From Ken.Schultz at marconi.com Thu May 1 09:18:13 2003 From: Ken.Schultz at marconi.com (Schultz, Ken) Date: Thu, 1 May 2003 09:18:13 -0400 Subject: [ppml] The WIANA registry Message-ID: <1DE644007776D3119FAC00204840ECF408CD48DA@whq-msgusr-03.pit.comms.marconi.com> As I understand this, the WIANA has done what thousands of companies before them have done -- they numbered their internal private network with addresses that did not "belong" to them. Many companies have done this and used RFC1918 space, many others have not. (Mine is one that uses both). How is this any different? Sure, they have suggested that they might in the future ask to assigned this address space for real. Well, I can state a lot of things that I'd like to ask for. It certainly does not mean that I will get them. If at some point in time they have a need for assigned address space, they would need to go through the same process as everyone else. If they find an ISP dumb....er...short-sighted enough to announce the 1/8 space without a proper address assignment, then that's a problem for that ISP and any other ISP that accepts the advertisement. However, IF they do follow the proper process to request address space AND they can actually justify through that the process the assignment of a full /8 network, then who gets hurt by giving them the address space that they are already using? Of course, by the time they get to that point, the 1/8 might be assigned to someone else and they'd have to renumber their internal network. Well, they are assigning their internal address space dynamically I hope. Either way, they'd be in the same boat as thousands of other companies that have needed to renumber their internal networks. If they don't go through the proper process or can't justify that much address space, then they don't get the address space that they want. Simple, end of story. There may indeed be problems with the registry process, but one organization's use of a non-1918 address block on an internal network is certainly not one of them. -----Original Message----- From: Trevor Paquette [mailto:Trevor.Paquette at TeraGo.ca] Sent: Tuesday, April 29, 2003 1:01 PM To: ppml at arin.net Subject: RE: [ppml] The WIANA registry The way I see this whole issue is the following: 1) WIANA has unilaterally decided that they will be using the 1/8 IP supernet 2) WIANA has stated that this network is 'a different physical medium to the classic Internet' 3) WIANA has stated that their network 'does not map directly into Internet address space, external connections are translated and will perhaps eventually slot into an ipv6 subnet' Given (1), (2) and (3) above.. This is like running a private network. No problem so far. However, (here is the kicker).. How long do you think it will be before they 'require' direct Internet connectivity due to the problems imposed by Network Address Translation?? I'm talking end-user demand that they be able to connect via VPN to corporate networks, email, IM, etc.. Most users don't care nor do they want to learn about the nuances of NAT.. they just want their application to work. Point, click, connect. Given the above, I expect WIANA to say at some point in the future "Look, we are already using this space and no-one else is; so just let us use it." All without going through the mutually agreed upon processes, procedures and justifications that everyone else must go through. This, I believe, is the real problem with this 'Registry'.. From michel at arneill-py.sacramento.ca.us Thu May 1 14:51:23 2003 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 1 May 2003 11:51:23 -0700 Subject: [ppml] The WIANA registry Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7BD@server2000.arneill-py.sacramento.ca.us> Ken, > Ken Schultz wrote: > However, IF they do follow the proper process to request address > space AND they can actually justify through that the process the > assignment of a full /8 network, then who gets hurt by giving them > the address space that they are already using? This is what the problem is: 1. If they are assigned later the space they hijacked, this legitimates hijacking and the next thing you know every mom and pop network on earth is going to hijack address space and try to get it legitimized. Hey, why not me too? 2. If they are not assigned the space and 1.0.0.0/8 is delegated to someone else they're going to whine about IANA or ARIN or whoever being that all-mighty evil entity that does not understand the need of the people blah blah. That's a lose-lose situation. If they could justify the space they should have requested it in the first place instead of hijacking it. Michel. From mury at goldengate.net Thu May 1 15:30:19 2003 From: mury at goldengate.net (Mury) Date: Thu, 1 May 2003 14:30:19 -0500 (CDT) Subject: [ppml] The WIANA registry In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F7BD@server2000.arneill-py.sacramento.ca.us> Message-ID: Exactly. > This is what the problem is: > > 1. If they are assigned later the space they hijacked, this legitimates > hijacking and the next thing you know every mom and pop network on earth > is going to hijack address space and try to get it legitimized. Hey, why > not me too? > > 2. If they are not assigned the space and 1.0.0.0/8 is delegated to > someone else they're going to whine about IANA or ARIN or whoever being > that all-mighty evil entity that does not understand the need of the > people blah blah. > > That's a lose-lose situation. If they could justify the space they > should have requested it in the first place instead of hijacking it. > > Michel. > From Michael.Dillon at radianz.com Fri May 2 05:29:56 2003 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 2 May 2003 10:29:56 +0100 Subject: [ppml] The WIANA registry Message-ID: >1. If they are assigned later the space they hijacked, this legitimates >hijacking and the next thing you know every mom and pop network on earth >is going to hijack address space and try to get it legitimized. Hey, why >not me too? Experience shows that slippery slopes rarely work that way because there are usually many limiting factors that prevent things from getting out of hand. In this instance, I think that there is some precedent for what WIANA is doing with IP addresses. Their activities are not that different from what AMPR does with 44/8. See here for more info on AMPR http://www.ampr.org/amprnet.html I think that this factor alone will prevent every mom and pop network on earth from trying to hijack address space. >2. If they are not assigned the space and 1.0.0.0/8 is delegated to >someone else they're going to whine about IANA or ARIN or whoever being >that all-mighty evil entity that does not understand the need of the >people blah blah. Exactly. That's why I think that the RIR community and IANA should work with WIANA now to legitimize their claim for IP address space. They do have a legitimate claim to a globally unique block and they are totally unlike the normal applicants for RIR space. Whether or not their activity justifies a whole /8, I don't know. But looking at the way that 44/8 is being managed and also the way that 24/8 was issued to the cable industry, I expect that it is reasonable to reserve 1/8 for possible future wireless network growth and to issue some subset of 1/8 today. >That's a lose-lose situation. If they could justify the space they >should have requested it in the first place instead of hijacking it. Clearly they did apply somewhere for address space and were turned down. The whole IP address allocation issue is so bloody confusing and poorly documented that it does not surprise me that they went off on their own. Does any RIR have a simple and clear set of instructions for first-time applicants to follow that includes an appeal procedure? NO! And that is the crux of the problem with organizations that are not mainstream ISPs. P.S. to WIANA: There are archives of this past week of mailing list discussion at http://www.arin.net/mailing_lists/index.html under the IP Allocations Policies Working Group. --Michael Dillon From bmanning at karoshi.com Fri May 2 07:32:54 2003 From: bmanning at karoshi.com (bmanning at karoshi.com) Date: Fri, 2 May 2003 04:32:54 -0700 (PDT) Subject: [ppml] The WIANA registry In-Reply-To: from "Michael.Dillon@radianz.com" at May 02, 2003 10:29:56 AM Message-ID: <200305021132.h42BWs714590@karoshi.com> > In this instance, I think that there is some precedent for what > WIANA is doing with IP addresses. Their activities are not that different > from what AMPR does with 44/8. Not even. when AMPR requested space, the minimum allocation was a /8 and they justified their use under the then current guidelines. Has WIANA done the same? It appears to not be the case. If they have, why would you use words like: "legitimize their claim..." > Exactly. That's why I think that the RIR community and IANA should work > with WIANA now to legitimize their claim for IP address space. They do > have a legitimate claim to a globally unique block and they are totally > unlike the normal applicants for RIR space. Whether or not their activity > justifies a whole /8, I don't know. But looking at the way that 44/8 is > being managed and also the way that 24/8 was issued to the cable industry, Er, if anything was learned from the net 24 experience, it was that the original delegation model as proposed, did not work out and we now see 24.0.0.0 back to being managed by the RIRs. > >That's a lose-lose situation. If they could justify the space they > >should have requested it in the first place instead of hijacking it. > > Clearly they did apply somewhere for address space and were turned down. So, unlike AMPR or the cable industry, who were successful in their applications (and it took the cable industry several runs to get their ducks lined up) you are asserting that the WIANA did apply, were turned down, and so took matters into their own hands, hijacking space. And it is up to the RIRs to recognise the error of their ways and sanction the bahaviour of the WIANA by "legitimizing their claim". Would the WIANA agree with your assertions about their behaviour and motives? > --Michael Dillon From Ken.Schultz at marconi.com Fri May 2 07:48:56 2003 From: Ken.Schultz at marconi.com (Schultz, Ken) Date: Fri, 2 May 2003 07:48:56 -0400 Subject: [ppml] The WIANA registry Message-ID: <1DE644007776D3119FAC00204840ECF408CD48DF@whq-msgusr-03.pit.comms.marconi.com> I think that my point was a little different. If you consider the requirements of the justification process and what it would take to justify utilization of a /8, these are not trivial tasks. Right now, they may not be big enough to justify usage of a /20 much less a /8. (I don't know, and I don't think it matters much). Let's assume that they eventually GROW to be large enough to justify large chunks of address space, even though they are likely not that big today. Now assume that we reach the day where WIANA has indeed applied, gone through the process, and have justified a /8. Now, when the decision is to be made regarding which /8 to give them, does it really matter all that much WHICH /8 they receive? Does 1/8 really have that much more intrinsic value than 122/8. I don't think so. If they receive 122/8 and whine because they didn't get 1/8, why would anyone care about the whining? Will there be a spot on the justification form for "Will you whine about our answer? How much?" If they justify address space and it's not a /8, and they whine, does anyone care about that either? I'm sorry if it sounds like I am oversimplifying the problem, but sometimes the problem really is that simple. I don't think that IANA/ARIN/et al should assign the 1/8 without a justification process. Nor do I think that they should now reserve the 1/8 in order to possibly fill WIANA's future request. They should just go about their normal paperwork handling procedures, and assignment procedures, as if they had never seen WIANA's website. If every mom and pop network is able to justify address space as big as a /8, then fine. Perhaps that will push IPv6 adequately. Actually, what are the ramifications if hijacking became commonplace? Remember we are only talking about address space that has been applied for and justified. It sounds like we'd potentially be looking at another swamp. But is this really a concern when we are talking about /8's ? -----Original Message----- From: Michel Py [mailto:michel at arneill-py.sacramento.ca.us] Sent: Thursday, May 01, 2003 2:51 PM To: Schultz, Ken; ppml at arin.net Subject: RE: [ppml] The WIANA registry Ken, > Ken Schultz wrote: > However, IF they do follow the proper process to request address > space AND they can actually justify through that the process the > assignment of a full /8 network, then who gets hurt by giving them > the address space that they are already using? This is what the problem is: 1. If they are assigned later the space they hijacked, this legitimates hijacking and the next thing you know every mom and pop network on earth is going to hijack address space and try to get it legitimized. Hey, why not me too? 2. If they are not assigned the space and 1.0.0.0/8 is delegated to someone else they're going to whine about IANA or ARIN or whoever being that all-mighty evil entity that does not understand the need of the people blah blah. That's a lose-lose situation. If they could justify the space they should have requested it in the first place instead of hijacking it. Michel. From ron at aol.net Fri May 2 09:28:45 2003 From: ron at aol.net (Ron da Silva) Date: Fri, 2 May 2003 09:28:45 -0400 Subject: [ppml] The WIANA registry In-Reply-To: References: Message-ID: <20030502132845.GA17126@aol.net> On Fri, May 02, 2003 at 10:29:56AM +0100, Michael.Dillon at radianz.com wrote: > > Does any RIR have a simple and clear set of instructions for first-time > applicants to follow that includes an appeal procedure? NO! And that is > the crux of the problem with organizations that are not mainstream ISPs. http://www.arin.net ? Click on one of the "Registration" links and read the directions get ASNs, IP addresses, pizza, etc. -ron From michel at arneill-py.sacramento.ca.us Fri May 2 11:04:57 2003 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 2 May 2003 08:04:57 -0700 Subject: [ppml] The WIANA registry Message-ID: <963621801C6D3E4A9CF454A1972AE8F50457D8@server2000.arneill-py.sacramento.ca.us> > Bill Manning wrote: > when AMPR requested space, the minimum allocation > was a /8 and they justified their use under the then current > guidelines. Has WIANA done the same? It appears to not be > the case. If they have, why would you use words like: > "legitimize their claim..." Exactly. For the record, although I have disagreed with Bill many times we're on the same page here. Michel. From Michael.Dillon at radianz.com Fri May 2 11:04:36 2003 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 2 May 2003 16:04:36 +0100 Subject: [ppml] The WIANA registry Message-ID: >> Does any RIR have a simple and clear set of instructions for first-time >> applicants to follow that includes an appeal procedure? NO! And that is >> the crux of the problem with organizations that are not mainstream ISPs. >http://www.arin.net ? Click on one of the "Registration" links and >read the directions get ASNs, IP addresses, pizza, etc. I said "simple and clear set of instructions for first-time applicants". The stuff on the ARIN website is not simple and clear for a first-time applicant to understand. The word "appeal" does not appear on either the IPv4 Guidlines page or the IPv4 Policies page. Your response reminds me of an incident shortly before the French revolution. The people were demonstrating in the streets and the queen asked why they were complaining. A servant explained that the people didn't have any bread to eat. "Well then, let them eat cake!", said the queen. Not long after that, the queen's head was chopped off putting an end to the arrogant statements of a privileged insider. In the months that followed, most of arrogant insiders, i.e. the nobility, were also executed. I'm suggesting that those of us who are privileged to be ARIN insiders should come down off of our pedestals and realize that the old order is being swept away. We need to change. We need to explain what we do, why we do it, and how we do it. It does no one any good to complain that outsiders are not following our rules when many of us barely understand what the rules are. --Michael Dillon From bmanning at karoshi.com Fri May 2 11:33:00 2003 From: bmanning at karoshi.com (bmanning at karoshi.com) Date: Fri, 2 May 2003 08:33:00 -0700 (PDT) Subject: [ppml] The WIANA registry In-Reply-To: from "Michael.Dillon@radianz.com" at May 02, 2003 04:04:36 PM Message-ID: <200305021533.h42FX0n15955@karoshi.com> > I'm suggesting that those of us who are privileged to be ARIN insiders > should come down off of our pedestals and realize that the old order is > being swept away. We need to change. We need to explain what we do, why we > do it, and how we do it. It does no one any good to complain that > outsiders are not following our rules when many of us barely understand > what the rules are. > > --Michael Dillon I store my rules in an LDAP db. :) Seriously, ARIN is doing a very good job in outreach and explaining what, why, and how we do things. It is not perfect and still needs work but it is much more open/transparent than in decades gone by. One might argue that we have lost important and valuable processes along the way and that may be true. We should fill in the missing, underspecified areas where appropriate and remain true to the core mission of prudent and effective management of the Internet resources we are entrusted with. --bill From ron at aol.net Fri May 2 11:38:56 2003 From: ron at aol.net (Ron da Silva) Date: Fri, 2 May 2003 11:38:56 -0400 Subject: [ppml] The WIANA registry In-Reply-To: References: Message-ID: <20030502153856.GH17126@aol.net> I hope that you are not advocating a repeat of Bastille Day, yikes! ;-) (Even more ludicrous is to suggest that a genuine American mutt like myself is royalty.) Advocating that the web content can be clearer or easier is a different issue, and I'm sure welcomed by ARIN staff. Perhaps you would be willing to assist their webmaster with some specific suggestions on developing clarity? Certainly not policy related though, and better communicated directly with ARIN staff rather than complaining on ppml? -ron From michel at arneill-py.sacramento.ca.us Fri May 2 12:03:43 2003 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 2 May 2003 09:03:43 -0700 Subject: [ppml] The WIANA registry Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7C3@server2000.arneill-py.sacramento.ca.us> Michael, > Michael Dillon wrote: > I said "simple and clear set of instructions for > first-time applicants". I question the qualification of a first-time applicant to run a network that needs a class A. If one has never applied for address space before (or never helped customers apply for it), one has never operated any kind of significant network before and therefore should not be allowed to mess up on such a large scale. Michel. From billd at cait.wustl.edu Fri May 2 12:30:27 2003 From: billd at cait.wustl.edu (Bill Darte) Date: Fri, 2 May 2003 11:30:27 -0500 Subject: [ppml] The WIANA registry Message-ID: Michael, I would be happy for you (and I am sure that the ARIN staff would as well) to suggest language which would help new applicants understand the process and procedure and perhaps even the underlying policy..... As a party interested in ARIN education and outreach, I would be willing to collaborate in support of your efforts and I'm sure that Member Services would also be interested in our feedback and suggestions. Of course you understand that this is not a suggestion to change or to criticize the policies.... rather, a way to make the system easier to interpret and navigate for the community you advocate for below. Bill Darte ARIN Advisory Council > -----Original Message----- > From: Michael.Dillon at radianz.com [mailto:Michael.Dillon at radianz.com] > Sent: Friday, May 02, 2003 10:05 AM > To: admin at wiana.org; ppml at arin.net > Subject: Re: [ppml] The WIANA registry > > > >> Does any RIR have a simple and clear set of instructions > for first-time > > >> applicants to follow that includes an appeal procedure? > NO! And that is > > >> the crux of the problem with organizations that are not mainstream > ISPs. > > >http://www.arin.net ? Click on one of the "Registration" links and > >read the directions get ASNs, IP addresses, pizza, etc. > > I said "simple and clear set of instructions for first-time > applicants". > The stuff on the ARIN website is not simple and clear for a > first-time > applicant to understand. The word "appeal" does not appear on > either the > IPv4 Guidlines page or the IPv4 Policies page. > > Your response reminds me of an incident shortly before the French > revolution. The people were demonstrating in the streets and > the queen > asked why they were complaining. A servant explained that the people > didn't have any bread to eat. "Well then, let them eat > cake!", said the > queen. Not long after that, the queen's head was chopped off > putting an > end to the arrogant statements of a privileged insider. In > the months that > followed, most of arrogant insiders, i.e. the nobility, were also > executed. > > I'm suggesting that those of us who are privileged to be ARIN > insiders > should come down off of our pedestals and realize that the > old order is > being swept away. We need to change. We need to explain what > we do, why we > do it, and how we do it. It does no one any good to complain that > outsiders are not following our rules when many of us barely > understand > what the rules are. > > --Michael Dillon > > From richardj at arin.net Fri May 2 12:27:46 2003 From: richardj at arin.net (Richard Jimmerson) Date: Fri, 2 May 2003 12:27:46 -0400 Subject: [ppml] The WIANA registry In-Reply-To: Message-ID: <005a01c310c7$f1a20790$198888c0@arin.net> > I said "simple and clear set of instructions for first-time applicants". > The stuff on the ARIN website is not simple and clear for a first-time > applicant to understand. It is a very good suggestion to add content to the ARIN web site that specifically targets first-time applicants. We will work on creating content that summarizes the ARIN policies and orients first-time users to the ARIN procedures. Once complete we will prominently display a link on our front page to attract first-time users of ARIN's services to the new content. Best Regards, Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Michael.Dillon at radianz.com > Sent: Friday, May 02, 2003 11:05 AM > To: admin at wiana.org; ppml at arin.net > Subject: Re: [ppml] The WIANA registry > > > >> Does any RIR have a simple and clear set of instructions for > >> first-time > > >> applicants to follow that includes an appeal procedure? > NO! And that > >> is > > >> the crux of the problem with organizations that are not mainstream > ISPs. > >http://www.arin.net ? Click on one of the "Registration" links and >read the directions get ASNs, IP addresses, pizza, etc. I said "simple and clear set of instructions for first-time applicants". The stuff on the ARIN website is not simple and clear for a first-time applicant to understand. The word "appeal" does not appear on either the IPv4 Guidlines page or the IPv4 Policies page. Your response reminds me of an incident shortly before the French revolution. The people were demonstrating in the streets and the queen asked why they were complaining. A servant explained that the people didn't have any bread to eat. "Well then, let them eat cake!", said the queen. Not long after that, the queen's head was chopped off putting an end to the arrogant statements of a privileged insider. In the months that followed, most of arrogant insiders, i.e. the nobility, were also executed. I'm suggesting that those of us who are privileged to be ARIN insiders should come down off of our pedestals and realize that the old order is being swept away. We need to change. We need to explain what we do, why we do it, and how we do it. It does no one any good to complain that outsiders are not following our rules when many of us barely understand what the rules are. --Michael Dillon From baptista at dot-god.com Fri May 2 12:56:54 2003 From: baptista at dot-god.com (Joe Baptista) Date: Fri, 2 May 2003 12:56:54 -0400 (EDT) Subject: [ppml] I have some questions concerning reg dates Message-ID: Hi: I'm in the process of parsing the ARIN aup file for legacy networks registered prior to ARIN's incorporation date. I keep coming across Reg Dates which are equal to "0". There is no Reg Date - just that zero. Does this mean that the date of registration is unknown to ARIN? cheers joe baptista Joe Baptista - only at www.baptista.god "Don't believe anything! We will chase the rascals back to London!" ... Muhammed Saeed al-Sahaf former Iraqi Information Minister From richardj at arin.net Fri May 2 14:06:06 2003 From: richardj at arin.net (Richard Jimmerson) Date: Fri, 2 May 2003 14:06:06 -0400 Subject: [ppml] I have some questions concerning reg dates In-Reply-To: Message-ID: <006501c310d5$807e86c0$198888c0@arin.net> > keep coming across Reg Dates which are equal to "0". There > is no Reg Date - just that zero. Does this mean that the date > of registration is unknown to ARIN? Yes. At the beginning of operations in December of 1997 there was some registration data transferred to ARIN that contained unknown registration dates. Best Regards, Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Joe Baptista > Sent: Friday, May 02, 2003 12:57 PM > To: ARIN Public Policy > Subject: [ppml] I have some questions concerning reg dates > > > > Hi: > > I'm in the process of parsing the ARIN aup file for legacy > networks registered prior to ARIN's incorporation date. I > keep coming across Reg Dates which are equal to "0". There > is no Reg Date - just that zero. Does this mean that the date > of registration is unknown to ARIN? > > cheers > joe baptista > > Joe Baptista - only at www.baptista.god > > "Don't believe anything! We will chase the rascals back to > London!" ... Muhammed Saeed al-Sahaf former Iraqi > Information Minister > From owen at delong.com Fri May 2 17:20:16 2003 From: owen at delong.com (Owen DeLong) Date: Fri, 02 May 2003 14:20:16 -0700 Subject: [ppml] The WIANA registry In-Reply-To: References: Message-ID: <2147483647.1051885216@[10.0.0.1]> --On Friday, May 2, 2003 10:29 +0100 Michael.Dillon at radianz.com wrote: >> 1. If they are assigned later the space they hijacked, this legitimates >> hijacking and the next thing you know every mom and pop network on earth >> is going to hijack address space and try to get it legitimized. Hey, why >> not me too? > > Experience shows that slippery slopes rarely work that way because there > are usually many limiting factors that prevent things from getting out of > hand. In this instance, I think that there is some precedent for what > WIANA is doing with IP addresses. Their activities are not that different > from what AMPR does with 44/8. See here for more info on AMPR > http://www.ampr.org/amprnet.html > Difference being that AMPR got it assigned legitimately before using it. Other difference being that AMPR always intended to link it to the Internet. I'm not saying I think the slippery slope applys (or even matters if it does). My opinion on this whole thing (which I don't think can be solved by LDAP), is that: 1. WIANA isn't doing anything ARIN should support. 2. WIANA isn't doing anything we should really care one way or the other about. They're running a private non- connected network, and they've chosen to have their own namespace for the addressing. Who cares. I don't understand why this thread won't die. Owen >> 2. If they are not assigned the space and 1.0.0.0/8 is delegated to >> someone else they're going to whine about IANA or ARIN or whoever being >> that all-mighty evil entity that does not understand the need of the >> people blah blah. > > Exactly. That's why I think that the RIR community and IANA should work > with WIANA now to legitimize their claim for IP address space. They do > have a legitimate claim to a globally unique block and they are totally > unlike the normal applicants for RIR space. Whether or not their activity > justifies a whole /8, I don't know. But looking at the way that 44/8 is > being managed and also the way that 24/8 was issued to the cable > industry, I expect that it is reasonable to reserve 1/8 for possible > future wireless network growth and to issue some subset of 1/8 today. > I disagree. I think that if WIANA submits a legitimate application for address space to an RIR or IANA, it should be evaluated according to policy and on it's merits. If they don't, I don't see any reason for any of them to get involved. ARIN has enough things to work on without seeking out additional workload because someone else either doesn't want to connect to the internet, or, chose not to work through the existing process. Making an exception for them because someone posted a troll on the ppml list certainly sets a bad precedent, regardless of the viscosity of the slope involved. >> That's a lose-lose situation. If they could justify the space they >> should have requested it in the first place instead of hijacking it. > > Clearly they did apply somewhere for address space and were turned down. > The whole IP address allocation issue is so bloody confusing and poorly > documented that it does not surprise me that they went off on their own. > OK... That's their choice. I don't believe that creates an obligation for everyone else to then give them what they've chosen to take on their own. I see no reason to make an exception for these people. If you feel the process needs change, then submit appropriate policy proposals. If the community feels the changes are appropriate and desirable, they'll become policy. If not, then that is the choice of the community. I accepted this with my proposal. I'd elaborate more, but I'm afraid my email would develop too many words. > Does any RIR have a simple and clear set of instructions for first-time > applicants to follow that includes an appeal procedure? NO! And that is > the crux of the problem with organizations that are not mainstream ISPs. > Does the FCC have a simple and clear set of instructions for obtaining an FM Broadcast license? No. Does the DMV have a simple and clear st of instructions for obtaining a heavy euqipment operator license? Not in California, at least. Yet, somehow, there is no shortage of FM stations or Heavy Equipment operators (at least here in CA). I agree the instructions are desirable, but, their lack of existance doesn't justify what you are proposing. Owen From einar.bohlin at mci.com Tue May 6 18:23:04 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Tue, 6 May 2003 18:23:04 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info Message-ID: I commented earlier on rwhois, and hopefully I can get this in before rwhois policy is set in stone. I finally got a minute to think about what was really bugging me about it and it's not the technical details, it's the entire reassignment info operation. What is reassignment info today? It's a network and organization, and a POC. In a perfect world the POC was someone who was responsible for the network. This grew out of the ancient requirement of a POC for every host. But in reality today the POC is an email to which one reports abuse and spam, as well as a handy address to deliver spam to. More and more ISPs have said that they want to be the POC for reassignments. They want to screen their customers. There's an ARIN policy for this for residential customers, it's in the IPV4 policy doc. And in general ARIN allows the ISP to be the POC for all reassignments (see the reassign simple template). RIPE and APNIC allow the ISP to be the POC too, I asked them. When the POC is the ISP, all that's left for reassignment info is utlization info. And I think it's only the registry that needs that info. RFC 2050 says the registries determine how reassignment info is submitted. Today they are swip and rwhois. Someone else mentioned LDAP, that could be an option. But what happened to text file as an option? That's how I check endusers, and how I could easily check downstream ISPs. What do you think? And without a specific POC for a reassignment, why does utilization info need to be publicly visible any more? It seems to me the POC was for the public, and it'll still be there on the parent block. But why does utilization info still have to be publicly visible? What good does that do? Would there be any problems if ARIN's whois only had direct assignments/allocations? Who needs to see utilization info? ---------------------------------- The registry. Sometimes an ISP needs to see a net record in order to route the net for the customer (for example multihomed customers), but a routing registry would be better for this. Blacklisters and anti-spam unsolicited mail generators. No comment. in-addr.arpa This isn't really a reassignment issue, it's a domain. Take the APNIC model for example, they've separated the domain from the net record, as it should be. in-addr.arpa is a domain record, domain and nameservers are what's needed. Question: Why is the swip cutoff at /29? Has anyone had to deal with savvy customers coming in repeatedly for /30s? Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET Phone: 703 886-7362 (VNET 806-7362) email: einar.bohlin at mci.com From jlewis at lewis.org Tue May 6 18:57:53 2003 From: jlewis at lewis.org (jlewis at lewis.org) Date: Tue, 6 May 2003 18:57:53 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: On Tue, 6 May 2003, Einar Bohlin wrote: > And without a specific POC for a reassignment, > why does utilization info need to be publicly visible any > more? It seems to me the POC was for the public, and it'll > Who needs to see utilization info? > ---------------------------------- > > Blacklisters and anti-spam unsolicited mail generators. > No comment. Then I will. :) Public reassignment data allows others (whether it's central dnsbl maintainers or individual ISPs or end users) to handle abuse issues when the spammer's provider does not. If a provider chooses to host spammers, it's nice to be able to see via whois that the spammer has a /24, /25, etc. and know that blocking that space will reduce your received spam with no collateral damage rather than do a whois query and find that the IP is part of a /8, /16, etc. assigned to some "big provider" and then have to do additional work to figure out or just guess how much space the spammer has. Removing whatever requirements we currently have for public reassignment data will just make it that much easier for spammers to hide inside large providers. i.e. we'll all get more spam. If anything, I'd like to see more requirements (or enforcement...not that ARIN seems to have any teeth) for publicly available reassignment data. > Question: > Why is the swip cutoff at /29? Has anyone had to deal > with savvy customers coming in repeatedly for /30s? We have lots of customers using /30's. The most common uses for /30's on our network are point to point connections and customers with firewalls, where the firewall and their internet router are the only public IPs they need. Being able to swip /30's would make additional space applications shorter. It might seriously increase the amount of data in ARIN's database though...I'd wild guess it might double or more the amount of data. ---------------------------------------------------------------------- Jon Lewis *jlewis at lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From easmith at beatrice.rutgers.edu Tue May 6 19:34:06 2003 From: easmith at beatrice.rutgers.edu (Ed Allen Smith) Date: Tue, 6 May 2003 19:34:06 -0400 Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: References: Message-ID: >Who needs to see utilization info? >---------------------------------- >The registry. How about the general public, to make sure that the registry is following up to its obligations to make sure that the IP address space is being assigned because of utilization? >Blacklisters and anti-spam unsolicited mail generators. You're being unclear in your phrasing in the above. People wishing to protect themselves and their customers from abuse (not just spam, and not just other network DOS attacks, but breakin attempts, etcetera) are who you're talking about? >No comment. Is there some reason that an ISP should get away with failing to do something about abuse just because it's big? Without reassignment info, if one wishes to use WHOIS as a basis for blacklisting, either the entire ISP gets blacklisted (which will probably happen eventually anyway, admittedly, if it's an abusive-enough ISP), or people hold off because of the size of the ISP and the resultant disruption to wanted email and other traffic. If reassignment info is listed, then blocks can be more gradually emplaced. -Allen -- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin From einar.bohlin at mci.com Wed May 7 14:43:24 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Wed, 7 May 2003 14:43:24 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: I understand that there are good faith blacklisters, but if things change for them, I'm sure they could adapt. If utilization info is public these days solely or primarily for blacklisters, then ISPs have to talk about why utilization info is public. All this effort by ISPs to create public utilization info is to support blacklisting? > If anything, I'd like to see more requirements (or enforcement...not that > ARIN seems to have any teeth) for publicly available reassignment data. That's not going to happen. The trend is that ISPs are covering their customers, being the POC for reassigned nets. It makes sense, contacting the cust POC was mostly futile anyway. And I see that ARIN is cracking down on detailed reassignments, requiring them to have admin and tech POC; that crackdown is a clear push towards using simples. > We have lots of customers using /30's. The most common uses for /30's on > our network are point to point connections and customers with firewalls, > where the firewall and their internet router are the only public IPs they > need. I'm truly glad we don't have to swip /30s, especially the point to point nets. But what about the customer who gets the /30 as you say for a firewall/NAT? Why do they get special anonymity? Why is the cutoff /29, and not, for example, /19? I'm serious. By the way, APNIC requires swip for /29 and larger nets, just like ARIN, but at APNIC /32 to /30 are optional. Right now we do a swip for every net. What if there was an approved text format, and then you'd be able to mail or web input that for utilization, weekly, monthly or whatever? That's aside from whether the info is public or not. Text file? I've recently started working with the great staff at APNIC and went through the process and got a new range from them. APNIC naturally wants all your swips (inetnums) up to date. But then very interestingly, they wanted a text file of all reassignments, in a specified format, every single one. It wasn't that hard to do. But it did make me wonder why we did all the inetnums in the first place. Back to the multihoming issue... When a customer needs a net for multihoming with another ISP, then the customer should have an ORG record at ARIN with their ASN attached to it. Maybe this is the case where we'd still publicly swip the net to the customer so the net can be verified as having been assigned to them. But the ISP wouldn't be making an ORG record, it'd already be there, created by the customer. We just be putting the net on it. One last thing, utilization info could always be public, regardless of the authorized by ARIN method, if the ISP wanted it to be that way. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET Phone: 703 886-7362 (VNET 806-7362) email: einar.bohlin at mci.com On Tue, 6 May 2003 jlewis at lewis.org wrote: > On Tue, 6 May 2003, Einar Bohlin wrote: > > > And without a specific POC for a reassignment, > > why does utilization info need to be publicly visible any > > more? It seems to me the POC was for the public, and it'll > > > Who needs to see utilization info? > > ---------------------------------- > > > > Blacklisters and anti-spam unsolicited mail generators. > > No comment. > > Then I will. :) > Public reassignment data allows others (whether it's central dnsbl > maintainers or individual ISPs or end users) to handle abuse issues when > the spammer's provider does not. If a provider chooses to host spammers, > it's nice to be able to see via whois that the spammer has a /24, /25, > etc. and know that blocking that space will reduce your received spam > with no collateral damage rather than do a whois query and find that the > IP is part of a /8, /16, etc. assigned to some "big provider" and then > have to do additional work to figure out or just guess how much space the > spammer has. > > Removing whatever requirements we currently have for public reassignment > data will just make it that much easier for spammers to hide inside large > providers. i.e. we'll all get more spam. > > If anything, I'd like to see more requirements (or enforcement...not that > ARIN seems to have any teeth) for publicly available reassignment data. > > > Question: > > Why is the swip cutoff at /29? Has anyone had to deal > > with savvy customers coming in repeatedly for /30s? > > We have lots of customers using /30's. The most common uses for /30's on > our network are point to point connections and customers with firewalls, > where the firewall and their internet router are the only public IPs they > need. Being able to swip /30's would make additional space applications > shorter. It might seriously increase the amount of data in ARIN's > database though...I'd wild guess it might double or more the amount of > data. > > ---------------------------------------------------------------------- > Jon Lewis *jlewis at lewis.org*| I route > System Administrator | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > > From einar.bohlin at mci.com Wed May 7 14:59:30 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Wed, 7 May 2003 14:59:30 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: It's ARIN's job to to evaluate for efficient utilization. And honestly it never occured to me that the general public would want to evaluate ARIN to make sure they did efficient evaluations. But I can see that. I think this would fall in the research category. ARIN is still going to have to keep all this info. And some of it should be available, perhaps via a modified version of the bulk whois policy. One thing I forgot to mention, it's been rumored that some reassignment info in Canada is protected by the 'The Personal Information Protection and Electronic Documents Act.' See: http://privcom.gc.ca/legislation/02_06_01_e.asp I haven't read it, and IANAL, but I heard there is stuff in here which would makes an ISP not want to provide customer info at all in swips to residential customers. And again, ISPs are not in the business of providing info for blacklisters. In fact, ISPs should be concerned about that if that's all they're doing. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET Phone: 703 886-7362 (VNET 806-7362) email: einar.bohlin at mci.com On Tue, 6 May 2003, Ed Allen Smith wrote: > > >Who needs to see utilization info? > >---------------------------------- > >The registry. > > How about the general public, to make sure that the registry is following up > to its obligations to make sure that the IP address space is being assigned > because of utilization? > > >Blacklisters and anti-spam unsolicited mail generators. > > You're being unclear in your phrasing in the above. People wishing to > protect themselves and their customers from abuse (not just spam, and not > just other network DOS attacks, but breakin attempts, etcetera) are who > you're talking about? > > >No comment. > > Is there some reason that an ISP should get away with failing to do > something about abuse just because it's big? Without reassignment info, if > one wishes to use WHOIS as a basis for blacklisting, either the entire ISP > gets blacklisted (which will probably happen eventually anyway, admittedly, > if it's an abusive-enough ISP), or people hold off because of the size of > the ISP and the resultant disruption to wanted email and other traffic. If > reassignment info is listed, then blocks can be more gradually emplaced. > > -Allen > > -- > Allen Smith http://cesario.rutgers.edu/easmith/ > September 11, 2001 A Day That Shall Live In Infamy II > "They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." - Benjamin Franklin > From bmanning at karoshi.com Wed May 7 17:43:22 2003 From: bmanning at karoshi.com (bmanning at karoshi.com) Date: Wed, 7 May 2003 14:43:22 -0700 (PDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: from "Einar Bohlin" at May 07, 2003 02:59:30 PM Message-ID: <200305072143.h47LhMl30868@karoshi.com> > > It's ARIN's job to to evaluate for efficient utilization. > And honestly it never occured to me that the general public > would want to evaluate ARIN to make sure they did efficient > evaluations. But I can see that. I think this would > fall in the research category. ARIN is still going to > have to keep all this info. And some of it should > be available, perhaps via a modified version of the > bulk whois policy. actually, as I remember it from the discussions that centered around the creation of RFC 2050, there was a strong desire to have independent means for anyone to evaluate utilization. So the IANA (or any third-party) could run the evaluation on public registries. --bill From jlewis at lewis.org Thu May 8 08:39:14 2003 From: jlewis at lewis.org (jlewis at lewis.org) Date: Thu, 8 May 2003 08:39:14 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: On Wed, 7 May 2003, Einar Bohlin wrote: > I understand that there are good faith blacklisters, > but if things change for them, I'm sure they could > adapt. If utilization info is public these days solely > or primarily for blacklisters, then ISPs have to talk > about why utilization info is public. All this > effort by ISPs to create public utilization info is > to support blacklisting? No...that's just one group that relies heavily on it. Abuse related issues are the primary reason that comes to my mind though. Forgetting about DNSBLs for a moment, here are a few more examples supporting public reassignment info. Suppose you have some spam or other abuse (hacking/attacking) issue with an IP belonging to one of "the big providers"...just for example, we'll say UUNet. Without public reassignment info, you'll have to send your complaint to UUNet's (overloaded) abuse address, where it will surely be delayed if not discarded. With public reassignment info, you can send it to the smaller ISP customer of UUNet and at least know that the appropriate people got it, or perhaps even just call them on the phone. Why hide them behind UUNet? Suppose some small network comes to you to buy a redundant connection and wants you to propogate a BGP route for their UUNet PA IP space. Do you trust the customer to not lie about their IP space? Do you call UUNet, wade through their phone menus, and try to find someone who will talk to a non-customer and verify one of their customer's IP assignments, or would you rather just check with whois and see that the space is swipped to the customer? > That's not going to happen. The trend is that > ISPs are covering their customers, being the POC for > reassigned nets. It makes sense, contacting the cust > POC was mostly futile anyway. And I see that ARIN is That depends on the customer. Lots of smaller nets have no technical people on staff, and so even if you do get through on the phone, they may not understand why you're bothering them. I would hope that most ISP networks do have technical people on staff and there's no reason to make it harder to contact them. Would you rather abolish public reassignment entirely and make ARIN the POC for all the address space they allocate? Just send everything to abuse at arin.net and let them sort it out? > I'm truly glad we don't have to swip /30s, especially > the point to point nets. But what about the customer > who gets the /30 as you say for a firewall/NAT? Why > do they get special anonymity? Why is the cutoff /29, > and not, for example, /19? I'm serious. > > By the way, APNIC requires swip for /29 and larger nets, > just like ARIN, but at APNIC /32 to /30 are optional. I'd be real happy with that. As I said, letting us swip /30's would seriously reduce the size and complexity of our additional space requests. In my last one, there were lots of subnets where I had to arbitrarily make up a use category. i.e. there are lots of networks we've marked as reserved and then subnetted into /30's for customer connections or router/firewall pairs. Often, these networks include a collection of /30's for customers in different cities on different service types. ARIN wants all non-swipped assignments categorized as one of dial|isdn|web|leased|dsl|colo|wireless and some other categories that never apply to us and I've left out. How do you categorize a /24 that's a mix of /30 backbone router PTP interfaces, customer serial interfaces, and router/firewall ethernets for ISDN, DSL, and leased line customers?? If the answer is, show each assignment individually, then just let us swip them. > Right now we do a swip for every net. What if there > was an approved text format, and then you'd be able to mail > or web input that for utilization, weekly, monthly or whatever? > That's aside from whether the info is public or not. They already accept a text format via email. If you have some automated system that would submit a text format to ARIN, you could just as easily have it generate and submit in the ARIN-REASSIGN-SIMPLE-3.0 format. > range from them. APNIC naturally wants all your swips > (inetnums) up to date. But then very interestingly, they > wanted a text file of all reassignments, in a specified > format, every single one. It wasn't that hard to do. > But it did make me wonder why we did all the inetnums > in the first place. Did you ask them why they want you to submit all the info twice (via inetnums and a text file)? That seems like a waste of time/effort. > One last thing, utilization info could always be > public, regardless of the authorized by ARIN > method, if the ISP wanted it to be that way. All but a few possible exceptions will choose not to unless forced to. Why spend the time and money making the info available if you're not required to? ---------------------------------------------------------------------- Jon Lewis *jlewis at lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From einar.bohlin at mci.com Thu May 8 11:24:05 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Thu, 8 May 2003 11:24:05 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: > Suppose you have some spam or other abuse (hacking/attacking) issue with > an IP belonging to one of "the big providers"...just for example, we'll > say UUNet. Without public reassignment info, you'll have to send your > complaint to UUNet... That's how ISPs have said they want it to work, and how it works today. Why do ISPs want to shield their customers? Flip it around, how many companies make public their entire customer base? The only one that comes to my mind is the phone company. But that's for contact purposes. It's not to evaluate efficient utilization of phone numbers. > Suppose some small network comes to you to buy a redundant connection and > wants you to propogate a BGP route for their UUNet PA IP space. Do you > trust the customer to not lie about their IP space? Those would have to be swipped. I mentioned that in another reply, about how a customer who is doing BGP should have their own ASN and thus an org record. We'd just be putting the net on their org record, as we try to do today. But the difference is that the org record is created and maintained by the customer, not the ISP. > I would hope that most ISP > networks do have technical people on staff and there's no reason to make > it harder to contact them. I believe most ISPs who get their IPs from their upstream do not have 24/7 staff. This is not my area, but with abuse cases, you want quick resolution, right? So seems to me you want to contact your upstream or your peer where the abuse is coming from. > Would you rather abolish public reassignment > entirely and make ARIN the POC for all the address space they allocate? Yes and no. I'm talking about reassignments/reallocations. Resources directly from the registry should have all the necessary contact info. > Did you ask them why they want you to submit all the info twice (via > inetnums and a text file)? That seems like a waste of time/effort. I intend to ask them why we bother to do the inetnums, especially when their web-based text file upload system works so well. > I'd be real happy with that. As I said, letting us swip /30's would > seriously reduce the size and complexity of our additional space requests. Would you want it optional or move it from /29 to /30? Why stop at /30? > ... If you have some automated > system that would submit a text format to ARIN, you could just as easily > have it generate and submit in the ARIN-REASSIGN-SIMPLE-3.0 format. We have an automated system that does just that. But my overall question here is what is the point of POC-less public utilization records? And so far the only reason that's come back is that it facilitates blacklisting. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET Phone: 703 886-7362 (VNET 806-7362) email: einar.bohlin at mci.com On Thu, 8 May 2003 jlewis at lewis.org wrote: > On Wed, 7 May 2003, Einar Bohlin wrote: > > > I understand that there are good faith blacklisters, > > but if things change for them, I'm sure they could > > adapt. If utilization info is public these days solely > > or primarily for blacklisters, then ISPs have to talk > > about why utilization info is public. All this > > effort by ISPs to create public utilization info is > > to support blacklisting? > > No...that's just one group that relies heavily on it. Abuse related > issues are the primary reason that comes to my mind though. Forgetting > about DNSBLs for a moment, here are a few more examples supporting public > reassignment info. > > Suppose you have some spam or other abuse (hacking/attacking) issue with > an IP belonging to one of "the big providers"...just for example, we'll > say UUNet. Without public reassignment info, you'll have to send your > complaint to UUNet's (overloaded) abuse address, where it will surely be > delayed if not discarded. With public reassignment info, you can send it > to the smaller ISP customer of UUNet and at least know that the > appropriate people got it, or perhaps even just call them on the phone. > Why hide them behind UUNet? > > Suppose some small network comes to you to buy a redundant connection and > wants you to propogate a BGP route for their UUNet PA IP space. Do you > trust the customer to not lie about their IP space? Do you call UUNet, > wade through their phone menus, and try to find someone who will talk to a > non-customer and verify one of their customer's IP assignments, or would > you rather just check with whois and see that the space is swipped to the > customer? > > > That's not going to happen. The trend is that > > ISPs are covering their customers, being the POC for > > reassigned nets. It makes sense, contacting the cust > > POC was mostly futile anyway. And I see that ARIN is > > That depends on the customer. Lots of smaller nets have no technical > people on staff, and so even if you do get through on the phone, they may > not understand why you're bothering them. I would hope that most ISP > networks do have technical people on staff and there's no reason to make > it harder to contact them. Would you rather abolish public reassignment > entirely and make ARIN the POC for all the address space they allocate? > Just send everything to abuse at arin.net and let them sort it out? > > > I'm truly glad we don't have to swip /30s, especially > > the point to point nets. But what about the customer > > who gets the /30 as you say for a firewall/NAT? Why > > do they get special anonymity? Why is the cutoff /29, > > and not, for example, /19? I'm serious. > > > > By the way, APNIC requires swip for /29 and larger nets, > > just like ARIN, but at APNIC /32 to /30 are optional. > > I'd be real happy with that. As I said, letting us swip /30's would > seriously reduce the size and complexity of our additional space requests. > In my last one, there were lots of subnets where I had to arbitrarily make > up a use category. i.e. there are lots of networks we've marked as > reserved and then subnetted into /30's for customer connections or > router/firewall pairs. Often, these networks include a collection of > /30's for customers in different cities on different service types. ARIN > wants all non-swipped assignments categorized as one of > dial|isdn|web|leased|dsl|colo|wireless and some other categories that > never apply to us and I've left out. How do you categorize a /24 that's a > mix of /30 backbone router PTP interfaces, customer serial interfaces, and > router/firewall ethernets for ISDN, DSL, and leased line customers?? > If the answer is, show each assignment individually, then just let us swip > them. > > > Right now we do a swip for every net. What if there > > was an approved text format, and then you'd be able to mail > > or web input that for utilization, weekly, monthly or whatever? > > That's aside from whether the info is public or not. > > They already accept a text format via email. If you have some automated > system that would submit a text format to ARIN, you could just as easily > have it generate and submit in the ARIN-REASSIGN-SIMPLE-3.0 format. > > > range from them. APNIC naturally wants all your swips > > (inetnums) up to date. But then very interestingly, they > > wanted a text file of all reassignments, in a specified > > format, every single one. It wasn't that hard to do. > > But it did make me wonder why we did all the inetnums > > in the first place. > > Did you ask them why they want you to submit all the info twice (via > inetnums and a text file)? That seems like a waste of time/effort. > > > One last thing, utilization info could always be > > public, regardless of the authorized by ARIN > > method, if the ISP wanted it to be that way. > > All but a few possible exceptions will choose not to unless forced to. > Why spend the time and money making the info available if you're not > required to? > > ---------------------------------------------------------------------- > Jon Lewis *jlewis at lewis.org*| I route > System Administrator | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > > From lee.howard at mci.com Thu May 8 11:36:09 2003 From: lee.howard at mci.com (Lee Howard) Date: Thu, 8 May 2003 11:36:09 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: Interesting conversation. In your abuse example, does it change the conversation if SWIPs were not required for reassignments, but were still required for allocations (i.e., to ISPs who further assign to end users)? I would think that a clueful end-user should always have the option of listing themselves as POCs. Lee On Thu, 8 May 2003 jlewis at lewis.org wrote: > Date: Thu, 08 May 2003 08:39:14 -0400 (EDT) > From: jlewis at lewis.org > To: Einar Bohlin > Cc: ppml at arin.net > Subject: Re: [ppml] 2003-5 rwhois/reassignment info > > On Wed, 7 May 2003, Einar Bohlin wrote: > > > I understand that there are good faith blacklisters, > > but if things change for them, I'm sure they could > > adapt. If utilization info is public these days solely > > or primarily for blacklisters, then ISPs have to talk > > about why utilization info is public. All this > > effort by ISPs to create public utilization info is > > to support blacklisting? > > No...that's just one group that relies heavily on it. Abuse related > issues are the primary reason that comes to my mind though. Forgetting > about DNSBLs for a moment, here are a few more examples supporting public > reassignment info. > > Suppose you have some spam or other abuse (hacking/attacking) issue with > an IP belonging to one of "the big providers"...just for example, we'll > say UUNet. Without public reassignment info, you'll have to send your > complaint to UUNet's (overloaded) abuse address, where it will surely be > delayed if not discarded. With public reassignment info, you can send it > to the smaller ISP customer of UUNet and at least know that the > appropriate people got it, or perhaps even just call them on the phone. > Why hide them behind UUNet? > > Suppose some small network comes to you to buy a redundant connection and > wants you to propogate a BGP route for their UUNet PA IP space. Do you > trust the customer to not lie about their IP space? Do you call UUNet, > wade through their phone menus, and try to find someone who will talk to a > non-customer and verify one of their customer's IP assignments, or would > you rather just check with whois and see that the space is swipped to the > customer? > > > That's not going to happen. The trend is that > > ISPs are covering their customers, being the POC for > > reassigned nets. It makes sense, contacting the cust > > POC was mostly futile anyway. And I see that ARIN is > > That depends on the customer. Lots of smaller nets have no technical > people on staff, and so even if you do get through on the phone, they may > not understand why you're bothering them. I would hope that most ISP > networks do have technical people on staff and there's no reason to make > it harder to contact them. Would you rather abolish public reassignment > entirely and make ARIN the POC for all the address space they allocate? > Just send everything to abuse at arin.net and let them sort it out? > > > I'm truly glad we don't have to swip /30s, especially > > the point to point nets. But what about the customer > > who gets the /30 as you say for a firewall/NAT? Why > > do they get special anonymity? Why is the cutoff /29, > > and not, for example, /19? I'm serious. > > > > By the way, APNIC requires swip for /29 and larger nets, > > just like ARIN, but at APNIC /32 to /30 are optional. > > I'd be real happy with that. As I said, letting us swip /30's would > seriously reduce the size and complexity of our additional space requests. > In my last one, there were lots of subnets where I had to arbitrarily make > up a use category. i.e. there are lots of networks we've marked as > reserved and then subnetted into /30's for customer connections or > router/firewall pairs. Often, these networks include a collection of > /30's for customers in different cities on different service types. ARIN > wants all non-swipped assignments categorized as one of > dial|isdn|web|leased|dsl|colo|wireless and some other categories that > never apply to us and I've left out. How do you categorize a /24 that's a > mix of /30 backbone router PTP interfaces, customer serial interfaces, and > router/firewall ethernets for ISDN, DSL, and leased line customers?? > If the answer is, show each assignment individually, then just let us swip > them. > > > Right now we do a swip for every net. What if there > > was an approved text format, and then you'd be able to mail > > or web input that for utilization, weekly, monthly or whatever? > > That's aside from whether the info is public or not. > > They already accept a text format via email. If you have some automated > system that would submit a text format to ARIN, you could just as easily > have it generate and submit in the ARIN-REASSIGN-SIMPLE-3.0 format. > > > range from them. APNIC naturally wants all your swips > > (inetnums) up to date. But then very interestingly, they > > wanted a text file of all reassignments, in a specified > > format, every single one. It wasn't that hard to do. > > But it did make me wonder why we did all the inetnums > > in the first place. > > Did you ask them why they want you to submit all the info twice (via > inetnums and a text file)? That seems like a waste of time/effort. > > > One last thing, utilization info could always be > > public, regardless of the authorized by ARIN > > method, if the ISP wanted it to be that way. > > All but a few possible exceptions will choose not to unless forced to. > Why spend the time and money making the info available if you're not > required to? > > ---------------------------------------------------------------------- > Jon Lewis *jlewis at lewis.org*| I route > System Administrator | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > From jlewis at lewis.org Sat May 10 00:32:21 2003 From: jlewis at lewis.org (jlewis at lewis.org) Date: Sat, 10 May 2003 00:32:21 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: On Thu, 8 May 2003, Lee Howard wrote: > Interesting conversation. > > In your abuse example, does it change the conversation if SWIPs were not > required for reassignments, but were still required for allocations (i.e., > to ISPs who further assign to end users)? I would think that a clueful > end-user should always have the option of listing themselves as POCs. While that does make sense for technical issues, it still sucks for abuse/blocking purposes. Maybe things do have to get worse before they get better. ---------------------------------------------------------------------- Jon Lewis *jlewis at lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From ras at e-gerbil.net Wed May 14 10:29:15 2003 From: ras at e-gerbil.net (Richard A Steenbergen) Date: Wed, 14 May 2003 10:29:15 -0400 Subject: [ppml] Valid POC phone #'s Message-ID: <20030514142915.GC41027@overlord.e-gerbil.net> Ok, who's bright idea was it to start calling the POC phone #'s then bounce registration requests if they can't grab the phone when the call comes in? > Hello > The POC handles that you are adding to this > ORG ID do nto have valid phone numbers. Please use the > POC template to update teh POC handles then resubmit your > request back in. > You can find the POC template at: > http://www.arin.net/library/templates/poc.txt -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) From andrew.dul at quark.net Wed May 14 11:47:39 2003 From: andrew.dul at quark.net (Andrew Dul) Date: Wed, 14 May 2003 08:47:39 -0700 Subject: [ppml] abuse contact requirements Message-ID: <3.0.5.32.20030514084739.0098b770@pop3.quark.net> Hello, The ARIN AC is soliciting feedback from the community on the following items as a result of the discussion of policy proposals 2003-1 & 2003-2 at the Memphis public policy meeting. We invite you to comment on the following items. Thank you, Andrew Dul ARIN AC 1. Should ARIN require an ABUSE POC for all ORGs that are registered in the database? 2. What benefit do you see from requiring ORGs to have an ABUSE POC are there any bad side-effects. 3. The current production database and whois output support the ABUSE POC. Are there any changes needed to either educate the community about this feature or the whois output so that the ABUSE POC will be more widely used. 4. When contact information is found to be "bad" should ARIN flag that data as invalid and make that data available to the public via whois? 5. What actions should ARIN take after the data is found to be "bad"? From richardj at arin.net Wed May 14 12:29:03 2003 From: richardj at arin.net (Richard Jimmerson) Date: Wed, 14 May 2003 12:29:03 -0400 Subject: [ppml] Valid POC phone #'s In-Reply-To: <20030514142915.GC41027@overlord.e-gerbil.net> Message-ID: <001601c31a35$f0d64930$668888c0@arin.net> Hello Richard, ARIN does actively verify the accuracy of contact data submitted for entry into the database. It is not our intent to reject contact information simply because the telephone is not answered when we call for verification. We will look very closely at the case you described below and take any needed corrective action. Best Regards, Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Richard A Steenbergen > Sent: Wednesday, May 14, 2003 10:29 AM > To: ppml at arin.net > Subject: [ppml] Valid POC phone #'s > > > Ok, who's bright idea was it to start calling the POC phone > #'s then bounce registration requests if they can't grab the > phone when the call > comes in? > > > Hello > > The POC handles that you are adding to this > > ORG ID do nto have valid phone numbers. Please use the > > POC template to update teh POC handles then resubmit your > request back > > in. You can find the POC template at: > > http://www.arin.net/library/templates/poc.txt > > -- > Richard A Steenbergen > http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 > 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > From jmcburnett at msmgmt.com Wed May 14 17:54:28 2003 From: jmcburnett at msmgmt.com (McBurnett, Jim) Date: Wed, 14 May 2003 17:54:28 -0400 Subject: [ppml] Valid POC phone #'s Message-ID: <390E55B947E7C848898AEBB9E5077060014EA9D7@msmdcfs01.msmgmt.com> IMHO, if the POC email returns an NDR or the phone # in the request gives the "the number you have called is disconnected and no longer in service" Then it should be rejected. If the POC is bad, why give out a service when ARIN can't bill you, or someone needs to go on NANOG and say "would someone with a clue from XYZ company call me?" I dunno I guess POC may stand for something besides Point of Contact....... Oh well.. J -----Original Message----- From: Richard Jimmerson [mailto:richardj at arin.net] Sent: Wednesday, May 14, 2003 12:29 PM To: ppml at arin.net Subject: RE: [ppml] Valid POC phone #'s Hello Richard, ARIN does actively verify the accuracy of contact data submitted for entry into the database. It is not our intent to reject contact information simply because the telephone is not answered when we call for verification. We will look very closely at the case you described below and take any needed corrective action. Best Regards, Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Richard A Steenbergen > Sent: Wednesday, May 14, 2003 10:29 AM > To: ppml at arin.net > Subject: [ppml] Valid POC phone #'s > > > Ok, who's bright idea was it to start calling the POC phone > #'s then bounce registration requests if they can't grab the > phone when the call > comes in? > > > Hello > > The POC handles that you are adding to this > > ORG ID do nto have valid phone numbers. Please use the > > POC template to update teh POC handles then resubmit your > request back > > in. You can find the POC template at: > > http://www.arin.net/library/templates/poc.txt > > -- > Richard A Steenbergen > http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 > 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > From james.cutler at eds.com Fri May 16 06:28:04 2003 From: james.cutler at eds.com (Cutler, James R) Date: Fri, 16 May 2003 06:28:04 -0400 Subject: [ppml] abuse contact requirements Message-ID: <4E6A7BDC24CDD311B11400508BDF0A380F598F72@usahm009.exmi01.exch.eds.com> 1. No. 2. I can't find any IP-address business related benefit. I see more work required by applicants and more spam targets generated. 3. No. 4. ARIN should flag data which is known to be "bad" as long as there is a well-defined process for "correction" and the ARIN community believes that ARIN operations should be required to make such judgments. The issue of public access is a separate policy question which should be addressed separately from data quality issues. 5. ARIN should flag data which is known to be "bad" as long as there is a well-defined process for "correction" and the ARIN community believes that ARIN operations should be required to make such judgments. If the "bad" data is the primary POC for an allocation, some modest attempt to contact the apparent record owner should be made, as discussed at recent ARIN Public Policy meetings. -----Original Message----- From: Andrew Dul [mailto:andrew.dul at quark.net] Sent: Wednesday, May 14, 2003 11:48 AM To: ppml at arin.net Subject: [ppml] abuse contact requirements Hello, The ARIN AC is soliciting feedback from the community on the following items as a result of the discussion of policy proposals 2003-1 & 2003-2 at the Memphis public policy meeting. We invite you to comment on the following items. Thank you, Andrew Dul ARIN AC 1. Should ARIN require an ABUSE POC for all ORGs that are registered in the database? 2. What benefit do you see from requiring ORGs to have an ABUSE POC are there any bad side-effects. 3. The current production database and whois output support the ABUSE POC. Are there any changes needed to either educate the community about this feature or the whois output so that the ABUSE POC will be more widely used. 4. When contact information is found to be "bad" should ARIN flag that data as invalid and make that data available to the public via whois? 5. What actions should ARIN take after the data is found to be "bad"? From ebohlin at UU.NET Fri May 16 15:25:30 2003 From: ebohlin at UU.NET (Einar Bohlin) Date: Fri, 16 May 2003 15:25:30 -0400 (EDT) Subject: [ppml] 2003-5 rwhois/reassignment info In-Reply-To: Message-ID: A few more notes on reassignment info. We messed up a swip and the customer called us to get it fixed; it appears someone else uses the swip to authenticate the IPs for SSL... that's what they said. I don't know who the user base is for reassignment info, and, they probably don't attend ARIN meetings nor participate on ppml. Kind of like webhosters a few years ago. Makes changing the status quo more complicated. On the other hand, somebody contacted me and said that multihomed customers could be verified by a phone call or email to a POC on the parent block. This suggests that even multihomed customers might not need net reassignment records. It's not like anyone continuously checks whois in order to route a bgp customer who has some other ISP's nets, we all just do the initial check, right? Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET 703 886-7362 (VNET 806-7362) einar.bohlin at mci.com From william at elan.net Sun May 18 18:47:13 2003 From: william at elan.net (william at elan.net) Date: Sun, 18 May 2003 15:47:13 -0700 (PDT) Subject: [ppml] Wasted netspace (recovering) (fwd) Message-ID: I'm reposting somebody elses message sent to NANOG (apologies for those who have seen it) as its regarding issues that are more proper to be discussed on this list (i.e. suggestion of policy change to require rejustifying ip block usage after 5 years). ---------- Forwarded message ---------- Howdy. This afternoon I was working with a used switch I recently purchased when I noticed it still had the previous owner's IP in it. I noted that it wasn't a reserved address that I recognized so I looked it up. As it turned out the IP belonged to Occidental Petroleum Corp (oxy.com) and was part of a /16 (155.224.0.0/16). The fact that it they had a /16 was a bit surprising. Seeing how it was allocated back in 1992, I guess I really shouldn't be that surprised. I figured they must have enough remote offices to reasonably use a large portion of that /16. While loading their website I noted that www.oxy.com fell into another netblock (208.35.252.113/24). I was curious enough (read: bored) that I eventually queried Arin's WHOIS for Occidental Petroleum and was quite surprised at what I saw. http://ws.arin.net/cgi-bin/whois.pl?queryinput=occidental%20petroleum OCCIDENTAL PETROLEUM (OCCIDE-1) Occidental Petroleum Corp. (OPC) Occidental Petroleum Corporation (OPC-2) Occidental Petroleum IP (OPI-1) Occidental Petroleum Corporation (AS26517) OXYHOUAS-01 26517 OCCIDENTAL PETROLEUM FON-106789196846411 (NET-63-166-189-0-1) 63.166.189.0 - 63.166.189.255 OCCIDENTAL PETROLEUM FON-106789094446405 (NET-63-166-185-0-1) 63.166.185.0 - 63.166.185.255 OCCIDENTAL PETROLEUM FON-106789068846359 (NET-63-166-184-0-1) 63.166.184.0 - 63.166.184.255 OCCIDENTAL PETROLEUM FON-106790118446425 (NET-63-166-225-0-1) 63.166.225.0 - 63.166.225.255 OCCIDENTAL PETROLEUM FON-110111612871621 (NET-65-161-178-224-1) 65.161.178.224 - 65.161.178.255 OCCIDENTAL PETROLEUM FON-349201920042097 (NET-208-35-252-0-1) 208.35.252.0 - 208.35.252.255 Occidental Petroleum Corp. OXY1-NET (NET-155-224-0-0-1) 155.224.0.0 - 155.224.255.255 Occidental Petroleum Corporation OXY-2 (NET-170-189-0-0-1) 170.189.0.0 - 170.189.255.255 Occidental Petroleum Corporation OXY-3 (NET-199-248-164-0-1) 199.248.164.0 - 199.248.168.255 Occidental Petroleum IP FON-106769945643237 (NET-63-163-205-0-1) 63.163.205.0 - 63.163.205.255 Occidental Petroleum IP FON-106780672044417 (NET-63-165-112-0-1) 63.165.112.0 - 63.165.112.255 They have not one /16 but two /16s, eight /24s, one /22, and one /27. Does this seem a little excessive to anyone else? I can think of a dozen state-run universities off of the top of my head that could never dream of justifying a /16, let alone more. I hate to pummel a dead horse but would it be worthwhile to ask these corporations to relinguish netblocks that they don't use or can't justify keeping? "Because I'm paying you" isn't a good enough reason IMHO. Would it be worthwhile to have organizations with direct allocations submit a netblock usage summary every 4-5 years to justify keeping their existing blocks? I know it might be hard for ARIN to justify taking back someone's netblocks. It just irks me to no ends to see a considerable amount of wasted netspace such as this. Pardon me for asking because I imagine this has been discussed many times before. Justin Shore From bicknell at ufp.org Mon May 19 08:40:49 2003 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 19 May 2003 08:40:49 -0400 Subject: [ppml] Wasted netspace (recovering) (fwd) In-Reply-To: References: Message-ID: <20030519124049.GB76190@ussenterprise.ufp.org> Here's my take on this from the whois output. Occidental received three networks "early on", OXY1-NET, OXY-2, OXY-3. I believe the dates make them before ARIN, or at least before ARIN had some of today's policies. Anyway, a couple of years later they seem to be buying some Sprint service, with all of the FON-xxxxx blocks being Sprint SWIP's. This does point out a sort of loophole in the current system. If they went back to ARIN for space they would (probably?) have to show what they are doing with all of this mess. However, if they go to Sprint and want a /24 for a site, they just have to justify that /24. That is, Sprint is under no obligation to check they are using their other address space. I doubt there is an easy way to solve this problem. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From william at elan.net Mon May 19 07:02:31 2003 From: william at elan.net (william at elan.net) Date: Mon, 19 May 2003 04:02:31 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented Message-ID: >From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : "Micro allocations IPv4 to final users: LACNIC shall micro allocate blocks to end users who prove -Be multi-homed organizations. It is possible to request micro allocation to those users that are to be multi-homed within a month. In this case contract copies should be provided. -(*) Have a sub allocation of a /25 block from it's providers. - Agree to renumber all the assigned blocks within a period of 3 months and return all sub allocated space to its original providers. -Provide the subnetworking plans for the next 12 months, including sub-net masks and host numbers on each subnet. Use of VLSM is required. - Description of network topology. - Description of network routing plans including routing protocols to be used and any existing limitations. The minimum block to be allocated will be /24 and the maximum /21. For larger allocations existing policies should be applied. For additional allocations existing policies should be applied. REMARKS: An organization is multi-homed if it receives full-time connectivity from more than one provider, each of them independent from the other. Independent providers are those who provide connectivity independently from the other provider." For ratification information see http://lacnic.net/en/ratification.html - because the policy is so important to lacnic community LACNIC has decided for IMMEDIATE implementation of this policy starting May 19th. Its interesting how this was one of the first policies they approved since they became independent from ARIN and it took them less then year to do this. And BTW congratulations to ARIN for again becoming the only RIR that does not have general end-user micro-assignment/allocation policy! So are we going to wait for now AfriNIC recognition and only then setup microassignment policy or should we join every other RIR and (in the spirit of creating unified policies and procedures for all RIRs) actually adapt an micro-assignment policy - it has been discussed long enough by now - 10 times longer then at LACNIC for sure :) In fact at the last meeting the proposal for micro-assignment policy 2002-3 has been presented and afterwards in the vote that followed (vote = show of hands) an overwhelming majority (something like 10:1 for) have expressed their support in having ARIN adapt such a micro-assignment policy. So would everybody here like to know what happened and how Advisory Counsil reacted to the vote and to above proposal? Well, I'm going to tell you anyway... Apparently AC decided that ARIN is not ready to assign even /22 blocks to end users (we aren't like other RIRs you know ...) instead they decided to completely abandon the policy 2002-3 (!!! After almost full consensus at the meeting !!!) Instead AC proposed their own ideas, such as that the current policy where multihomed company that has utilized /22 can request /20 be modified so as to instead such a company would receive /21 and that this be considered a micro-assignment to satisify those who want ARIN to do micro-assignments. So let me summarize again - if AC proposal goes through instead of receiving /20 same qualifying companies would instead receive smaller /21 block (!!!) Consider the above situation carefully when you're voting for next AC (maybe we should just invite LACNIC back into ARIN and vote only lacnic members into AC - they sure know how to get popular proposals approved and implemented fast!). But since we cant really bring lacnic people and companies back and I do not have much faith that AC would change that much, I would ask you to consider even more the actual proposals that would be presented at the next meeting. I would not be surprised if micro-assignment proposal is back and then it would be an interesting challenge for BoT to deny a proposal supported at multiple ARIN meeting and by general public, especially since it seems by next meeting BoT would have legal way of approving a proposal even without support of AC. ---- William Leibzon (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is trying to keep you well informed about important policies announced there in the spirit of all RIRs having generally unified policies, of course) From einar.bohlin at mci.com Mon May 19 10:16:34 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Mon, 19 May 2003 10:16:34 -0400 (EDT) Subject: [ppml] Wasted netspace (recovering) (fwd) In-Reply-To: <20030519124049.GB76190@ussenterprise.ufp.org> Message-ID: > ... That is, Sprint is under no obligation to check they are > using their other address space. The circuit that comes from the provider leads to a customer network. The provider is supposed to check for utilization when assigning an initial net or additional space to that network. There are many cases where customers have multiple networks. A satellite office which is separate from the customer's other network(s) has to get its IPs from the provider. The existence and utilization of other nets doesn't count here. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET 703 886-7362 (VNET 806-7362) einar.bohlin at mci.com On Mon, 19 May 2003, Leo Bicknell wrote: > > Here's my take on this from the whois output. Occidental received > three networks "early on", OXY1-NET, OXY-2, OXY-3. I believe the > dates make them before ARIN, or at least before ARIN had some of > today's policies. > > Anyway, a couple of years later they seem to be buying some Sprint > service, with all of the FON-xxxxx blocks being Sprint SWIP's. > > This does point out a sort of loophole in the current system. If > they went back to ARIN for space they would (probably?) have to > show what they are doing with all of this mess. However, if they > go to Sprint and want a /24 for a site, they just have to justify > that /24. That is, Sprint is under no obligation to check they are > using their other address space. > > I doubt there is an easy way to solve this problem. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org > From einar.bohlin at mci.com Mon May 19 10:54:10 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Mon, 19 May 2003 10:54:10 -0400 (EDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: Message-ID: Part of me says this could be interesting to allow to happen and watch the results. But I have think about the customers. I deal with a lot of them. And the overwhelming majority of them do not mind or complain about getting nets from us, especially since those nets work just fine. The last time a customer wanted to get their own "Class C" from the registry was in 2000 or 2001. This includes multihomed customers. I think it would be awful for them to consider getting nets directly from ARIN. And it would be even worse for them to get nets and subsequently have routing problems that we'd have to explain. And then we'd probably have to renumber these guys into our nets anyway for them to get the full routing that they want and expect to get. It'd be a great disservice to endusers to lead them to ARIN to get nets that are sure to have have routing problems. Today endusers have thankfully gotten used to getting their nets from their providers. Assuming we eventually move to v6, that won't change. I'm open to change, but why change this now? To me this is a giant step backwards. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET 703 886-7362 (VNET 806-7362) einar.bohlin at mci.com On Mon, 19 May 2003 william at elan.net wrote: > From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : > > "Micro allocations IPv4 to final users: > LACNIC shall micro allocate blocks to end users who prove > -Be multi-homed organizations. It is possible to request micro > allocation to those users that are to be multi-homed within a month. In > this case contract copies should be provided. > -(*) Have a sub allocation of a /25 block from it's providers. > - Agree to renumber all the assigned blocks within a period of 3 > months and return all sub allocated space to its original providers. > -Provide the subnetworking plans for the next 12 months, including > sub-net masks and host numbers on each subnet. Use of VLSM is required. > - Description of network topology. > - Description of network routing plans including routing protocols to > be used and any existing limitations. > The minimum block to be allocated will be /24 and the maximum /21. For > larger allocations existing policies should be applied. For additional > allocations existing policies should be applied. > REMARKS: An organization is multi-homed if it receives full-time > connectivity from more than one provider, each of them independent from > the other. Independent providers are those who provide connectivity > independently from the other provider." > > For ratification information see http://lacnic.net/en/ratification.html > - because the policy is so important to lacnic community LACNIC has > decided for IMMEDIATE implementation of this policy starting May 19th. > > Its interesting how this was one of the first policies they approved since > they became independent from ARIN and it took them less then year to do this. > And BTW congratulations to ARIN for again becoming the only RIR that does > not have general end-user micro-assignment/allocation policy! > > So are we going to wait for now AfriNIC recognition and only then setup > microassignment policy or should we join every other RIR and (in the > spirit of creating unified policies and procedures for all RIRs) actually > adapt an micro-assignment policy - it has been discussed long enough by > now - 10 times longer then at LACNIC for sure :) > > In fact at the last meeting the proposal for micro-assignment policy 2002-3 > has been presented and afterwards in the vote that followed (vote = show > of hands) an overwhelming majority (something like 10:1 for) have expressed > their support in having ARIN adapt such a micro-assignment policy. > > So would everybody here like to know what happened and how Advisory Counsil > reacted to the vote and to above proposal? Well, I'm going to tell you anyway... > > Apparently AC decided that ARIN is not ready to assign even /22 blocks to > end users (we aren't like other RIRs you know ...) instead they decided to > completely abandon the policy 2002-3 (!!! After almost full consensus at > the meeting !!!) > > Instead AC proposed their own ideas, such as that the current policy where > multihomed company that has utilized /22 can request /20 be modified so as > to instead such a company would receive /21 and that this be considered a > micro-assignment to satisify those who want ARIN to do micro-assignments. > So let me summarize again - if AC proposal goes through instead of receiving > /20 same qualifying companies would instead receive smaller /21 block (!!!) > > Consider the above situation carefully when you're voting for next AC (maybe we > should just invite LACNIC back into ARIN and vote only lacnic members into AC > - they sure know how to get popular proposals approved and implemented fast!). > > But since we cant really bring lacnic people and companies back and I do not > have much faith that AC would change that much, I would ask you to consider > even more the actual proposals that would be presented at the next meeting. > I would not be surprised if micro-assignment proposal is back and then it > would be an interesting challenge for BoT to deny a proposal supported at > multiple ARIN meeting and by general public, especially since it seems by > next meeting BoT would have legal way of approving a proposal even without > support of AC. > > ---- > William Leibzon > (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is > trying to keep you well informed about important policies announced there > in the spirit of all RIRs having generally unified policies, of course) > > From william at elan.net Mon May 19 08:28:02 2003 From: william at elan.net (william at elan.net) Date: Mon, 19 May 2003 05:28:02 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: Message-ID: I did not understand the part about not getting full routing table. What difference does it make if they have their own ip block or part of yours? Do you not send your full routing table to your isp customers who have their own blocks??? As far as customers asking for them, most know they can not get ip blocks directly and don't ask about it in the first place ... In fact those who are asking about micro-assignments are the companies that also already know they can not get it and they are trying to make a point about necessity of change. If micro-assignment policy was approved it would be up to every company to decide if they want to get ip block from your company and haveto renumber in case your service to them is not satisfactory or if they want to have their own portable block. Every company would make right choice for themselve I'm sure. As far as routing problems - these are rare even now for old ip blocks so its more matter of having ISPs not filter on /20 for particular class-A which is the point I made several times before about necessity of having all mico-assignments and allocations done from very distint class-a blocks As far as ipv6, yes we need to push for it deployment faster but lets not forget about needs of current ipv4 network that everybody is using and will probably continue to use for at least next 10 years. And for ipv6 micro-assignment will happen too, but there are so many ips there that its not such a big thing there, the comparison you make is not that good I think. And for that matter we do have RIPE, APNIC all doing micro-assignments in ipv4 and they are deploying ipv6 quite a bit more then we're here in US so obviously its not a problem for them. On Mon, 19 May 2003, Einar Bohlin wrote: > Part of me says this could be interesting to allow > to happen and watch the results. But I have think > about the customers. I deal with a lot of them. And the > overwhelming majority of them do not mind or complain about > getting nets from us, especially since those nets work just > fine. The last time a customer wanted to get their own > "Class C" from the registry was in 2000 or 2001. This > includes multihomed customers. > > I think it would be awful for them to consider getting > nets directly from ARIN. And it would be even worse for > them to get nets and subsequently have routing problems that > we'd have to explain. And then we'd probably have to renumber these > guys into our nets anyway for them to get the full routing that > they want and expect to get. > > It'd be a great disservice to endusers to lead them to ARIN > to get nets that are sure to have have routing problems. > > Today endusers have thankfully gotten used to getting their > nets from their providers. Assuming we eventually move > to v6, that won't change. > > I'm open to change, but why change this now? To me this > is a giant step backwards. > > Regards, > > Einar Bohlin, IP Analyst > IP Team - Ashburn Virginia - MCI/UUNET > 703 886-7362 (VNET 806-7362) > einar.bohlin at mci.com > > > > On Mon, 19 May 2003 william at elan.net wrote: > > > From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : > > > > "Micro allocations IPv4 to final users: > > LACNIC shall micro allocate blocks to end users who prove > > -Be multi-homed organizations. It is possible to request micro > > allocation to those users that are to be multi-homed within a month. In > > this case contract copies should be provided. > > -(*) Have a sub allocation of a /25 block from it's providers. > > - Agree to renumber all the assigned blocks within a period of 3 > > months and return all sub allocated space to its original providers. > > -Provide the subnetworking plans for the next 12 months, including > > sub-net masks and host numbers on each subnet. Use of VLSM is required. > > - Description of network topology. > > - Description of network routing plans including routing protocols to > > be used and any existing limitations. > > The minimum block to be allocated will be /24 and the maximum /21. For > > larger allocations existing policies should be applied. For additional > > allocations existing policies should be applied. > > REMARKS: An organization is multi-homed if it receives full-time > > connectivity from more than one provider, each of them independent from > > the other. Independent providers are those who provide connectivity > > independently from the other provider." > > > > For ratification information see http://lacnic.net/en/ratification.html > > - because the policy is so important to lacnic community LACNIC has > > decided for IMMEDIATE implementation of this policy starting May 19th. > > > > Its interesting how this was one of the first policies they approved since > > they became independent from ARIN and it took them less then year to do this. > > And BTW congratulations to ARIN for again becoming the only RIR that does > > not have general end-user micro-assignment/allocation policy! > > > > So are we going to wait for now AfriNIC recognition and only then setup > > microassignment policy or should we join every other RIR and (in the > > spirit of creating unified policies and procedures for all RIRs) actually > > adapt an micro-assignment policy - it has been discussed long enough by > > now - 10 times longer then at LACNIC for sure :) > > > > In fact at the last meeting the proposal for micro-assignment policy 2002-3 > > has been presented and afterwards in the vote that followed (vote = show > > of hands) an overwhelming majority (something like 10:1 for) have expressed > > their support in having ARIN adapt such a micro-assignment policy. > > > > So would everybody here like to know what happened and how Advisory Counsil > > reacted to the vote and to above proposal? Well, I'm going to tell you anyway... > > > > Apparently AC decided that ARIN is not ready to assign even /22 blocks to > > end users (we aren't like other RIRs you know ...) instead they decided to > > completely abandon the policy 2002-3 (!!! After almost full consensus at > > the meeting !!!) > > > > Instead AC proposed their own ideas, such as that the current policy where > > multihomed company that has utilized /22 can request /20 be modified so as > > to instead such a company would receive /21 and that this be considered a > > micro-assignment to satisify those who want ARIN to do micro-assignments. > > So let me summarize again - if AC proposal goes through instead of receiving > > /20 same qualifying companies would instead receive smaller /21 block (!!!) > > > > Consider the above situation carefully when you're voting for next AC (maybe we > > should just invite LACNIC back into ARIN and vote only lacnic members into AC > > - they sure know how to get popular proposals approved and implemented fast!). > > > > But since we cant really bring lacnic people and companies back and I do not > > have much faith that AC would change that much, I would ask you to consider > > even more the actual proposals that would be presented at the next meeting. > > I would not be surprised if micro-assignment proposal is back and then it > > would be an interesting challenge for BoT to deny a proposal supported at > > multiple ARIN meeting and by general public, especially since it seems by > > next meeting BoT would have legal way of approving a proposal even without > > support of AC. > > > > ---- > > William Leibzon > > (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is > > trying to keep you well informed about important policies announced there > > in the spirit of all RIRs having generally unified policies, of course) > > > > From forrest at almighty.c64.org Mon May 19 12:02:44 2003 From: forrest at almighty.c64.org (Forrest) Date: Mon, 19 May 2003 11:02:44 -0500 (CDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: Message-ID: The rationale behind having a micro-allocation policy for multi-homed organizations has been discussed quite a bit on this mailing list in the past. Search through the archives for posts relating to policy 2002-7. Here are the key points that stick out in my mind in support of it. - It would reduce waste of IP addresses from people mis-using IP addresses, or just plain lying in their justification to get a /20. I've seen web hosting companies assign 50-100 IP addresses to a single webserver, even when name based virtual hosting would have worked just fine. Perhaps their customers are demanding their own IP address for their website, but I think it's more likely a ploy to show justification for a portable allocation. - If you're multihomed announcing your routes, you're already adding to the number of routes in the global table. One argument I've heard is that a micro-allocation policy will create a new swamp full of space that can't be aggregated. These routes can't be aggregated anyway, otherwise it'll basically make multihoming pointless. Suppose you've got a /24 assigned to you from AT&T's 12/8 block. If providers filter out prefixes longer than /20 then it makes your multihoming pretty pointless since they won't hear your route. Create a block of addresses specifically for micro-allocations, that everyone will accept /24 and shorter from and everyone wins. Providers can still filter out the garbage more specifics from other blocks, while still accepting the longer routes from the micro-allocation block. - It would protect the small multi-homed company from their provider going bankrupt and out of business and having to renumber, or from their provider "holding them hostage" and charging higher fees, giving poorer service, whatever, simply because they know the customer won't leave because it's a pain to renumber. Nobody is saying that all customers would have to get their allocation from the registry. It would just be nice to at least have the option to do so if you're multihomed. Forrest On Mon, 19 May 2003, Einar Bohlin wrote: > Part of me says this could be interesting to allow > to happen and watch the results. But I have think > about the customers. I deal with a lot of them. And the > overwhelming majority of them do not mind or complain about > getting nets from us, especially since those nets work just > fine. The last time a customer wanted to get their own > "Class C" from the registry was in 2000 or 2001. This > includes multihomed customers. > > I think it would be awful for them to consider getting > nets directly from ARIN. And it would be even worse for > them to get nets and subsequently have routing problems that > we'd have to explain. And then we'd probably have to renumber these > guys into our nets anyway for them to get the full routing that > they want and expect to get. > > It'd be a great disservice to endusers to lead them to ARIN > to get nets that are sure to have have routing problems. > > Today endusers have thankfully gotten used to getting their > nets from their providers. Assuming we eventually move > to v6, that won't change. > > I'm open to change, but why change this now? To me this > is a giant step backwards. > > Regards, > > Einar Bohlin, IP Analyst > IP Team - Ashburn Virginia - MCI/UUNET > 703 886-7362 (VNET 806-7362) > einar.bohlin at mci.com > > > > On Mon, 19 May 2003 william at elan.net wrote: > > > From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : > > > > "Micro allocations IPv4 to final users: > > LACNIC shall micro allocate blocks to end users who prove > > -Be multi-homed organizations. It is possible to request micro > > allocation to those users that are to be multi-homed within a month. In > > this case contract copies should be provided. > > -(*) Have a sub allocation of a /25 block from it's providers. > > - Agree to renumber all the assigned blocks within a period of 3 > > months and return all sub allocated space to its original providers. > > -Provide the subnetworking plans for the next 12 months, including > > sub-net masks and host numbers on each subnet. Use of VLSM is required. > > - Description of network topology. > > - Description of network routing plans including routing protocols to > > be used and any existing limitations. > > The minimum block to be allocated will be /24 and the maximum /21. For > > larger allocations existing policies should be applied. For additional > > allocations existing policies should be applied. > > REMARKS: An organization is multi-homed if it receives full-time > > connectivity from more than one provider, each of them independent from > > the other. Independent providers are those who provide connectivity > > independently from the other provider." > > > > For ratification information see http://lacnic.net/en/ratification.html > > - because the policy is so important to lacnic community LACNIC has > > decided for IMMEDIATE implementation of this policy starting May 19th. > > > > Its interesting how this was one of the first policies they approved since > > they became independent from ARIN and it took them less then year to do this. > > And BTW congratulations to ARIN for again becoming the only RIR that does > > not have general end-user micro-assignment/allocation policy! > > > > So are we going to wait for now AfriNIC recognition and only then setup > > microassignment policy or should we join every other RIR and (in the > > spirit of creating unified policies and procedures for all RIRs) actually > > adapt an micro-assignment policy - it has been discussed long enough by > > now - 10 times longer then at LACNIC for sure :) > > > > In fact at the last meeting the proposal for micro-assignment policy 2002-3 > > has been presented and afterwards in the vote that followed (vote = show > > of hands) an overwhelming majority (something like 10:1 for) have expressed > > their support in having ARIN adapt such a micro-assignment policy. > > > > So would everybody here like to know what happened and how Advisory Counsil > > reacted to the vote and to above proposal? Well, I'm going to tell you anyway... > > > > Apparently AC decided that ARIN is not ready to assign even /22 blocks to > > end users (we aren't like other RIRs you know ...) instead they decided to > > completely abandon the policy 2002-3 (!!! After almost full consensus at > > the meeting !!!) > > > > Instead AC proposed their own ideas, such as that the current policy where > > multihomed company that has utilized /22 can request /20 be modified so as > > to instead such a company would receive /21 and that this be considered a > > micro-assignment to satisify those who want ARIN to do micro-assignments. > > So let me summarize again - if AC proposal goes through instead of receiving > > /20 same qualifying companies would instead receive smaller /21 block (!!!) > > > > Consider the above situation carefully when you're voting for next AC (maybe we > > should just invite LACNIC back into ARIN and vote only lacnic members into AC > > - they sure know how to get popular proposals approved and implemented fast!). > > > > But since we cant really bring lacnic people and companies back and I do not > > have much faith that AC would change that much, I would ask you to consider > > even more the actual proposals that would be presented at the next meeting. > > I would not be surprised if micro-assignment proposal is back and then it > > would be an interesting challenge for BoT to deny a proposal supported at > > multiple ARIN meeting and by general public, especially since it seems by > > next meeting BoT would have legal way of approving a proposal even without > > support of AC. > > > > ---- > > William Leibzon > > (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is > > trying to keep you well informed about important policies announced there > > in the spirit of all RIRs having generally unified policies, of course) > > > > > -- Visit my Commodore 64 Website http://almighty.c64.org/ From jmcburnett at msmgmt.com Mon May 19 12:18:52 2003 From: jmcburnett at msmgmt.com (McBurnett, Jim) Date: Mon, 19 May 2003 12:18:52 -0400 Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented Message-ID: <390E55B947E7C848898AEBB9E5077060750C07@msmdcfs01.msmgmt.com> Einar, et al. Who says a customer HAS to go to ARIN for the MicroAllocation? IT WAS NEVER MANDATED.. I have a /24, and I am Multihomed. My Block came from a Larger Carrier block. It took the Carrier 2 weeks to have the Block stripped from the ACL's on their BGP filters and from the BGP filters from their providers. >-----Original Message----- >From: Einar Bohlin [mailto:einar.bohlin at mci.com] >Sent: Monday, May 19, 2003 10:54 AM >To: william at elan.net >Cc: ppml at arin.net >Subject: Re: [ppml] FYI: LACNIC micro-allocation policy approved and >implemented > > >Part of me says this could be interesting to allow >to happen and watch the results. But I have think >about the customers. I deal with a lot of them. And the >overwhelming majority of them do not mind or complain about >getting nets from us, especially since those nets work just >fine. The last time a customer wanted to get their own >"Class C" from the registry was in 2000 or 2001. This >includes multihomed customers. Of Course it has been awhile, why beat your head against the wall? > >I think it would be awful for them to consider getting >nets directly from ARIN. And it would be even worse for >them to get nets and subsequently have routing problems that >we'd have to explain. And then we'd probably have to renumber these >guys into our nets anyway for them to get the full routing that >they want and expect to get. Well, that is the risk you take. Like William said, ARIN VOTED for it and THE AC went thier own way... >It'd be a great disservice to endusers to lead them to ARIN >to get nets that are sure to have have routing problems. > >Today endusers have thankfully gotten used to getting their >nets from their providers. Assuming we eventually move >to v6, that won't change. And what about those hundreds of customers that got nets from the DOT BOMB ISPs? >I'm open to change, but why change this now? To me this >is a giant step backwards. > >Regards, > >Einar Bohlin, IP Analyst >IP Team - Ashburn Virginia - MCI/UUNET >703 886-7362 (VNET 806-7362) >einar.bohlin at mci.com HMMM MCI-- Well From my standpoint it is the Backbone providers than can prevent the /24 from being routeable due to non-annoucement because of any number of excuses... IE Route table growth... Does this mean you have $$ reasons to say no? IMHO There is some point you have to cut the strings... J > > >On Mon, 19 May 2003 william at elan.net wrote: > >> From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : >> >> "Micro allocations IPv4 to final users: >> LACNIC shall micro allocate blocks to end users who prove >> -Be multi-homed organizations. It is possible to request micro >> allocation to those users that are to be multi-homed within >a month. In >> this case contract copies should be provided. >> -(*) Have a sub allocation of a /25 block from it's providers. >> - Agree to renumber all the assigned blocks within a period of 3 >> months and return all sub allocated space to its original providers. >> -Provide the subnetworking plans for the next 12 months, including >> sub-net masks and host numbers on each subnet. Use of VLSM >is required. >> - Description of network topology. >> - Description of network routing plans including routing protocols to >> be used and any existing limitations. >> The minimum block to be allocated will be /24 and the >maximum /21. For >> larger allocations existing policies should be applied. For >additional >> allocations existing policies should be applied. >> REMARKS: An organization is multi-homed if it receives full-time >> connectivity from more than one provider, each of them >independent from >> the other. Independent providers are those who provide connectivity >> independently from the other provider." >> >> For ratification information see http://lacnic.net/en/ratification.html > - because the policy is so important to lacnic community LACNIC has > decided for IMMEDIATE implementation of this policy starting May 19th. > > Its interesting how this was one of the first policies they approved since > they became independent from ARIN and it took them less then year to do this. > And BTW congratulations to ARIN for again becoming the only RIR that does > not have general end-user micro-assignment/allocation policy! > > So are we going to wait for now AfriNIC recognition and only then setup > microassignment policy or should we join every other RIR and (in the > spirit of creating unified policies and procedures for all RIRs) actually > adapt an micro-assignment policy - it has been discussed long enough by > now - 10 times longer then at LACNIC for sure :) > > In fact at the last meeting the proposal for micro-assignment policy 2002-3 > has been presented and afterwards in the vote that followed (vote = show > of hands) an overwhelming majority (something like 10:1 for) have expressed > their support in having ARIN adapt such a micro-assignment policy. > > So would everybody here like to know what happened and how Advisory Counsil > reacted to the vote and to above proposal? Well, I'm going to tell you anyway... > > Apparently AC decided that ARIN is not ready to assign even /22 blocks to > end users (we aren't like other RIRs you know ...) instead they decided to > completely abandon the policy 2002-3 (!!! After almost full consensus at > the meeting !!!) > > Instead AC proposed their own ideas, such as that the current policy where > multihomed company that has utilized /22 can request /20 be modified so as > to instead such a company would receive /21 and that this be considered a > micro-assignment to satisify those who want ARIN to do micro-assignments. > So let me summarize again - if AC proposal goes through instead of receiving > /20 same qualifying companies would instead receive smaller /21 block (!!!) > > Consider the above situation carefully when you're voting for next AC (maybe we > should just invite LACNIC back into ARIN and vote only lacnic members into AC > - they sure know how to get popular proposals approved and implemented fast!). > > But since we cant really bring lacnic people and companies back and I do not > have much faith that AC would change that much, I would ask you to consider > even more the actual proposals that would be presented at the next meeting. > I would not be surprised if micro-assignment proposal is back and then it > would be an interesting challenge for BoT to deny a proposal supported at > multiple ARIN meeting and by general public, especially since it seems by > next meeting BoT would have legal way of approving a proposal even without > support of AC. > > ---- > William Leibzon > (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is > trying to keep you well informed about important policies announced there > in the spirit of all RIRs having generally unified policies, of course) > > From ahp at hilander.com Mon May 19 13:45:20 2003 From: ahp at hilander.com (Alec H. Peterson) Date: Mon, 19 May 2003 11:45:20 -0600 Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: <390E55B947E7C848898AEBB9E5077060750C07@msmdcfs01.msmgmt.com> References: <390E55B947E7C848898AEBB9E5077060750C07@msmdcfs01.msmgmt.com> Message-ID: <2147483647.1053344720@macleod.hilander.com> --On Monday, May 19, 2003 12:18 -0400 "McBurnett, Jim" wrote: > > Well, that is the risk you take. Like William said, ARIN VOTED for it > and THE AC went thier own way... That is a major distortion of the truth. The only straw poll taken with respect to policy proposal 2002-3 at the Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into reducing ARIN's minimum allocation size (you can verify this for yourself in the meeting minutes, ). 15-4 may be a majority in and of itself, but when you consider there were over 100 people at the meeting it hardly represents 'almost complete consensus'. Furthermore, the ARIN AC has specifically NOT abandoned the issue of reducing ARIN's minimum allocation size. In fact, the AC has established a discussion group that is actively looking into this issue, and has been tasked with forming a proposal that addresses the concerns and wishes raised by those on all sides of the issue (you may find evidence of the formation of this group in the April 8 AC meeting minutes, and a report on the progress will be in the minutes of our last meeting (5/8/2003), once they are approved). Once again, I must emphasize that the AC is a group of elected volunteers who are trying to meet the needs of ALL entities in the ARIN public policy community. We _WANT_ to help. Alec From william at elan.net Mon May 19 15:02:51 2003 From: william at elan.net (william at elan.net) Date: Mon, 19 May 2003 12:02:51 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: <2147483647.1053344720@macleod.hilander.com> Message-ID: > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > and THE AC went thier own way... > That is a major distortion of the truth. I was being heavely ironic in my original email and you're probably taking it as hard hit, but nevertheless my email did not have any "major distortions", see below > The only straw poll taken with respect to policy proposal 2002-3 at the > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into reducing > ARIN's minimum allocation size (you can verify this for yourself in the > meeting minutes, This was the only question asked after the presentation of proposal and as such people are automaticly assuming this is regarding current proposal and in fact I've asked several people present at the meeting as to when they were voting for whois aup proposal and for 2002-3 if they considered that they were voting for original proposal (with modifications as necessary) or for something else and everybody said they did in fact undertood it as continuation or finish up of work of original proposal and not something new. I did perhaps exadurate on concensus slightly but I clearly remembered that overwhelming majority of those who voted were for and per standard system if somebody does not vote, his voice is not really counted as being for or against and concensus is estimated from those who do participate, so if figures number of votes you showed is correct, we can say that 80% were for the proposal. Not sure what iis requirement for rough consensus but I believe 80-90% is somewhere close and 80% is overwhelming majority if somebody wants to put it this way. > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > reducing ARIN's minimum allocation size. In fact, the AC has established a > discussion group that is actively looking into this issue, and has been > tasked with forming a proposal that addresses the concerns and wishes > raised by those on all sides of the issue (you may find evidence of the > formation of this group in the April 8 AC meeting minutes, and a report on > the progress will be in the minutes of our last meeting (5/8/2003), once > they are approved). This is not how it was presented at the end of Memphis meeting, you actually said you're abandoning proposal and will instead work on proposal that will reduce minimum allocation size for multihomed organizations to /21 (currently /20) and afterwards I had private discussion with person from AC and he said you were going to reduce to /21 keeping /22 as being minimum justification. So my email was right on these issues and on what AC has proposed. As for discussion group, we do have system of "open discsussion" and this is not how AC operates so AC discussion group would not in my opinion be a good substitute for working group as a way to get final version of the proposal, instead if you want separate discussion of this proposal from everything else, you should establish it as open mailing list and invite people there but keeping it within AC and calling it a "discussion group" is not appropriate, you might as well just say AC wants to do it on your own not taking into the account standard procedures for establishment of working group and proposals that are done on this mailing list. And no I will not consider AC doing on its own to be a substitute for what people have assumed would be a continuation of work on original proposal. > Once again, I must emphasize that the AC is a group of elected volunteers > who are trying to meet the needs of ALL entities in the ARIN public policy > community. You can not meet needs of everybody on this particular issue, we'v had discussion on this topic before - there will always be some against it no matter what, especially from large ISPs. If you try to meet needs of everybody on every issue you will undoubtfully end up having each issue been under consideration forever as this one have been already. At some point you just have to make a choice if there is majority support on the issue or at least not a majority opposition (and no majority opposition is what ARIN usually uses as far as I can see for other policies being approved). Again going into the issues, the reduction of mimimum assignments by one bit as had been proposedby AC is not a substitute for micro-assignments, this is completely different. Micro-assignments are really blocks of /24 - /21 as had been defined by all other RIRs in their micro-assignment policies. The reason I supported /22 is that I thought if we make it too easy for very new company with no internet experience to get /24 it would backfire as there would be many who do not have good idea on how to use the space, many who get the space and then abandon it and higher potential for abuse, so I though that either we have to have some kind of a check system (like sponsorship I'v proposed - though I've to admit it probably looked way too complicated and may not be practical in its original form) or without that, we'd have to go for higher block size and I was the one who originally proposed /22 as compromise for such micro-assignment policy. But /21 is nowhere close for micro-assignments, at least for /22 with /23 minimum we do actually have companies that need space and have already shown some knowledge of using bgp and ip allocations (by utilizing 512 ips which would be checked by ARIN) that can get their own block, but /21 is not like that and this would not be supported by majority who want micro-assignments (most of these already consider /22 to be too much of a compromise). Now I was privately asked if reducing both requirement (currently /22) and qualified minimum allocation size (currently /20) by one bit would be acceptable - it would be as as it would result in /23 requirement to get /21 block. But I see no reason to assign somebody /21 block immediatly, instead it would just be better to go with original proposal 2002-3 and have /22 being assigned when /23 had been utilized. But if AC wants to propose just one-bit reduction everywhere (becoming /23 requirement when multihomed to quialify for your own block) then I would support that provided that ARIN also looks into new schedule of fees for small assignments. William From John.Sweeting at teleglobe.com Tue May 20 16:31:57 2003 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Tue, 20 May 2003 16:31:57 -0400 Subject: [ppml] Wasted netspace (recovering) (fwd) Message-ID: <1797AB680DD0D21189870090271780320EAC8680@camtmms01.Teleglobe.CA> totally agree, was in the middle of similar reply when I saw this one. Well stated, Einar. -----Original Message----- From: Einar Bohlin [mailto:einar.bohlin at mci.com] Sent: Monday, May 19, 2003 10:17 AM To: Leo Bicknell Cc: ppml at arin.net Subject: Re: [ppml] Wasted netspace (recovering) (fwd) > ... That is, Sprint is under no obligation to check they are > using their other address space. The circuit that comes from the provider leads to a customer network. The provider is supposed to check for utilization when assigning an initial net or additional space to that network. There are many cases where customers have multiple networks. A satellite office which is separate from the customer's other network(s) has to get its IPs from the provider. The existence and utilization of other nets doesn't count here. Regards, Einar Bohlin, IP Analyst IP Team - Ashburn Virginia - MCI/UUNET 703 886-7362 (VNET 806-7362) einar.bohlin at mci.com On Mon, 19 May 2003, Leo Bicknell wrote: > > Here's my take on this from the whois output. Occidental received > three networks "early on", OXY1-NET, OXY-2, OXY-3. I believe the > dates make them before ARIN, or at least before ARIN had some of > today's policies. > > Anyway, a couple of years later they seem to be buying some Sprint > service, with all of the FON-xxxxx blocks being Sprint SWIP's. > > This does point out a sort of loophole in the current system. If > they went back to ARIN for space they would (probably?) have to > show what they are doing with all of this mess. However, if they > go to Sprint and want a /24 for a site, they just have to justify > that /24. That is, Sprint is under no obligation to check they are > using their other address space. > > I doubt there is an easy way to solve this problem. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org > From John.Sweeting at teleglobe.com Tue May 20 16:31:05 2003 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Tue, 20 May 2003 16:31:05 -0400 Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented Message-ID: <1797AB680DD0D21189870090271780320EAC867F@camtmms01.Teleglobe.CA> William, I have 2 suggestions for you.....do not ever assume that you know what everyone else is assuming, I am sure you know the old saying well enough that I do not have to repeat it here. take an economics course or 2 so you can understand the differences in the economies of the world and why there are different rules and laws in different countries. I will once again challenge you to run for the AC in the upcoming election....with all the support you say you have you can definitely make a difference. Good luck. -----Original Message----- From: william at elan.net [mailto:william at elan.net] Sent: Monday, May 19, 2003 3:03 PM To: ppml at arin.net Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and implemented > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > and THE AC went thier own way... > That is a major distortion of the truth. I was being heavely ironic in my original email and you're probably taking it as hard hit, but nevertheless my email did not have any "major distortions", see below > The only straw poll taken with respect to policy proposal 2002-3 at the > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into reducing > ARIN's minimum allocation size (you can verify this for yourself in the > meeting minutes, This was the only question asked after the presentation of proposal and as such people are automaticly assuming this is regarding current proposal and in fact I've asked several people present at the meeting as to when they were voting for whois aup proposal and for 2002-3 if they considered that they were voting for original proposal (with modifications as necessary) or for something else and everybody said they did in fact undertood it as continuation or finish up of work of original proposal and not something new. I did perhaps exadurate on concensus slightly but I clearly remembered that overwhelming majority of those who voted were for and per standard system if somebody does not vote, his voice is not really counted as being for or against and concensus is estimated from those who do participate, so if figures number of votes you showed is correct, we can say that 80% were for the proposal. Not sure what iis requirement for rough consensus but I believe 80-90% is somewhere close and 80% is overwhelming majority if somebody wants to put it this way. > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > reducing ARIN's minimum allocation size. In fact, the AC has established a > discussion group that is actively looking into this issue, and has been > tasked with forming a proposal that addresses the concerns and wishes > raised by those on all sides of the issue (you may find evidence of the > formation of this group in the April 8 AC meeting minutes, and a report on > the progress will be in the minutes of our last meeting (5/8/2003), once > they are approved). This is not how it was presented at the end of Memphis meeting, you actually said you're abandoning proposal and will instead work on proposal that will reduce minimum allocation size for multihomed organizations to /21 (currently /20) and afterwards I had private discussion with person from AC and he said you were going to reduce to /21 keeping /22 as being minimum justification. So my email was right on these issues and on what AC has proposed. As for discussion group, we do have system of "open discsussion" and this is not how AC operates so AC discussion group would not in my opinion be a good substitute for working group as a way to get final version of the proposal, instead if you want separate discussion of this proposal from everything else, you should establish it as open mailing list and invite people there but keeping it within AC and calling it a "discussion group" is not appropriate, you might as well just say AC wants to do it on your own not taking into the account standard procedures for establishment of working group and proposals that are done on this mailing list. And no I will not consider AC doing on its own to be a substitute for what people have assumed would be a continuation of work on original proposal. > Once again, I must emphasize that the AC is a group of elected volunteers > who are trying to meet the needs of ALL entities in the ARIN public policy > community. You can not meet needs of everybody on this particular issue, we'v had discussion on this topic before - there will always be some against it no matter what, especially from large ISPs. If you try to meet needs of everybody on every issue you will undoubtfully end up having each issue been under consideration forever as this one have been already. At some point you just have to make a choice if there is majority support on the issue or at least not a majority opposition (and no majority opposition is what ARIN usually uses as far as I can see for other policies being approved). Again going into the issues, the reduction of mimimum assignments by one bit as had been proposedby AC is not a substitute for micro-assignments, this is completely different. Micro-assignments are really blocks of /24 - /21 as had been defined by all other RIRs in their micro-assignment policies. The reason I supported /22 is that I thought if we make it too easy for very new company with no internet experience to get /24 it would backfire as there would be many who do not have good idea on how to use the space, many who get the space and then abandon it and higher potential for abuse, so I though that either we have to have some kind of a check system (like sponsorship I'v proposed - though I've to admit it probably looked way too complicated and may not be practical in its original form) or without that, we'd have to go for higher block size and I was the one who originally proposed /22 as compromise for such micro-assignment policy. But /21 is nowhere close for micro-assignments, at least for /22 with /23 minimum we do actually have companies that need space and have already shown some knowledge of using bgp and ip allocations (by utilizing 512 ips which would be checked by ARIN) that can get their own block, but /21 is not like that and this would not be supported by majority who want micro-assignments (most of these already consider /22 to be too much of a compromise). Now I was privately asked if reducing both requirement (currently /22) and qualified minimum allocation size (currently /20) by one bit would be acceptable - it would be as as it would result in /23 requirement to get /21 block. But I see no reason to assign somebody /21 block immediatly, instead it would just be better to go with original proposal 2002-3 and have /22 being assigned when /23 had been utilized. But if AC wants to propose just one-bit reduction everywhere (becoming /23 requirement when multihomed to quialify for your own block) then I would support that provided that ARIN also looks into new schedule of fees for small assignments. William From einar.bohlin at mci.com Tue May 20 16:41:13 2003 From: einar.bohlin at mci.com (Einar Bohlin) Date: Tue, 20 May 2003 16:41:13 -0400 (EDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and implemented In-Reply-To: Message-ID: Sent this earlier to William, but forgot ppml: I didn't mean to say anything about routing tables. It's good that customers go to their providers. They've been properly trained through a lot of hard work. They don't have to learn how IPV6 is going to be assigned; think of them as being "IPV6 ready". Regarding the other registries, they have the policies, but do they make assignments under them? How's that working out? We don't have to copy them. Their policies are not obviously right just because they have them. Einar On Mon, 19 May 2003 william at elan.net wrote: > I did not understand the part about not getting full routing table. What > difference does it make if they have their own ip block or part of yours? > Do you not send your full routing table to your isp customers who have > their own blocks??? > > As far as customers asking for them, most know they can not get ip blocks > directly and don't ask about it in the first place ... In fact those who > are asking about micro-assignments are the companies that also already > know they can not get it and they are trying to make a point about > necessity of change. If micro-assignment policy was approved it would be > up to every company to decide if they want to get ip block from your > company and haveto renumber in case your service to them is not > satisfactory or if they want to have their own portable block. Every > company would make right choice for themselve I'm sure. > > As far as routing problems - these are rare even now for old ip blocks so > its more matter of having ISPs not filter on /20 for particular class-A > which is the point I made several times before about necessity of having > all mico-assignments and allocations done from very distint class-a blocks > > As far as ipv6, yes we need to push for it deployment faster but lets not > forget about needs of current ipv4 network that everybody is using and > will probably continue to use for at least next 10 years. And for ipv6 > micro-assignment will happen too, but there are so many ips there that its > not such a big thing there, the comparison you make is not that good I think. > And for that matter we do have RIPE, APNIC all doing micro-assignments in ipv4 > and they are deploying ipv6 quite a bit more then we're here in US so > obviously its not a problem for them. > > On Mon, 19 May 2003, Einar Bohlin wrote: > > > Part of me says this could be interesting to allow > > to happen and watch the results. But I have think > > about the customers. I deal with a lot of them. And the > > overwhelming majority of them do not mind or complain about > > getting nets from us, especially since those nets work just > > fine. The last time a customer wanted to get their own > > "Class C" from the registry was in 2000 or 2001. This > > includes multihomed customers. > > > > I think it would be awful for them to consider getting > > nets directly from ARIN. And it would be even worse for > > them to get nets and subsequently have routing problems that > > we'd have to explain. And then we'd probably have to renumber these > > guys into our nets anyway for them to get the full routing that > > they want and expect to get. > > > > It'd be a great disservice to endusers to lead them to ARIN > > to get nets that are sure to have have routing problems. > > > > Today endusers have thankfully gotten used to getting their > > nets from their providers. Assuming we eventually move > > to v6, that won't change. > > > > I'm open to change, but why change this now? To me this > > is a giant step backwards. > > > > Regards, > > > > Einar Bohlin, IP Analyst > > IP Team - Ashburn Virginia - MCI/UUNET > > 703 886-7362 (VNET 806-7362) > > einar.bohlin at mci.com > > > > > > > > On Mon, 19 May 2003 william at elan.net wrote: > > > > > From http://lacnic.net/Micro_Asignacion_ipv4_UF_ENG.PDF : > > > > > > "Micro allocations IPv4 to final users: > > > LACNIC shall micro allocate blocks to end users who prove > > > -Be multi-homed organizations. It is possible to request micro > > > allocation to those users that are to be multi-homed within a month. In > > > this case contract copies should be provided. > > > -(*) Have a sub allocation of a /25 block from it's providers. > > > - Agree to renumber all the assigned blocks within a period of 3 > > > months and return all sub allocated space to its original providers. > > > -Provide the subnetworking plans for the next 12 months, including > > > sub-net masks and host numbers on each subnet. Use of VLSM is required. > > > - Description of network topology. > > > - Description of network routing plans including routing protocols to > > > be used and any existing limitations. > > > The minimum block to be allocated will be /24 and the maximum /21. For > > > larger allocations existing policies should be applied. For additional > > > allocations existing policies should be applied. > > > REMARKS: An organization is multi-homed if it receives full-time > > > connectivity from more than one provider, each of them independent from > > > the other. Independent providers are those who provide connectivity > > > independently from the other provider." > > > > > > For ratification information see http://lacnic.net/en/ratification.html > > > - because the policy is so important to lacnic community LACNIC has > > > decided for IMMEDIATE implementation of this policy starting May 19th. > > > > > > Its interesting how this was one of the first policies they approved since > > > they became independent from ARIN and it took them less then year to do this. > > > And BTW congratulations to ARIN for again becoming the only RIR that does > > > not have general end-user micro-assignment/allocation policy! > > > > > > So are we going to wait for now AfriNIC recognition and only then setup > > > microassignment policy or should we join every other RIR and (in the > > > spirit of creating unified policies and procedures for all RIRs) actually > > > adapt an micro-assignment policy - it has been discussed long enough by > > > now - 10 times longer then at LACNIC for sure :) > > > > > > In fact at the last meeting the proposal for micro-assignment policy 2002-3 > > > has been presented and afterwards in the vote that followed (vote = show > > > of hands) an overwhelming majority (something like 10:1 for) have expressed > > > their support in having ARIN adapt such a micro-assignment policy. > > > > > > So would everybody here like to know what happened and how Advisory Counsil > > > reacted to the vote and to above proposal? Well, I'm going to tell you anyway... > > > > > > Apparently AC decided that ARIN is not ready to assign even /22 blocks to > > > end users (we aren't like other RIRs you know ...) instead they decided to > > > completely abandon the policy 2002-3 (!!! After almost full consensus at > > > the meeting !!!) > > > > > > Instead AC proposed their own ideas, such as that the current policy where > > > multihomed company that has utilized /22 can request /20 be modified so as > > > to instead such a company would receive /21 and that this be considered a > > > micro-assignment to satisify those who want ARIN to do micro-assignments. > > > So let me summarize again - if AC proposal goes through instead of receiving > > > /20 same qualifying companies would instead receive smaller /21 block (!!!) > > > > > > Consider the above situation carefully when you're voting for next AC (maybe we > > > should just invite LACNIC back into ARIN and vote only lacnic members into AC > > > - they sure know how to get popular proposals approved and implemented fast!). > > > > > > But since we cant really bring lacnic people and companies back and I do not > > > have much faith that AC would change that much, I would ask you to consider > > > even more the actual proposals that would be presented at the next meeting. > > > I would not be surprised if micro-assignment proposal is back and then it > > > would be an interesting challenge for BoT to deny a proposal supported at > > > multiple ARIN meeting and by general public, especially since it seems by > > > next meeting BoT would have legal way of approving a proposal even without > > > support of AC. > > > > > > ---- > > > William Leibzon > > > (yours truly ppml subsriber who is also at anuncios#lacnic.net list and is > > > trying to keep you well informed about important policies announced there > > > in the spirit of all RIRs having generally unified policies, of course) > > > > > > > > From william at elan.net Tue May 20 14:56:48 2003 From: william at elan.net (william at elan.net) Date: Tue, 20 May 2003 11:56:48 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented In-Reply-To: <1797AB680DD0D21189870090271780320EAC867F@camtmms01.Teleglobe.CA> Message-ID: > take an economics course or 2 so you can understand the differences in the > economies of the world and why there are different rules and laws in > different countries. I took economics in college, I do not remember any serious attention being paid to differences in economies of different countries, I think there would be in a specific course on that and something that is offered for business school majors and not in intro courses offered for other schools. But I'm not sure deep understanding of economics is really that important when deciding on ip policies, after all ARIN is supposed to be impartial non-profit organization and not a tool for any particular economic model (and definetly ARIN should not be viewed as being an emobodiment of heavily corporate US economy; I'd rather think of it as having roots in IETF and what John Postel was doing) > I will once again challenge you to run for the AC in the upcoming > election....with all the support you say you have you can definitely make a > difference. Good luck. That is exactly the problem. I do not believe I'd be able to do anything from within the AC as there are too many others there that do not agree and are just plain opposed to me; and I do not want to promise to do something (i.e. "make a difference") that I do not (or can not) deliver. I might reconsider about working within AC in a year depending on who it is composed of then and what it does to that time. And I also work best (including presenting my ideas and working on them) when particapting on mailing list and worst on face-face meetings and on teleconferences. Add to that, that I also do not agree on what AC is supposed to be doing, I think it is supposed to be more of advisory role on ARIN opeational issues, rather then a parliment-like body creating policies. I think, policy proposals are better off being developed in open forum like this instead of close group like AC. > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Monday, May 19, 2003 3:03 PM > To: ppml at arin.net > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > implemented > > > > > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > > and THE AC went thier own way... > > That is a major distortion of the truth. > I was being heavely ironic in my original email and you're probably taking > it as hard hit, but nevertheless my email did not have any "major > distortions", see below > > > The only straw poll taken with respect to policy proposal 2002-3 at the > > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into > reducing > > ARIN's minimum allocation size (you can verify this for yourself in the > > meeting minutes, > This was the only question asked after the presentation of proposal and as > such people are automaticly assuming this is regarding current proposal > and in fact I've asked several people present at the meeting as to when > they were voting for whois aup proposal and for 2002-3 if they considered > that they were voting for original proposal (with modifications as > necessary) > or for something else and everybody said they did in fact undertood it as > continuation or finish up of work of original proposal and not something > new. > > I did perhaps exadurate on concensus slightly but I clearly remembered > that overwhelming majority of those who voted were for and per standard > system if somebody does not vote, his voice is not really counted as being > for or against and concensus is estimated from those who do participate, so > if figures number of votes you showed is correct, we can say that 80% were > for the proposal. Not sure what iis requirement for rough consensus but I > believe 80-90% is somewhere close and 80% is overwhelming majority if > somebody wants to put it this way. > > > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > > reducing ARIN's minimum allocation size. In fact, the AC has established > a > > discussion group that is actively looking into this issue, and has been > > tasked with forming a proposal that addresses the concerns and wishes > > raised by those on all sides of the issue (you may find evidence of the > > formation of this group in the April 8 AC meeting minutes, and a report on > > > the progress will be in the minutes of our last meeting (5/8/2003), once > > they are approved). > > This is not how it was presented at the end of Memphis meeting, you actually > > said you're abandoning proposal and will instead work on proposal that will > reduce minimum allocation size for multihomed organizations to /21 > (currently > /20) and afterwards I had private discussion with person from AC and he said > you were going to reduce to /21 keeping /22 as being minimum justification. > So my email was right on these issues and on what AC has proposed. > > As for discussion group, we do have system of "open discsussion" and > this is not how AC operates so AC discussion group would not in my opinion > be a good substitute for working group as a way to get final version of the > proposal, instead if you want separate discussion of this proposal from > everything else, you should establish it as open mailing list and invite > people there but keeping it within AC and calling it a "discussion group" > is not appropriate, you might as well just say AC wants to do it on your > own not taking into the account standard procedures for establishment of > working group and proposals that are done on this mailing list. > > And no I will not consider AC doing on its own to be a substitute for what > people have assumed would be a continuation of work on original proposal. > > > Once again, I must emphasize that the AC is a group of elected volunteers > > who are trying to meet the needs of ALL entities in the ARIN public policy > > > community. > You can not meet needs of everybody on this particular issue, we'v had > discussion on this topic before - there will always be some against it no > matter what, especially from large ISPs. If you try to meet needs of > everybody on every issue you will undoubtfully end up having each issue > been under consideration forever as this one have been already. At some > point you just have to make a choice if there is majority support on the > issue or at least not a majority opposition (and no majority opposition > is what ARIN usually uses as far as I can see for other policies being > approved). > > Again going into the issues, the reduction of mimimum assignments by one > bit as had been proposedby AC is not a substitute for micro-assignments, > this is completely different. Micro-assignments are really blocks of /24 - > /21 as had been defined by all other RIRs in their micro-assignment > policies. > The reason I supported /22 is that I thought if we make it too easy for > very new company with no internet experience to get /24 it would backfire > as there would be many who do not have good idea on how to use the space, > many who get the space and then abandon it and higher potential for abuse, > so I though that either we have to have some kind of a check system (like > sponsorship I'v proposed - though I've to admit it probably looked way too > complicated and may not be practical in its original form) or without that, > we'd have to go for higher block size and I was the one who originally > proposed /22 as compromise for such micro-assignment policy. > > But /21 is nowhere close for micro-assignments, at least for /22 with /23 > minimum we do actually have companies that need space and have already shown > > some knowledge of using bgp and ip allocations (by utilizing 512 ips which > would be checked by ARIN) that can get their own block, but /21 is not > like that and this would not be supported by majority who want > micro-assignments (most of these already consider /22 to be too much of a > compromise). > > Now I was privately asked if reducing both requirement (currently /22) and > qualified minimum allocation size (currently /20) by one bit would be > acceptable - it would be as as it would result in /23 requirement to get > /21 block. But I see no reason to assign somebody /21 block immediatly, > instead it would just be better to go with original proposal 2002-3 and > have /22 being assigned when /23 had been utilized. But if AC wants to > propose just one-bit reduction everywhere (becoming /23 requirement when > multihomed to quialify for your own block) then I would support that > provided > that ARIN also looks into new schedule of fees for small assignments. > > William From John.Sweeting at teleglobe.com Tue May 20 17:42:03 2003 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Tue, 20 May 2003 17:42:03 -0400 Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented Message-ID: <1797AB680DD0D21189870090271780320EAC8682@camtmms01.Teleglobe.CA> there's your problem....ARIN does serve "corporate America", like it or not "corporate America" is ARIN's largest customer. I am not saying it is good or bad, just plain fact. -----Original Message----- From: william at elan.net [mailto:william at elan.net] Sent: Tuesday, May 20, 2003 2:57 PM To: Sweeting, John Cc: ppml at arin.net Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented > take an economics course or 2 so you can understand the differences in the > economies of the world and why there are different rules and laws in > different countries. I took economics in college, I do not remember any serious attention being paid to differences in economies of different countries, I think there would be in a specific course on that and something that is offered for business school majors and not in intro courses offered for other schools. But I'm not sure deep understanding of economics is really that important when deciding on ip policies, after all ARIN is supposed to be impartial non-profit organization and not a tool for any particular economic model (and definetly ARIN should not be viewed as being an emobodiment of heavily corporate US economy; I'd rather think of it as having roots in IETF and what John Postel was doing) > I will once again challenge you to run for the AC in the upcoming > election....with all the support you say you have you can definitely make a > difference. Good luck. That is exactly the problem. I do not believe I'd be able to do anything from within the AC as there are too many others there that do not agree and are just plain opposed to me; and I do not want to promise to do something (i.e. "make a difference") that I do not (or can not) deliver. I might reconsider about working within AC in a year depending on who it is composed of then and what it does to that time. And I also work best (including presenting my ideas and working on them) when particapting on mailing list and worst on face-face meetings and on teleconferences. Add to that, that I also do not agree on what AC is supposed to be doing, I think it is supposed to be more of advisory role on ARIN opeational issues, rather then a parliment-like body creating policies. I think, policy proposals are better off being developed in open forum like this instead of close group like AC. > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Monday, May 19, 2003 3:03 PM > To: ppml at arin.net > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > implemented > > > > > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > > and THE AC went thier own way... > > That is a major distortion of the truth. > I was being heavely ironic in my original email and you're probably taking > it as hard hit, but nevertheless my email did not have any "major > distortions", see below > > > The only straw poll taken with respect to policy proposal 2002-3 at the > > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into > reducing > > ARIN's minimum allocation size (you can verify this for yourself in the > > meeting minutes, > This was the only question asked after the presentation of proposal and as > such people are automaticly assuming this is regarding current proposal > and in fact I've asked several people present at the meeting as to when > they were voting for whois aup proposal and for 2002-3 if they considered > that they were voting for original proposal (with modifications as > necessary) > or for something else and everybody said they did in fact undertood it as > continuation or finish up of work of original proposal and not something > new. > > I did perhaps exadurate on concensus slightly but I clearly remembered > that overwhelming majority of those who voted were for and per standard > system if somebody does not vote, his voice is not really counted as being > for or against and concensus is estimated from those who do participate, so > if figures number of votes you showed is correct, we can say that 80% were > for the proposal. Not sure what iis requirement for rough consensus but I > believe 80-90% is somewhere close and 80% is overwhelming majority if > somebody wants to put it this way. > > > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > > reducing ARIN's minimum allocation size. In fact, the AC has established > a > > discussion group that is actively looking into this issue, and has been > > tasked with forming a proposal that addresses the concerns and wishes > > raised by those on all sides of the issue (you may find evidence of the > > formation of this group in the April 8 AC meeting minutes, and a report on > > > the progress will be in the minutes of our last meeting (5/8/2003), once > > they are approved). > > This is not how it was presented at the end of Memphis meeting, you actually > > said you're abandoning proposal and will instead work on proposal that will > reduce minimum allocation size for multihomed organizations to /21 > (currently > /20) and afterwards I had private discussion with person from AC and he said > you were going to reduce to /21 keeping /22 as being minimum justification. > So my email was right on these issues and on what AC has proposed. > > As for discussion group, we do have system of "open discsussion" and > this is not how AC operates so AC discussion group would not in my opinion > be a good substitute for working group as a way to get final version of the > proposal, instead if you want separate discussion of this proposal from > everything else, you should establish it as open mailing list and invite > people there but keeping it within AC and calling it a "discussion group" > is not appropriate, you might as well just say AC wants to do it on your > own not taking into the account standard procedures for establishment of > working group and proposals that are done on this mailing list. > > And no I will not consider AC doing on its own to be a substitute for what > people have assumed would be a continuation of work on original proposal. > > > Once again, I must emphasize that the AC is a group of elected volunteers > > who are trying to meet the needs of ALL entities in the ARIN public policy > > > community. > You can not meet needs of everybody on this particular issue, we'v had > discussion on this topic before - there will always be some against it no > matter what, especially from large ISPs. If you try to meet needs of > everybody on every issue you will undoubtfully end up having each issue > been under consideration forever as this one have been already. At some > point you just have to make a choice if there is majority support on the > issue or at least not a majority opposition (and no majority opposition > is what ARIN usually uses as far as I can see for other policies being > approved). > > Again going into the issues, the reduction of mimimum assignments by one > bit as had been proposedby AC is not a substitute for micro-assignments, > this is completely different. Micro-assignments are really blocks of /24 - > /21 as had been defined by all other RIRs in their micro-assignment > policies. > The reason I supported /22 is that I thought if we make it too easy for > very new company with no internet experience to get /24 it would backfire > as there would be many who do not have good idea on how to use the space, > many who get the space and then abandon it and higher potential for abuse, > so I though that either we have to have some kind of a check system (like > sponsorship I'v proposed - though I've to admit it probably looked way too > complicated and may not be practical in its original form) or without that, > we'd have to go for higher block size and I was the one who originally > proposed /22 as compromise for such micro-assignment policy. > > But /21 is nowhere close for micro-assignments, at least for /22 with /23 > minimum we do actually have companies that need space and have already shown > > some knowledge of using bgp and ip allocations (by utilizing 512 ips which > would be checked by ARIN) that can get their own block, but /21 is not > like that and this would not be supported by majority who want > micro-assignments (most of these already consider /22 to be too much of a > compromise). > > Now I was privately asked if reducing both requirement (currently /22) and > qualified minimum allocation size (currently /20) by one bit would be > acceptable - it would be as as it would result in /23 requirement to get > /21 block. But I see no reason to assign somebody /21 block immediatly, > instead it would just be better to go with original proposal 2002-3 and > have /22 being assigned when /23 had been utilized. But if AC wants to > propose just one-bit reduction everywhere (becoming /23 requirement when > multihomed to quialify for your own block) then I would support that > provided > that ARIN also looks into new schedule of fees for small assignments. > > William From bmanning at karoshi.com Tue May 20 17:52:23 2003 From: bmanning at karoshi.com (bmanning at karoshi.com) Date: Tue, 20 May 2003 14:52:23 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple In-Reply-To: from "william@elan.net" at May 20, 2003 11:56:48 AM Message-ID: <200305202152.h4KLqN724284@karoshi.com> > But I'm not sure deep understanding of economics is really that important > when deciding on ip policies, after all ARIN is supposed to be impartial > non-profit organization and not a tool for any particular economic model > (and definetly ARIN should not be viewed as being an emobodiment of > heavily corporate US economy; I'd rather think of it as having roots > in IETF and what John Postel was doing) > > William Er, just to point out that an "impartial non-profit" organization -IS- a very specific and particular economic model. The roots do exist in the structures and entities you describe. Learning from the past and making sensable choices for the future is what we, as a community, are charged with. --bill From william at elan.net Tue May 20 15:26:13 2003 From: william at elan.net (william at elan.net) Date: Tue, 20 May 2003 12:26:13 -0700 (PDT) Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented In-Reply-To: <1797AB680DD0D21189870090271780320EAC8682@camtmms01.Teleglobe.CA> Message-ID: "Corporate America" or at least what I see that as (i.e. large companies in control of the industry and politics) are in fact NOT arin's majority membership or its main source of income - i.e. they are not ARIN's largest customer. By ARIN's own data, 80% of its income comes from small ISPs (with /19 or /20 blocks - sad, but I can't even be counted these 80%). And with IPv6 this will become even more clear as every network would be almost "equal" as far its ip allocation from ARIN and should be treated as such by ARIN and its policies. On Tue, 20 May 2003, Sweeting, John wrote: > there's your problem....ARIN does serve "corporate America", like it or not > "corporate America" is ARIN's largest customer. I am not saying it is good > or bad, just plain fact. > > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Tuesday, May 20, 2003 2:57 PM > To: Sweeting, John > Cc: ppml at arin.net > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > imple mented > > > > take an economics course or 2 so you can understand the differences in the > > economies of the world and why there are different rules and laws in > > different countries. > I took economics in college, I do not remember any serious attention being > paid to differences in economies of different countries, I think there > would be in a specific course on that and something that is offered for > business school majors and not in intro courses offered for other schools. > > But I'm not sure deep understanding of economics is really that important > when deciding on ip policies, after all ARIN is supposed to be impartial > non-profit organization and not a tool for any particular economic model > (and definetly ARIN should not be viewed as being an emobodiment of > heavily corporate US economy; I'd rather think of it as having roots > in IETF and what John Postel was doing) > > > I will once again challenge you to run for the AC in the upcoming > > election....with all the support you say you have you can definitely make > a > > difference. Good luck. > That is exactly the problem. I do not believe I'd be able to do anything > from within the AC as there are too many others there that do not agree > and are just plain opposed to me; and I do not want to promise to do > something (i.e. "make a difference") that I do not (or can not) deliver. > I might reconsider about working within AC in a year depending on who it > is composed of then and what it does to that time. > > And I also work best (including presenting my ideas and working on > them) when particapting on mailing list and worst on face-face meetings > and on teleconferences. > > Add to that, that I also do not agree on what AC is supposed to be > doing, I think it is supposed to be more of advisory role on ARIN > opeational issues, rather then a parliment-like body creating policies. > I think, policy proposals are better off being developed in open forum > like this instead of close group like AC. > > > > -----Original Message----- > > From: william at elan.net [mailto:william at elan.net] > > Sent: Monday, May 19, 2003 3:03 PM > > To: ppml at arin.net > > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > > implemented > > > > > > > > > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > > > and THE AC went thier own way... > > > That is a major distortion of the truth. > > I was being heavely ironic in my original email and you're probably taking > > it as hard hit, but nevertheless my email did not have any "major > > distortions", see below > > > > > The only straw poll taken with respect to policy proposal 2002-3 at the > > > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into > > reducing > > > ARIN's minimum allocation size (you can verify this for yourself in the > > > meeting minutes, > > This was the only question asked after the presentation of proposal and as > > > such people are automaticly assuming this is regarding current proposal > > and in fact I've asked several people present at the meeting as to when > > they were voting for whois aup proposal and for 2002-3 if they considered > > that they were voting for original proposal (with modifications as > > necessary) > > or for something else and everybody said they did in fact undertood it as > > continuation or finish up of work of original proposal and not something > > new. > > > > I did perhaps exadurate on concensus slightly but I clearly remembered > > that overwhelming majority of those who voted were for and per standard > > system if somebody does not vote, his voice is not really counted as being > > for or against and concensus is estimated from those who do participate, > so > > if figures number of votes you showed is correct, we can say that 80% were > > > for the proposal. Not sure what iis requirement for rough consensus but I > > believe 80-90% is somewhere close and 80% is overwhelming majority if > > somebody wants to put it this way. > > > > > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > > > reducing ARIN's minimum allocation size. In fact, the AC has > established > > a > > > discussion group that is actively looking into this issue, and has been > > > tasked with forming a proposal that addresses the concerns and wishes > > > raised by those on all sides of the issue (you may find evidence of the > > > formation of this group in the April 8 AC meeting minutes, and a report > on > > > > > the progress will be in the minutes of our last meeting (5/8/2003), once > > > > they are approved). > > > > This is not how it was presented at the end of Memphis meeting, you > actually > > > > said you're abandoning proposal and will instead work on proposal that > will > > reduce minimum allocation size for multihomed organizations to /21 > > (currently > > /20) and afterwards I had private discussion with person from AC and he > said > > you were going to reduce to /21 keeping /22 as being minimum > justification. > > So my email was right on these issues and on what AC has proposed. > > > > As for discussion group, we do have system of "open discsussion" and > > this is not how AC operates so AC discussion group would not in my opinion > > > be a good substitute for working group as a way to get final version of > the > > proposal, instead if you want separate discussion of this proposal from > > everything else, you should establish it as open mailing list and invite > > people there but keeping it within AC and calling it a "discussion group" > > is not appropriate, you might as well just say AC wants to do it on your > > own not taking into the account standard procedures for establishment of > > working group and proposals that are done on this mailing list. > > > > And no I will not consider AC doing on its own to be a substitute for what > > > people have assumed would be a continuation of work on original proposal. > > > > > Once again, I must emphasize that the AC is a group of elected > volunteers > > > who are trying to meet the needs of ALL entities in the ARIN public > policy > > > > > community. > > You can not meet needs of everybody on this particular issue, we'v had > > discussion on this topic before - there will always be some against it no > > matter what, especially from large ISPs. If you try to meet needs of > > everybody on every issue you will undoubtfully end up having each issue > > been under consideration forever as this one have been already. At some > > point you just have to make a choice if there is majority support on the > > issue or at least not a majority opposition (and no majority opposition > > is what ARIN usually uses as far as I can see for other policies being > > approved). > > > > Again going into the issues, the reduction of mimimum assignments by one > > bit as had been proposedby AC is not a substitute for micro-assignments, > > this is completely different. Micro-assignments are really blocks of /24 - > > > /21 as had been defined by all other RIRs in their micro-assignment > > policies. > > The reason I supported /22 is that I thought if we make it too easy for > > very new company with no internet experience to get /24 it would backfire > > as there would be many who do not have good idea on how to use the space, > > many who get the space and then abandon it and higher potential for abuse, > > so I though that either we have to have some kind of a check system (like > > sponsorship I'v proposed - though I've to admit it probably looked way too > > > complicated and may not be practical in its original form) or without > that, > > we'd have to go for higher block size and I was the one who originally > > proposed /22 as compromise for such micro-assignment policy. > > > > But /21 is nowhere close for micro-assignments, at least for /22 with /23 > > minimum we do actually have companies that need space and have already > shown > > > > some knowledge of using bgp and ip allocations (by utilizing 512 ips which > > > would be checked by ARIN) that can get their own block, but /21 is not > > like that and this would not be supported by majority who want > > micro-assignments (most of these already consider /22 to be too much of a > > compromise). > > > > Now I was privately asked if reducing both requirement (currently /22) and > > > qualified minimum allocation size (currently /20) by one bit would be > > acceptable - it would be as as it would result in /23 requirement to get > > /21 block. But I see no reason to assign somebody /21 block immediatly, > > instead it would just be better to go with original proposal 2002-3 and > > have /22 being assigned when /23 had been utilized. But if AC wants to > > propose just one-bit reduction everywhere (becoming /23 requirement when > > multihomed to quialify for your own block) then I would support that > > provided > > that ARIN also looks into new schedule of fees for small assignments. > > > > William From John.Sweeting at teleglobe.com Tue May 20 18:21:46 2003 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Tue, 20 May 2003 18:21:46 -0400 Subject: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented Message-ID: <1797AB680DD0D21189870090271780320EAC8684@camtmms01.Teleglobe.CA> not that I really feel like arguing with you, William, but every Mom & Pop grocery, diner, laundry and, yes, ISP are part of "corporate America"....just ask them. Notice I use a small c for corporate. See proof below: Elan Telecom Corporation 1887 O'Toole Ave Suite 209 San Jose, CA 95131 US There is one way to convince everyone that you have the widespread support that you claim to have and that is to run for a seat on the AC or even better yet the BoT. If you actually think that everyone on the AC has the same opinion and outlook about proposed policies then you need to run. I plan on nominating you in the fall unless you specifically ask me not to. -----Original Message----- From: william at elan.net [mailto:william at elan.net] Sent: Tuesday, May 20, 2003 3:26 PM To: Sweeting, John Cc: ppml at arin.net Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and imple mented "Corporate America" or at least what I see that as (i.e. large companies in control of the industry and politics) are in fact NOT arin's majority membership or its main source of income - i.e. they are not ARIN's largest customer. By ARIN's own data, 80% of its income comes from small ISPs (with /19 or /20 blocks - sad, but I can't even be counted these 80%). And with IPv6 this will become even more clear as every network would be almost "equal" as far its ip allocation from ARIN and should be treated as such by ARIN and its policies. On Tue, 20 May 2003, Sweeting, John wrote: > there's your problem....ARIN does serve "corporate America", like it or not > "corporate America" is ARIN's largest customer. I am not saying it is good > or bad, just plain fact. > > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Tuesday, May 20, 2003 2:57 PM > To: Sweeting, John > Cc: ppml at arin.net > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > imple mented > > > > take an economics course or 2 so you can understand the differences in the > > economies of the world and why there are different rules and laws in > > different countries. > I took economics in college, I do not remember any serious attention being > paid to differences in economies of different countries, I think there > would be in a specific course on that and something that is offered for > business school majors and not in intro courses offered for other schools. > > But I'm not sure deep understanding of economics is really that important > when deciding on ip policies, after all ARIN is supposed to be impartial > non-profit organization and not a tool for any particular economic model > (and definetly ARIN should not be viewed as being an emobodiment of > heavily corporate US economy; I'd rather think of it as having roots > in IETF and what John Postel was doing) > > > I will once again challenge you to run for the AC in the upcoming > > election....with all the support you say you have you can definitely make > a > > difference. Good luck. > That is exactly the problem. I do not believe I'd be able to do anything > from within the AC as there are too many others there that do not agree > and are just plain opposed to me; and I do not want to promise to do > something (i.e. "make a difference") that I do not (or can not) deliver. > I might reconsider about working within AC in a year depending on who it > is composed of then and what it does to that time. > > And I also work best (including presenting my ideas and working on > them) when particapting on mailing list and worst on face-face meetings > and on teleconferences. > > Add to that, that I also do not agree on what AC is supposed to be > doing, I think it is supposed to be more of advisory role on ARIN > opeational issues, rather then a parliment-like body creating policies. > I think, policy proposals are better off being developed in open forum > like this instead of close group like AC. > > > > -----Original Message----- > > From: william at elan.net [mailto:william at elan.net] > > Sent: Monday, May 19, 2003 3:03 PM > > To: ppml at arin.net > > Subject: RE: [ppml] FYI: LACNIC micro-allocation policy approved and > > implemented > > > > > > > > > > > > Well, that is the risk you take. Like William said, ARIN VOTED for it > > > > and THE AC went thier own way... > > > That is a major distortion of the truth. > > I was being heavely ironic in my original email and you're probably taking > > it as hard hit, but nevertheless my email did not have any "major > > distortions", see below > > > > > The only straw poll taken with respect to policy proposal 2002-3 at the > > > Memphis ARIN meeting was 15-4 in favor of the ARIN AC looking into > > reducing > > > ARIN's minimum allocation size (you can verify this for yourself in the > > > meeting minutes, > > This was the only question asked after the presentation of proposal and as > > > such people are automaticly assuming this is regarding current proposal > > and in fact I've asked several people present at the meeting as to when > > they were voting for whois aup proposal and for 2002-3 if they considered > > that they were voting for original proposal (with modifications as > > necessary) > > or for something else and everybody said they did in fact undertood it as > > continuation or finish up of work of original proposal and not something > > new. > > > > I did perhaps exadurate on concensus slightly but I clearly remembered > > that overwhelming majority of those who voted were for and per standard > > system if somebody does not vote, his voice is not really counted as being > > for or against and concensus is estimated from those who do participate, > so > > if figures number of votes you showed is correct, we can say that 80% were > > > for the proposal. Not sure what iis requirement for rough consensus but I > > believe 80-90% is somewhere close and 80% is overwhelming majority if > > somebody wants to put it this way. > > > > > Furthermore, the ARIN AC has specifically NOT abandoned the issue of > > > reducing ARIN's minimum allocation size. In fact, the AC has > established > > a > > > discussion group that is actively looking into this issue, and has been > > > tasked with forming a proposal that addresses the concerns and wishes > > > raised by those on all sides of the issue (you may find evidence of the > > > formation of this group in the April 8 AC meeting minutes, and a report > on > > > > > the progress will be in the minutes of our last meeting (5/8/2003), once > > > > they are approved). > > > > This is not how it was presented at the end of Memphis meeting, you > actually > > > > said you're abandoning proposal and will instead work on proposal that > will > > reduce minimum allocation size for multihomed organizations to /21 > > (currently > > /20) and afterwards I had private discussion with person from AC and he > said > > you were going to reduce to /21 keeping /22 as being minimum > justification. > > So my email was right on these issues and on what AC has proposed. > > > > As for discussion group, we do have system of "open discsussion" and > > this is not how AC operates so AC discussion group would not in my opinion > > > be a good substitute for working group as a way to get final version of > the > > proposal, instead if you want separate discussion of this proposal from > > everything else, you should establish it as open mailing list and invite > > people there but keeping it within AC and calling it a "discussion group" > > is not appropriate, you might as well just say AC wants to do it on your > > own not taking into the account standard procedures for establishment of > > working group and proposals that are done on this mailing list. > > > > And no I will not consider AC doing on its own to be a substitute for what > > > people have assumed would be a continuation of work on original proposal. > > > > > Once again, I must emphasize that the AC is a group of elected > volunteers > > > who are trying to meet the needs of ALL entities in the ARIN public > policy > > > > > community. > > You can not meet needs of everybody on this particular issue, we'v had > > discussion on this topic before - there will always be some against it no > > matter what, especially from large ISPs. If you try to meet needs of > > everybody on every issue you will undoubtfully end up having each issue > > been under consideration forever as this one have been already. At some > > point you just have to make a choice if there is majority support on the > > issue or at least not a majority opposition (and no majority opposition > > is what ARIN usually uses as far as I can see for other policies being > > approved). > > > > Again going into the issues, the reduction of mimimum assignments by one > > bit as had been proposedby AC is not a substitute for micro-assignments, > > this is completely different. Micro-assignments are really blocks of /24 - > > > /21 as had been defined by all other RIRs in their micro-assignment > > policies. > > The reason I supported /22 is that I thought if we make it too easy for > > very new company with no internet experience to get /24 it would backfire > > as there would be many who do not have good idea on how to use the space, > > many who get the space and then abandon it and higher potential for abuse, > > so I though that either we have to have some kind of a check system (like > > sponsorship I'v proposed - though I've to admit it probably looked way too > > > complicated and may not be practical in its original form) or without > that, > > we'd have to go for higher block size and I was the one who originally > > proposed /22 as compromise for such micro-assignment policy. > > > > But /21 is nowhere close for micro-assignments, at least for /22 with /23 > > minimum we do actually have companies that need space and have already > shown > > > > some knowledge of using bgp and ip allocations (by utilizing 512 ips which > > > would be checked by ARIN) that can get their own block, but /21 is not > > like that and this would not be supported by majority who want > > micro-assignments (most of these already consider /22 to be too much of a > > compromise). > > > > Now I was privately asked if reducing both requirement (currently /22) and > > > qualified minimum allocation size (currently /20) by one bit would be > > acceptable - it would be as as it would result in /23 requirement to get > > /21 block. But I see no reason to assign somebody /21 block immediatly, > > instead it would just be better to go with original proposal 2002-3 and > > have /22 being assigned when /23 had been utilized. But if AC wants to > > propose just one-bit reduction everywhere (becoming /23 requirement when > > multihomed to quialify for your own block) then I would support that > > provided > > that ARIN also looks into new schedule of fees for small assignments. > > > > William From ibaker at codecutters.org Wed May 21 05:19:06 2003 From: ibaker at codecutters.org (Ian Baker) Date: Wed, 21 May 2003 10:19:06 +0100 Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? Message-ID: <055d01c31f7a$0b346480$642fa8c0@codecutters.org> Hi, After some e-mail conversation with Mike at the ARIN helpdesk, I am thinking about putting-forward a proposal concerning access to bulk WHOIS data. However, being a newbie at this, I thought it better to open-up discussions /before/ submitting such a proposal. If this is the wrong way of doing things, or has already been rejected in the past (couldn?t see anything obvious in the archives) then please just let me know.. Basically, I have written an IP to country/continent translator. It is initially being used to provide a geographical visitor profile to my web site, and as a filter mechanism of the anti-spam e-mail server that is currently awaiting release. RIPE an APNIC data is processed using the bulk databases, taking around 3 minutes, whereas the ARIN portion means sitting on the WHOIS throttling limit for a continuous 2 to 7 days. The reason being, I?m a private individual. Apparently the rules are such that bulk WHOIS data is only available to corporations, and not individuals. I can understand the reasoning behind such a rule ? an individual spammer/cracker would be pretty difficult to track-down in the event of an abuse of access ? but I?m not convinced that this should be an /absolute/ rule. My reasoning is thus: 1. The rule does not make a distinction between ?white-hat? and ?black-hat? activity ? a corporation that later goes on to, or is acquired by an organization that, employs undesirable practices (e.g. spamming) may be permitted access, while a private individual is not. 2. Much of the data is publicly available, if one is willing to wait long enough 3. The data provided by a general WHOIS search is less accurate, as ? from a sample of the run thus far ? large blocks are allocated to individual organizations with no real way of determining whether smaller blocks have been sub-allocated to different organizations and countries. Which greatly reduces the accuracy of the data sampled. 4. The majority of spamming data would appear to originate from trawls of Usenet, the Web, and SMTP servers. 5. Depending upon what checks are made, there may be nothing to stop an individual from falsely claiming to represent an organization (e.g. Chief Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in place - simply using their employer?s name without their knowledge). This allows the possibility of "black-hat" individuals gaining access to the data, while still inhibiting access by those of a more honest nature. My conclusion is therefore that the ban on private access does not particularly aid the development of the Internet as a whole, while it most definitely inhibits certain aspects. My proposal is, therefore, to remove the ban on private individuals having access to bulk WHOIS data and decide the issue purely on merit. Now ? what have I missed? ;o) Regards, Ian Baker Webmaster, codecutters.org & EMEA Support Manager, OpenConnect Systems Ltd. From william at elan.net Wed May 21 03:07:28 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 00:07:28 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <055d01c31f7a$0b346480$642fa8c0@codecutters.org> Message-ID: I have been advocating direct access to bulk whois for a while and I also represent company (or rather non-profit public-service project by the company) that would really benefit from being able current whois data at least once/day plus to that I'm begging a work on real-time specific bogons list based of ip space not present in whois (first part of this project will involve only old internic blocks, but then I'd like to move to all blocks where arin is making current registrations as well). A already made one proposal for last meeting: http://www.arin.net/policy/2003_9.html and newer version of this that will most likely go to next meeting is at http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm If this does not meat your needs for access to bulk whois, I would very much like to hear from you as well as about any other comments people have regarding the proposal and its text. I'll incorporate all good suggestions to come up with acceptable proposal text by next meeting. On Wed, 21 May 2003, Ian Baker wrote: > Hi, > After some e-mail conversation with Mike at the ARIN helpdesk, I am > thinking about putting-forward a proposal concerning access to bulk WHOIS > data. > > However, being a newbie at this, I thought it better to open-up discussions > /before/ submitting such a proposal. If this is the wrong way of doing > things, or has already been rejected in the past (couldn?t see anything > obvious in the archives) then please just let me know.. > > Basically, I have written an IP to country/continent translator. It is > initially being used to provide a geographical visitor profile to my web > site, and as a filter mechanism of the anti-spam e-mail server that is > currently awaiting release. > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > limit for a continuous 2 to 7 days. The reason being, I?m a private > individual. > > Apparently the rules are such that bulk WHOIS data is only available to > corporations, and not individuals. > > I can understand the reasoning behind such a rule ? an individual > spammer/cracker would be pretty difficult to track-down in the event of an > abuse of access ? but I?m not convinced that this should be an /absolute/ > rule. My reasoning is thus: > > 1. The rule does not make a distinction between ?white-hat? and ?black-hat? > activity ? a corporation that later goes on to, or is acquired by an > organization that, employs undesirable practices (e.g. spamming) may be > permitted access, while a private individual is not. > > 2. Much of the data is publicly available, if one is willing to wait long > enough > > 3. The data provided by a general WHOIS search is less accurate, as ? from a > sample of the run thus far ? large blocks are allocated to individual > organizations with no real way of determining whether smaller blocks have > been sub-allocated to different organizations and countries. Which greatly > reduces the accuracy of the data sampled. > > 4. The majority of spamming data would appear to originate from trawls of > Usenet, the Web, and SMTP servers. > > 5. Depending upon what checks are made, there may be nothing to stop an > individual from falsely claiming to represent an organization (e.g. Chief > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in place - > simply using their employer?s name without their knowledge). This allows the > possibility of "black-hat" individuals gaining access to the data, while > still inhibiting access by those of a more honest nature. > > My conclusion is therefore that the ban on private access does not > particularly aid the development of the Internet as a whole, while it most > definitely inhibits certain aspects. > > My proposal is, therefore, to remove the ban on private individuals having > access to bulk WHOIS data and decide the issue purely on merit. > > Now ? what have I missed? ;o) > > Regards, > > Ian Baker > Webmaster, codecutters.org & > EMEA Support Manager, OpenConnect Systems Ltd. > -- William Leibzon Elan Communications Inc. Office & Support: 408-519-6243 Sales: 877-ELAN-NET or 650-333-7658 From ibaker at codecutters.org Wed May 21 06:08:48 2003 From: ibaker at codecutters.org (Ian Baker) Date: Wed, 21 May 2003 11:08:48 +0100 Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? References: Message-ID: <05a801c31f80$fc479350$642fa8c0@codecutters.org> William, Yep - that matches exactly what I'm asking for. Any idea on how long this sort of procedure takes? I assume that I'd have to reapply in writing, after the rejection of the first request? (As I said - I'm a newbie here ;o) Personally, I'm only looking at something like a monthly or tri-monthly update - it's the accuracy that I'm really worried about, as the granularity on a general search doesn't appear to be too hot. I'll only know for sure when comparing with the old method (based on the principle used by GeoIP, which uses the two most significant bytes of an IPv4 address and is hideously inaccurate for RIPE addresses) Regards, Ian ----- Original Message ----- From: To: "Ian Baker" Cc: Sent: Wednesday, May 21, 2003 8:07 AM Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? I have been advocating direct access to bulk whois for a while and I also represent company (or rather non-profit public-service project by the company) that would really benefit from being able current whois data at least once/day plus to that I'm begging a work on real-time specific bogons list based of ip space not present in whois (first part of this project will involve only old internic blocks, but then I'd like to move to all blocks where arin is making current registrations as well). A already made one proposal for last meeting: http://www.arin.net/policy/2003_9.html and newer version of this that will most likely go to next meeting is at http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm If this does not meat your needs for access to bulk whois, I would very much like to hear from you as well as about any other comments people have regarding the proposal and its text. I'll incorporate all good suggestions to come up with acceptable proposal text by next meeting. On Wed, 21 May 2003, Ian Baker wrote: > Hi, > After some e-mail conversation with Mike at the ARIN helpdesk, I am > thinking about putting-forward a proposal concerning access to bulk WHOIS > data. > > However, being a newbie at this, I thought it better to open-up discussions > /before/ submitting such a proposal. If this is the wrong way of doing > things, or has already been rejected in the past (couldn't see anything > obvious in the archives) then please just let me know.. > > Basically, I have written an IP to country/continent translator. It is > initially being used to provide a geographical visitor profile to my web > site, and as a filter mechanism of the anti-spam e-mail server that is > currently awaiting release. > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > limit for a continuous 2 to 7 days. The reason being, I'm a private > individual. > > Apparently the rules are such that bulk WHOIS data is only available to > corporations, and not individuals. > > I can understand the reasoning behind such a rule - an individual > spammer/cracker would be pretty difficult to track-down in the event of an > abuse of access - but I'm not convinced that this should be an /absolute/ > rule. My reasoning is thus: > > 1. The rule does not make a distinction between "white-hat" and "black-hat" > activity - a corporation that later goes on to, or is acquired by an > organization that, employs undesirable practices (e.g. spamming) may be > permitted access, while a private individual is not. > > 2. Much of the data is publicly available, if one is willing to wait long > enough > > 3. The data provided by a general WHOIS search is less accurate, as - from a > sample of the run thus far - large blocks are allocated to individual > organizations with no real way of determining whether smaller blocks have > been sub-allocated to different organizations and countries. Which greatly > reduces the accuracy of the data sampled. > > 4. The majority of spamming data would appear to originate from trawls of > Usenet, the Web, and SMTP servers. > > 5. Depending upon what checks are made, there may be nothing to stop an > individual from falsely claiming to represent an organization (e.g. Chief > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in place - > simply using their employer's name without their knowledge). This allows the > possibility of "black-hat" individuals gaining access to the data, while > still inhibiting access by those of a more honest nature. > > My conclusion is therefore that the ban on private access does not > particularly aid the development of the Internet as a whole, while it most > definitely inhibits certain aspects. > > My proposal is, therefore, to remove the ban on private individuals having > access to bulk WHOIS data and decide the issue purely on merit. > > Now - what have I missed? ;o) > > Regards, > > Ian Baker > Webmaster, codecutters.org & > EMEA Support Manager, OpenConnect Systems Ltd. > -- William Leibzon Elan Communications Inc. Office & Support: 408-519-6243 Sales: 877-ELAN-NET or 650-333-7658 From william at elan.net Wed May 21 03:24:43 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 00:24:43 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? (fwd) Message-ID: Reposting my answer with less errors made (when I type way too fast I make lots of errors, sorry). ---- I have been advocating direct access to bulk whois for a while and I also represent company (or rather non-profit public-service project by the company) that would really benefit from being able to get current whois data at least once per day. Plus to that I'm beginning a work on real-time more specific bogons list based on whois data (i.e if ip space is present in whois or not) - first part of this project will involve only old internic blocks and I hope to have it ready by end of June, but then I'd like to move to all blocks where arin is making current registrations as well and this will require being able to get bulk whois data daily. A already made one proposal for last meeting: http://www.arin.net/policy/2003_9.html And new version of this proposal that will most go to next meeting is at: http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm If the latest version does not meet your needs for access to bulk whois, I would very much like to hear about that as well as about any other comments people have regarding the proposal and its text. I'll incorporate all good suggestions to come up with acceptable proposal text by next meeting. On Wed, 21 May 2003, Ian Baker wrote: > Hi, > After some e-mail conversation with Mike at the ARIN helpdesk, I am > thinking about putting-forward a proposal concerning access to bulk WHOIS > data. > > However, being a newbie at this, I thought it better to open-up discussions > /before/ submitting such a proposal. If this is the wrong way of doing > things, or has already been rejected in the past (couldn?t see anything > obvious in the archives) then please just let me know.. > > Basically, I have written an IP to country/continent translator. It is > initially being used to provide a geographical visitor profile to my web > site, and as a filter mechanism of the anti-spam e-mail server that is > currently awaiting release. > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > limit for a continuous 2 to 7 days. The reason being, I?m a private > individual. > > Apparently the rules are such that bulk WHOIS data is only available to > corporations, and not individuals. > > I can understand the reasoning behind such a rule ? an individual > spammer/cracker would be pretty difficult to track-down in the event of an > abuse of access ? but I?m not convinced that this should be an /absolute/ > rule. My reasoning is thus: > > 1. The rule does not make a distinction between ?white-hat? and ?black-hat? > activity ? a corporation that later goes on to, or is acquired by an > organization that, employs undesirable practices (e.g. spamming) may be > permitted access, while a private individual is not. > > 2. Much of the data is publicly available, if one is willing to wait long > enough > > 3. The data provided by a general WHOIS search is less accurate, as ? from a > sample of the run thus far ? large blocks are allocated to individual > organizations with no real way of determining whether smaller blocks have > been sub-allocated to different organizations and countries. Which greatly > reduces the accuracy of the data sampled. > > 4. The majority of spamming data would appear to originate from trawls of > Usenet, the Web, and SMTP servers. > > 5. Depending upon what checks are made, there may be nothing to stop an > individual from falsely claiming to represent an organization (e.g. Chief > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in place - > simply using their employer?s name without their knowledge). This allows the > possibility of "black-hat" individuals gaining access to the data, while > still inhibiting access by those of a more honest nature. > > My conclusion is therefore that the ban on private access does not > particularly aid the development of the Internet as a whole, while it most > definitely inhibits certain aspects. > > My proposal is, therefore, to remove the ban on private individuals having > access to bulk WHOIS data and decide the issue purely on merit. > > Now ? what have I missed? ;o) > > Regards, > > Ian Baker > Webmaster, codecutters.org & > EMEA Support Manager, OpenConnect Systems Ltd. > From ibaker at codecutters.org Wed May 21 06:51:44 2003 From: ibaker at codecutters.org (Ian Baker) Date: Wed, 21 May 2003 11:51:44 +0100 Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? (fwd) References: Message-ID: <05b601c31f86$fc1d4040$642fa8c0@codecutters.org> William, One further comment, upon reading the full proposal from the URL (thanks for that!) Monthly resubmission is fine if it's electronic, but is a bit awkward for those of us not based in the US - the whole snailmail thing takes a fair while to complete, and, while it doesn't cost a fortune, is a bit of a pain for those of us who have to queue in a Post Office in order to send airmail letters. The current paper form includes an e-mail address - how about a regular update from that address (only), with a reply sent to that address (only). I would have thought this more convenient for both sides? Regards, Ian ----- Original Message ----- From: To: Sent: Wednesday, May 21, 2003 8:24 AM Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? (fwd) Reposting my answer with less errors made (when I type way too fast I make lots of errors, sorry). ---- I have been advocating direct access to bulk whois for a while and I also represent company (or rather non-profit public-service project by the company) that would really benefit from being able to get current whois data at least once per day. Plus to that I'm beginning a work on real-time more specific bogons list based on whois data (i.e if ip space is present in whois or not) - first part of this project will involve only old internic blocks and I hope to have it ready by end of June, but then I'd like to move to all blocks where arin is making current registrations as well and this will require being able to get bulk whois data daily. A already made one proposal for last meeting: http://www.arin.net/policy/2003_9.html And new version of this proposal that will most go to next meeting is at: http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm If the latest version does not meet your needs for access to bulk whois, I would very much like to hear about that as well as about any other comments people have regarding the proposal and its text. I'll incorporate all good suggestions to come up with acceptable proposal text by next meeting. On Wed, 21 May 2003, Ian Baker wrote: > Hi, > After some e-mail conversation with Mike at the ARIN helpdesk, I am > thinking about putting-forward a proposal concerning access to bulk WHOIS > data. > > However, being a newbie at this, I thought it better to open-up discussions > /before/ submitting such a proposal. If this is the wrong way of doing > things, or has already been rejected in the past (couldn't see anything > obvious in the archives) then please just let me know.. > > Basically, I have written an IP to country/continent translator. It is > initially being used to provide a geographical visitor profile to my web > site, and as a filter mechanism of the anti-spam e-mail server that is > currently awaiting release. > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > limit for a continuous 2 to 7 days. The reason being, I'm a private > individual. > > Apparently the rules are such that bulk WHOIS data is only available to > corporations, and not individuals. > > I can understand the reasoning behind such a rule - an individual > spammer/cracker would be pretty difficult to track-down in the event of an > abuse of access - but I'm not convinced that this should be an /absolute/ > rule. My reasoning is thus: > > 1. The rule does not make a distinction between "white-hat" and "black-hat" > activity - a corporation that later goes on to, or is acquired by an > organization that, employs undesirable practices (e.g. spamming) may be > permitted access, while a private individual is not. > > 2. Much of the data is publicly available, if one is willing to wait long > enough > > 3. The data provided by a general WHOIS search is less accurate, as - from a > sample of the run thus far - large blocks are allocated to individual > organizations with no real way of determining whether smaller blocks have > been sub-allocated to different organizations and countries. Which greatly > reduces the accuracy of the data sampled. > > 4. The majority of spamming data would appear to originate from trawls of > Usenet, the Web, and SMTP servers. > > 5. Depending upon what checks are made, there may be nothing to stop an > individual from falsely claiming to represent an organization (e.g. Chief > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in place - > simply using their employer's name without their knowledge). This allows the > possibility of "black-hat" individuals gaining access to the data, while > still inhibiting access by those of a more honest nature. > > My conclusion is therefore that the ban on private access does not > particularly aid the development of the Internet as a whole, while it most > definitely inhibits certain aspects. > > My proposal is, therefore, to remove the ban on private individuals having > access to bulk WHOIS data and decide the issue purely on merit. > > Now - what have I missed? ;o) > > Regards, > > Ian Baker > Webmaster, codecutters.org & > EMEA Support Manager, OpenConnect Systems Ltd. > From william at elan.net Wed May 21 04:49:44 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 01:49:44 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? (fwd) In-Reply-To: <05b601c31f86$fc1d4040$642fa8c0@codecutters.org> Message-ID: > William, > One further comment, upon reading the full proposal from the URL (thanks > for that!) > > Monthly resubmission is fine if it's electronic, but is a bit awkward for > those of us not based in the US - the whole snailmail thing takes a fair > while to complete, and, while it doesn't cost a fortune, is a bit of a pain > for those of us who have to queue in a Post Office in order to send airmail > letters. Read the new version at: http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm It does not have one-month requirement as many felt this is too often and said something like 6 months or year would be better but there was no agreement on what period would be best and I decided to drop specifics and instead let ARIN staff decide based on each case on when and how they want "re-authentication" done. > The current paper form includes an e-mail address - how about a regular > update from that address (only), with a reply sent to that address (only). I > would have thought this more convenient for both sides? And I actually did not meant even in original proposal version that people be required to resubmit paper form each month, I just felt its important to keep authentication settings themselve current and changed often enough (for security reasons) and as far as resubmitting the full paper form, once per year seems perfectly resonable to me to ensure original company or individual still exist and did not just become a "virtual id" like that happened to some handles that control old arin ip blocks (unrelated comment: lately I'v been dealing with hijacked ip blocks and situation appears to be lot worse that I could imagine, there is no way me or anybody else can hope identify even 20% of hijacked blocks on just volunteer basis; ARIN will really have to think about hiring one or two investigators full time especially since they have some confidential data that I have no access to and that data would help in identifying the submitter and how ip block information was changed and matching to known hijackers). > Regards, > > Ian > > ----- Original Message ----- > From: > To: > Sent: Wednesday, May 21, 2003 8:24 AM > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? (fwd) > > > Reposting my answer with less errors made (when I type way too fast I make > lots of errors, sorry). > > ---- > > I have been advocating direct access to bulk whois for a while and I also > represent company (or rather non-profit public-service project by the > company) that would really benefit from being able to get current whois > data at least once per day. Plus to that I'm beginning a work on real-time > more specific bogons list based on whois data (i.e if ip space is present > in whois or not) - first part of this project will involve only old internic > blocks and I hope to have it ready by end of June, but then I'd like to > move to all blocks where arin is making current registrations as well and > this will require being able to get bulk whois data daily. > > A already made one proposal for last meeting: > http://www.arin.net/policy/2003_9.html > > And new version of this proposal that will most go to next meeting is at: > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > If the latest version does not meet your needs for access to bulk whois, I > would very much like to hear about that as well as about any other comments > people have regarding the proposal and its text. I'll incorporate all good > suggestions to come up with acceptable proposal text by next meeting. > > On Wed, 21 May 2003, Ian Baker wrote: > > > Hi, > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > thinking about putting-forward a proposal concerning access to bulk WHOIS > > data. > > > > However, being a newbie at this, I thought it better to open-up > discussions > > /before/ submitting such a proposal. If this is the wrong way of doing > > things, or has already been rejected in the past (couldn't see anything > > obvious in the archives) then please just let me know.. > > > > Basically, I have written an IP to country/continent translator. It is > > initially being used to provide a geographical visitor profile to my web > > site, and as a filter mechanism of the anti-spam e-mail server that is > > currently awaiting release. > > > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > individual. > > > > Apparently the rules are such that bulk WHOIS data is only available to > > corporations, and not individuals. > > > > I can understand the reasoning behind such a rule - an individual > > spammer/cracker would be pretty difficult to track-down in the event of an > > abuse of access - but I'm not convinced that this should be an /absolute/ > > rule. My reasoning is thus: > > > > 1. The rule does not make a distinction between "white-hat" and > "black-hat" > > activity - a corporation that later goes on to, or is acquired by an > > organization that, employs undesirable practices (e.g. spamming) may be > > permitted access, while a private individual is not. > > > > 2. Much of the data is publicly available, if one is willing to wait long > > enough > > > > 3. The data provided by a general WHOIS search is less accurate, as - from > a > > sample of the run thus far - large blocks are allocated to individual > > organizations with no real way of determining whether smaller blocks have > > been sub-allocated to different organizations and countries. Which greatly > > reduces the accuracy of the data sampled. > > > > 4. The majority of spamming data would appear to originate from trawls of > > Usenet, the Web, and SMTP servers. > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > individual from falsely claiming to represent an organization (e.g. Chief > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > place - > > simply using their employer's name without their knowledge). This allows > the > > possibility of "black-hat" individuals gaining access to the data, while > > still inhibiting access by those of a more honest nature. > > > > My conclusion is therefore that the ban on private access does not > > particularly aid the development of the Internet as a whole, while it most > > definitely inhibits certain aspects. > > > > My proposal is, therefore, to remove the ban on private individuals having > > access to bulk WHOIS data and decide the issue purely on merit. > > > > Now - what have I missed? ;o) > > > > Regards, > > > > Ian Baker > > Webmaster, codecutters.org & > > EMEA Support Manager, OpenConnect Systems Ltd. > > > From william at elan.net Wed May 21 04:59:10 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 01:59:10 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <05a801c31f80$fc479350$642fa8c0@codecutters.org> Message-ID: How long is not an simple answer... After last proposal despite general support for it from those present on the meeting, the AC decided to abandon it. In my view this was just completely unprecidented for proposal where main ideas are totolly supported by everybody (37:0 for) and issues being raised were only to clarify how proposal changes current policies, and for example even the network abuse proposal which everyone felt is completely ridiculous in the current form was not abandoned and in that case some thought its just completely unnecessary and nothing should be done there. So I'm sure reasons for abandoing whois aup proposals had nothing to do with the proposal itself or reaction to it on the meeting. And couple weeks ago, I've promised to send appeal letter to get AC decision reversed, but got busy with other work and did not do it. I'll now work on it and will actually send two letters, one to AC to reconsider abandoing proposal and returning it for discussion or recomending approval of new version and one letter to BoT to reject AC recomendation to abandon proposal (in case AC decides not to respond to my letter). I do not know how much that will change, AC is not likely to admit it made decisions based not on the merit of the case, but its possible BoT might ignore AC considering the situation. In either case and even if both AC and BoT do not respond (which they do not have to considering there is no official appeal process), the new version of proposal will be presented on next meeting (matters not if its called new version or new proposal). In theory its possible that AC will see it my way, reverse its decision, review current version and agree that I made necessary changes based on the feedback received and send new version for approval by BoT - in this case the proposal can be approved and implemented before next meeting having gone through one already, but this is probably a dream and current AC is unlikely to make such a decision. But I'v learned my lesson, after presenting proposal on next meeting, I'll not let the pool be taken then only on the issue and will directly ask about current version and if people have comments and suggestions will modify proposal in real-time on my notebook as I'v seen others do and my feeling is that people in the meeting will approve it and then there is some chance it'll be approved by BoT by end of the year. So realisticly you're probably looking at year 2004 when you'll see this implimented. As I said, in theory its possible to get it done a lot sooner (even within one-two months...) and in my view there is no good arguments no to, but its probably not going to happen. On Wed, 21 May 2003, Ian Baker wrote: > William, > Yep - that matches exactly what I'm asking for. > > Any idea on how long this sort of procedure takes? I assume that I'd have to > reapply in writing, after the rejection of the first request? (As I said - > I'm a newbie here ;o) > Personally, I'm only looking at something like a monthly or tri-monthly > update - it's the accuracy that I'm really worried about, as the granularity > on a general search doesn't appear to be too hot. I'll only know for sure > when comparing with the old method (based on the principle used by GeoIP, > which uses the two most significant bytes of an IPv4 address and is > hideously inaccurate for RIPE addresses) > > Regards, > > Ian > > ----- Original Message ----- > From: > To: "Ian Baker" > Cc: > Sent: Wednesday, May 21, 2003 8:07 AM > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > I have been advocating direct access to bulk whois for a while and I also > represent company (or rather non-profit public-service project by the > company) that would really benefit from being able current whois data > at least once/day plus to that I'm begging a work on real-time > specific bogons list based of ip space not present in whois (first part of > this project will involve only old internic blocks, but then I'd like to > move to all blocks where arin is making current registrations as well). > > A already made one proposal for last meeting: > http://www.arin.net/policy/2003_9.html > and newer version of this that will most likely go to next meeting is at > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > If this does not meat your needs for access to bulk whois, I would very > much like to hear from you as well as about any other comments people have > regarding the proposal and its text. I'll incorporate all good suggestions > to come up with acceptable proposal text by next meeting. > > On Wed, 21 May 2003, Ian Baker wrote: > > > Hi, > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > thinking about putting-forward a proposal concerning access to bulk WHOIS > > data. > > > > However, being a newbie at this, I thought it better to open-up > discussions > > /before/ submitting such a proposal. If this is the wrong way of doing > > things, or has already been rejected in the past (couldn't see anything > > obvious in the archives) then please just let me know.. > > > > Basically, I have written an IP to country/continent translator. It is > > initially being used to provide a geographical visitor profile to my web > > site, and as a filter mechanism of the anti-spam e-mail server that is > > currently awaiting release. > > > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > individual. > > > > Apparently the rules are such that bulk WHOIS data is only available to > > corporations, and not individuals. > > > > I can understand the reasoning behind such a rule - an individual > > spammer/cracker would be pretty difficult to track-down in the event of an > > abuse of access - but I'm not convinced that this should be an /absolute/ > > rule. My reasoning is thus: > > > > 1. The rule does not make a distinction between "white-hat" and > "black-hat" > > activity - a corporation that later goes on to, or is acquired by an > > organization that, employs undesirable practices (e.g. spamming) may be > > permitted access, while a private individual is not. > > > > 2. Much of the data is publicly available, if one is willing to wait long > > enough > > > > 3. The data provided by a general WHOIS search is less accurate, as - from > a > > sample of the run thus far - large blocks are allocated to individual > > organizations with no real way of determining whether smaller blocks have > > been sub-allocated to different organizations and countries. Which greatly > > reduces the accuracy of the data sampled. > > > > 4. The majority of spamming data would appear to originate from trawls of > > Usenet, the Web, and SMTP servers. > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > individual from falsely claiming to represent an organization (e.g. Chief > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > place - > > simply using their employer's name without their knowledge). This allows > the > > possibility of "black-hat" individuals gaining access to the data, while > > still inhibiting access by those of a more honest nature. > > > > My conclusion is therefore that the ban on private access does not > > particularly aid the development of the Internet as a whole, while it most > > definitely inhibits certain aspects. > > > > My proposal is, therefore, to remove the ban on private individuals having > > access to bulk WHOIS data and decide the issue purely on merit. > > > > Now - what have I missed? ;o) > > > > Regards, > > > > Ian Baker > > Webmaster, codecutters.org & > > EMEA Support Manager, OpenConnect Systems Ltd. > > > > From John.Sweeting at teleglobe.com Wed May 21 09:25:05 2003 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Wed, 21 May 2003 09:25:05 -0400 Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? Message-ID: <1797AB680DD0D21189870090271780320EAC8687@camtmms01.Teleglobe.CA> "After last proposal despite general support for it from those present on the meeting, the AC decided to abandon it"....this is simply not true. There is a small group of AC members working on this proposal. -----Original Message----- From: william at elan.net [mailto:william at elan.net] Sent: Wednesday, May 21, 2003 4:59 AM To: Ian Baker Cc: ppml at arin.net Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? How long is not an simple answer... After last proposal despite general support for it from those present on the meeting, the AC decided to abandon it. In my view this was just completely unprecidented for proposal where main ideas are totolly supported by everybody (37:0 for) and issues being raised were only to clarify how proposal changes current policies, and for example even the network abuse proposal which everyone felt is completely ridiculous in the current form was not abandoned and in that case some thought its just completely unnecessary and nothing should be done there. So I'm sure reasons for abandoing whois aup proposals had nothing to do with the proposal itself or reaction to it on the meeting. And couple weeks ago, I've promised to send appeal letter to get AC decision reversed, but got busy with other work and did not do it. I'll now work on it and will actually send two letters, one to AC to reconsider abandoing proposal and returning it for discussion or recomending approval of new version and one letter to BoT to reject AC recomendation to abandon proposal (in case AC decides not to respond to my letter). I do not know how much that will change, AC is not likely to admit it made decisions based not on the merit of the case, but its possible BoT might ignore AC considering the situation. In either case and even if both AC and BoT do not respond (which they do not have to considering there is no official appeal process), the new version of proposal will be presented on next meeting (matters not if its called new version or new proposal). In theory its possible that AC will see it my way, reverse its decision, review current version and agree that I made necessary changes based on the feedback received and send new version for approval by BoT - in this case the proposal can be approved and implemented before next meeting having gone through one already, but this is probably a dream and current AC is unlikely to make such a decision. But I'v learned my lesson, after presenting proposal on next meeting, I'll not let the pool be taken then only on the issue and will directly ask about current version and if people have comments and suggestions will modify proposal in real-time on my notebook as I'v seen others do and my feeling is that people in the meeting will approve it and then there is some chance it'll be approved by BoT by end of the year. So realisticly you're probably looking at year 2004 when you'll see this implimented. As I said, in theory its possible to get it done a lot sooner (even within one-two months...) and in my view there is no good arguments no to, but its probably not going to happen. On Wed, 21 May 2003, Ian Baker wrote: > William, > Yep - that matches exactly what I'm asking for. > > Any idea on how long this sort of procedure takes? I assume that I'd have to > reapply in writing, after the rejection of the first request? (As I said - > I'm a newbie here ;o) > Personally, I'm only looking at something like a monthly or tri-monthly > update - it's the accuracy that I'm really worried about, as the granularity > on a general search doesn't appear to be too hot. I'll only know for sure > when comparing with the old method (based on the principle used by GeoIP, > which uses the two most significant bytes of an IPv4 address and is > hideously inaccurate for RIPE addresses) > > Regards, > > Ian > > ----- Original Message ----- > From: > To: "Ian Baker" > Cc: > Sent: Wednesday, May 21, 2003 8:07 AM > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > I have been advocating direct access to bulk whois for a while and I also > represent company (or rather non-profit public-service project by the > company) that would really benefit from being able current whois data > at least once/day plus to that I'm begging a work on real-time > specific bogons list based of ip space not present in whois (first part of > this project will involve only old internic blocks, but then I'd like to > move to all blocks where arin is making current registrations as well). > > A already made one proposal for last meeting: > http://www.arin.net/policy/2003_9.html > and newer version of this that will most likely go to next meeting is at > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > If this does not meat your needs for access to bulk whois, I would very > much like to hear from you as well as about any other comments people have > regarding the proposal and its text. I'll incorporate all good suggestions > to come up with acceptable proposal text by next meeting. > > On Wed, 21 May 2003, Ian Baker wrote: > > > Hi, > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > thinking about putting-forward a proposal concerning access to bulk WHOIS > > data. > > > > However, being a newbie at this, I thought it better to open-up > discussions > > /before/ submitting such a proposal. If this is the wrong way of doing > > things, or has already been rejected in the past (couldn't see anything > > obvious in the archives) then please just let me know.. > > > > Basically, I have written an IP to country/continent translator. It is > > initially being used to provide a geographical visitor profile to my web > > site, and as a filter mechanism of the anti-spam e-mail server that is > > currently awaiting release. > > > > RIPE an APNIC data is processed using the bulk databases, taking around 3 > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > individual. > > > > Apparently the rules are such that bulk WHOIS data is only available to > > corporations, and not individuals. > > > > I can understand the reasoning behind such a rule - an individual > > spammer/cracker would be pretty difficult to track-down in the event of an > > abuse of access - but I'm not convinced that this should be an /absolute/ > > rule. My reasoning is thus: > > > > 1. The rule does not make a distinction between "white-hat" and > "black-hat" > > activity - a corporation that later goes on to, or is acquired by an > > organization that, employs undesirable practices (e.g. spamming) may be > > permitted access, while a private individual is not. > > > > 2. Much of the data is publicly available, if one is willing to wait long > > enough > > > > 3. The data provided by a general WHOIS search is less accurate, as - from > a > > sample of the run thus far - large blocks are allocated to individual > > organizations with no real way of determining whether smaller blocks have > > been sub-allocated to different organizations and countries. Which greatly > > reduces the accuracy of the data sampled. > > > > 4. The majority of spamming data would appear to originate from trawls of > > Usenet, the Web, and SMTP servers. > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > individual from falsely claiming to represent an organization (e.g. Chief > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > place - > > simply using their employer's name without their knowledge). This allows > the > > possibility of "black-hat" individuals gaining access to the data, while > > still inhibiting access by those of a more honest nature. > > > > My conclusion is therefore that the ban on private access does not > > particularly aid the development of the Internet as a whole, while it most > > definitely inhibits certain aspects. > > > > My proposal is, therefore, to remove the ban on private individuals having > > access to bulk WHOIS data and decide the issue purely on merit. > > > > Now - what have I missed? ;o) > > > > Regards, > > > > Ian Baker > > Webmaster, codecutters.org & > > EMEA Support Manager, OpenConnect Systems Ltd. > > > > From william at elan.net Wed May 21 08:04:18 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 05:04:18 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <1797AB680DD0D21189870090271780320EAC8687@camtmms01.Teleglobe.CA> Message-ID: On Wed, 21 May 2003, Sweeting, John wrote: > the meeting, the AC decided to abandon it"....this is simply not true. How is this not true, when AC issued official recomendation to abandon the proposal - see the minutes (in fact recomendations to abandon the were issued pretty much everything I proposed, but not for proposals like abuse contact, network abuse, privacy, etc which had a lot less support on the issues and even less support on the text). Their premise for that was that there was no support on the text as was written - but this is true for every proposal that comes in initially (including proposals that were passed by AC such as rwhois - I wonder what the final variant will look like) and besides that the AC can not say for certain that there was no support for it as written since such a question was not asked. For more complete answer I'll ask you to review my previous post: http://www.arin.net/mailing_lists/ppml/1471.html > There is a small group of AC members working on this proposal. As I already stated several times before, anybody, be that member of AC or not, can and should make suggestions on this issue, on how proposal for whois aup and bulk whois should look like and post that on ppml. As has been shown by my previous actions, I heard every suggestion that was made and have incorporated it all into new version. The text is at: http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm If you you do not like particular text there, or have other suggestions, PLEASE, PLEASE say it on ppml and we can discuss it and see if better text can be created (and if you do not want to post on public list for privacy, email harvesting, or other reasons, send email to me privately and I'll repost it without specifying your email address and only your first name). As for the AC working on it privately - you choose to do things completely behind close doors and make everyone accept it afterwards, not my way, sorry. So I challenge people at AC who are supposedly working on it to post their version NOW so we could all compare and see if it is better or has any points not otherwise already addressed by the version of proposal I have made. If I do not see anything posted by the end of the week I'll consider it an answer that AC has nothing good to add on this issue and as such AC should not be a barrier to an issue that is otherwise already beeing addressed. > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Wednesday, May 21, 2003 4:59 AM > To: Ian Baker > Cc: ppml at arin.net > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > How long is not an simple answer... > > After last proposal despite general support for it from those present on > the meeting, the AC decided to abandon it. In my view this was just > completely unprecidented for proposal where main ideas are totolly > supported by everybody (37:0 for) and issues being raised were only > to clarify how proposal changes current policies, and for example even > the network abuse proposal which everyone felt is completely ridiculous in > the current form was not abandoned and in that case some thought its just > completely unnecessary and nothing should be done there. So I'm sure > reasons for abandoing whois aup proposals had nothing to do with the > proposal itself or reaction to it on the meeting. > > And couple weeks ago, I've promised to send appeal letter to get AC decision > reversed, but got busy with other work and did not do it. I'll now work on > it and will actually send two letters, one to AC to reconsider abandoing > proposal and returning it for discussion or recomending approval of new > version and one letter to BoT to reject AC recomendation to abandon > proposal (in case AC decides not to respond to my letter). I do not know > how much that will change, AC is not likely to admit it made decisions > based not on the merit of the case, but its possible BoT might ignore AC > considering the situation. In either case and even if both AC and BoT do > not respond (which they do not have to considering there is no official > appeal process), the new version of proposal will be presented on next > meeting (matters not if its called new version or new proposal). In theory > its possible that AC will see it my way, reverse its decision, review > current version and agree that I made necessary changes based on the > feedback received and send new version for approval by BoT - in this case > the proposal can be approved and implemented before next meeting having > gone through one already, but this is probably a dream and current AC is > unlikely to make such a decision. > > But I'v learned my lesson, after presenting proposal on next meeting, I'll > not let the pool be taken then only on the issue and will directly ask > about current version and if people have comments and suggestions will > modify proposal in real-time on my notebook as I'v seen others do and my > feeling is that people in the meeting will approve it and then there is > some chance it'll be approved by BoT by end of the year. > > So realisticly you're probably looking at year 2004 when you'll see this > implimented. As I said, in theory its possible to get it done a lot sooner > (even within one-two months...) and in my view there is no good arguments > no to, but its probably not going to happen. > > On Wed, 21 May 2003, Ian Baker wrote: > > > William, > > Yep - that matches exactly what I'm asking for. > > > > Any idea on how long this sort of procedure takes? I assume that I'd have > to > > reapply in writing, after the rejection of the first request? (As I said - > > I'm a newbie here ;o) > > > Personally, I'm only looking at something like a monthly or tri-monthly > > update - it's the accuracy that I'm really worried about, as the > granularity > > on a general search doesn't appear to be too hot. I'll only know for sure > > when comparing with the old method (based on the principle used by GeoIP, > > which uses the two most significant bytes of an IPv4 address and is > > hideously inaccurate for RIPE addresses) > > > > Regards, > > > > Ian > > > > ----- Original Message ----- > > From: > > To: "Ian Baker" > > Cc: > > Sent: Wednesday, May 21, 2003 8:07 AM > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > I have been advocating direct access to bulk whois for a while and I also > > represent company (or rather non-profit public-service project by the > > company) that would really benefit from being able current whois data > > at least once/day plus to that I'm begging a work on real-time > > specific bogons list based of ip space not present in whois (first part of > > this project will involve only old internic blocks, but then I'd like to > > move to all blocks where arin is making current registrations as well). > > > > A already made one proposal for last meeting: > > http://www.arin.net/policy/2003_9.html > > and newer version of this that will most likely go to next meeting is at > > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > > > If this does not meat your needs for access to bulk whois, I would very > > much like to hear from you as well as about any other comments people have > > regarding the proposal and its text. I'll incorporate all good suggestions > > to come up with acceptable proposal text by next meeting. > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > > > Hi, > > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > > thinking about putting-forward a proposal concerning access to bulk > WHOIS > > > data. > > > > > > However, being a newbie at this, I thought it better to open-up > > discussions > > > /before/ submitting such a proposal. If this is the wrong way of doing > > > things, or has already been rejected in the past (couldn't see anything > > > obvious in the archives) then please just let me know.. > > > > > > Basically, I have written an IP to country/continent translator. It is > > > initially being used to provide a geographical visitor profile to my web > > > site, and as a filter mechanism of the anti-spam e-mail server that is > > > currently awaiting release. > > > > > > RIPE an APNIC data is processed using the bulk databases, taking around > 3 > > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > > individual. > > > > > > Apparently the rules are such that bulk WHOIS data is only available to > > > corporations, and not individuals. > > > > > > I can understand the reasoning behind such a rule - an individual > > > spammer/cracker would be pretty difficult to track-down in the event of > an > > > abuse of access - but I'm not convinced that this should be an > /absolute/ > > > rule. My reasoning is thus: > > > > > > 1. The rule does not make a distinction between "white-hat" and > > "black-hat" > > > activity - a corporation that later goes on to, or is acquired by an > > > organization that, employs undesirable practices (e.g. spamming) may be > > > permitted access, while a private individual is not. > > > > > > 2. Much of the data is publicly available, if one is willing to wait > long > > > enough > > > > > > 3. The data provided by a general WHOIS search is less accurate, as - > from > > a > > > sample of the run thus far - large blocks are allocated to individual > > > organizations with no real way of determining whether smaller blocks > have > > > been sub-allocated to different organizations and countries. Which > greatly > > > reduces the accuracy of the data sampled. > > > > > > 4. The majority of spamming data would appear to originate from trawls > of > > > Usenet, the Web, and SMTP servers. > > > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > > individual from falsely claiming to represent an organization (e.g. > Chief > > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > > place - > > > simply using their employer's name without their knowledge). This allows > > the > > > possibility of "black-hat" individuals gaining access to the data, while > > > still inhibiting access by those of a more honest nature. > > > > > > My conclusion is therefore that the ban on private access does not > > > particularly aid the development of the Internet as a whole, while it > most > > > definitely inhibits certain aspects. > > > > > > My proposal is, therefore, to remove the ban on private individuals > having > > > access to bulk WHOIS data and decide the issue purely on merit. > > > > > > Now - what have I missed? ;o) > > > > > > Regards, > > > > > > Ian Baker > > > Webmaster, codecutters.org & > > > EMEA Support Manager, OpenConnect Systems Ltd. > > > > > > > > From sigma at smx.pair.com Wed May 21 11:01:57 2003 From: sigma at smx.pair.com (sigma at smx.pair.com) Date: Wed, 21 May 2003 11:01:57 -0400 (EDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: from "william@elan.net" at "May 21, 3 05:04:18 am" Message-ID: <20030521150157.34976.qmail@smx.pair.com> The AC's job is to examine public input regarding policy proposals and formulate recommendations for the board. Every scrap of public discussion goes towards that process. Your willingness to engage in public discussion and revisions is a great thing, and I, too, encourage you to run for the AC. It's exactly the kind of work which needs to be done. The group in the AC is not radically rewriting your policy or doing anything weird or clandestine. Kevin > > There is a small group of AC members working on this proposal. > > As I already stated several times before, anybody, be that member of AC > or not, can and should make suggestions on this issue, on how proposal > for whois aup and bulk whois should look like and post that on ppml. As > has been shown by my previous actions, I heard every suggestion that was > made and have incorporated it all into new version. The text is at: > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > If you you do not like particular text there, or have other suggestions, > PLEASE, PLEASE say it on ppml and we can discuss it and see if better > text can be created (and if you do not want to post on public list for > privacy, email harvesting, or other reasons, send email to me privately > and I'll repost it without specifying your email address and only your > first name). > > As for the AC working on it privately - you choose to do things completely > behind close doors and make everyone accept it afterwards, not my way, sorry. > So I challenge people at AC who are supposedly working on it to post their > version NOW so we could all compare and see if it is better or has any points > not otherwise already addressed by the version of proposal I have made. If > I do not see anything posted by the end of the week I'll consider it an > answer that AC has nothing good to add on this issue and as such AC should > not be a barrier to an issue that is otherwise already beeing addressed. > > > -----Original Message----- > > From: william at elan.net [mailto:william at elan.net] > > Sent: Wednesday, May 21, 2003 4:59 AM > > To: Ian Baker > > Cc: ppml at arin.net > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > How long is not an simple answer... > > > > After last proposal despite general support for it from those present on > > the meeting, the AC decided to abandon it. In my view this was just > > completely unprecidented for proposal where main ideas are totolly > > supported by everybody (37:0 for) and issues being raised were only > > to clarify how proposal changes current policies, and for example even > > the network abuse proposal which everyone felt is completely ridiculous in > > the current form was not abandoned and in that case some thought its just > > completely unnecessary and nothing should be done there. So I'm sure > > reasons for abandoing whois aup proposals had nothing to do with the > > proposal itself or reaction to it on the meeting. > > > > And couple weeks ago, I've promised to send appeal letter to get AC decision > > reversed, but got busy with other work and did not do it. I'll now work on > > it and will actually send two letters, one to AC to reconsider abandoing > > proposal and returning it for discussion or recomending approval of new > > version and one letter to BoT to reject AC recomendation to abandon > > proposal (in case AC decides not to respond to my letter). I do not know > > how much that will change, AC is not likely to admit it made decisions > > based not on the merit of the case, but its possible BoT might ignore AC > > considering the situation. In either case and even if both AC and BoT do > > not respond (which they do not have to considering there is no official > > appeal process), the new version of proposal will be presented on next > > meeting (matters not if its called new version or new proposal). In theory > > its possible that AC will see it my way, reverse its decision, review > > current version and agree that I made necessary changes based on the > > feedback received and send new version for approval by BoT - in this case > > the proposal can be approved and implemented before next meeting having > > gone through one already, but this is probably a dream and current AC is > > unlikely to make such a decision. > > > > But I'v learned my lesson, after presenting proposal on next meeting, I'll > > not let the pool be taken then only on the issue and will directly ask > > about current version and if people have comments and suggestions will > > modify proposal in real-time on my notebook as I'v seen others do and my > > feeling is that people in the meeting will approve it and then there is > > some chance it'll be approved by BoT by end of the year. > > > > So realisticly you're probably looking at year 2004 when you'll see this > > implimented. As I said, in theory its possible to get it done a lot sooner > > (even within one-two months...) and in my view there is no good arguments > > no to, but its probably not going to happen. > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > > > William, > > > Yep - that matches exactly what I'm asking for. > > > > > > Any idea on how long this sort of procedure takes? I assume that I'd have > > to > > > reapply in writing, after the rejection of the first request? (As I said - > > > I'm a newbie here ;o) > > > > > Personally, I'm only looking at something like a monthly or tri-monthly > > > update - it's the accuracy that I'm really worried about, as the > > granularity > > > on a general search doesn't appear to be too hot. I'll only know for sure > > > when comparing with the old method (based on the principle used by GeoIP, > > > which uses the two most significant bytes of an IPv4 address and is > > > hideously inaccurate for RIPE addresses) > > > > > > Regards, > > > > > > Ian > > > > > > ----- Original Message ----- > > > From: > > > To: "Ian Baker" > > > Cc: > > > Sent: Wednesday, May 21, 2003 8:07 AM > > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > > > > I have been advocating direct access to bulk whois for a while and I also > > > represent company (or rather non-profit public-service project by the > > > company) that would really benefit from being able current whois data > > > at least once/day plus to that I'm begging a work on real-time > > > specific bogons list based of ip space not present in whois (first part of > > > this project will involve only old internic blocks, but then I'd like to > > > move to all blocks where arin is making current registrations as well). > > > > > > A already made one proposal for last meeting: > > > http://www.arin.net/policy/2003_9.html > > > and newer version of this that will most likely go to next meeting is at > > > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > > > > > If this does not meat your needs for access to bulk whois, I would very > > > much like to hear from you as well as about any other comments people have > > > regarding the proposal and its text. I'll incorporate all good suggestions > > > to come up with acceptable proposal text by next meeting. > > > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > > > > > Hi, > > > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > > > thinking about putting-forward a proposal concerning access to bulk > > WHOIS > > > > data. > > > > > > > > However, being a newbie at this, I thought it better to open-up > > > discussions > > > > /before/ submitting such a proposal. If this is the wrong way of doing > > > > things, or has already been rejected in the past (couldn't see anything > > > > obvious in the archives) then please just let me know.. > > > > > > > > Basically, I have written an IP to country/continent translator. It is > > > > initially being used to provide a geographical visitor profile to my web > > > > site, and as a filter mechanism of the anti-spam e-mail server that is > > > > currently awaiting release. > > > > > > > > RIPE an APNIC data is processed using the bulk databases, taking around > > 3 > > > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > > > individual. > > > > > > > > Apparently the rules are such that bulk WHOIS data is only available to > > > > corporations, and not individuals. > > > > > > > > I can understand the reasoning behind such a rule - an individual > > > > spammer/cracker would be pretty difficult to track-down in the event of > > an > > > > abuse of access - but I'm not convinced that this should be an > > /absolute/ > > > > rule. My reasoning is thus: > > > > > > > > 1. The rule does not make a distinction between "white-hat" and > > > "black-hat" > > > > activity - a corporation that later goes on to, or is acquired by an > > > > organization that, employs undesirable practices (e.g. spamming) may be > > > > permitted access, while a private individual is not. > > > > > > > > 2. Much of the data is publicly available, if one is willing to wait > > long > > > > enough > > > > > > > > 3. The data provided by a general WHOIS search is less accurate, as - > > from > > > a > > > > sample of the run thus far - large blocks are allocated to individual > > > > organizations with no real way of determining whether smaller blocks > > have > > > > been sub-allocated to different organizations and countries. Which > > greatly > > > > reduces the accuracy of the data sampled. > > > > > > > > 4. The majority of spamming data would appear to originate from trawls > > of > > > > Usenet, the Web, and SMTP servers. > > > > > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > > > individual from falsely claiming to represent an organization (e.g. > > Chief > > > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > > > place - > > > > simply using their employer's name without their knowledge). This allows > > > the > > > > possibility of "black-hat" individuals gaining access to the data, while > > > > still inhibiting access by those of a more honest nature. > > > > > > > > My conclusion is therefore that the ban on private access does not > > > > particularly aid the development of the Internet as a whole, while it > > most > > > > definitely inhibits certain aspects. > > > > > > > > My proposal is, therefore, to remove the ban on private individuals > > having > > > > access to bulk WHOIS data and decide the issue purely on merit. > > > > > > > > Now - what have I missed? ;o) > > > > > > > > Regards, > > > > > > > > Ian Baker > > > > Webmaster, codecutters.org & > > > > EMEA Support Manager, OpenConnect Systems Ltd. > > > > > > > > > > > > > From owen at delong.com Wed May 21 11:59:24 2003 From: owen at delong.com (Owen DeLong) Date: Wed, 21 May 2003 08:59:24 -0700 Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <1797AB680DD0D21189870090271780320EAC8687@camtmms01.Teleglobe.CA> References: <1797AB680DD0D21189870090271780320EAC8687@camtmms01.Teleglobe.CA > Message-ID: <2147483647.1053507564@dhcp157-106.corp.tellme.com> Look, this is a language problem and a difficulty with the subtlety of American Legal language... The particular proposal number William refers to was published as status: "Abandoned". This is because there were multiple related policy proposals, and the AC group has abandoned most of them in favor of adding their contents/intents to one unified proposal. There is a significant difference between "Policy xxxx-y status Abandoned" and abandoning the intent of proposal xxxx-y. In this case, the intent lives on and is being worked on, just the number has changed. However, to meet the legal requirements of disposition of policy proposals, if you are creating one proposal from more than one proposal, most of the proposals have to be "abandoned" officially. I hope this can clear up this standing fight between William and the AC. Much more would be accomplished through cooperation and a recognition that you are working towards the same purpose from different angles. Owen --On Wednesday, May 21, 2003 9:25 -0400 "Sweeting, John" wrote: > "After last proposal despite general support for it from those present on > the meeting, the AC decided to abandon it"....this is simply not true. > > There is a small group of AC members working on this proposal. > > > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Wednesday, May 21, 2003 4:59 AM > To: Ian Baker > Cc: ppml at arin.net > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > How long is not an simple answer... > > After last proposal despite general support for it from those present on > the meeting, the AC decided to abandon it. In my view this was just > completely unprecidented for proposal where main ideas are totolly > supported by everybody (37:0 for) and issues being raised were only > to clarify how proposal changes current policies, and for example even > the network abuse proposal which everyone felt is completely ridiculous > in the current form was not abandoned and in that case some thought its > just completely unnecessary and nothing should be done there. So I'm > sure reasons for abandoing whois aup proposals had nothing to do with > the proposal itself or reaction to it on the meeting. > > And couple weeks ago, I've promised to send appeal letter to get AC > decision reversed, but got busy with other work and did not do it. I'll > now work on it and will actually send two letters, one to AC to > reconsider abandoing proposal and returning it for discussion or > recomending approval of new version and one letter to BoT to reject AC > recomendation to abandon proposal (in case AC decides not to respond to > my letter). I do not know how much that will change, AC is not likely to > admit it made decisions based not on the merit of the case, but its > possible BoT might ignore AC considering the situation. In either case > and even if both AC and BoT do not respond (which they do not have to > considering there is no official appeal process), the new version of > proposal will be presented on next meeting (matters not if its called > new version or new proposal). In theory its possible that AC will see it > my way, reverse its decision, review current version and agree that I > made necessary changes based on the feedback received and send new > version for approval by BoT - in this case the proposal can be approved > and implemented before next meeting having gone through one already, but > this is probably a dream and current AC is unlikely to make such a > decision. > > But I'v learned my lesson, after presenting proposal on next meeting, > I'll not let the pool be taken then only on the issue and will directly > ask about current version and if people have comments and suggestions > will modify proposal in real-time on my notebook as I'v seen others do > and my feeling is that people in the meeting will approve it and then > there is some chance it'll be approved by BoT by end of the year. > > So realisticly you're probably looking at year 2004 when you'll see this > implimented. As I said, in theory its possible to get it done a lot sooner > (even within one-two months...) and in my view there is no good arguments > no to, but its probably not going to happen. > > On Wed, 21 May 2003, Ian Baker wrote: > >> William, >> Yep - that matches exactly what I'm asking for. >> >> Any idea on how long this sort of procedure takes? I assume that I'd have > to >> reapply in writing, after the rejection of the first request? (As I said >> - I'm a newbie here ;o) > >> Personally, I'm only looking at something like a monthly or tri-monthly >> update - it's the accuracy that I'm really worried about, as the > granularity >> on a general search doesn't appear to be too hot. I'll only know for sure >> when comparing with the old method (based on the principle used by GeoIP, >> which uses the two most significant bytes of an IPv4 address and is >> hideously inaccurate for RIPE addresses) >> >> Regards, >> >> Ian >> >> ----- Original Message ----- >> From: >> To: "Ian Baker" >> Cc: >> Sent: Wednesday, May 21, 2003 8:07 AM >> Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? >> >> >> I have been advocating direct access to bulk whois for a while and I also >> represent company (or rather non-profit public-service project by the >> company) that would really benefit from being able current whois data >> at least once/day plus to that I'm begging a work on real-time >> specific bogons list based of ip space not present in whois (first part >> of this project will involve only old internic blocks, but then I'd like >> to move to all blocks where arin is making current registrations as >> well). >> >> A already made one proposal for last meeting: >> http://www.arin.net/policy/2003_9.html >> and newer version of this that will most likely go to next meeting is at >> http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm >> >> If this does not meat your needs for access to bulk whois, I would very >> much like to hear from you as well as about any other comments people >> have regarding the proposal and its text. I'll incorporate all good >> suggestions to come up with acceptable proposal text by next meeting. >> >> On Wed, 21 May 2003, Ian Baker wrote: >> >> > Hi, >> > After some e-mail conversation with Mike at the ARIN helpdesk, I am >> > thinking about putting-forward a proposal concerning access to bulk > WHOIS >> > data. >> > >> > However, being a newbie at this, I thought it better to open-up >> discussions >> > /before/ submitting such a proposal. If this is the wrong way of doing >> > things, or has already been rejected in the past (couldn't see anything >> > obvious in the archives) then please just let me know.. >> > >> > Basically, I have written an IP to country/continent translator. It is >> > initially being used to provide a geographical visitor profile to my >> > web site, and as a filter mechanism of the anti-spam e-mail server >> > that is currently awaiting release. >> > >> > RIPE an APNIC data is processed using the bulk databases, taking around > 3 >> > minutes, whereas the ARIN portion means sitting on the WHOIS throttling >> > limit for a continuous 2 to 7 days. The reason being, I'm a private >> > individual. >> > >> > Apparently the rules are such that bulk WHOIS data is only available to >> > corporations, and not individuals. >> > >> > I can understand the reasoning behind such a rule - an individual >> > spammer/cracker would be pretty difficult to track-down in the event of > an >> > abuse of access - but I'm not convinced that this should be an > /absolute/ >> > rule. My reasoning is thus: >> > >> > 1. The rule does not make a distinction between "white-hat" and >> "black-hat" >> > activity - a corporation that later goes on to, or is acquired by an >> > organization that, employs undesirable practices (e.g. spamming) may be >> > permitted access, while a private individual is not. >> > >> > 2. Much of the data is publicly available, if one is willing to wait > long >> > enough >> > >> > 3. The data provided by a general WHOIS search is less accurate, as - > from >> a >> > sample of the run thus far - large blocks are allocated to individual >> > organizations with no real way of determining whether smaller blocks > have >> > been sub-allocated to different organizations and countries. Which > greatly >> > reduces the accuracy of the data sampled. >> > >> > 4. The majority of spamming data would appear to originate from trawls > of >> > Usenet, the Web, and SMTP servers. >> > >> > 5. Depending upon what checks are made, there may be nothing to stop an >> > individual from falsely claiming to represent an organization (e.g. > Chief >> > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in >> place - >> > simply using their employer's name without their knowledge). This >> > allows >> the >> > possibility of "black-hat" individuals gaining access to the data, >> > while still inhibiting access by those of a more honest nature. >> > >> > My conclusion is therefore that the ban on private access does not >> > particularly aid the development of the Internet as a whole, while it > most >> > definitely inhibits certain aspects. >> > >> > My proposal is, therefore, to remove the ban on private individuals > having >> > access to bulk WHOIS data and decide the issue purely on merit. >> > >> > Now - what have I missed? ;o) >> > >> > Regards, >> > >> > Ian Baker >> > Webmaster, codecutters.org & >> > EMEA Support Manager, OpenConnect Systems Ltd. >> > >> >> > > > From sigma at smx.pair.com Wed May 21 12:28:05 2003 From: sigma at smx.pair.com (sigma at smx.pair.com) Date: Wed, 21 May 2003 12:28:05 -0400 (EDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <20030521150157.34976.qmail@smx.pair.com> from "sigma@smx.pair.com" at "May 21, 3 11:01:57 am" Message-ID: <20030521162805.41145.qmail@smx.pair.com> In the spirit of full disclosure, I am part of the group which worked on the WHOIS policy within the AC. Right now the proposal is under review by ARIN staff and legal counsel. It will be published to PPML soon. Kevin > The AC's job is to examine public input regarding policy proposals and > formulate recommendations for the board. Every scrap of public discussion > goes towards that process. Your willingness to engage in public discussion > and revisions is a great thing, and I, too, encourage you to run for the > AC. It's exactly the kind of work which needs to be done. > > The group in the AC is not radically rewriting your policy or doing > anything weird or clandestine. > > Kevin > > > > There is a small group of AC members working on this proposal. > > > > As I already stated several times before, anybody, be that member of AC > > or not, can and should make suggestions on this issue, on how proposal > > for whois aup and bulk whois should look like and post that on ppml. As > > has been shown by my previous actions, I heard every suggestion that was > > made and have incorporated it all into new version. The text is at: > > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > > > If you you do not like particular text there, or have other suggestions, > > PLEASE, PLEASE say it on ppml and we can discuss it and see if better > > text can be created (and if you do not want to post on public list for > > privacy, email harvesting, or other reasons, send email to me privately > > and I'll repost it without specifying your email address and only your > > first name). > > > > As for the AC working on it privately - you choose to do things completely > > behind close doors and make everyone accept it afterwards, not my way, sorry. > > So I challenge people at AC who are supposedly working on it to post their > > version NOW so we could all compare and see if it is better or has any points > > not otherwise already addressed by the version of proposal I have made. If > > I do not see anything posted by the end of the week I'll consider it an > > answer that AC has nothing good to add on this issue and as such AC should > > not be a barrier to an issue that is otherwise already beeing addressed. > > > > > -----Original Message----- > > > From: william at elan.net [mailto:william at elan.net] > > > Sent: Wednesday, May 21, 2003 4:59 AM > > > To: Ian Baker > > > Cc: ppml at arin.net > > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > > > > How long is not an simple answer... > > > > > > After last proposal despite general support for it from those present on > > > the meeting, the AC decided to abandon it. In my view this was just > > > completely unprecidented for proposal where main ideas are totolly > > > supported by everybody (37:0 for) and issues being raised were only > > > to clarify how proposal changes current policies, and for example even > > > the network abuse proposal which everyone felt is completely ridiculous in > > > the current form was not abandoned and in that case some thought its just > > > completely unnecessary and nothing should be done there. So I'm sure > > > reasons for abandoing whois aup proposals had nothing to do with the > > > proposal itself or reaction to it on the meeting. > > > > > > And couple weeks ago, I've promised to send appeal letter to get AC decision > > > reversed, but got busy with other work and did not do it. I'll now work on > > > it and will actually send two letters, one to AC to reconsider abandoing > > > proposal and returning it for discussion or recomending approval of new > > > version and one letter to BoT to reject AC recomendation to abandon > > > proposal (in case AC decides not to respond to my letter). I do not know > > > how much that will change, AC is not likely to admit it made decisions > > > based not on the merit of the case, but its possible BoT might ignore AC > > > considering the situation. In either case and even if both AC and BoT do > > > not respond (which they do not have to considering there is no official > > > appeal process), the new version of proposal will be presented on next > > > meeting (matters not if its called new version or new proposal). In theory > > > its possible that AC will see it my way, reverse its decision, review > > > current version and agree that I made necessary changes based on the > > > feedback received and send new version for approval by BoT - in this case > > > the proposal can be approved and implemented before next meeting having > > > gone through one already, but this is probably a dream and current AC is > > > unlikely to make such a decision. > > > > > > But I'v learned my lesson, after presenting proposal on next meeting, I'll > > > not let the pool be taken then only on the issue and will directly ask > > > about current version and if people have comments and suggestions will > > > modify proposal in real-time on my notebook as I'v seen others do and my > > > feeling is that people in the meeting will approve it and then there is > > > some chance it'll be approved by BoT by end of the year. > > > > > > So realisticly you're probably looking at year 2004 when you'll see this > > > implimented. As I said, in theory its possible to get it done a lot sooner > > > (even within one-two months...) and in my view there is no good arguments > > > no to, but its probably not going to happen. > > > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > > > > > William, > > > > Yep - that matches exactly what I'm asking for. > > > > > > > > Any idea on how long this sort of procedure takes? I assume that I'd have > > > to > > > > reapply in writing, after the rejection of the first request? (As I said - > > > > I'm a newbie here ;o) > > > > > > > Personally, I'm only looking at something like a monthly or tri-monthly > > > > update - it's the accuracy that I'm really worried about, as the > > > granularity > > > > on a general search doesn't appear to be too hot. I'll only know for sure > > > > when comparing with the old method (based on the principle used by GeoIP, > > > > which uses the two most significant bytes of an IPv4 address and is > > > > hideously inaccurate for RIPE addresses) > > > > > > > > Regards, > > > > > > > > Ian > > > > > > > > ----- Original Message ----- > > > > From: > > > > To: "Ian Baker" > > > > Cc: > > > > Sent: Wednesday, May 21, 2003 8:07 AM > > > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > > > > > > > I have been advocating direct access to bulk whois for a while and I also > > > > represent company (or rather non-profit public-service project by the > > > > company) that would really benefit from being able current whois data > > > > at least once/day plus to that I'm begging a work on real-time > > > > specific bogons list based of ip space not present in whois (first part of > > > > this project will involve only old internic blocks, but then I'd like to > > > > move to all blocks where arin is making current registrations as well). > > > > > > > > A already made one proposal for last meeting: > > > > http://www.arin.net/policy/2003_9.html > > > > and newer version of this that will most likely go to next meeting is at > > > > http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > > > > > > > > If this does not meat your needs for access to bulk whois, I would very > > > > much like to hear from you as well as about any other comments people have > > > > regarding the proposal and its text. I'll incorporate all good suggestions > > > > to come up with acceptable proposal text by next meeting. > > > > > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > > > > > > > Hi, > > > > > After some e-mail conversation with Mike at the ARIN helpdesk, I am > > > > > thinking about putting-forward a proposal concerning access to bulk > > > WHOIS > > > > > data. > > > > > > > > > > However, being a newbie at this, I thought it better to open-up > > > > discussions > > > > > /before/ submitting such a proposal. If this is the wrong way of doing > > > > > things, or has already been rejected in the past (couldn't see anything > > > > > obvious in the archives) then please just let me know.. > > > > > > > > > > Basically, I have written an IP to country/continent translator. It is > > > > > initially being used to provide a geographical visitor profile to my web > > > > > site, and as a filter mechanism of the anti-spam e-mail server that is > > > > > currently awaiting release. > > > > > > > > > > RIPE an APNIC data is processed using the bulk databases, taking around > > > 3 > > > > > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > > > > > limit for a continuous 2 to 7 days. The reason being, I'm a private > > > > > individual. > > > > > > > > > > Apparently the rules are such that bulk WHOIS data is only available to > > > > > corporations, and not individuals. > > > > > > > > > > I can understand the reasoning behind such a rule - an individual > > > > > spammer/cracker would be pretty difficult to track-down in the event of > > > an > > > > > abuse of access - but I'm not convinced that this should be an > > > /absolute/ > > > > > rule. My reasoning is thus: > > > > > > > > > > 1. The rule does not make a distinction between "white-hat" and > > > > "black-hat" > > > > > activity - a corporation that later goes on to, or is acquired by an > > > > > organization that, employs undesirable practices (e.g. spamming) may be > > > > > permitted access, while a private individual is not. > > > > > > > > > > 2. Much of the data is publicly available, if one is willing to wait > > > long > > > > > enough > > > > > > > > > > 3. The data provided by a general WHOIS search is less accurate, as - > > > from > > > > a > > > > > sample of the run thus far - large blocks are allocated to individual > > > > > organizations with no real way of determining whether smaller blocks > > > have > > > > > been sub-allocated to different organizations and countries. Which > > > greatly > > > > > reduces the accuracy of the data sampled. > > > > > > > > > > 4. The majority of spamming data would appear to originate from trawls > > > of > > > > > Usenet, the Web, and SMTP servers. > > > > > > > > > > 5. Depending upon what checks are made, there may be nothing to stop an > > > > > individual from falsely claiming to represent an organization (e.g. > > > Chief > > > > > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > > > > place - > > > > > simply using their employer's name without their knowledge). This allows > > > > the > > > > > possibility of "black-hat" individuals gaining access to the data, while > > > > > still inhibiting access by those of a more honest nature. > > > > > > > > > > My conclusion is therefore that the ban on private access does not > > > > > particularly aid the development of the Internet as a whole, while it > > > most > > > > > definitely inhibits certain aspects. > > > > > > > > > > My proposal is, therefore, to remove the ban on private individuals > > > having > > > > > access to bulk WHOIS data and decide the issue purely on merit. > > > > > > > > > > Now - what have I missed? ;o) > > > > > > > > > > Regards, > > > > > > > > > > Ian Baker > > > > > Webmaster, codecutters.org & > > > > > EMEA Support Manager, OpenConnect Systems Ltd. > > > > > > > > > > > > > > > > > > > From william at elan.net Wed May 21 10:14:45 2003 From: william at elan.net (william at elan.net) Date: Wed, 21 May 2003 07:14:45 -0700 (PDT) Subject: [ppml] Access to Bulk WHOIS data - a possible proposal? In-Reply-To: <2147483647.1053507564@dhcp157-106.corp.tellme.com> Message-ID: > Look, this is a language problem and a difficulty with the subtlety of > American Legal language... > > The particular proposal number William refers to was published as status: > "Abandoned". Its still published with status "under discussion" as BoT has not made a final decision, there is recomendation from AC meeting (their minutes http://www.arin.net/library/minutes/ac/ac2003_0408.html) to abandon the proposal and instead "change existing policy proposal". But the original language already said the proposal was changing existing policy (although I did not specifically list which one and I have corrected this error in new version) and there are already other proposals that also change existing policies and none of them were abandoned because of that. > This is because there were multiple related policy proposals Not for Whois AUP / Bulk Whois. This was the only one. On the meeting, there were related proposals for micro-assignments (2002-3 and 2003-6) and there were related proposals for network abuse issues (2003-1 and 2003-2). For network abuse neither 2003-1 nor 2003-2 were officially recommended to be abandon (read the minutes), despite that there was completely no support for 2003-2 and limited support for 2003-1 (and no support on particular language there - and in that case actual poll on that was done). > and the AC group has abandoned most of them in favor of adding their > contents/intents to one unified proposal. Except that is not what happened. There was and still is only one proposal to address whois aup and bulk whois - no other proposals on this issue exist. There were some discussion about if this should be addressed in the one unified proposal (as I have done) or by two different proposals, I believe most agreed that one proposal is better, but again there was no poll on this issue, so lets be clear I'm advocating one proposal, I'm not sure what AC is advocating but it would not be a "unified" proposal - it'll either be proposal which is exactly the same as what I'm doing or (opposite to unified) - splitting it into two parts (which would still be heavily related and unclear if it makes sence to pass them separatly). > There is a significant difference between "Policy xxxx-y status Abandoned" > and abandoning the intent of proposal xxxx-y. In this case, the intent > lives on and is being worked on, just the number has changed. However, to > meet the legal requirements of disposition of policy proposals, if you > are creating one proposal from more than one proposal, most of the proposals > have to be "abandoned" officially. I'm aware of the difference between proposal being abandoned and the idea beeing abandoned. The whole issue is that AC exceeded its authority by officially recommending that the proposal be abandoned despite support for it. AC members could present their ideas or particular revisions or text to me or do it on the list, so we get better final text and if necessary that text could be sent to ARIN counsil for review (as they noted in the minutes), and I never had problems with necessity to make some revisions to original text. So as far as I'm concerned right now, if AC is presenting its own version, both my version and AC version will end up as parallel proposals on next meeting and I will not be offering any input into their version (however this does not necesserily means I would not use AC proposal to revise my own). And yes, I'm aware that if two proposals are presented,this probably means my proposal will fail and AC will pass its own. > I hope this can clear up this standing fight between William and the AC. > Much more would be accomplished through cooperation and a recognition that > you are working towards the same purpose from different angles. > > > > --On Wednesday, May 21, 2003 9:25 -0400 "Sweeting, John" > wrote: > > > "After last proposal despite general support for it from those present on > > the meeting, the AC decided to abandon it"....this is simply not true. > > > > There is a small group of AC members working on this proposal. > > > > > > -----Original Message----- > > From: william at elan.net [mailto:william at elan.net] > > Sent: Wednesday, May 21, 2003 4:59 AM > > To: Ian Baker > > Cc: ppml at arin.net > > Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > > > > > > How long is not an simple answer... > > > > After last proposal despite general support for it from those present on > > the meeting, the AC decided to abandon it. In my view this was just > > completely unprecidented for proposal where main ideas are totolly > > supported by everybody (37:0 for) and issues being raised were only > > to clarify how proposal changes current policies, and for example even > > the network abuse proposal which everyone felt is completely ridiculous > > in the current form was not abandoned and in that case some thought its > > just completely unnecessary and nothing should be done there. So I'm > > sure reasons for abandoing whois aup proposals had nothing to do with > > the proposal itself or reaction to it on the meeting. > > > > And couple weeks ago, I've promised to send appeal letter to get AC > > decision reversed, but got busy with other work and did not do it. I'll > > now work on it and will actually send two letters, one to AC to > > reconsider abandoing proposal and returning it for discussion or > > recomending approval of new version and one letter to BoT to reject AC > > recomendation to abandon proposal (in case AC decides not to respond to > > my letter). I do not know how much that will change, AC is not likely to > > admit it made decisions based not on the merit of the case, but its > > possible BoT might ignore AC considering the situation. In either case > > and even if both AC and BoT do not respond (which they do not have to > > considering there is no official appeal process), the new version of > > proposal will be presented on next meeting (matters not if its called > > new version or new proposal). In theory its possible that AC will see it > > my way, reverse its decision, review current version and agree that I > > made necessary changes based on the feedback received and send new > > version for approval by BoT - in this case the proposal can be approved > > and implemented before next meeting having gone through one already, but > > this is probably a dream and current AC is unlikely to make such a > > decision. > > > > But I'v learned my lesson, after presenting proposal on next meeting, > > I'll not let the pool be taken then only on the issue and will directly > > ask about current version and if people have comments and suggestions > > will modify proposal in real-time on my notebook as I'v seen others do > > and my feeling is that people in the meeting will approve it and then > > there is some chance it'll be approved by BoT by end of the year. > > > > So realisticly you're probably looking at year 2004 when you'll see this > > implimented. As I said, in theory its possible to get it done a lot sooner > > (even within one-two months...) and in my view there is no good arguments > > no to, but its probably not going to happen. > > > > On Wed, 21 May 2003, Ian Baker wrote: > > > >> William, > >> Yep - that matches exactly what I'm asking for. > >> > >> Any idea on how long this sort of procedure takes? I assume that I'd have > > to > >> reapply in writing, after the rejection of the first request? (As I said > >> - I'm a newbie here ;o) > > > >> Personally, I'm only looking at something like a monthly or tri-monthly > >> update - it's the accuracy that I'm really worried about, as the > > granularity > >> on a general search doesn't appear to be too hot. I'll only know for sure > >> when comparing with the old method (based on the principle used by GeoIP, > >> which uses the two most significant bytes of an IPv4 address and is > >> hideously inaccurate for RIPE addresses) > >> > >> Regards, > >> > >> Ian > >> > >> ----- Original Message ----- > >> From: > >> To: "Ian Baker" > >> Cc: > >> Sent: Wednesday, May 21, 2003 8:07 AM > >> Subject: Re: [ppml] Access to Bulk WHOIS data - a possible proposal? > >> > >> > >> I have been advocating direct access to bulk whois for a while and I also > >> represent company (or rather non-profit public-service project by the > >> company) that would really benefit from being able current whois data > >> at least once/day plus to that I'm begging a work on real-time > >> specific bogons list based of ip space not present in whois (first part > >> of this project will involve only old internic blocks, but then I'd like > >> to move to all blocks where arin is making current registrations as > >> well). > >> > >> A already made one proposal for last meeting: > >> http://www.arin.net/policy/2003_9.html > >> and newer version of this that will most likely go to next meeting is at > >> http://www.elan.net/~william/arin_proposal_whois_aup-v2.htm > >> > >> If this does not meat your needs for access to bulk whois, I would very > >> much like to hear from you as well as about any other comments people > >> have regarding the proposal and its text. I'll incorporate all good > >> suggestions to come up with acceptable proposal text by next meeting. > >> > >> On Wed, 21 May 2003, Ian Baker wrote: > >> > >> > Hi, > >> > After some e-mail conversation with Mike at the ARIN helpdesk, I am > >> > thinking about putting-forward a proposal concerning access to bulk > > WHOIS > >> > data. > >> > > >> > However, being a newbie at this, I thought it better to open-up > >> discussions > >> > /before/ submitting such a proposal. If this is the wrong way of doing > >> > things, or has already been rejected in the past (couldn't see anything > >> > obvious in the archives) then please just let me know.. > >> > > >> > Basically, I have written an IP to country/continent translator. It is > >> > initially being used to provide a geographical visitor profile to my > >> > web site, and as a filter mechanism of the anti-spam e-mail server > >> > that is currently awaiting release. > >> > > >> > RIPE an APNIC data is processed using the bulk databases, taking around > > 3 > >> > minutes, whereas the ARIN portion means sitting on the WHOIS throttling > >> > limit for a continuous 2 to 7 days. The reason being, I'm a private > >> > individual. > >> > > >> > Apparently the rules are such that bulk WHOIS data is only available to > >> > corporations, and not individuals. > >> > > >> > I can understand the reasoning behind such a rule - an individual > >> > spammer/cracker would be pretty difficult to track-down in the event of > > an > >> > abuse of access - but I'm not convinced that this should be an > > /absolute/ > >> > rule. My reasoning is thus: > >> > > >> > 1. The rule does not make a distinction between "white-hat" and > >> "black-hat" > >> > activity - a corporation that later goes on to, or is acquired by an > >> > organization that, employs undesirable practices (e.g. spamming) may be > >> > permitted access, while a private individual is not. > >> > > >> > 2. Much of the data is publicly available, if one is willing to wait > > long > >> > enough > >> > > >> > 3. The data provided by a general WHOIS search is less accurate, as - > > from > >> a > >> > sample of the run thus far - large blocks are allocated to individual > >> > organizations with no real way of determining whether smaller blocks > > have > >> > been sub-allocated to different organizations and countries. Which > > greatly > >> > reduces the accuracy of the data sampled. > >> > > >> > 4. The majority of spamming data would appear to originate from trawls > > of > >> > Usenet, the Web, and SMTP servers. > >> > > >> > 5. Depending upon what checks are made, there may be nothing to stop an > >> > individual from falsely claiming to represent an organization (e.g. > > Chief > >> > Fan Sanitation Engineer for ImadeThisUp Inc., or - if checks are in > >> place - > >> > simply using their employer's name without their knowledge). This > >> > allows > >> the > >> > possibility of "black-hat" individuals gaining access to the data, > >> > while still inhibiting access by those of a more honest nature. > >> > > >> > My conclusion is therefore that the ban on private access does not > >> > particularly aid the development of the Internet as a whole, while it > > most > >> > definitely inhibits certain aspects. > >> > > >> > My proposal is, therefore, to remove the ban on private individuals > > having > >> > access to bulk WHOIS data and decide the issue purely on merit. > >> > > >> > Now - what have I missed? ;o) > >> > > >> > Regards, > >> > > >> > Ian Baker > >> > Webmaster, codecutters.org & > >> > EMEA Support Manager, OpenConnect Systems Ltd. > >> > > >>