net Tue Apr 24 11:35:41 2018 From: gert at space.net (Gert Doering) Date: Tue, 24 Apr 2018 17:35:41 +0200 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: <20180424122359.GH89741@Space.Net> Message-ID: <20180424153541.GJ89741@Space.Net> Hi, On Tue, Apr 24, 2018 at 10:56:06AM -0400, William Herrin wrote: > On Tue, Apr 24, 2018 at 8:23 AM, Gert Doering wrote: > > On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > >> * Question: Should attachments be prohibited on ARIN public > >> mailing lists? > > > > I do not have a particular opinion on that, but *if* you disallow attachments, > > please make it smart enough to not break PGP-signed mails in MIME format > > (which come with an "attachment" for the signature) in the process. > > Hi Gert, > > "Not break" as in maintain the signature or "not break" as in don't > strip the signature and then keep the multipart/signed content-type > breaking the validator? "do not fumble with mail that is PGP signed", not in any way. Do not modify the body, those header parts that are covered by the signature, or the signature itself, or the MIME structure tieing parts together. > Personally, I wouldn't mind seeing all emails squashed to a single > MIME text/plain part. It might even improve the quoting mess where a > lot of mail software can't figure out how to mark the components of > the mail or sometimes indents an entire paragraph unwrapped instead of > indenting the lines. I would totally second *that* :-) - but I'm afraid that was not the question asked. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From mcr at sandelman.ca Tue Apr 24 11:39:10 2018 From: mcr at sandelman.ca (Michael Richardson) Date: Tue, 24 Apr 2018 11:39:10 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: <20180424122359.GH89741@Space.Net> Message-ID: <22594.1524584350@obiwan.sandelman.ca> William Herrin wrote: > "Not break" as in maintain the signature or "not break" as in don't > strip the signature and then keep the multipart/signed content-type > breaking the validator? don't strip the signature, make sure it can still validate. > Personally, I wouldn't mind seeing all emails squashed to a single > MIME text/plain part. It might even improve the quoting mess where a > lot of mail software can't figure out how to mark the components of > the mail or sometimes indents an entire paragraph unwrapped instead of > indenting the lines. No, it won't help people using outlook at all. > On the rare occasions where we want to communicate something more > complicated than plain text allows, it's not that hard to find a place > to host it or to offer to mail copies directly to those few lost souls > whose internal IT is cruel enough to block the web. I totally agree. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 464 bytes Desc: not available URL: From woody at pch.net Tue Apr 24 11:40:40 2018 From: woody at pch.net (Bill Woodcock) Date: Tue, 24 Apr 2018 08:40:40 -0700 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20744.1524583948@obiwan.sandelman.ca> References: <20180424122359.GH89741@Space.Net> <20744.1524583948@obiwan.sandelman.ca> Message-ID: <5D075D49-E7DB-4451-ABC3-D42FB389ECB5@pch.net> +another. -Bill > On Apr 24, 2018, at 08:33, Michael Richardson wrote: > > > Gert Doering wrote: >>> On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: >>> * Question: Should attachments be prohibited on ARIN public >>> mailing lists? > >> I do not have a particular opinion on that, but *if* you disallow attachments, >> please make it smart enough to not break PGP-signed mails in MIME format >> (which come with an "attachment" for the signature) in the process. > > +1 > >> Like this one :) > > and this. > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | network architect [ > ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From austin.murkland at qscend.com Tue Apr 24 12:21:21 2018 From: austin.murkland at qscend.com (Austin Murkland) Date: Tue, 24 Apr 2018 12:21:21 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: * Question: Should attachments be prohibited on ARIN public mailing lists? Maybe. Limiting sounds like a good middle ground; what, if any, scanning is presently done on messages? * Question: If yes, should this include all ARIN public mailing lists, or only select lists? It should include all mailing lists, it may just be easier altogether to modify the subscription preferences and add a checkbox for "strip attachments" so each member could make this choice for themselves/their environment. While it may not be a trivial amount of work on the backend to make that happen, I think it would be easier than maintaining multiple sets of rules for multiple lists. -Austin Murkland On Tue, Apr 24, 2018 at 8:21 AM, ARIN wrote: > ARIN has received a suggestion requesting attachments be prohibited on > ARIN public mailing lists, including PPML. > > * Question: Should attachments be prohibited on ARIN public > mailing lists? > > * Question: If yes, should this include all ARIN public mailing > lists, or only select lists? > > https://www.arin.net/participate/mailing_lists/index.html > > The feedback you provide during this consultation will help inform how > ARIN will proceed in response to ACSP 2018.11. All messages that have > been sent to ARIN mailing lists on this topic in the last week, and > prior to the opening of this consultation, will be included in our > feedback collection resulting from this consultation. Thank you for your > participation in the ARIN Consultation and Suggestion Process. > > Please provide comments to arin-consult at arin.net. > > > Discussion on arin-consult at arin.net will close on 7 May 2018. If you > have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Tue Apr 24 12:29:14 2018 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Apr 2018 09:29:14 -0700 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424153541.GJ89741@Space.Net> References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> Message-ID: <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> > On Apr 24, 2018, at 08:35 , Gert Doering wrote: > > Hi, > > On Tue, Apr 24, 2018 at 10:56:06AM -0400, William Herrin wrote: >> On Tue, Apr 24, 2018 at 8:23 AM, Gert Doering wrote: >>> On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: >>>> * Question: Should attachments be prohibited on ARIN public >>>> mailing lists? >>> >>> I do not have a particular opinion on that, but *if* you disallow attachments, >>> please make it smart enough to not break PGP-signed mails in MIME format >>> (which come with an "attachment" for the signature) in the process. >> >> Hi Gert, >> >> "Not break" as in maintain the signature or "not break" as in don't >> strip the signature and then keep the multipart/signed content-type >> breaking the validator? > > "do not fumble with mail that is PGP signed", not in any way. > > Do not modify the body, those header parts that are covered by the > signature, or the signature itself, or the MIME structure tieing parts > together. What you are effectively arguing for here is ?Allow attachments as long as the message at least pretends to be PGP signed.? If we?re going to block attachments, then we should do so. If not, then I?m fine with that. However, in deference to the PGP signed aficionados, I would suggest that we pass (unaltered) any PGP signed message which contains only text/plain, text/ascii, text/rtf, and PGP-related MIME parts. For others, we should return an error message to the poster explaining that attachments are not allowed, but PGP signatures are still permitted. Owen > >> Personally, I wouldn't mind seeing all emails squashed to a single >> MIME text/plain part. It might even improve the quoting mess where a >> lot of mail software can't figure out how to mark the components of >> the mail or sometimes indents an entire paragraph unwrapped instead of >> indenting the lines. > > I would totally second *that* :-) - but I'm afraid that was not the > question asked. > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From jzp-arin-consult at rsuc.gweep.net Tue Apr 24 13:12:11 2018 From: jzp-arin-consult at rsuc.gweep.net (Joe Provo) Date: Tue, 24 Apr 2018 13:12:11 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: <20180424171211.GA66135@gweep.net> On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > ARIN has received a suggestion requesting attachments be prohibited on > ARIN public mailing lists, including PPML. > > * Question:?? Should attachments be prohibited on ARIN public > mailing lists? No. Any filtering should only be for known attack content (eg, vendor-specific malicious payloads), as they will masquerade as any types that are blessed to go through. > * Question:?? If yes, should this include all ARIN public mailing > lists, or only select lists? No, so N/A. > https://www.arin.net/participate/mailing_lists/index.html > > The feedback you provide during this consultation will help inform how > ARIN will proceed in response to ACSP 2018.11. All messages that have > been sent to ARIN mailing lists on this topic in the last week, and > prior to the opening of this consultation, will be included in our > feedback collection resulting from this consultation. Thank you for your > participation in the ARIN Consultation and Suggestion Process. > > Please provide comments to arin-consult at arin.net. > > > Discussion on arin-consult at arin.net will close on 7 May 2018. If you > have any questions, please contact us at info at arin.net. > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -- Posted from my personal account - see X-Disclaimer header. Joe Provo / Gweep / Earthling From bjones at vt.edu Tue Apr 24 15:11:38 2018 From: bjones at vt.edu (Brian Jones) Date: Tue, 24 Apr 2018 15:11:38 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> Message-ID: See inline comments. -- Brian On Tue, Apr 24, 2018 at 12:29 PM, Owen DeLong wrote: > > > > On Apr 24, 2018, at 08:35 , Gert Doering wrote: > > > > Hi, > > > > On Tue, Apr 24, 2018 at 10:56:06AM -0400, William Herrin wrote: > >> On Tue, Apr 24, 2018 at 8:23 AM, Gert Doering wrote: > >>> On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > >>>> * Question: Should attachments be prohibited on ARIN public > >>>> mailing lists? > >>> > >>> I do not have a particular opinion on that, but *if* you disallow > attachments, > >>> please make it smart enough to not break PGP-signed mails in MIME > format > >>> (which come with an "attachment" for the signature) in the process. > >> > >> Hi Gert, > >> > >> "Not break" as in maintain the signature or "not break" as in don't > >> strip the signature and then keep the multipart/signed content-type > >> breaking the validator? > > > > "do not fumble with mail that is PGP signed", not in any way. > > > > Do not modify the body, those header parts that are covered by the > > signature, or the signature itself, or the MIME structure tieing parts > > together. > > What you are effectively arguing for here is ?Allow attachments as long > as the message at least pretends to be PGP signed.? > > If we?re going to block attachments, then we should do so. > ?+1? > > If not, then I?m fine with that. > ?+1 ? > However, in deference to the PGP signed aficionados, I would suggest that > we pass (unaltered) any PGP signed message which contains only text/plain, > text/ascii, text/rtf, and PGP-related MIME parts. For others, we should > return an error message to the poster explaining that attachments are not > allowed, but PGP signatures are still permitted. > > Owen > ?Does discussion conducted on ARIN public lists need to be PGP signed?? > > > > >> Personally, I wouldn't mind seeing all emails squashed to a single > >> MIME text/plain part. It might even improve the quoting mess where a > >> lot of mail software can't figure out how to mark the components of > >> the mail or sometimes indents an entire paragraph unwrapped instead of > >> indenting the lines. > > > > I would totally second *that* :-) - but I'm afraid that was not the > > question asked. > > > > Gert Doering > > -- NetMaster > > -- > > have you enabled IPv6 on something today...? > > > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael > Emmer > > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > > D-80807 Muenchen HRB: 136055 (AG Muenchen) > > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > > _______________________________________________ > > ARIN-Consult > > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > > List (ARIN-consult at arin.net). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > > Help Desk at info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Tue Apr 24 16:37:38 2018 From: gert at space.net (Gert Doering) Date: Tue, 24 Apr 2018 22:37:38 +0200 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> Message-ID: <20180424203738.GM89741@Space.Net> Hi, On Tue, Apr 24, 2018 at 09:29:14AM -0700, Owen DeLong wrote: > >> "Not break" as in maintain the signature or "not break" as in don't > >> strip the signature and then keep the multipart/signed content-type > >> breaking the validator? > > > > "do not fumble with mail that is PGP signed", not in any way. > > > > Do not modify the body, those header parts that are covered by the > > signature, or the signature itself, or the MIME structure tieing parts > > together. > > What you are effectively arguing for here is ???Allow attachments as long > as the message at least pretends to be PGP signed.??? Nah, that was maybe a bit unclear. I was thinking of "if there is a single attachment that claims to be a PGP signature" (which of course could be actually verified and bounced if it fails signature checking), but should have said so. > If we???re going to block attachments, then we should do so. > > If not, then I???m fine with that. > > However, in deference to the PGP signed aficionados, I would suggest that > we pass (unaltered) any PGP signed message which contains only text/plain, > text/ascii, text/rtf, and PGP-related MIME parts. For others, we should > return an error message to the poster explaining that attachments are not > allowed, but PGP signatures are still permitted. This would work for me. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From gert at space.net Tue Apr 24 16:39:27 2018 From: gert at space.net (Gert Doering) Date: Tue, 24 Apr 2018 22:39:27 +0200 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> Message-ID: <20180424203927.GN89741@Space.Net> Hi, On Tue, Apr 24, 2018 at 03:11:38PM -0400, Brian Jones wrote: > ???Does discussion conducted on ARIN public lists need to be PGP signed???? If you are just counting heads, maybe not. If you look at "who said something, what is their background, should I be listening more closely", being able to verify that "indeed, this was sent by the person I know" is a benefit. Of course some of us do not really need PGP to make it very easy to see "oh, yes, Gert wrote this, and he's having a bad day again" :-) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From woody at pch.net Tue Apr 24 16:52:09 2018 From: woody at pch.net (Bill Woodcock) Date: Tue, 24 Apr 2018 13:52:09 -0700 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> Message-ID: <7F42754C-F853-47D6-A49A-4C204944CB66@pch.net> > On Apr 24, 2018, at 12:11 PM, Brian Jones wrote: > ?Does discussion conducted on ARIN public lists need to be PGP signed?? Does it really need a sent-by address? Or a timestamp? No, but special casing email that goes to just one mailing list to be formatted differently than all your other email would be a senseless pain in the ass. So, I?d very much prefer if signatures are not stripped, and I?d be _really unhappy_ if every signed email was bounced. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From leo.vegoda at icann.org Tue Apr 24 17:02:12 2018 From: leo.vegoda at icann.org (Leo Vegoda) Date: Tue, 24 Apr 2018 21:02:12 +0000 Subject: [ARIN-consult] [Ext] Re: Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424203738.GM89741@Space.Net> References: <20180424122359.GH89741@Space.Net> <20180424153541.GJ89741@Space.Net> <9E4442E8-2DEB-4DCC-B4CB-6AD3EE8B88CB@delong.com> <20180424203738.GM89741@Space.Net> Message-ID: <1e509f493e40471fb591a03095972504@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG> Gert Doering wrote: [...] > > What you are effectively arguing for here is ???Allow attachments as > > long as the message at least pretends to be PGP signed.??? > > Nah, that was maybe a bit unclear. I was thinking of "if there is a > single attachment that claims to be a PGP signature" (which of course could > be actually verified and bounced if it fails signature checking), but should > have said so. If ARIN chooses to go down this road but exempt PGP attachments, it might be useful to generalize it to any kind of digital signature. Kind regards, Leo Vegoda -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3739 bytes Desc: not available URL: From bzs at theworld.com Tue Apr 24 18:29:50 2018 From: bzs at theworld.com (bzs at theworld.com) Date: Tue, 24 Apr 2018 18:29:50 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: <20180424171211.GA66135@gweep.net> References: <20180424171211.GA66135@gweep.net> Message-ID: <23263.45022.984369.12246@gargle.gargle.HOWL> It's too bad mailing list packages don't provide the admin option to turn attachments into URLs/URIs. Seems kind of obvious, maybe some do. Then if a problem were found later at least the UR* could be pointed at a "sorry [REASON]" page rather than its entire contents delivered repeatedly to each mbox. As you were. -- -Barry Shein Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo* From adeshotel at hbu.edu Tue Apr 24 09:08:09 2018 From: adeshotel at hbu.edu (Al DesHotel) Date: Tue, 24 Apr 2018 13:08:09 +0000 Subject: [ARIN-consult] FW: [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: * Question: Should attachments be prohibited on ARIN public mailing lists? YES; mostly from the standpoint of looking like a phish. * Question: If yes, should this include all ARIN public mailing lists, or only select lists? All Organization Info: HBU-7 Al DesH?tel, Technical Director Information Technology Services Brown Administration Building, Room 214 7502 Fondren Rd. Houston, TX 77074 Office: 281-649-3805 ? adeshotel at hbu.edu -----Original Message----- From: ARIN-announce [mailto:arin-announce-bounces at arin.net] On Behalf Of ARIN Sent: Tuesday, April 24, 2018 7:22 AM To: arin-announce at arin.net Subject: [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists ARIN has received a suggestion requesting attachments be prohibited on ARIN public mailing lists, including PPML. * Question: Should attachments be prohibited on ARIN public mailing lists? * Question: If yes, should this include all ARIN public mailing lists, or only select lists? https://www.arin.net/participate/mailing_lists/index.html The feedback you provide during this consultation will help inform how ARIN will proceed in response to ACSP 2018.11. All messages that have been sent to ARIN mailing lists on this topic in the last week, and prior to the opening of this consultation, will be included in our feedback collection resulting from this consultation. Thank you for your participation in the ARIN Consultation and Suggestion Process. Please provide comments to arin-consult at arin.net. You can subscribe to this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult Discussion on arin-consult at arin.net will close on 7 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-announce Please contact info at arin.net if you experience any issues. NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (281-649-3000), and delete this message and all copies and backups thereof. Thank you. From rv at NIC.DTAG.DE Wed Apr 25 09:08:25 2018 From: rv at NIC.DTAG.DE (Ruediger Volk) Date: Wed, 25 Apr 2018 15:08:25 +0200 Subject: [ARIN-consult] Consultation an ARIN IRR Roadmap Message-ID: <20025.1524661705@x59.NIC.DTAG.DE> After having commented on John's presentation @Atlanta NANOG and quietly watching the ARIN meeting last week over delayed webcast I finally got around to contribute this evaluation and suggestion. I'm happy to discuss further, and left out quite a lot of additional details. (Though let me apologize in advance for the very limited number of messages that I actually can process per day.) Mark Kosters wrote Date: Thu Mar 15 09:56:09 EDT 2018 (http://lists.arin.net/pipermail/arin-consult/2018-March/000958.html) in reporting about discussion @Atlanta NANOG > * RPKI was mentioned as a superior system for routing security but many felt that an > improvement to the IRR would be a good intermediate step. > > * Allowing for better tools that leveraged the existing routing system to help > users create correct objects in both RPKI and IRR. In a February thread between John Curran and Jay Borkenhagen there also was mentioning of ongoing - but unannounced and so far undocumented - enhancements to ARIN's RPKI. I would suggest to read Jay's request "Please announce ARIN's rpki enhancement plans prior to beginning development" with a wider horizon to actually cover both RPKI enhancements and IRR changes/new design - I believe that a common plan is reasonable - if not a requirement - for efficient developement and deployment of a solution that covers a set of well understood goals to help improve routing security; piecemeal independantly tinkering with a number of features in the area is likely to deliver suboptimal or broken results. The first bullet quoted from Mark seems to agree with the view that broad use of RPKI is the more desirable - and longer time frame - goal and use of IRR is viewed and intended to be transitional. I agree with that and believe that carefully looking into the details (including the specifics of ARIN) that efforts to add authorization by resource holders into RPSL based IRR are a misguided waste and distraction (as it likely would extend the IRR transitional use for another decade or more). Efforts to improve ARIN's RPKI e.g. for more friendly and helpful user interface (such as RIPE NCC's service provides to resource holders), reliability, accessability of validated evaluation of RPKI information make sense and can make the use of the system more attractive - leading to expanded coverage. ARIN's RPKI already has implemented the link from it's authoritative whois resource registry to enable resource holders to securely document with ROAs authorized representation of their address space by routes in the public Internet. Software to present this information in terms of IRR objects (route:, route6:, route-set:) is available for free. With minimum effort and within a few days ARIN thus could make this information from the existing RPKI system accessible as a new IRR collection (with a new "source:" distinguisher to indicate the specific quality). (As an operator I understand that a committing to a production service requires more effort and time than this description of a demo service.) Let's call the approach of making validated ROA information accessible as RPSL objects in a distinct IRR source ROA2IRR. Taking the ROA2IRR approach the second bullet quoted from Mark becomes somewhat moot, as RPKI and IRR would be automatically synchronized and consistent (with a bit of time skew similar to other distributed databases we are used to in networking). I doubt that there are cases justify extra efforts to freshly create systems to support inconsistent authorized RPKI ./. IRR style data. (Support tools to help reconcile inconsistencies in any kind of legacy data with modern authoritative data makes sense - fixing/removing legacy - but is entirely different thing). It also would seem crazy if ARIN were to create in parallel route authorisation data sets that have different accessability (access&use) rules RPKI ./. IRR. Going along ROA2IRR enables operators that are using IRR/RPSL to generate routing policy configuration (and specifically prefix filters) with legacy RPSL tooling to make use of high quality information from RPKI and provides an intermediate step that actually moves forward. Designing and implementing a new authorization enhanced IRR in contrast is stepping to the side (or even back) while requiring time, effort, learning, adaption and later migration efforts, creates over all higher complexity, [potential for] inconsistency, ... confusing potential users which system actually to use for what, diluting the education/learning of tools+environments, ... So I think ARIN is best advised to endorse a ROA2IRR approach and focus on identifying and addressing obstacles to higher take up of members getting RPKI certificates and creating ROAs. Before starting implementation of a revamped ARIN IRR the draft design really should be evaluated against an ROA2IRR approach. We are willing to contribute software for ROA2IRR and explanation of the small tricks that we figured out to optimize integration in existing environments. Regards, Ruediger Ruediger Volk From oroberts at bell.ca Tue Apr 24 08:54:23 2018 From: oroberts at bell.ca (Roberts, Orin) Date: Tue, 24 Apr 2018 12:54:23 +0000 Subject: [ARIN-consult] [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: <8f253e4f6141488797a5d7c0fc9c1b5e@DG2MBX04-DOR.bell.corp.bce.ca> #1 Yes. EXCEPTION: Attachments and diagrams should only originate from ARIN staff/AC members (moderators). #2 All public mailing lists. *in exceptional cases, the moderator will collaborate with a participant to send our any necessary documents. **especially for persons using their work emails to subscribe. Orin Roberts Bell Canada -----Original Message----- From: ARIN-announce On Behalf Of ARIN Sent: April-24-18 8:22 AM To: arin-announce at arin.net Subject: [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists ARIN has received a suggestion requesting attachments be prohibited on ARIN public mailing lists, including PPML. * Question:? Should attachments be prohibited on ARIN public mailing lists? * Question:? If yes, should this include all ARIN public mailing lists, or only select lists? https://www.arin.net/participate/mailing_lists/index.html The feedback you provide during this consultation will help inform how ARIN will proceed in response to ACSP 2018.11. All messages that have been sent to ARIN mailing lists on this topic in the last week, and prior to the opening of this consultation, will be included in our feedback collection resulting from this consultation. Thank you for your participation in the ARIN Consultation and Suggestion Process. Please provide comments to arin-consult at arin.net. You can subscribe to this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult Discussion on arin-consult at arin.net will close on 7 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-announce Please contact info at arin.net if you experience any issues. From rharris at hbu.edu Tue Apr 24 09:09:03 2018 From: rharris at hbu.edu (Richard L Harris Jr) Date: Tue, 24 Apr 2018 13:09:03 +0000 Subject: [ARIN-consult] [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: Agreed. Yes, and All. -----Original Message----- From: Al DesHotel Sent: Tuesday, April 24, 2018 8:08 AM To: arin-consult at arin.net Cc: Richard L Harris Jr Subject: FW: [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists * Question: Should attachments be prohibited on ARIN public mailing lists? YES; mostly from the standpoint of looking like a phish. * Question: If yes, should this include all ARIN public mailing lists, or only select lists? All Organization Info: HBU-7 Al DesH?tel, Technical Director Information Technology Services Brown Administration Building, Room 214 7502 Fondren Rd. Houston, TX 77074 Office: 281-649-3805 ? adeshotel at hbu.edu -----Original Message----- From: ARIN-announce [mailto:arin-announce-bounces at arin.net] On Behalf Of ARIN Sent: Tuesday, April 24, 2018 7:22 AM To: arin-announce at arin.net Subject: [arin-announce] Consultation on Prohibiting Attachments on ARIN Mailing Lists ARIN has received a suggestion requesting attachments be prohibited on ARIN public mailing lists, including PPML. * Question: Should attachments be prohibited on ARIN public mailing lists? * Question: If yes, should this include all ARIN public mailing lists, or only select lists? https://www.arin.net/participate/mailing_lists/index.html The feedback you provide during this consultation will help inform how ARIN will proceed in response to ACSP 2018.11. All messages that have been sent to ARIN mailing lists on this topic in the last week, and prior to the opening of this consultation, will be included in our feedback collection resulting from this consultation. Thank you for your participation in the ARIN Consultation and Suggestion Process. Please provide comments to arin-consult at arin.net. You can subscribe to this mailing list at: http://lists.arin.net/mailman/listinfo/arin-consult Discussion on arin-consult at arin.net will close on 7 May 2018. If you have any questions, please contact us at info at arin.net. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-announce Please contact info at arin.net if you experience any issues. NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (281-649-3000), and delete this message and all copies and backups thereof. Thank you. From rsk at gsp.org Wed Apr 25 04:08:00 2018 From: rsk at gsp.org (Rich Kulawiec) Date: Wed, 25 Apr 2018 04:08:00 -0400 Subject: [ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists In-Reply-To: References: Message-ID: <20180425080800.GB19687@gsp.org> On Tue, Apr 24, 2018 at 08:21:36AM -0400, ARIN wrote: > * Question:?? Should attachments be prohibited on ARIN public > mailing lists? > > * Question:?? If yes, should this include all ARIN public mailing > lists, or only select lists? No and yes. ;) Having wrestled with this question many times on many technical and non-technical mailing lists, I have a recommendation. First, to answer the second question, use the same policy across all mailing lists. Doing otherwise will cause user confusion and complicate maintenance of the Mailman configuration. Second, to return to the first question, I recommend allowing (a) only open-format attachments and (b) only those which are likely to facilitate communication between list members. (a) rules out proprietary formats like Word, which are a problem in any event because so many mail systems treat them as possible malware vehicles (which they are) on both a technical and administrative level. I've observed situations where operation A will allow its users to emit mail traffic with proprietary attachments, but will reject/quarantine those very mail messages when they're relayed back to the same users at operation A via a mailing list. And of course proprietary formats have all sorts of other issues, including lack of backward compatibility -- which is not just an issue for archives. (b) rules attachments in/out based on what makes the list work. It might include pdf, djvu, ps for documents and pl, py, sh for scripts, for example. It's entirely a judgment call based on what the list-owner and list members think is necessary/desirable. Mailman makes it easy to configure this via pass_mime_types and pass_filename_extensions but it's probably worth noting that it believes what it sees. I think allowing attachments is preferred over directing list members to third-party sites because (1) it makes the list and its archives self-contained (2) it avoids the myriad problems with third-party sites (3) which include the possibly-unpleasant consequences of repurposed/redirected/defunct third-party sites and (4) it avoids making list members do a lot of extra work when all they want to do is share a 30-line Python script that accomplishes some simple task. I also think it's the responsibility of anyone participating in any public mailing list to equip themselves with a mail service, a mail client, and an operating system suitable for participation. In other words, people who choose to run junk software on junk operating systems should not be shielded from the consequences of those choices to the detriment of others who have chosen more wisely. ---rsk From job at ntt.net Fri Apr 27 10:46:17 2018 From: job at ntt.net (Job Snijders) Date: Fri, 27 Apr 2018 14:46:17 +0000 Subject: [ARIN-consult] Consultation an ARIN IRR Roadmap In-Reply-To: <20025.1524661705@x59.NIC.DTAG.DE> References: <20025.1524661705@x59.NIC.DTAG.DE> Message-ID: Dear all, I support Reudiger?s proposed approach. Thank Reudiger for taking the time to write this up. I think this direction would provide a good bridge between old and new tools, provide tangible value to the community in terms of offering an authoritative routing data source - and it closes the loophole and risk that the current ARIN IRR represent to our businesses. I believe LACNIC is on a similar trajectory (to expose RPKI data via IRR interfaces), so the ROA2IRR approach is not drawn from thin air. Kind regards, Job On Fri, 27 Apr 2018 at 16:10, Ruediger Volk wrote: > After having commented on John's presentation @Atlanta NANOG > and quietly watching the ARIN meeting last week over delayed webcast > I finally got around to contribute this evaluation and suggestion. > I'm happy to discuss further, and left out quite a lot of additional > details. (Though let me apologize in advance for the very limited number > of messages that I actually can process per day.) > > > Mark Kosters wrote Date: Thu Mar 15 09:56:09 EDT 2018 > (http://lists.arin.net/pipermail/arin-consult/2018-March/000958.html) > in reporting about discussion @Atlanta NANOG > > > * RPKI was mentioned as a superior system for routing security but > many felt that an > > improvement to the IRR would be a good intermediate step. > > > > * Allowing for better tools that leveraged the existing routing system > to help > > users create correct objects in both RPKI and IRR. > > In a February thread between John Curran and Jay Borkenhagen there also was > mentioning of ongoing - but unannounced and so far undocumented - > enhancements > to ARIN's RPKI. I would suggest to read Jay's request > "Please announce ARIN's rpki enhancement plans prior to beginning > development" > with a wider horizon to actually cover both RPKI enhancements and > IRR changes/new design - I believe that a common plan is reasonable - > if not a requirement - for efficient developement and deployment of > a solution that covers a set of well understood goals to help > improve routing security; piecemeal independantly tinkering > with a number of features in the area is likely to deliver > suboptimal or broken results. > > The first bullet quoted from Mark seems to agree with the view that > broad use of RPKI is the more desirable - and longer time frame - goal > and use of IRR is viewed and intended to be transitional. > I agree with that and believe that carefully looking into the details > (including the specifics of ARIN) that efforts to add authorization > by resource holders into RPSL based IRR are a misguided waste and > distraction > (as it likely would extend the IRR transitional use for another decade or > more). > > Efforts to improve ARIN's RPKI e.g. for more friendly and helpful user > interface > (such as RIPE NCC's service provides to resource holders), reliability, > accessability of validated evaluation of RPKI information make sense and > can > make the use of the system more attractive - leading to expanded coverage. > > ARIN's RPKI already has implemented the link from it's authoritative whois > resource registry to enable resource holders to securely document with ROAs > authorized representation of their address space by routes in the public > Internet. Software to present this information in terms of IRR objects > (route:, route6:, route-set:) is available for free. > With minimum effort and within a few days ARIN thus could make > this information from the existing RPKI system accessible > as a new IRR collection (with a new "source:" distinguisher > to indicate the specific quality). > (As an operator I understand that a committing to a production service > requires more effort and time than this description of a demo service.) > Let's call the approach of making validated ROA information accessible > as RPSL objects in a distinct IRR source ROA2IRR. > > Taking the ROA2IRR approach the second bullet quoted from Mark > becomes somewhat moot, as RPKI and IRR would be automatically > synchronized and consistent (with a bit of time skew similar > to other distributed databases we are used to in networking). > I doubt that there are cases justify extra efforts to freshly create > systems to support inconsistent authorized RPKI ./. IRR style data. > (Support tools to help reconcile inconsistencies in any kind of legacy > data with modern authoritative data makes sense - fixing/removing legacy - > but is entirely different thing). > It also would seem crazy if ARIN were to create in parallel route > authorisation > data sets that have different accessability (access&use) rules RPKI ./. > IRR. > > Going along ROA2IRR enables operators that are using IRR/RPSL to generate > routing policy configuration (and specifically prefix filters) > with legacy RPSL tooling to make use of high quality information from RPKI > and provides an intermediate step that actually moves forward. > Designing and implementing a new authorization enhanced IRR in contrast > is stepping to the side (or even back) while requiring time, effort, > learning, adaption and later migration efforts, creates over all > higher complexity, [potential for] inconsistency, ... > confusing potential users which system actually to use for what, > diluting the education/learning of tools+environments, ... > > So I think ARIN is best advised to endorse a ROA2IRR approach and focus > on identifying and addressing obstacles to higher take up of members > getting RPKI certificates and creating ROAs. > > Before starting implementation of a revamped ARIN IRR the draft design > really > should be evaluated against an ROA2IRR approach. > > We are willing to contribute software for ROA2IRR and explanation of the > small tricks that we figured out to optimize integration in existing > environments. > > > Regards, > Ruediger > > > Ruediger Volk > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at herrin.us Fri Apr 27 11:02:19 2018 From: bill at herrin.us (William Herrin) Date: Fri, 27 Apr 2018 11:02:19 -0400 Subject: [ARIN-consult] Consultation an ARIN IRR Roadmap In-Reply-To: <20025.1524661705@x59.NIC.DTAG.DE> References: <20025.1524661705@x59.NIC.DTAG.DE> Message-ID: On Wed, Apr 25, 2018 at 9:08 AM, Ruediger Volk wrote: > In a February thread between John Curran and Jay Borkenhagen there also was > mentioning of ongoing - but unannounced and so far undocumented - enhancements > to ARIN's RPKI. Hi Ruediger, Thanks for looking in to this. Two questions: 1. What's the current status of ARIN RPKI with respect to relying parties and contracts? Are relying parties still obligated to accept a contract of adhesion in order to gain access to ARIN's RPKI data? 2. What's the current status of ARIN RPKI with respect to legacy registrations? Is it still the case that legacy registrations must be brought under one of ARIN's registration services agreements (also adhesion contracts) in order to participate? (an adhesion or boilerplate contract is a contract where the terms and conditions of the contract are set by one of the parties, and the other party has little or no ability to negotiate more favorable terms and is thus placed in a "take it or leave it" position) Regards, Bill Herrin -- William Herrin ................ herrin at dirtside.com bill at herrin.us Dirtside Systems ......... Web: From jcurran at arin.net Fri Apr 27 12:08:11 2018 From: jcurran at arin.net (John Curran) Date: Fri, 27 Apr 2018 16:08:11 +0000 Subject: [ARIN-consult] Consultation an ARIN IRR Roadmap In-Reply-To: References: <20025.1524661705@x59.NIC.DTAG.DE> Message-ID: On 27 Apr 2018, at 11:02 AM, William Herrin > wrote: Thanks for looking in to this. Two questions: 1. What's the current status of ARIN RPKI with respect to relying parties and contracts? Are relying parties still obligated to accept a contract of adhesion in order to gain access to ARIN's RPKI data? Bill - The ARIN Repository is available to anyone under the terms and conditions in the Relying Party Agreement. Parties accept these terms when obtaining the ARIN TAL - 2. What's the current status of ARIN RPKI with respect to legacy registrations? Legacy resource holders have basic registration services, and this does not include RPKI. If legacy resource holders wish to benefit from these services that were developed since ARIN?s formation and paid for by the ARIN community, they need to bring their resources under the registration services agreement. Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: From deraadt at openbsd.org Fri Apr 27 14:36:38 2018 From: deraadt at openbsd.org (Theo de Raadt) Date: Fri, 27 Apr 2018 12:36:38 -0600 Subject: [ARIN-consult] Consultation an ARIN IRR Roadmap In-Reply-To: References: <20025.1524661705@x59.NIC.DTAG.DE> Message-ID: <33688.1524854198@cvs.openbsd.org> William Herrin wrote: > On Wed, Apr 25, 2018 at 9:08 AM, Ruediger Volk wrote: > > In a February thread between John Curran and Jay Borkenhagen there also was > > mentioning of ongoing - but unannounced and so far undocumented - enhancements > > to ARIN's RPKI. > > > Hi Ruediger, > > Thanks for looking in to this. Two questions: > > 1. What's the current status of ARIN RPKI with respect to relying > parties and contracts? Are relying parties still obligated to accept a > contract of adhesion in order to gain access to ARIN's RPKI data? Hi William, You probably recognize me as responsible for OpenBSD, which contains both dns and bgp software (OpenBGPD). On the dns front, the PKI authority model is largely resolved. OpenBSD ships with the DNS Root Zone Trust Anchor: lowering the barrier to set up secure systems helps increase security. But on the bgp front it is a mess. Clearly the RP agreement prevents OpenBGPD from shipping the public keys. It is unlikely that users (especially those abroad) will go to ARIN to evaluate an agreement to download keys to put onto their routers or validators. Other router vendors will be in the same situation. I hope for a solution that works for all bgp software including OpenBGPD, Junos, BIRD. From info at arin.net Mon Apr 30 13:13:32 2018 From: info at arin.net (ARIN) Date: Mon, 30 Apr 2018 13:13:32 -0400 Subject: [ARIN-consult] Consultation on ARIN Internet Routing Registry (IRR) Roadmap now Closed Message-ID: <42fac77c-2925-a214-0581-3f76ebdb3114@arin.net> ARIN thanks those who provided valuable feedback during this consultation on the ARIN IRR Roadmap. This important feedback will help inform ARIN?s path forward in this area. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN) From info at arin.net Mon Apr 30 13:14:13 2018 From: info at arin.net (ARIN) Date: Mon, 30 Apr 2018 13:14:13 -0400 Subject: [ARIN-consult] Consultation on Securing Whois Queries now Closed Message-ID: <9e2a8d98-7758-7010-50b3-99d41881f08f@arin.net> ARIN thanks those who provided valuable feedback during this consultation that was issued in response to ACSP 2018.3: Automatically Redirect Whois Queries to Secure URL. https://www.arin.net/participate/acsp/suggestions/2018-3.html This important feedback will help inform ARIN?s path forward in this area. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN) From info at arin.net Mon Apr 30 15:09:56 2018 From: info at arin.net (ARIN) Date: Mon, 30 Apr 2018 15:09:56 -0400 Subject: [ARIN-consult] Consultation on ASO Review extended to 4 May Message-ID: <9736badb-c9fd-fbc7-f51c-abd7682cb256@arin.net> In order to allow more time to gather community feedback on the current Consultation on the ASO Review, we are extending the comment period to 4 May 2018. The full Consultation is available for review at: https://www.nro.net/aso-review-consultation-2018/ Please provide comments to arin-consult at arin.net. All ARIN community feedback will be forwarded on to the NRO. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN) From jcurran at arin.net Mon Apr 30 16:47:22 2018 From: jcurran at arin.net (John Curran) Date: Mon, 30 Apr 2018 20:47:22 +0000 Subject: [ARIN-consult] Summary of ARIN 41 consultation session (Re: ASO Review Consultation 2018) In-Reply-To: References: Message-ID: <3A718FA8-D21C-42C2-9DDA-501ED0D0F18D@arin.net> On 2 Feb 2018, at 8:59 AM, ARIN > wrote: As a part of the Number Resource Organization (NRO), ARIN is seeking community input on the NRO community consultation on the ASO review. "The most recent ASO Review concluded with 18 recommendations, which the NRO has resolved to accept. The first 17 recommendations are well defined and practical, and can be implemented by actions of the NRO Secretariat, or of the ASO Address Council, with respect to administrative procedures, documentation, or in some cases adjustments to agreements which are expected to be non-controversial. The 18th recommendation of the Report is that "The NRO should initiate a public consultation, involving the five RIR communities, to determine the future structure of the ASO". The NRO EC has concluded to accept that recommendation and is hereby launching a consultation on the issues identified in the ASO Review Report." The full Consultation is available for review at: https://www.nro.net/aso-review-consultation-2018/ ARIN-Consult community: On Monday, 16 April 2018 (day 1 of the ARIN 41 Public Policy Meeting in Miami), a consultation session was held to gather additional input for this community consultation on the future structure of the ASO. As reported during that session, I took on the responsibility to provide a brief summary of the discussion to this mailing list. Those interested in the full meeting transcript may review it here: https://www.arin.net/vault/participate/meetings/reports/ARIN_41/ppm.html In summary: 1) Unlike the comments received on the arin-consult mailing list to date, the prevailing view was that the number community relationship with ICANN (that which is referred as the ASO relationship) should continue ? presuming that it can be significantly simplified and kept focused on number community matters 2) It is important that ICANN recognize that the number community is not a typical ICANN Supporting Organization, and our engagement with ICANN serves primarily to facilitate interactions on number resource policy matters. This scope of the number community engagement with ICANN needs to be made plain to the ICANN community, and both the NRO-EC and ASO AC need to be diligent in declining invitations that that lie outside this scope. 3) Since the use of two names (?NRO? & ?ASO?) increases confusion in the ICANN relationship, the number community should engage with ICANN as the Number Resource Organization (NRO), with the NRO Number Council (NRO NC) continuing to handle global policy development and ICANN Board election matters as usual. 4) More significant changes to the number community/ICANN relationship should be deferred for a future review cycle, as there is presently value in the relationship that should be preserved (presuming that it can be simplified as noted above.) Comments on this summary are most welcome - Thanks! /John John Curran President and CEO ARIN -------------- next part -------------- An HTML attachment was scrubbed... URL: