From memsvcs at arin.net Fri Oct 15 12:38:47 2004 From: memsvcs at arin.net (Member Services) Date: Fri, 15 Oct 2004 12:38:47 -0400 (EDT) Subject: [ppml] ARIN Number Resource Policy Manual Message-ID: Recognizing that the set of documents that state and describe the various ARIN Internet Number Resource policies is not organized in a single useable fashion, the ARIN Board of Trustees, at its meeting of 3 August 2004, adopted a strategy and accompanying schedule to collate these documents into a single document. The ARIN staff prepared the document. The ARIN Advisory Council reviewed the document to ensure that all existing policies were present in the new document, that they were correctly stated, and that no inadvertent changes had been introduced in the collation process. The ARIN Advisory Council, at their 27 September 2004 meeting, recommended that the document be adopted by the ARIN Board of Trustees. The ARIN Board of Trustees, at their 29 September 2004 meeting, adopted the ARIN Number Resource Policy Manual. Effective 15 October 2004, the ARIN Number Resource Policy Manual is the official ARIN policy document. According to the strategy adopted by the ARIN Board of Trustees, all of the previous versions of ARIN policies have been archived. The Number Resource Policy Manual (NRPM) can be found at: http://www.arin.net/policy The NRPM will be version controlled. The original version is 2004.1. A new version will be issued as policies are added, modified or deleted. All activity will be recorded in Appendix A of the document. Previous versions of the NRPM will be archived. Raymond A. Plzak President and CEO American Registry for Internet Numbers (ARIN) From andrew.dul at quark.net Fri Oct 15 21:53:18 2004 From: andrew.dul at quark.net (Andrew Dul) Date: Fri, 15 Oct 2004 18:53:18 -0700 Subject: [ppml] ARIN Number Resource Policy Manual In-Reply-To: Message-ID: <3.0.5.32.20041015185318.01bcdb40@mail.quark.net> I just wanted to specially thank Einar Bohlin for doing such professional job of helping collate and preparing this document. I believe this new document will help ARIN and the community greatly as we move forward in the future. Andrew At 12:38 PM 10/15/2004 -0400, Member Services wrote: >Recognizing that the set of documents that state and describe the various >ARIN Internet Number Resource policies is not organized in a single >useable fashion, the ARIN Board of Trustees, at its meeting of 3 August >2004, adopted a strategy and accompanying schedule to collate these >documents into a single document. The ARIN staff prepared the document. >The ARIN Advisory Council reviewed the document to ensure that all >existing policies were present in the new document, that they were >correctly stated, and that no inadvertent changes had been introduced in >the collation process. The ARIN Advisory Council, at their 27 September >2004 meeting, recommended that the document be adopted by the ARIN Board >of Trustees. The ARIN Board of Trustees, at their 29 September 2004 >meeting, adopted the ARIN Number Resource Policy Manual. > >Effective 15 October 2004, the ARIN Number Resource Policy Manual is the >official ARIN policy document. > >According to the strategy adopted by the ARIN Board of Trustees, all of >the previous versions of ARIN policies have been archived. > >The Number Resource Policy Manual (NRPM) can be found at: > >http://www.arin.net/policy > >The NRPM will be version controlled. The original version is 2004.1. A new >version will be issued as policies are added, modified or deleted. All >activity will be recorded in Appendix A of the document. Previous versions >of the NRPM will be archived. > >Raymond A. Plzak > >President and CEO >American Registry for Internet Numbers (ARIN) > > > From lea.roberts at stanford.edu Fri Oct 15 22:53:31 2004 From: lea.roberts at stanford.edu (Lea Roberts) Date: Fri, 15 Oct 2004 19:53:31 -0700 (PDT) Subject: [ppml] ARIN Number Resource Policy Manual In-Reply-To: <3.0.5.32.20041015185318.01bcdb40@mail.quark.net> Message-ID: I second that!! Many kudos to Einar! Lea Roberts ARIN AC On Fri, 15 Oct 2004, Andrew Dul wrote: > > I just wanted to specially thank Einar Bohlin for doing such professional > job of helping collate and preparing this document. I believe this new > document will help ARIN and the community greatly as we move forward in the > future. > > Andrew From Michael.Dillon at radianz.com Mon Oct 18 05:47:28 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Mon, 18 Oct 2004 10:47:28 +0100 Subject: [ppml] ARIN Number Resource Policy Manual In-Reply-To: Message-ID: Good stuff. Thank you! > The ARIN staff prepared the document. > The ARIN Advisory Council reviewed the document to ensure that all > existing policies were present in the new document, that they were > correctly stated, and that no inadvertent changes had been introduced in > the collation process. Even though I believe you about this, I would not be surprised to find that many of us, myself included, have misunderstandings of the current policy due to the scattered way in which it has been recorded in the past. Therefore, I plan to read through every word of this new document to see if my understanding is aligned with the written form. I would urge everyone else to do the same. --Michael Dillon From paul.bradford at adelphiacom.net Tue Oct 19 16:37:02 2004 From: paul.bradford at adelphiacom.net (Paul Bradford) Date: Tue, 19 Oct 2004 16:37:02 -0400 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation Message-ID: <41757AEE.3090700@adelphiacom.net> I agree with concern #1 from Marla's e-mail. spammers and abusers need less anonymity not more. So to complain about abuse, you'll have to go to the upstream provider, who may or may not actually deal with an abuse complaint since the abuse is coming from their customer... Thanks, Paul From paul.bradford at adelphiacom.net Tue Oct 19 16:53:49 2004 From: paul.bradford at adelphiacom.net (Paul Bradford) Date: Tue, 19 Oct 2004 16:53:49 -0400 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy Message-ID: <41757EDD.90703@adelphiacom.net> So what is the criteria for a "non business" service? How do you get ISPs to enforce this? If I spam from my home... am I using it for a business? nope... it's my residential static IP Block.... Just a few random thoughts that went through my head... Thanks, Paul From gregm at datapro.co.za Tue Oct 19 17:11:27 2004 From: gregm at datapro.co.za (Gregory Massel) Date: Tue, 19 Oct 2004 23:11:27 +0200 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation References: <41757AEE.3090700@adelphiacom.net> Message-ID: <006901c4b620$3515b400$60a623c0@groglet> The crux of this issue is that re-assignment information contains a perfect contact list for most of an ISP's customers. Many ISPs consider this to be sensitive information and do not wish for it to fall into the hands of their competitors. At the moment there is very little stopping ISPs from setting up rwhois servers and filtering them such that only ARIN can access them. This may be against policy, however, it is happening on quite a large scale, which indicates widespread demand for this information to be considered private. I support this policy proposal, however, question why the entity's upstream organisations should have access? In many cases ISPs compete with their upstream provider making the client information quite confidential. In any case, their upstream provider has the most powerful tool imaginable to ensure that the downstream honors abuse complaints: it can simply disconnect them! I would argue that re-assignment information should only be accessible to ARIN unless designated public. Exception may need to be considered in the case where an ISP makes an sub-allocation to another ISP. Ideally, one would want to have contact details for the downstream ISP so that abuse queries don't have to traverse a heirarchy of abuse desks. From gregm at datapro.co.za Tue Oct 19 17:15:20 2004 From: gregm at datapro.co.za (Gregory Massel) Date: Tue, 19 Oct 2004 23:15:20 +0200 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy References: <41757EDD.90703@adelphiacom.net> Message-ID: <006f01c4b620$bf558c80$60a623c0@groglet> Quite simple - Is the entity that contracted for the service a natural person or a juristic person? ----- Original Message ----- From: "Paul Bradford" To: Sent: Tuesday, October 19, 2004 10:53 PM Subject: RE: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy > So what is the criteria for a "non business" service? How do you > get ISPs to enforce this? If I spam from my home... am I using it for a > business? nope... it's my residential static IP Block.... > Just a few random thoughts that went through my head... > > Thanks, > Paul > From william at elan.net Tue Oct 19 17:33:24 2004 From: william at elan.net (william(at)elan.net) Date: Tue, 19 Oct 2004 14:33:24 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: <41757EDD.90703@adelphiacom.net> Message-ID: On Tue, 19 Oct 2004, Paul Bradford wrote: > So what is the criteria for a "non business" service? How do you > get ISPs to enforce this? If I spam from my home... am I using it for a > business? nope... it's my residential static IP Block.... > Just a few random thoughts that went through my head... It would be up to ISP to enforce based on the reports they receive, i.e. if somebody reports that you have website with shopping-cart on your computer hosted on residential dsl, that will be good indication of business use. SPAM, or more specifically UCE is also considered business use of the service (email sent for commercial purposes). In my opinion, most important is to let users know that no business activities is a requirement if they want their address/name hidden from public records, i.e. ISP would not just automaticly "hide" customer info just because its residential dsl order (as SBC seems to have been doing lately) but would have special form which prints out requirements and customer has to sign and return to have his data hidden. -- William Leibzon Elan Networks william at elan.net From paul.bradford at adelphiacom.net Tue Oct 19 17:25:23 2004 From: paul.bradford at adelphiacom.net (Paul Bradford) Date: Tue, 19 Oct 2004 17:25:23 -0400 Subject: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] Message-ID: <41758643.1010800@adelphiacom.net> so I guess my point is, how do you ensure that ISP's are enforcing based reports of abuse and not sticking their head in the sand? Thanks, Paul william(at)elan.net wrote: >On Tue, 19 Oct 2004, Paul Bradford wrote: > > > >> So what is the criteria for a "non business" service? How do you >>get ISPs to enforce this? If I spam from my home... am I using it for a >>business? nope... it's my residential static IP Block.... >>Just a few random thoughts that went through my head... >> >> > >It would be up to ISP to enforce based on the reports they receive, i.e. >if somebody reports that you have website with shopping-cart on your >computer hosted on residential dsl, that will be good indication of >business use. SPAM, or more specifically UCE is also considered business >use of the service (email sent for commercial purposes). > >In my opinion, most important is to let users know that no business activities >is a requirement if they want their address/name hidden from public records, >i.e. ISP would not just automaticly "hide" customer info just because its >residential dsl order (as SBC seems to have been doing lately) but would >have special form which prints out requirements and customer has to sign and >return to have his data hidden. > > > From william at elan.net Tue Oct 19 17:45:14 2004 From: william at elan.net (william(at)elan.net) Date: Tue, 19 Oct 2004 14:45:14 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation In-Reply-To: <006901c4b620$3515b400$60a623c0@groglet> Message-ID: There have been very very very few cases of abuse of reassignment information by one isp to get customers of another ISP. If it was a widespread issue, it would get reported on this and other lists - but ask yourself if you even know of one case?... So if it was widespread abuse, maybe then it would have been worse it to consider such a widescale privacy policy, but it really is not an issue. Also "perfect contact info" is not right, in fact the contact for customer bloick is usually an ISP itself and not customer. The only thing that is required is to list customer name and address (granted you often can find other data from that based on other sources, like whitepages). As far as rwhois - yet we all know some ISPs don't let you see their rwhois info, but it really is not because they are hiding data, most who do just dont have it maintained and populate database only when they need to get new ip block from arin (yes this is against the policies, but this privacy policy would not change anything as far as this bad practice). And if you run rwhois server, you'd know that there have not been any scans of entire range of ips that server is responsible for (and to get list of your clients from rwhois, person would have to actually scan each and every ip since rwhois does not require ISP to provide "list" of clients for the range and only answer with information on individual ip), so really there is no abuse of the data right now. On Tue, 19 Oct 2004, Gregory Massel wrote: > The crux of this issue is that re-assignment information contains a perfect > contact list for most of an ISP's customers. Many ISPs consider this to be > sensitive information and do not wish for it to fall into the hands of their > competitors. > > At the moment there is very little stopping ISPs from setting up rwhois > servers and filtering them such that only ARIN can access them. This may be > against policy, however, it is happening on quite a large scale, which > indicates widespread demand for this information to be considered private. > > I support this policy proposal, however, question why the entity's upstream > organisations should have access? In many cases ISPs compete with their > upstream provider making the client information quite confidential. In any > case, their upstream provider has the most powerful tool imaginable to > ensure that the downstream honors abuse complaints: it can simply disconnect > them! I would argue that re-assignment information should only be accessible > to ARIN unless designated public. > > Exception may need to be considered in the case where an ISP makes an > sub-allocation to another ISP. Ideally, one would want to have contact > details for the downstream ISP so that abuse queries don't have to traverse > a heirarchy of abuse desks. > > -- William Leibzon Elan Networks william at elan.net From william at elan.net Tue Oct 19 17:58:04 2004 From: william at elan.net (william(at)elan.net) Date: Tue, 19 Oct 2004 14:58:04 -0700 (PDT) Subject: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] In-Reply-To: <41758643.1010800@adelphiacom.net> Message-ID: On Tue, 19 Oct 2004, Paul Bradford wrote: > so I guess my point is, how do you ensure that ISP's are enforcing based > reports of abuse and not sticking their head in the sand? Many who report abuse would love this answered in more general sense. The feeling is that most ISP abuse desks do react and those that dont begin to have nunber of other more serious issues based on how the community begins to treat their network and ip space... > william(at)elan.net wrote: > > >On Tue, 19 Oct 2004, Paul Bradford wrote: > > > > > > > >> So what is the criteria for a "non business" service? How do you > >>get ISPs to enforce this? If I spam from my home... am I using it for a > >>business? nope... it's my residential static IP Block.... > >>Just a few random thoughts that went through my head... > >> > >> > > > >It would be up to ISP to enforce based on the reports they receive, i.e. > >if somebody reports that you have website with shopping-cart on your > >computer hosted on residential dsl, that will be good indication of > >business use. SPAM, or more specifically UCE is also considered business > >use of the service (email sent for commercial purposes). > > > >In my opinion, most important is to let users know that no business activities > >is a requirement if they want their address/name hidden from public records, > >i.e. ISP would not just automaticly "hide" customer info just because its > >residential dsl order (as SBC seems to have been doing lately) but would > >have special form which prints out requirements and customer has to sign and > >return to have his data hidden. > > > > > > > > -- William Leibzon Elan Networks william at elan.net From randy at psg.com Tue Oct 19 17:48:55 2004 From: randy at psg.com (Randy Bush) Date: Tue, 19 Oct 2004 14:48:55 -0700 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation References: <006901c4b620$3515b400$60a623c0@groglet> Message-ID: <16757.35783.612342.984277@ran.psg.com> > There have been very very very few cases of abuse of reassignment > information by one isp to get customers of another ISP. you're kidding, right? there have been cases of massive abuse. but not for stealing consumer customers, rather large commercial. randy From jlewis at lewis.org Tue Oct 19 17:51:14 2004 From: jlewis at lewis.org (Jon Lewis) Date: Tue, 19 Oct 2004 17:51:14 -0400 (EDT) Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation In-Reply-To: References: Message-ID: On Tue, 19 Oct 2004, william(at)elan.net wrote: > There have been very very very few cases of abuse of reassignment information > by one isp to get customers of another ISP. If it was a widespread issue, > it would get reported on this and other lists - but ask yourself if you > even know of one case?... So if it was widespread abuse, maybe then it > would have been worse it to consider such a widescale privacy policy, but > it really is not an issue. I know of sales people who used the .com zone (back when anyone could get just download a copy) to specifically target domains serviced by other providers. That's not quite an abuse of whois, but with whois it's even easier...just ask ARIN for all of an ISP's swips. But, who cares? Does Sprint get upset and ask for your number to become unlisted when MCI cold calls you asking you to switch LD providers? Sales/marketing is predatory at times. That's no excuse to throw out the current whois system. As for those who would abuse the current "Private Residence" loophole opened by 2003-3 (I've seen /23 Private Residences while tracking down where spams came from), whether that's one big residential customer (which I find hard to believe) or a pool of them, don't be shocked when people start rejecting email from an entire Private Residence block due to spams from one or more IPs within it...since you're basically saying in whois that it's one customer. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From william at elan.net Tue Oct 19 18:23:27 2004 From: william at elan.net (william(at)elan.net) Date: Tue, 19 Oct 2004 15:23:27 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation In-Reply-To: <16757.35783.612342.984277@ran.psg.com> Message-ID: On Tue, 19 Oct 2004, Randy Bush wrote: > > There have been very very very few cases of abuse of reassignment > > information by one isp to get customers of another ISP. > > you're kidding, right? there have been cases of massive abuse. > but not for stealing consumer customers, rather large commercial. And do you have a confirmation that stealing was done based on ARIN whois? In any case, if its large commercial, then this policy is not going to make much difference. Large commercial customers can be found by variety of other ip scans pretty easily and if they are really large then finding contact info is not a problem either. Somehow I think ISPs already know what large commercial customer their competitor has anyway and if not, they can find it out if they want to without whois (be it TLD whois or ip whois). -- William Leibzon Elan Networks william at elan.net From randy at psg.com Tue Oct 19 18:11:38 2004 From: randy at psg.com (Randy Bush) Date: Tue, 19 Oct 2004 15:11:38 -0700 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation References: <16757.35783.612342.984277@ran.psg.com> Message-ID: <16757.37146.425571.15149@ran.psg.com> >> there have been cases of massive abuse. but not for stealing >> consumer customers, rather large commercial. > And do you have a confirmation that stealing was done based on > ARIN whois? arin and domain, both > In any case, if its large commercial, then this policy is not > going to make much difference. my intent with the last bit of my comment. i am not disparaging the policy proposal; just keepin' the little points straight. randy From william at elan.net Tue Oct 19 19:03:26 2004 From: william at elan.net (william(at)elan.net) Date: Tue, 19 Oct 2004 16:03:26 -0700 (PDT) Subject: [ppml] Whois & privacy related changes - ideas for future Message-ID: Personally I'm not happy about 2004-6 or 2004-7 text and think larger changes are needed on how whois is used by arin and users, but I could never quite put it into normative text. But as we're discussing all this today, please read below on my ideas and maybe this is something that AC can work on later and can come up with text for a proposal. First here is what I see as a problem 1. ARIN database seems overwhelmed by amount of small assignments whois data 2. Current ARIN privacy policy for residential customers is already abused and having "private customers" seems like waste of database space (what use is it to see "private customer/private residence' record in whois) 3. Researches don't want addresses of customers completely hidden because they use that to establish geographical mapping of the net 4. Those doing abuse investigations don't want names hidden (especially for any large block). 5. Residential and small business customers want privacy for their records So here are my ideas on what could be done: 1. Change policy to require full reassignment SWIP if its > 128 ips or possibly > 254 ips 2. For smaller reassignments do not require all of then to be reported as individual reassignment and create instead new form of multi-reassignment SWIP which would list number of reassignments of each size without actually listing each customer name and address. The actual physical address listed under SWIP would have to correspond to same geographical area as all customers in that larger swip and maybe something like address of CO or datacenter or company city office. 3. Get rid of current residential customer privacy policy. Here is why I think this is good and would be ok for most of what we want: 1. The amount of data being entered and maintained in database would decrease dramaticaly because currently > 75% of it are those small < /24 reassignment SWIPs. This is easier both for ARIN and for ISPs. 2. Residential customers and small business who desire privacy get it as their info is not reported any more 3. Researches are still able to get all the info about geographical location, in fact it even becomes easier when this data for number of small blocks is aggregated together 4. Based on what I've seen almost all spammers with directly assigned blocks have > /24 (usually around /21 or /22) of ip space. It appears the big ones have very serious operations that smaller space would not work for them and smaller ones go for dedicated servers with few ips and many/most dedicated server companies don't report those ips in swips anyway. So dropping info on small blocks would probably not cause serious issues for abuse investigations. Question remains if this is ok with ARIN as instead of getting actual list of customers with exact ip blocks they use, ARIN info would now be just number of reassignments of different sizes - but I have feeling that maye exactly what ARIN wants and uses when determening utilization anyway... Plus if they need more info, they can always ask. So if you think this is worth it, feel free to discuss it more and maybe an exact proposal can be created based on the above ideas. -- William Leibzon Elan Networks william at elan.net From bmanning at vacation.karoshi.com Tue Oct 19 18:44:01 2004 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Tue, 19 Oct 2004 22:44:01 +0000 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: <006f01c4b620$bf558c80$60a623c0@groglet> References: <41757EDD.90703@adelphiacom.net> <006f01c4b620$bf558c80$60a623c0@groglet> Message-ID: <20041019224401.GB30727@vacation.karoshi.com.> hum... juristic .... sounds like a term of art that is alien to most venues i frequent. consistancy of legal interpretation across jurisdictions is not a common trait. On Tue, Oct 19, 2004 at 11:15:20PM +0200, Gregory Massel wrote: > Quite simple - Is the entity that contracted for the service a natural > person or a juristic person? > > ----- Original Message ----- > From: "Paul Bradford" > To: > Sent: Tuesday, October 19, 2004 10:53 PM > Subject: RE: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P > olicy > > > > So what is the criteria for a "non business" service? How do you > > get ISPs to enforce this? If I spam from my home... am I using it for a > > business? nope... it's my residential static IP Block.... > > Just a few random thoughts that went through my head... > > > > Thanks, > > Paul > > > From woody at pch.net Tue Oct 19 19:00:29 2004 From: woody at pch.net (Bill Woodcock) Date: Tue, 19 Oct 2004 16:00:29 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: <20041019224401.GB30727@vacation.karoshi.com.> Message-ID: On Tue, 19 Oct 2004 bmanning at vacation.karoshi.com wrote: > hum... juristic .... sounds like a term of art that is > alien to most venues i frequent. consistancy of legal > interpretation across jurisdictions is not a common > trait. Both South African and American law are derived from British Common, I believe. The American terms of art are "non-natural person", "legal person", or "moral person". But Greg appears to be interpreting the term in the American sense, per Santa Clara vs. Southern Pacific. -Bill From randy at psg.com Tue Oct 19 19:12:24 2004 From: randy at psg.com (Randy Bush) Date: Tue, 19 Oct 2004 16:12:24 -0700 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy References: <20041019224401.GB30727@vacation.karoshi.com.> Message-ID: <16757.40792.689946.854329@ran.psg.com> > On Tue, 19 Oct 2004 bmanning at vacation.karoshi.com wrote: >> hum... juristic .... sounds like a term of art that is >> alien to most venues i frequent. consistancy of legal >> interpretation across jurisdictions is not a common >> trait. > Both South African and American law are derived from British Common, I > believe. The American terms of art are "non-natural person", "legal > person", or "moral person". But Greg appears to be interpreting the term > in the American sense, per Santa Clara vs. Southern Pacific. while you wannabe lawyers are amusing, i think we all understood what greg meant in the first place. but thanks for playing. randy From hannigan at verisign.com Tue Oct 19 19:13:08 2004 From: hannigan at verisign.com (Hannigan, Martin) Date: Tue, 19 Oct 2004 19:13:08 -0400 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy Message-ID: <07241BB00D6943429D073403834717CE5C8232@dul1wnexm04.vcorp.ad.vrsn.com> This is why telcos incorporate in every state they do business. -M< -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan at verisign.com > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net]On > Behalf Of Bill > Woodcock > Sent: Tuesday, October 19, 2004 7:00 PM > To: bmanning at vacation.karoshi.com > Cc: Gregory Massel; ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2004-7: Residential > Customer Privacy > P olicy > > > On Tue, 19 Oct 2004 bmanning at vacation.karoshi.com wrote: > > hum... juristic .... sounds like a term of art that is > > alien to most venues i frequent. consistancy of legal > > interpretation across jurisdictions is not a common > > trait. > > Both South African and American law are derived from British Common, I > believe. The American terms of art are "non-natural person", "legal > person", or "moral person". But Greg appears to be > interpreting the term > in the American sense, per Santa Clara vs. Southern Pacific. > > -Bill > From woody at pch.net Tue Oct 19 19:11:08 2004 From: woody at pch.net (Bill Woodcock) Date: Tue, 19 Oct 2004 16:11:08 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: <16757.40792.689946.854329@ran.psg.com> Message-ID: On Tue, 19 Oct 2004, Randy Bush wrote: > while you wannabe lawyers are amusing, i think we all understood > what greg meant in the first place. but thanks for playing. What, this isn't the Bill Anycast Loopback forum? -Bill From randy at psg.com Tue Oct 19 19:17:26 2004 From: randy at psg.com (Randy Bush) Date: Tue, 19 Oct 2004 16:17:26 -0700 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy References: <16757.40792.689946.854329@ran.psg.com> Message-ID: <16757.41094.91062.111186@ran.psg.com> don't drink and type From owen at delong.com Tue Oct 19 20:20:06 2004 From: owen at delong.com (Owen DeLong) Date: Tue, 19 Oct 2004 17:20:06 -0700 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: <20041019224401.GB30727@vacation.karoshi.com.> References: <41757EDD.90703@adelphiacom.net> <006f01c4b620$bf558c80$60a623c0@groglet> <20041019224401.GB30727@vacation.karoshi.com.> Message-ID: <2147483647.1098206406@032-349-581.area1.spcsdns.net> In other words, is it a natural person, or, a legal entity with no existence outside of it's legal construction (such as a corporation). However, for a schedule C business, and many other forms of sole-proprieterships and partnerships, this test would not accurately match the intent of the policy. Owen --On Tuesday, October 19, 2004 22:44 +0000 bmanning at vacation.karoshi.com wrote: > > hum... juristic .... sounds like a term of art that is > alien to most venues i frequent. consistancy of legal > interpretation across jurisdictions is not a common > trait. > > > > On Tue, Oct 19, 2004 at 11:15:20PM +0200, Gregory Massel wrote: >> Quite simple - Is the entity that contracted for the service a natural >> person or a juristic person? >> >> ----- Original Message ----- >> From: "Paul Bradford" >> To: >> Sent: Tuesday, October 19, 2004 10:53 PM >> Subject: RE: [ppml] Policy Proposal 2004-7: Residential Customer Privacy >> P olicy >> >> >> > So what is the criteria for a "non business" service? How do you >> > get ISPs to enforce this? If I spam from my home... am I using it for >> > a business? nope... it's my residential static IP Block.... >> > Just a few random thoughts that went through my head... >> > >> > Thanks, >> > Paul >> > >> -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From Michael.Dillon at radianz.com Wed Oct 20 06:29:32 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Wed, 20 Oct 2004 11:29:32 +0100 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation In-Reply-To: <006901c4b620$3515b400$60a623c0@groglet> Message-ID: > In any > case, their upstream provider has the most powerful tool imaginable to > ensure that the downstream honors abuse complaints: it can simply disconnect > them! That is perhaps a little extreme. However, it is true to say that there are contractual obligations between upstream and downstream which the upstream can enforce if the writers of the contract language have taken into consideration the need to manage/limit/stop abuse by downstream sites. I think it is a mistake for us to try and fix contractual difficulties by enforcing policies which require all IP address users to publish contact information. I believe that the right way is to focus our policies on the small number of large organizations who have a vested interest in the functioning of the Internet. These organizations all receive addresses from ARIN and therefore have a contractual relationship with ARIN. Our policies should encourage ARIN members/subscribers to establish contractual agreements with their customers that allow the enforcement of AUPs and the quick resolution of network issues, abuse or otherwise. I believe that policies which permit ISPs to keep the bulk of their whois information private are a GOOD THING because they shift the focus onto the real problem which is policing the network. I don't want ARIN or any third party to police the network. I want ISPs to police themselves and their direct downstreams. I want those downstreams to police themselves and their customers. I want to see an unbroken chain of contractual commitments from ARIN down to the end-user so that ISPs have a clear and unequivocable right to disconnect service in the case of abuse. When this is in place the issues of reporting abuse and the communication chains between ISPs will resolve themselves naturally in the same way as anything else that they agree in their contracts. --Michael Dillon Radianz From paul.bradford at adelphiacom.net Wed Oct 20 06:36:45 2004 From: paul.bradford at adelphiacom.net (Paul Bradford) Date: Wed, 20 Oct 2004 06:36:45 -0400 Subject: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] In-Reply-To: <41758643.1010800@adelphiacom.net> References: <41758643.1010800@adelphiacom.net> Message-ID: <41763FBD.90501@adelphiacom.net> garsh you guys can turn a discussion into pretty much a totally cornfusing debate over legal baloney..... :-D I've been considering this some more and most company's don't use SWIPs or whois to track there customers internally, they have some type of ticketing system.... as long as some type of pressure can be put on the ISP (most of the time by the rest of the community by blackholes/SPAM filters) then I am for this.... so in essence (all legalities aside) technically I am for this.... still not sure what home user's gonna use a /25 but still for it.... Thanks, Paul p.s. most probably have no clue who I am. I'll introduce myself real quick. As my e-mail shows, I am Paul Bradford. I work for Adelphia where I am a Network Engineer in Adelphia's NOC so I don't really deal with ARIN at all. I attended the ARIN Operational BOF on Monday night. I once subscribed to ppml back a couple of years ago but saw eventually saw it as not something useful for me to be subscribed to. Well after the BOF I was pretty spun up. I think ppml needs to have people (Operators/IPAdmins/IP Janitors) be more proactive in discussions so here I am posting and reading. You are not going to lots of big corn-fusing words in my posts.... I think big words cornfusing words waste breathe and airspace..... I think my posts may have caused more traffic on ppml in quite some time... hurray! From Michael.Dillon at radianz.com Wed Oct 20 06:44:42 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Wed, 20 Oct 2004 11:44:42 +0100 Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: Message-ID: > In my opinion, most important is to let users know that no business activities > is a requirement if they want their address/name hidden from public records, > i.e. ISP would not just automaticly "hide" customer info just because its > residential dsl order (as SBC seems to have been doing lately) but would > have special form which prints out requirements and customer has to sign and > return to have his data hidden. This kind of detailled suggestion sounds like it has been crafted with the laws of the United States of America in mind. I'd like to remind y'all that ARIN covers more than a single legislative jurisdiction and therefore ARIN's policies must be compatible with the privacy laws and customs of more than one country. In addition, the things that you know about privacy and public records in the USA may no longer be true. The new regime imposed after 9/11 has changed a lot of things and the change is continuing. It would be a good idea for ARIN to think carefully about how the whois database facilitates terrorist attacks, or thwarts terrorist attacks. Personally, I'm concerned that a whois service originally designed for the purposes of public oversight of government funds has been morphed into a sort of "big brother" style regime where people are not allowed to have personal secrets. In its original form, whois published the identities of people using a service (ARPANET) that was paid for by public money. The Internet has long since ceased to be funded by public funds and I see no good reason to publish so many people's information so widely. --Michael Dillon Radianz From Michael.Dillon at radianz.com Wed Oct 20 06:47:16 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Wed, 20 Oct 2004 11:47:16 +0100 Subject: [ppml] Policy Proposal 2004-6: Privacy of Reassignment Inform ation In-Reply-To: <16757.35783.612342.984277@ran.psg.com> Message-ID: > > There have been very very very few cases of abuse of reassignment > > information by one isp to get customers of another ISP. > > you're kidding, right? there have been cases of massive abuse. > but not for stealing consumer customers, rather large commercial. The first case of which I have direct personal knowledge happened in 1994. Not long after people started thinking of the Internet as a commercial thing rather than a research thing. --Michael Dillon Radianz From william at elan.net Wed Oct 20 07:51:38 2004 From: william at elan.net (william(at)elan.net) Date: Wed, 20 Oct 2004 04:51:38 -0700 (PDT) Subject: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy In-Reply-To: Message-ID: On Wed, 20 Oct 2004 Michael.Dillon at radianz.com wrote: > > In my opinion, most important is to let users know that no business > > activities is a requirement if they want their address/name hidden > > from public records, i.e. ISP would not just automaticly "hide" > > customer info just because its residential dsl order (as SBC seems to > > have been doing lately) but would have special form which prints out > > requirements and customer has to sign and return to have his data hidden. > > This kind of detailled suggestion sounds like it has > been crafted with the laws of the United States of America > in mind. First of all it was an example and second I don't see anything so specific to US laws in that anyway. > I'd like to remind y'all that ARIN covers more > than a single legislative jurisdiction and therefore > ARIN's policies must be compatible with the privacy > laws and customs of more than one country. Nobody is saying ARIN policies should override laws of any country. But ARIN does stand for North American IP registry and two largest countries in its region are US and Canada (together covering over 99% of ARIN's ip allocations), so its fair for ARIN policies to be based on privacy laws of these two countries. > In addition, the things that you know about privacy > and public records in the USA may no longer be > true. The new regime imposed after 9/11 has changed > a lot of things and the change is continuing. It > would be a good idea for ARIN to think carefully > about how the whois database facilitates terrorist > attacks, or thwarts terrorist attacks. I'm really hoping the kind of paranoid actions I see from US governmemt lately are temporary thing, I hate to see this country turned into a police state. But as far as recent changes in privacy and public records,. if anything government seem to want to have access to anything and does not care about personal privacy, but for other privacy issues not much changed and as far as ARIN, we're talking about privacy for commercial companies and US (and Canadian) laws regularly favor requrying commercial companies to provide access to all public records (through corporate records and various permits) for any public resource the company uses. > Personally, I'm concerned that a whois service originally designed > for the purposes of public oversight of government funds has been > morphed into a sort of "big brother" style regime where people > are not allowed to have personal secrets. People are allowed to have personal secrets just fine with current arin whois policies, its privacy policies for companies that use ip blocks that would be changed by 2004-7 and I do not believe that single hierchy with only ISP listings will let serve public (or other ISPs for that matter) any good. As far as personal info, I'm not particularly against removing all those records for ip blocks used by individual users (i.e. residential customer blocks and small business), I don't however want to have the kind of policies in regards to that that are regularly abused to hide bad activities. I do want to see full whois records for the kind of blocks that can potentially be used independently from isp and advertised in bgp (i.e. blocks > /24). That is why I'm in favor of decreasing minimum requirement for reporting ip assignments and allocations from /28 to /25 or /24. That will solve privacy issues for over 99% of those who are worried about it and at the same time keep the whois data usefull for majority of cases when its needed. -- William Leibzon Elan Networks william at elan.net From easmith at beatrice.rutgers.edu Wed Oct 20 09:08:03 2004 From: easmith at beatrice.rutgers.edu (Ed Allen Smith) Date: Wed, 20 Oct 2004 09:08:03 -0400 Subject: [ppml] Whois & privacy related changes - ideas for future In-Reply-To: References: Message-ID: I agree overall - strongly in many cases - with your comments, with one exception: In message (on 19 October 2004 16:03:26 -0700), william at elan.net (william(at)elan.net) wrote: > >Question remains if this is ok with ARIN as instead of getting actual >list of customers with exact ip blocks they use, ARIN info would now be >just number of reassignments of different sizes - but I have feeling that >maye exactly what ARIN wants and uses when determening utilization anyway... >Plus if they need more info, they can always ask. I have to question whether it is proper for ARIN to be using non-publically-available information to make decisions on reassignments of IP address space - IP address space that is not "owned" by ARIN any more than the ISPs et al it is assigned to own it (unless ARIN wishes for courts to start treating IP addresses as the property of whoever they're currently (re)assigned to?). IP address space is managed by ARIN in trust for the users of Internet IP address space, who should be able to monitor ARIN's decisions in this regard, including having all information necessary to decide for themselves whether said allocations are justified. -Allen -- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin From jbujno at ldmi.com Wed Oct 20 09:11:59 2004 From: jbujno at ldmi.com (Jim Bujno) Date: Wed, 20 Oct 2004 09:11:59 -0400 Subject: [ppml] Whois & privacy related changes - ideas for future Message-ID: I think this is a very good idea. I currently swip my dsl customers by city now as a /24 for the market because most allocations are less than a /29 and i send in my spreadsheets showing utilization. This keeps our company's customers, mostly residential and small businesses private. This also takes a load off of ARIN. Jim Bujno Senior Network Engineer Cisco Certified Network & Design Professional Work #248-440-0202 Cell #313-268-1183 Fax #248-440-0500 LDMI Telecommunications 300 Galleria Suite 100 Southfield, Mi. 48034 U.S. Army Veteran >>> "william(at)elan.net" 10/19/2004 7:03:26 PM >>> Personally I'm not happy about 2004-6 or 2004-7 text and think larger changes are needed on how whois is used by arin and users, but I could never quite put it into normative text. But as we're discussing all this today, please read below on my ideas and maybe this is something that AC can work on later and can come up with text for a proposal. First here is what I see as a problem 1. ARIN database seems overwhelmed by amount of small assignments whois data 2. Current ARIN privacy policy for residential customers is already abused and having "private customers" seems like waste of database space (what use is it to see "private customer/private residence' record in whois) 3. Researches don't want addresses of customers completely hidden because they use that to establish geographical mapping of the net 4. Those doing abuse investigations don't want names hidden (especially for any large block). 5. Residential and small business customers want privacy for their records So here are my ideas on what could be done: 1. Change policy to require full reassignment SWIP if its > 128 ips or possibly > 254 ips 2. For smaller reassignments do not require all of then to be reported as individual reassignment and create instead new form of multi-reassignment SWIP which would list number of reassignments of each size without actually listing each customer name and address. The actual physical address listed under SWIP would have to correspond to same geographical area as all customers in that larger swip and maybe something like address of CO or datacenter or company city office. 3. Get rid of current residential customer privacy policy. Here is why I think this is good and would be ok for most of what we want: 1. The amount of data being entered and maintained in database would decrease dramaticaly because currently > 75% of it are those small < /24 reassignment SWIPs. This is easier both for ARIN and for ISPs. 2. Residential customers and small business who desire privacy get it as their info is not reported any more 3. Researches are still able to get all the info about geographical location, in fact it even becomes easier when this data for number of small blocks is aggregated together 4. Based on what I've seen almost all spammers with directly assigned blocks have > /24 (usually around /21 or /22) of ip space. It appears the big ones have very serious operations that smaller space would not work for them and smaller ones go for dedicated servers with few ips and many/most dedicated server companies don't report those ips in swips anyway. So dropping info on small blocks would probably not cause serious issues for abuse investigations. Question remains if this is ok with ARIN as instead of getting actual list of customers with exact ip blocks they use, ARIN info would now be just number of reassignments of different sizes - but I have feeling that maye exactly what ARIN wants and uses when determening utilization anyway... Plus if they need more info, they can always ask. So if you think this is worth it, feel free to discuss it more and maybe an exact proposal can be created based on the above ideas. -- William Leibzon Elan Networks william at elan.net From randy at psg.com Wed Oct 20 12:08:31 2004 From: randy at psg.com (Randy Bush) Date: Wed, 20 Oct 2004 09:08:31 -0700 Subject: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] References: <41758643.1010800@adelphiacom.net> <41763FBD.90501@adelphiacom.net> Message-ID: <16758.36223.87667.667269@ran.psg.com> > I attended the ARIN Operational BOF on Monday night. I once subscribed to > ppml back a couple of years ago but saw eventually saw it as not something > useful for me to be subscribed to. Well after the BOF I was pretty spun > up. I think ppml needs to have people (Operators/IPAdmins/IP Janitors) be > more proactive in discussions so here I am posting and reading. You are > not going to lots of big corn-fusing words in my posts.... I think big > words cornfusing words waste breathe and airspace..... any big word users> I think my posts may have caused more traffic on ppml > in quite some time... hurray! i am of the opinion that arin and the other policy-makers need more participation by the folk with actual hands on the wheel. thanks for playing. randy From marla_azinger at eli.net Wed Oct 20 15:35:57 2004 From: marla_azinger at eli.net (Azinger, Marla) Date: Wed, 20 Oct 2004 12:35:57 -0700 Subject: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] Message-ID: <10ECB7F03C568F48B9213EF9E7F790D2627963@wava00s2ke2k01.corp.pvt> I have my hands on the wheel. With my Frontier hat on here is the posting I put on ppml on 22 SEP In general I support this proposal ....I just question the quantity stated. It appears to be much larger than what I can see appropriate. Marla IP Analyst for Electric Lightwave Frontier Communications Citizens Communications -----Original Message----- From: Randy Bush [mailto:randy at psg.com] Sent: Wednesday, October 20, 2004 9:09 AM To: Paul Bradford Cc: ppml at arin.net Subject: Re: [Fwd: Re: [ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy] > I attended the ARIN Operational BOF on Monday night. I once subscribed to > ppml back a couple of years ago but saw eventually saw it as not something > useful for me to be subscribed to. Well after the BOF I was pretty spun > up. I think ppml needs to have people (Operators/IPAdmins/IP Janitors) be > more proactive in discussions so here I am posting and reading. You are > not going to lots of big corn-fusing words in my posts.... I think big > words cornfusing words waste breathe and airspace..... any big word users> I think my posts may have caused more traffic on ppml > in quite some time... hurray! i am of the opinion that arin and the other policy-makers need more participation by the folk with actual hands on the wheel. thanks for playing. randy From bicknell at ufp.org Wed Oct 20 18:05:08 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 20 Oct 2004 18:05:08 -0400 Subject: [ppml] Whois Proposal Discussion Message-ID: <20041020220508.GA80341@ussenterprise.ufp.org> I would like to thank everyone who provided feedback in today's meeting. It was quite helpful and I will use that feedback to fine-tune the proposal before submitting it into the policy process. I'll also take this opportunity to say that if you did not get to provide feedback to me today and would like to do so you can reply to this message. Public replies on PPML are encouraged, private replies are always accepted. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From jlewis at lewis.org Wed Oct 20 21:57:51 2004 From: jlewis at lewis.org (Jon Lewis) Date: Wed, 20 Oct 2004 21:57:51 -0400 (EDT) Subject: [ppml] Whois & privacy related changes - ideas for future In-Reply-To: References: Message-ID: On Wed, 20 Oct 2004, Ed Allen Smith wrote: > I have to question whether it is proper for ARIN to be using > non-publically-available information to make decisions on reassignments of > IP address space - IP address space that is not "owned" by ARIN any more than > the ISPs et al it is assigned to own it (unless ARIN wishes for courts to This has been done for years though, probably since the inception of ARIN. If you have a case for IP allocation, you can submit i.e. business plan documents to ARIN under NDA and they can decide if your plan justifies more immediate space than you could otherwise get under the rules. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From easmith at beatrice.rutgers.edu Wed Oct 20 22:21:28 2004 From: easmith at beatrice.rutgers.edu (Ed Allen Smith) Date: Wed, 20 Oct 2004 22:21:28 -0400 Subject: [ppml] Whois & privacy related changes - ideas for future In-Reply-To: References: Message-ID: In message (on 20 October 2004 21:57:51 -0400), jlewis at lewis.org (Jon Lewis) wrote: >On Wed, 20 Oct 2004, Ed Allen Smith wrote: > >> I have to question whether it is proper for ARIN to be using >>non-publically-available information to make decisions on reassignments of >>IP address space - IP address space that is not "owned" by ARIN any more >>than the ISPs et al it is assigned to own it (unless ARIN wishes for >>courts to > >This has been done for years though, probably since the inception of ARIN. >If you have a case for IP allocation, you can submit i.e. business plan >documents to ARIN under NDA and they can decide if your plan justifies >more immediate space than you could otherwise get under the rules. I am aware of this; I am contending that this should _not_ be the case, at least for any information suitable for publication in Whois, that being the subject of the current debate. It would not appear that most business plan documents, to use your example, would be publishable in Whois in any reasonable form (not counting limericks!) - for one thing, Whois should _mostly_ be an indication of the _current_ status of the network, not its projected _future_ status (although some comment records may be appropriate). -Allen -- Allen Smith http://cesario.rutgers.edu/easmith/ February 1, 2003 Space Shuttle Columbia Ad Astra Per Aspera To The Stars Through Asperity From bicknell at ufp.org Thu Oct 21 16:27:33 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Thu, 21 Oct 2004 16:27:33 -0400 Subject: [ppml] Draft ARIN Recomendation Message-ID: <20041021202733.GA31881@ussenterprise.ufp.org> Per the discussion that just occurred in the meeting, I submit the following draft text: The ARIN Membership directs ARIN on behalf of the Membership to send a letter to the IETF IPv6 Working Group, and any other entities the BoT considers relevant, with the following statement. The ARIN Membership believes that if the proposal in draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the future of the IPv6 Internet. To that extent, the ARIN Membership recommends that this draft NOT be adopted by the IETF. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From woody at pch.net Thu Oct 21 16:30:13 2004 From: woody at pch.net (Bill Woodcock) Date: Thu, 21 Oct 2004 13:30:13 -0700 (PDT) Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041021202733.GA31881@ussenterprise.ufp.org> Message-ID: On Thu, 21 Oct 2004, Leo Bicknell wrote: "The ARIN Membership believes that if the proposal in draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the future of the IPv6 Internet. To that extent, the ARIN Membership recommends that this draft NOT be adopted by the IETF." Let's strike the "if" in the first line, and the "to that extent" in the third. -Bill From John.Sweeting at teleglobe.com Thu Oct 21 16:39:45 2004 From: John.Sweeting at teleglobe.com (Sweeting, John) Date: Thu, 21 Oct 2004 16:39:45 -0400 Subject: [ppml] Draft ARIN Recomendation Message-ID: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> yes, that makes sense -----Original Message----- From: Bill Woodcock [mailto:woody at pch.net] Sent: Thursday, October 21, 2004 4:30 PM To: Leo Bicknell Cc: ppml at arin.net Subject: Re: [ppml] Draft ARIN Recomendation On Thu, 21 Oct 2004, Leo Bicknell wrote: "The ARIN Membership believes that if the proposal in draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the future of the IPv6 Internet. To that extent, the ARIN Membership recommends that this draft NOT be adopted by the IETF." Let's strike the "if" in the first line, and the "to that extent" in the third. -Bill From bicknell at ufp.org Thu Oct 21 16:40:11 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Thu, 21 Oct 2004 16:40:11 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> References: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> Message-ID: <20041021204011.GB32834@ussenterprise.ufp.org> I agree as well, my brain was being interrupted a bit by the meeting. In a message written on Thu, Oct 21, 2004 at 04:39:45PM -0400, Sweeting, John wrote: > yes, that makes sense > > -----Original Message----- > From: Bill Woodcock [mailto:woody at pch.net] > Sent: Thursday, October 21, 2004 4:30 PM > To: Leo Bicknell > Cc: ppml at arin.net > Subject: Re: [ppml] Draft ARIN Recomendation > > > On Thu, 21 Oct 2004, Leo Bicknell wrote: > "The ARIN Membership believes that if the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the > future of the IPv6 Internet. To that extent, the ARIN Membership > recommends that this draft NOT be adopted by the IETF." > > Let's strike the "if" in the first line, and the "to that extent" in the > third. > > > -Bill -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org From william at elan.net Thu Oct 21 17:14:13 2004 From: william at elan.net (william(at)elan.net) Date: Thu, 21 Oct 2004 14:14:13 -0700 (PDT) Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> Message-ID: On Thu, 21 Oct 2004, Leo Bicknell wrote: > "The ARIN Membership believes that if the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the > future of the IPv6 Internet. To that extent, the ARIN Membership > recommends that this draft NOT be adopted by the IETF." > On Thu, 21 Oct 2004, Sweeting, John wrote: > > -----Original Message----- > > From: Bill Woodcock [mailto:woody at pch.net] > > > > Let's strike the "if" in the first line, and the "to that extent" in > > the third. > > yes, that makes sense +1 I would like to check also if Leo really wanted this to be "The ARIN Membership" as that implies that only ARIN Members should be commenting on this topic which makes a topic for ARIN members mailing list rather then ppml but it seems to me the actual topic and recomendation is more of public policy type and we should not therefore use words "ARIN Membership" however I do not have concrete recomendation on what to replace this with. -- William Leibzon Elan Networks william at elan.net From woody at pch.net Thu Oct 21 16:57:29 2004 From: woody at pch.net (Bill Woodcock) Date: Thu, 21 Oct 2004 13:57:29 -0700 (PDT) Subject: [ppml] Draft ARIN Recomendation In-Reply-To: Message-ID: "The ARIN Membership believes that the proposal in draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the future of the IPv6 Internet. The ARIN Membership recommends that this draft NOT be adopted by the IETF." On Thu, 21 Oct 2004, william(at)elan.net wrote: > I would like to check also if Leo really wanted this to be "The ARIN > Membership" as that implies only ARIN Members. Good point. "ARIN and its constituents" perhaps? Or just "ARIN"? -Bill From bicknell at ufp.org Thu Oct 21 17:12:32 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Thu, 21 Oct 2004 17:12:32 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: References: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> Message-ID: <20041021211232.GA33387@ussenterprise.ufp.org> In a message written on Thu, Oct 21, 2004 at 02:14:13PM -0700, william(at)elan.net wrote: > I would like to check also if Leo really wanted this to be "The ARIN > Membership" as that implies that only ARIN Members should be commenting on > this topic which makes a topic for ARIN members mailing list rather then > ppml but it seems to me the actual topic and recomendation is more of > public policy type and we should not therefore use words "ARIN Membership" > however I do not have concrete recomendation on what to replace this with. My assumption is that will go through a new process which will allow the ARIN Membership to put their stamp of approval on this statement. Since that's not defined, I have posted the initial version here for lack of anywhere else. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From owen at delong.com Thu Oct 21 17:17:23 2004 From: owen at delong.com (Owen DeLong) Date: Thu, 21 Oct 2004 14:17:23 -0700 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041021202733.GA31881@ussenterprise.ufp.org> References: <20041021202733.GA31881@ussenterprise.ufp.org> Message-ID: <2147483647.1098368243@[192.168.1.110]> I recommend removing the word if from the first line of the second paragraph. Otherwise, I support the message. Owen --On Thursday, October 21, 2004 16:27 -0400 Leo Bicknell wrote: > > Per the discussion that just occurred in the meeting, I submit the > following draft text: > > The ARIN Membership directs ARIN on behalf of the Membership to > send a letter to the IETF IPv6 Working Group, and any other entities > the BoT considers relevant, with the following statement. > > The ARIN Membership believes that if the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the > future of the IPv6 Internet. To that extent, the ARIN Membership > recommends that this draft NOT be adopted by the IETF. -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From hannigan at verisign.com Thu Oct 21 17:18:01 2004 From: hannigan at verisign.com (Hannigan, Martin) Date: Thu, 21 Oct 2004 17:18:01 -0400 Subject: [ppml] Draft ARIN Recomendation Message-ID: <07241BB00D6943429D073403834717CE53E24C@dul1wnexm04.vcorp.ad.vrsn.com> > "The ARIN Membership believes that the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be > harmful to the future of the IPv6 Internet. The > ARIN Membership recommends that this draft NOT be > adopted by the IETF." > > On Thu, 21 Oct 2004, william(at)elan.net wrote: > > I would like to check also if Leo really wanted this to > be "The ARIN > > Membership" as that implies only ARIN Members. > > Good point. "ARIN and its constituents" perhaps? Or just "ARIN"? > It would be more assertive to state it simply as "ARIN". -M From broseman at ix.netcom.com Thu Oct 21 17:28:23 2004 From: broseman at ix.netcom.com (Barbara Roseman) Date: Thu, 21 Oct 2004 11:28:23 -1000 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: References: Message-ID: <6.1.2.0.2.20041021112556.0336b4d0@popd.ix.netcom.com> At 01:57 PM 10/21/2004 -0700, Bill Woodcock wrote: > "The ARIN Membership believes that the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be > harmful to the future of the IPv6 Internet. The > ARIN Membership recommends that this draft NOT be > adopted by the IETF." > > On Thu, 21 Oct 2004, william(at)elan.net wrote: > > I would like to check also if Leo really wanted this to be "The ARIN > > Membership" as that implies only ARIN Members. > >Good point. "ARIN and its constituents" perhaps? Or just "ARIN"? > > -Bill I thought that I heard during the discussion some people say that the IETF and IESG might be more welcoming of comments if it didn't come from ARIN as such, but from the ARIN participants. A subtle point, but whatever helps move the process along. -Barb Barb From randy at psg.com Thu Oct 21 17:37:53 2004 From: randy at psg.com (Randy Bush) Date: Thu, 21 Oct 2004 14:37:53 -0700 Subject: [ppml] Draft ARIN Recomendation References: <6.1.2.0.2.20041021112556.0336b4d0@popd.ix.netcom.com> Message-ID: <16760.11313.138622.435673@ran.psg.com> > I thought that I heard during the discussion some people say that the IETF > and IESG might be more welcoming of comments if it didn't come from ARIN as > such, but from the ARIN participants. how nice of the internet vendor task force to tell the operators how to organize and represent ourselves. randy From michel at arneill-py.sacramento.ca.us Thu Oct 21 17:56:51 2004 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 21 Oct 2004 14:56:51 -0700 Subject: [ppml] Draft ARIN Recomendation Message-ID: > The ARIN Membership directs ARIN on behalf of the > Membership to send a letter to the IETF IPv6 > Working Group I support the idea. Possible changes to the text are suggested below. I would not lose sleep over the success of said letter though; this is part of the site-local deprecation package. Michel. > The ARIN Membership believes that if the proposal suppress ^^ > in draft-ietf-ipv6-unique-local-addr-06.txt would s/would/will/ ^^^^^ > be harmful to the future of the IPv6 Internet. > To that extent, the ARIN Membership recommends ^^^^^^^^^^^^^^^^ suppress. > that this draft NOT be adopted by the IETF. From randy at psg.com Thu Oct 21 18:27:25 2004 From: randy at psg.com (Randy Bush) Date: Thu, 21 Oct 2004 15:27:25 -0700 Subject: [ppml] Draft ARIN Recomendation References: <6.1.2.0.2.20041021112556.0336b4d0@popd.ix.netcom.com> <16760.11313.138622.435673@ran.psg.com> Message-ID: <16760.14285.796656.292558@ran.psg.com> > A bit of *why* it would be harmful will go a long way, > whoever it is that says it. indeed! randy From narten at us.ibm.com Thu Oct 21 20:49:49 2004 From: narten at us.ibm.com (Thomas Narten) Date: Thu, 21 Oct 2004 20:49:49 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: Message from bicknell@ufp.org of "Thu, 21 Oct 2004 16:27:33 EDT." <20041021202733.GA31881@ussenterprise.ufp.org> Message-ID: <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> Some comments. First, I must confess a bit of surprise at the reaction during the meeting and here on this topic. This draft has been around for a long time (a year in the making?) and I presented much of the same content in Vancouver; there was no such reaction then. Personally, I have to wonder if having ARIN take a formal position is the way to go here. First, it will take some time to reach such a consensus, if indeed, there would be consensus. The unique-local-addr document is undergoing IESG review now; any comments need to come in soon, not a month or two from now. Second, this would be a first (I can't recall ARIN ever having done so), so you'd be charting new ground. Does the issue here warrant it? Finally, what will get the IETF's attention more than anything is clearly articulating what the issues are, and how they can be fixed, if indeed they can. Saying "bad idea" without saying why isn't particular constructive. Also, please read the actual drafts at issue and be specific. In one conversation I had after the meeting, Leo and I seemed to have agreement that the two documents: draft-ietf-ipv6-unique-local-addr-06.txt draft-ietf-ipv6-ula-central-00.txt are not equivalent. The first document doesn't result in guaranteed uniqueness, so one issue that will come up (if ISPs start routing these on a large scale) is what happens when two sites pick the same prefix. Who actually "owns it"? Because there is no clear answer, there may well be less incentive to carry such routes. On the other hand, ula-central does call for centrallized allocation of prefixes, so there is a much stronger binding between an end site and a specific prefix. So, do folk feel like both documents are equivalent in terms of "bad idea"? And why? Thomas From owen at delong.com Thu Oct 21 21:49:46 2004 From: owen at delong.com (Owen DeLong) Date: Thu, 21 Oct 2004 18:49:46 -0700 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041021211232.GA33387@ussenterprise.ufp.org> References: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> <20041021211232.GA33387@ussenterprise.ufp.org> Message-ID: <1132202764.1098384586@[192.168.1.101]> I think the key point here is not the "membership" approval needed, but, that ARIN happens to represent a constituency that is not limited to its members. I think that ARIN should state something to the effect that: ARIN, on behalf of its members and constituents, many of whom have expressed concern on this issue, requests that the IETF... Owen --On Thursday, October 21, 2004 17:12 -0400 Leo Bicknell wrote: > In a message written on Thu, Oct 21, 2004 at 02:14:13PM -0700, > william(at)elan.net wrote: >> I would like to check also if Leo really wanted this to be "The ARIN >> Membership" as that implies that only ARIN Members should be commenting >> on this topic which makes a topic for ARIN members mailing list rather >> then ppml but it seems to me the actual topic and recommendation is more >> of public policy type and we should not therefore use words "ARIN >> Membership" however I do not have concreterecommendationn on what to >> replace this with. > > My assumption is that will go through a new process which will allow the > ARIN Membership to put their stamp of approval on this statement. Since > that's not defined, I have posted the initial version here for lack of > anywhere else. -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From narten at us.ibm.com Thu Oct 21 22:38:42 2004 From: narten at us.ibm.com (Thomas Narten) Date: Thu, 21 Oct 2004 22:38:42 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: Message from gih@apnic.net of "Fri, 22 Oct 2004 12:07:05 +1000." <6.0.1.1.2.20041022115424.0227f648@kahuna.telstra.net> Message-ID: <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> Hi Geoff. Some good points to think about. One regret I have about the meeting is not asking for a "sense of the room" when this topic came up. It would have been really useful to get a better sense of how widely shared the view is. Also, since no one has posted the 'problem' yet, let me give a summary of what I thought I heard during the meeting: The jist of the issue as I understand it is that folk are worried that there will be tremendous pressure on ISPs to route ULAs and that they will in fact become the PI addresses in practice that we don't know how to route in a scalable fashion. And at some point in the future we'll have a huge mess with only ULA addresses being used. I.e., folk (end users) will see these as PI addresses, won't notice the fine print about "not globally routable" and will force ISPs to route them. And since this works in the short term, at the point where it becomes a real problem expectations will have been sent and we can't roll things back. Is this even close to what people are thinking? Thomas From gih at apnic.net Thu Oct 21 23:37:26 2004 From: gih at apnic.net (Geoff Huston) Date: Fri, 22 Oct 2004 13:37:26 +1000 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> References: <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> Message-ID: <6.0.1.1.2.20041022133127.02226ab0@kahuna.telstra.net> Thomas, >Is this even close to what people are thinking? I'm personally not really in a good position to represent what other folk may be thinking on this. However, I agree very much with posting the question and obtaining some sense of the concerns here in order to be able to assist in the context of the IETF work in proposing sensible and accepted usage conventions for addresses. regards, Geoff From harald at alvestrand.no Fri Oct 22 01:56:25 2004 From: harald at alvestrand.no (Harald Tveit Alvestrand) Date: Fri, 22 Oct 2004 07:56:25 +0200 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041021202733.GA31881@ussenterprise.ufp.org> References: <20041021202733.GA31881@ussenterprise.ufp.org> Message-ID: <28A2B8D0D60051AC66CB20A4@askvoll.hjemme.alvestrand.no> three words on "why" would be greatly appreciated. --On torsdag, oktober 21, 2004 16:27:33 -0400 Leo Bicknell wrote: > > Per the discussion that just occurred in the meeting, I submit the > following draft text: > > The ARIN Membership directs ARIN on behalf of the Membership to > send a letter to the IETF IPv6 Working Group, and any other entities > the BoT considers relevant, with the following statement. > > The ARIN Membership believes that if the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the > future of the IPv6 Internet. To that extent, the ARIN Membership > recommends that this draft NOT be adopted by the IETF. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org From Michael.Dillon at radianz.com Fri Oct 22 04:32:18 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 22 Oct 2004 09:32:18 +0100 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <28A2B8D0D60051AC66CB20A4@askvoll.hjemme.alvestrand.no> Message-ID: > three words on "why" would be greatly appreciated. I represent an ARIN member who was not able to send anyone to this ARIN meeting due to being busy on other important projects internally. So I was rather surprised to see people suggesting that we send the IETF such a strongly worded condemnation of a draft proposal. It seemed to me that you were going to say that my company and all other ARIN members were opposed to the proposal which is simply not true. I have no problems with something that says: "The issue was discussed at the ARIN meeting in Reston and the consenus was..." or "After a discussion at the ARIN meeting in Reston a majority voted to register opposition to this draft because...". You get the idea. Let's forget all the puffery and just lay it out straight because the IETF folks will not be fooled by strongly worded missives. I was glad to see some IETF members speak up and remind folks that the IETF doesn't care what ARIN supports or does not support. The IETF is and ENGINEERING task force and it cares more about what will work and what won't work and why people think things will or won't work and what information was missed or was not given sufficient weight by the writers of the draft. A draft is a suggestion. One possible life cycle for a draft is evolution, i.e. it can be changed. So if you want to fully reject a draft you really should do a thorough job of explaining why each of the possible evolutionary paths are dead ends. Not having been a part of the discussion, I have no idea of the substance of any of the objections. I strongly suggest that any individuals who have an engineering view on this should post it to the appropriate IETF mailing list at http://www.ietf.org Anyone with experience and knowledge can comment on drafts. You don't have to be a card-carrying member of anything. --Michael Dillon From bmanning at vacation.karoshi.com Fri Oct 22 06:26:11 2004 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Fri, 22 Oct 2004 10:26:11 +0000 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> References: <6.0.1.1.2.20041022115424.0227f648@kahuna.telstra.net> <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> Message-ID: <20041022102611.GC8007@vacation.karoshi.com.> On Thu, Oct 21, 2004 at 10:38:42PM -0400, Thomas Narten wrote: > Hi Geoff. > > Some good points to think about. > > One regret I have about the meeting is not asking for a "sense of the > room" when this topic came up. It would have been really useful to get > a better sense of how widely shared the view is. > > Also, since no one has posted the 'problem' yet, let me give a summary > of what I thought I heard during the meeting: > > The jist of the issue as I understand it is that folk are worried that > there will be tremendous pressure on ISPs to route ULAs and that they > will in fact become the PI addresses in practice that we don't know > how to route in a scalable fashion. And at some point in the future > we'll have a huge mess with only ULA addresses being used. I.e., folk > (end users) will see these as PI addresses, won't notice the fine > print about "not globally routable" and will force ISPs to route > them. And since this works in the short term, at the point where it > becomes a real problem expectations will have been sent and we can't > roll things back. > > Is this even close to what people are thinking? > > Thomas the jist of this debate lies, for me, in the presumptions about the term "globally" - esp.when it appears next to routable. in the exiting miasma we call "Internet" there are -very- few prefixes that are constrained. I made a short list at the mic and will reiterate here: 0.0.0.0/32 255.255.255.255/32 and the vendor constrained 127.0.0.0/8 -EVERYTHING- else is routeable. We had to fix that when CIDR was deployed by getting vendors to remove the "martian" and "guardband" prefixes so that cidr blocks could be used. If a prefix is routable ... its routable (duh). Global is a novel idea... since the days just after the MILnet split, and the emergence of EGP protocols, policy has been an implicit component of routing. A network is allowed and implicitly encouraged to establish a policy on what prefixes it will accept. e.g. some prefixes are or will be unacceptable and packets destined for those prefixes will be dropped at the boarder. Hence the illusion of "global" routing scope is a myth. The promise of ULAs - invites chaos and anarchy. The allure is near zero aquisition cost, near zero accountability, and for early movers, near zero insertion cost. These will be treated as PI space (and I hate that term) and can -NEVER- be eradicated once released. (sez bill, donning his nostradomus robes and hat) Perhaps one might bounce the ULA idea off our local (US) LEA folks... I'm sure they would -love- the idea of anonymous delegations.. :) so yes, you pretty much nailed the point. There are a host of others but lets work on this one for now. --bill From stacy at hilander.com Fri Oct 22 09:12:47 2004 From: stacy at hilander.com (stacy at hilander.com) Date: Fri, 22 Oct 2004 07:12:47 -0600 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> References: <1797AB680DD0D2118987009027178032132DCC7C@camtmms01.Teleglobe.CA> Message-ID: <1098450767.4179074f5962d@www.hilander.com> Agreed. /S Quoting "Sweeting, John" : > yes, that makes sense > > -----Original Message----- > From: Bill Woodcock [mailto:woody at pch.net] > Sent: Thursday, October 21, 2004 4:30 PM > To: Leo Bicknell > Cc: ppml at arin.net > Subject: Re: [ppml] Draft ARIN Recomendation > > > On Thu, 21 Oct 2004, Leo Bicknell wrote: > "The ARIN Membership believes that if the proposal in > draft-ietf-ipv6-unique-local-addr-06.txt would be harmful to the > future of the IPv6 Internet. To that extent, the ARIN Membership > recommends that this draft NOT be adopted by the IETF." > > Let's strike the "if" in the first line, and the "to that extent" in the > third. > > > -Bill > > > !DSPAM:4178201a93821732520694! > > > From sob at harvard.edu Fri Oct 22 09:47:58 2004 From: sob at harvard.edu (scott bradner) Date: Fri, 22 Oct 2004 09:47:58 -0400 (EDT) Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <200410220238.i9M2cgxv018903@cichlid.raleigh.ibm.com> Message-ID: <20041022134758.1C776F51A1@newdev.harvard.edu> > And at some point in the future > we'll have a huge mess with only ULA addresses being used. > I.e., folk (end users) will see these as PI addresses yup - the swamp on steroids (swamp-ng?) Scott From Suzanne_Woolf at isc.org Fri Oct 22 10:37:41 2004 From: Suzanne_Woolf at isc.org (Suzanne Woolf) Date: Fri, 22 Oct 2004 14:37:41 +0000 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> References: <20041021202733.GA31881@ussenterprise.ufp.org> <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> Message-ID: <20041022143741.GB79474@farside.isc.org> On Thu, Oct 21, 2004 at 08:49:49PM -0400, Thomas Narten wrote: > Some comments. Thank you. > First, I must confess a bit of surprise at the reaction during the > meeting and here on this topic. This draft has been around for a long > time (a year in the making?) and I presented much of the same content > in Vancouver; there was no such reaction then. I suspect this is due to a discontinuity between "people who participate in the IETF" and "people who participate in ARIN policy activities". When some of us talk about the lack of operator participation in IETF activities, this is the kind of symptom we mean. I respectfully suggest that most of the people who heard you speak on this in Vancouver had not heard of it before and didn't have an immediate response. They're responding now because it's had a chance to percolate into more prominence. > Personally, I have to wonder if having ARIN take a formal position is > the way to go here. First, it will take some time to reach such a > consensus, if indeed, there would be consensus. The unique-local-addr > document is undergoing IESG review now; any comments need to come in > soon, not a month or two from now. I would like to see RIR and IETF process mesh better than they do now. But with all due respect to both organizations, having ARIN or its members miss an IESG deadline does *not* mean that a proposal they find harmful can or will be forced on them. > Second, this would be a first (I > can't recall ARIN ever having done so), so you'd be charting new > ground. Does the issue here warrant it? This is less of an issue than it might appear. ARIN takes formal positions on various issues all the time, mostly through the formal policy process. It's becoming clear that ARIN needs one or more additional ways to express consensus on issues that don't strictly lend themselves to the policy process. The IPv6 IANA/RIR Allocation Policy document was the first case where ARIN is really being asked for input to another body's policy process (NRO) rather than creating policy to remain within the scope of ARIN. However, it's not going to be the last, and there's been discussion (including in yesterday's Public Policy meeting session) of a "recommendation" process to use in providing input to bodies such as NRO, IETF, and so on. Such a process would be lightweight and quick by comparison to the policy process, because the time constraints you're talking about are typical and because in some ways due diligence is less-- a recommendation is still a serious undertaking, but it's not binding on anyone the way ARIN policy is binding on ARIN staff and members. NRO and other bodies would be expected to have additional process for ratifying such a recommendation before it was binding on anyone. > Finally, what will get the > IETF's attention more than anything is clearly articulating what the > issues are, and how they can be fixed, if indeed they can. Saying "bad > idea" without saying why isn't particular constructive. An important point which I believe is being pursued elsewere in this thread. Suzanne Woolf ARIN AC From bicknell at ufp.org Fri Oct 22 11:06:36 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 22 Oct 2004 11:06:36 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> References: <20041021202733.GA31881@ussenterprise.ufp.org> <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> Message-ID: <20041022150636.GA70813@ussenterprise.ufp.org> I will attempt to articulate all of the objections to both proposals. I believe these are critical issues that need to be considered by a wider audience. Who makes these objections is an interesting point. I believe most of these are personal objections; engineers saying "that's not the way we want it done." There are also objections from ARIN's point of view as an organization, and I think these may not have been clearly articulated before. I'm going to start with the implications to ARIN, as I believe all of the other points are in support of the meta-issue of how these proposals affect RIR's. We need to start with ARIN's mission statement and purpose: Mission Statement (from http://www.arin.net/about_us/index.html) Applying the principles of stewardship, ARIN, a nonprofit corporation, allocates Internet Protocol resources, develops consensus based policies; and facilitates the advancement of the Internet through information and education outreach. Indeed, on that same page, we begin to see the mission statement applied: We at the American Registry for Internet Numbers manage the Internet numbering resources for North America, a portion of the Caribbean, and sub-equatorial Africa. Using this information, I'm going to put forth an alternative statement which I think many network engineers (eg, "the Nanog crowd") would agree, and most ARIN members would not disagree with: ARIN Manages globally unique address identifiers for the ARIN Region. I believe it is now obvious why the ARIN Membership should be concerned with these proposals. Both proposals in attempting to create globally unique identifiers that could be used in the ARIN region create confusion and competition. I don't think I can say much more on the confusion issue, however I do want to speak to the competition issue. ARIN continues to operate because it collects fees from its members. Members continue to pay ARIN because they realize there is a need for a globally unique identifier management system, that it costs money, and that ARIN does a good job. If there existed a system where people could get globally unique identifiers for free, I believe they would. We have already seen objections from some parts of the world that fees are too high, and a barrier to entry. Also, in this day of cost conscious operating I believe many engineers would wonder why they don't abandon the globally unique numbers provided by ARIN for a fee, for the globally unique identifiers that are free. Put simply, these proposals create a direct financial incentive for people NOT to use ARIN's services. Aside from the direct financial threat, I believe ARIN has an interest in the second proposal for two additional reasons. ARIN has been integral in the creation of LANIC and AfriNIC, and indeed has helped develop the process for creating a new registry. The second proposal wants to create a new registry with no acknowledgment of this existing system for creating a new registry. I think it would be bad precedent for ARIN to allow an IETF draft to "create" a new registry function without going through the processes that are already in place. Similarly, ARIN takes a strong view in its own policy process that the issue of fees is not appropriate for the policy process. I think ARIN has strong reasons to not let the IETF dictate fees for all the same reasons. The second proposal talks about "Permanent with no periodic fees", and on that basis alone is a bad proposal. Now that I have outlined why I think ARIN has a group needs to be involved, I will also outline why I personally think these proposals will not be successful in the way the authors intend. We start with draft-ietf-ipv6-unique-local-addr-06.txt When looking at this proposal I think it's important to consider all the ways someone may attempt to use this address space. Section 3.1 is where we start to go wrong. We have to years of history of CIDR. For some reason the IPv6 community wants to throw that out, and more particularly thinks they can change peoples thinking back to fixed boundaries. Well, that's not the way people think today, and I think most people consider that a step backwards. The reality here is that this proposal creates "FC00::/7" that is equivalent to 10/8 in IPv4. It's a novel idea to set aside 41 bits for "global ID", but I don't think anyone will use it that way. Think of the two most obvious uses of 10/8, and directly map them to how those organizations will use FC00::/7: * Small, non-distributed group: Uses 10/8 in sequence (10.0.0/24, 10.0.1/24, 10.0.2/24, etc). Often has no consideration of global issues, often poorly allocates space (eg, gives whole /16's to individual ethernets because they can). These people are going to use FC00::/7 in a similar way. I predict you will see FC00:0000:0000:0000, FC00:0000:0000:0001, etc. * Large, distributed group: Has an internal central function that manages 10/8 and subdelegates various bits (10.0/16, 10.1/16, 10.2/16 etc) to various subgroups inside the company for local management. Many in this group will actually love having the larger address space. They aren't going to manage "randomly assigned" addresses, they are going to use the space to delegate control. Given the way DNS works, I suspect they will choose to do the delegation on a nibble boundary. What that really means is of the 41 bits, there is the ability to tree 10 delegations deep. So, here you'll see FC00:0/12 to subdivision #1, FC00:1/12 to subdivision #2 and so on. They will then redelegate FC00:00/16, FC00:01/16, and so on. Moving on to the issue of collisions, I believe the analysis in section 3.2.3 is incomplete. Most importantly, it operates only on a single variable, the number of connections, not on the two values in use, the number of connections and the number of addresses in use by each entity. What the text has done is assume the second variable is always one (that an entity only brings one network to the table). This is convenient, but majorly underestimates the problem. Since these numbers can be randomly picked, a large organization is likely to end up with multiple subgroups picking networks, and later having them all connected together. I'll be conservative, and say that a group might bring on the order of 10 networks to the interconnection system given this allocation scheme. That dramatically increases the probability of collision. I think any group of size who used these prefixes could never count on using them to interconnect with another group. To that end, I would like to rewrite this entire draft: "FC00::/7 has been set aside for private network use, and should not ever appear on the global network. Service providers should filter FC00::/7 at all boarders." The rest of the text is wishful thinking, and not good engineering. Rewritten that way, I think it's good. We need private (think 1918) IPv6 space set aside, and I think a /7 is more than enough. No mention should be made of it being used for any connectivity outside an organization, it just won't work. Now, looking at draft-ietf-ipv6-ula-central-00.txt we have much more serious issues. Fundamentally it creates globally unique prefixes, but somehow wants to prevent them from being used on the global Internet. What I find curious is it offers no reason why this should be the case. Indeed, text in the draft repeatedly suggests this space is compatible with the global routing table: "- If accidentally leaked outside of a site via routing or DNS, there is no conflict with any other addresses." "- In practice, applications may treat these addresses like global scoped addresses." "It is recommended that sites planning to use Local IPv6 addresses for extensive inter-site communication, initially or as a future possibility, use a centrally assigned prefix as there is no possibility of assignment conflicts." Indeed, if anything this creates an Internet without ISP's. Businesses can use these and interconnect to each other as much as they want with no issues, but an ISP shouldn't route them in the global table. As a provider I don't see how that can make any sense. Section 3.2.1 describes a lot of requirements. I'm going to pick these off one by one: - Available to anyone in an unbiased manner. RIR's already deal with the problems of languages in their regions, and spend huge amounts of dollars on translations and other activities to reach all groups. - Allocation on a permanent basis, without any need for renewal and without any procedure for de-allocation. The system is guaranteed to run out of addresses. I will agree that it will be a long time before this happens, but with them being "throw away" I suspect it's likely that will be exactly what happens to them. People who have trashed their existing allocation (eg, gotten it black listed) will just get a new one. Companies who spin up a new product/division/group will get a new one. The run rate will be far higher than anyone has predicted here. This still gives us a long time before running out, but since the lifetime of this protocol is unknown, building in a method to burn through all the addresses does not fit with the stewardship role we all consider so important. - Provide mechanisms that prevent hoarding of these allocations. This has huge implications for verifying who a requester is, and cross referencing that information. This will require large databases and high levels of computation. - The ownership of each individual allocation should be private, but should be escrowed. If it's private, how can anyone verify the ownership of a particular block when there is a dispute? What group will handle dispute resolution? - Permanent with no periodic fees. Fundamentally the issue is all of the previous requirements incur cost. ARIN doesn't sit around throwing money in the fire because there is nothing to do. All the RIR's expend a lot of funds doing these functions today. How the author thinks this can be done with no periodic fees is beyond me. I think fees will be required to implement all of these requirements, and that discussion of the fees is inappropriate for a technical draft. In summary, even if I ignore the issue of how you do this without charging fees, I think this proposal has the business possibility of seriously impacting the RIR's viability. By allowing people to get globally unique identifiers for free there will be great pressure by underfunded segments of society (from poor countries to poor business to poor individuals) to use their limited resources to push others to accept these prefixes, rather than use them to support the existing registries. There is a long history that "connectivity is its own reward". The Internet exists in part because people take an extremely flexible approach to building the network. Run IP over anything. Gateway to any and all networks for any and all protocols and services possible. If companies and countries are given economic incentive to globally route these prefixes that is exactly what will happen. Sadly, this proposal creates not one, but two tiers to encourage global routing of these prefixes. First, it is directly cheaper (no fees) to use these prefixes. Second, and far more important, if someone has already globally uniquely numbered their whole network they are not going to want to renumber it, due to the huge cost in staff time, to connect to the Internet, and will offer money to ISP's to simply route the prefixes. Now, many in the IPv6 world point out one of the design goals was to allow hosts to be on multiple networks. The thought was someone might use one of these local addressing schemes, along with addresses from one or more providers. While I think the designers did a good job of making the protocol make that happen, I think the practical aspects of that were completely forgotten. The deployment of a network, even if the hosts allow it, has significant costs. Addresses must be obtained. Network services (dhcp servers, routers, etc) need to be updated. Firewalls and other security devices need to be updated. Indeed, in many cases applications themselves need much more sophistication to know which address to use for which sort of access. I can't see any sane network admin administering a network of any size with multiple full overlay networks. At best, they will do NAT, at worst they will refuse to use more than a single network. It is simply not practical to expend resources on managing multiple networks. I do think both proposals are bad for the Internet, and in the case of the second in particular bad for ARIN. I have seen no argument in any forum to do more than allocate a single /mumble for "private networks". All of the other grand ideas are nothing but wishful thinking, and do not account for any of the other motivations (financial, black-hat, etc) that users might operate under. Those of us who feel the financial pressures on a daily basis, and who see people abusing the existing system on a daily basis realize this makes it far easier for abuse to happen, and that's never a good thing. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From Michael.Dillon at radianz.com Fri Oct 22 11:09:20 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 22 Oct 2004 16:09:20 +0100 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022143741.GB79474@farside.isc.org> Message-ID: > Such a process would be lightweight and quick by comparison to the > policy process, Presumably you are talking about a process for collecting comments and forwarding them on to IETF et al. This is certainly something that I would support. Many people in the operational community don't belong to IETF discussion forums and it is rather awkward to find the forum, figure out what needs to be done to enable comments, and then submit the comments. If ARIN could enable people to comment in a less formal way and then collate these to the IETF along with contact info for the original writer, then this should provide benefits to both IETF and operators without compromising ARIN's policy-making position. This is not a lot different from the way in which PPML discussions get summarized before presentation of a policy proposal at the meetings. --Michael Dillon From narten at us.ibm.com Fri Oct 22 11:14:46 2004 From: narten at us.ibm.com (Thomas Narten) Date: Fri, 22 Oct 2004 11:14:46 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: Message from Suzanne_Woolf@isc.org of "Fri, 22 Oct 2004 14:37:41 -0000." <20041022143741.GB79474@farside.isc.org> Message-ID: <200410221514.i9MFEkTP006141@cichlid.raleigh.ibm.com> > I suspect this is due to a discontinuity between "people who > participate in the IETF" and "people who participate in ARIN policy > activities". When some of us talk about the lack of operator > participation in IETF activities, this is the kind of symptom we > mean. yep. > I respectfully suggest that most of the people who heard you speak on > this in Vancouver had not heard of it before and didn't have an > immediate response. They're responding now because it's had a chance > to percolate into more prominence. This makes sense too. > > Personally, I have to wonder if having ARIN take a formal position is > > the way to go here. First, it will take some time to reach such a > > consensus, if indeed, there would be consensus. The unique-local-addr > > document is undergoing IESG review now; any comments need to come in > > soon, not a month or two from now. > I would like to see RIR and IETF process mesh better than they do > now. But with all due respect to both organizations, having ARIN or > its members miss an IESG deadline does *not* mean that a proposal they > find harmful can or will be forced on them. To be clear, I'm very much interested in seeing the two orgs mesh effectively. And on the IESG "deadline", the one document is/was (by my read) in the final stages of being approved. But, the IESG also doesn't generally have absolute hard deadlines and will take input until a formal action is actually taken. So, it is certainly not too late to provide input. Indeed, the issue has already been raised within the IESG. Also, given what just happened, I expect to be able to get the IESG to delay, at least for couple more weeks, approval of the document in order to provide time to work through the issue. So, it is definitely not too late to raise issues, but it would be good to do so relatively quickly. > > Second, this would be a first (I > > can't recall ARIN ever having done so), so you'd be charting new > > ground. Does the issue here warrant it? > This is less of an issue than it might appear. Fair enough. And in any case, it's for the ARIN community to decide. (And contrary to the way my earlier note might have been read, I'm not necessarily in opposition to this, so long as it can be done relatively quickly, if its decided that this is the way to go.) Thomas From bicknell at ufp.org Fri Oct 22 11:22:53 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 22 Oct 2004 11:22:53 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: References: <20041022143741.GB79474@farside.isc.org> Message-ID: <20041022152253.GA71404@ussenterprise.ufp.org> In a message written on Fri, Oct 22, 2004 at 04:09:20PM +0100, Michael.Dillon at radianz.com wrote: > Presumably you are talking about a process for collecting > comments and forwarding them on to IETF et al. This is I would phrase it slightly different. We need a process for ARIN to speak. ARIN needs to be able to make an offical statement, as ARIN, on behalf of the members when that is appropriate. Given that we're talking about "speaking", it needs to be relatively lightweight to allow for "replies". -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From michel at arneill-py.sacramento.ca.us Fri Oct 22 11:31:57 2004 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 22 Oct 2004 08:31:57 -0700 Subject: [ppml] Draft ARIN Recomendation Message-ID: > bmanning at vacation.karoshi.com > The promise of ULAs - invites chaos and anarchy. The allure > is near zero aquisition cost, near zero accountability, and > for early movers, near zero insertion cost. These will be > treated as PI space (and I hate that term) and can -NEVER- > be eradicated once released. (sez bill, donning his > nostradomus robes and hat) For once, I completely agree with Bill. Here's the scenario: - Everyone is going to get an ULA (why not?) - Sooner or later a free registry will pop up to ensure uniqueness. (We have discussed this a long time ago, it is not that difficult). Worse, we will have a hard time calling that registry illegitimate, as there is indeed a legitimate need for it: making sure that organizations that have private links for business reasons don't collide. - People will want to use ULAs as PI. - People are going to take some money (up to the amount that they would have paid to ARIN) to their ISPs, and say "I'll give you this if you forget to filter the ULA I announce to you". This is especially true of organizations that are not eligible to get portable space. Net results: 1. Instead of the money going to ARIN, it will go to ISPs. Not good. Oh wait. You mean _me_? Mmmm. 2. Everyone and their dog will announce their ULA. As soon as a critical mass is reached, it will become the de-facto swamp v6. Michel. From Michael.Dillon at radianz.com Fri Oct 22 11:51:32 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 22 Oct 2004 16:51:32 +0100 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022150636.GA70813@ussenterprise.ufp.org> Message-ID: > Using this information, I'm going to put forth an alternative > statement which I think many network engineers (eg, "the Nanog > crowd") would agree, and most ARIN members would not disagree with: > > ARIN Manages globally unique address identifiers for the ARIN Region. Not so. ARIN only manages globally unique address identifiers that the IETF has asked IANA to manage. We don't manage telephone numbers or IEEE committee numbers (802.11b) and so on. When you removed the word "Internet" from the statement, you broke the chain from the IETF through IANA. > If there existed a system where people could get globally unique > identifiers for free, I believe they would. If you want a free domain name, you can get one from http://www.eu.org In the IPv6 address space there is plenty of room for anyone to do a similar service provided that the prefixes are routable and that is something that operators need to comment on because they spend their money making addresses routable. Any solution at this layer has to be technically and financially feasible for operators to deliver on, otherwise it won't happen. > The > second proposal wants to create a new registry with no acknowledgment > of this existing system for creating a new registry. I think it > would be bad precedent for ARIN to allow an IETF draft to "create" > a new registry function without going through the processes that > are already in place. Hmmm... something like WIANA? http://www.wiana.org > Now that I have outlined why I think ARIN has a group needs to be > involved, I will also outline why I personally think these proposals > will not be successful in the way the authors intend. This is meat for the IETF to discuss. I'm happy for them to consider your views whether I agree with them or not. I'd like to point out that my company is in the business of providing a global internet without the Internet. We interconnect many networks managed by many organizations using the Internet Protocol. None of these networks are supposed to be connected to the Internet directly other than through very restrictive secure VPN gateways that treat the Internet as a layer 2 access network. I have been told that there are roughly half a dozen similar networks in the world, not counting military networks or internal networks of large global corporations. Some of the stuff in these proposals seems interesting although I have not studied them in enough detail to make useful comments at this point. ------ Michael Dillon Radianz From Michael.Dillon at radianz.com Fri Oct 22 11:57:25 2004 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 22 Oct 2004 16:57:25 +0100 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022152253.GA71404@ussenterprise.ufp.org> Message-ID: > > Presumably you are talking about a process for collecting > > comments and forwarding them on to IETF et al. This is > > I would phrase it slightly different. > > We need a process for ARIN to speak. I don't believe that the IETF or IESG is interested in hearing what ARIN has to say. I think they want to hear what the members of ARIN have to say and they see ARIN as a vehicle to reach those members. If we set up a way for ARIN to speak, then this speech will cease to be engineering review and become political posturing. In that case we might as well just have ARIN staff take care of the whole business. But I think the IETF and IESG will still want to get serious detailed technical comments from the companies who just happen to be members of ARIN. What is important here is not the fact that these organizations are ARIN members. The important thing is that these organizations operate the large IP networks that make up the global Internet infrastructure and therefore have operational knowledge that is valuable to the IETF and IESG. --Michael Dillon From bicknell at ufp.org Fri Oct 22 14:36:54 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 22 Oct 2004 14:36:54 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: References: <20041022152253.GA71404@ussenterprise.ufp.org> Message-ID: <20041022183654.GB78441@ussenterprise.ufp.org> In a message written on Fri, Oct 22, 2004 at 04:57:25PM +0100, Michael.Dillon at radianz.com wrote: > I don't believe that the IETF or IESG is interested > in hearing what ARIN has to say. That may be, but IANA, ICANN, the other RIR's, and many other people do. I didn't say we need a process for ARIN to speak to the IETF, but to speak in general. Additionally, I disagree. While I don't think the IETF would give ARIN's response any more weight than an individual or a corporation who responded, I do think they would give it the same weight. They want to know what the stakeholders think, and ARIN as a group is a stakeholder in this issue. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From gih at apnic.net Fri Oct 22 15:42:05 2004 From: gih at apnic.net (Geoff Huston) Date: Sat, 23 Oct 2004 05:42:05 +1000 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022183654.GB78441@ussenterprise.ufp.org> References: <20041022152253.GA71404@ussenterprise.ufp.org> <20041022183654.GB78441@ussenterprise.ufp.org> Message-ID: <6.0.1.1.2.20041023051641.023a7ec0@kahuna.telstra.net> I have to agree with Leo here that the IETF should be interested, and is interested in the views expressed in the open policy forums hosted by the RIRs, particularly on matters associated with addressing and address deployment and use conventions. As to 'weight', the IETF tends to give weight to arguments that are soundly articulated, clearly express a viewpoint, and support that viewpoint with data. I'd like to say that this is irrespective of the origin of the response, but perhaps that is a little too idealistic. As to the level of mutual interest and support between the RIRs and the IETF, there has been conscientious efforts in recent times to ensure that the IETF is interested in what the RIRs and the open policy forums have to say, and to ensure that relevant IETF work is presented in RIR-hosted open policy forums as work in progress and the reactions from the forums is conveyed back to the IETF, as is happening in this case. regards, Geoff Huston From owen at delong.com Fri Oct 22 22:09:17 2004 From: owen at delong.com (Owen DeLong) Date: Fri, 22 Oct 2004 19:09:17 -0700 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022150636.GA70813@ussenterprise.ufp.org> References: <20041021202733.GA31881@ussenterprise.ufp.org> <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> <20041022150636.GA70813@ussenterprise.ufp.org> Message-ID: <2147483647.1098472157@[192.168.1.101]> Leo, this is an excellent effort and I couldn't have said it better myself. Please proofread it. (For example, networks have borders, while boarders are either living in your colo space or participating in winter sports). I'll send you my other proofreading notes under separate cover... No need to pollute the list with minor corrections. Thanks, Owen -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From harald at alvestrand.no Mon Oct 25 04:01:08 2004 From: harald at alvestrand.no (Harald Tveit Alvestrand) Date: Mon, 25 Oct 2004 10:01:08 +0200 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <20041022150636.GA70813@ussenterprise.ufp.org> References: <20041021202733.GA31881@ussenterprise.ufp.org> <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> <20041022150636.GA70813@ussenterprise.ufp.org> Message-ID: <59D44B77ABD04D3C7B164939@askvoll.hjemme.alvestrand.no> The reason the -local-address draft is being brought forward separately from the -ula-central draft is because it's been noted that central allocation has a LOT more issues than local allocation (such as fees). So the -ula-central draft has some more time before the IETF makes a decision on it - more time for comments to enter the ordinary IETF WG process. FWIW: I have heard the suggestion that IANA should ask the NRO to undertake the role of the central registry. It's an obvious candidate. But this comment: > ARIN continues to operate because it collects fees from its members. > Members continue to pay ARIN because they realize there is a need > for a globally unique identifier management system, that it costs > money, and that ARIN does a good job. > > If there existed a system where people could get globally unique > identifiers for free, I believe they would. We have already seen > objections from some parts of the world that fees are too high, and > a barrier to entry. Also, in this day of cost conscious operating > I believe many engineers would wonder why they don't abandon the > globally unique numbers provided by ARIN for a fee, for the globally > unique identifiers that are free. Put simply, these proposals create > a direct financial incentive for people NOT to use ARIN's services. is one I can't use as a technical argument. ARIN is a "natural monopoly" service provider, and has been defined as a quite restricted entity in order to make it trusted with that job. Writing technical standards to protect a monopoly's revenue stream would be what they call a "career-limiting move" for the IETF..... From bicknell at ufp.org Thu Oct 28 14:34:04 2004 From: bicknell at ufp.org (Leo Bicknell) Date: Thu, 28 Oct 2004 14:34:04 -0400 Subject: [ppml] Draft ARIN Recomendation In-Reply-To: <59D44B77ABD04D3C7B164939@askvoll.hjemme.alvestrand.no> References: <20041021202733.GA31881@ussenterprise.ufp.org> <200410220049.i9M0nnmp010015@cichlid.raleigh.ibm.com> <20041022150636.GA70813@ussenterprise.ufp.org> <59D44B77ABD04D3C7B164939@askvoll.hjemme.alvestrand.no> Message-ID: <20041028183404.GC96607@ussenterprise.ufp.org> In a message written on Mon, Oct 25, 2004 at 10:01:08AM +0200, Harald Tveit Alvestrand wrote: > is one I can't use as a technical argument. > ARIN is a "natural monopoly" service provider, and has been defined as a > quite restricted entity in order to make it trusted with that job. > > Writing technical standards to protect a monopoly's revenue stream would be > what they call a "career-limiting move" for the IETF..... You are correct, and perhaps I wasn't generic enough in my concerns. As part of the ARIN AC the viability of ARIN is how I approach the problem, let me put on an IETF hat and try from the other side. IETF drafts have already created a system for allocating globally unique IPv6 addresses where the existing RIR's are tasked with allocating IPv6 address space in a manor quite similar to IPv4 space. Given that this draft creates a new system for allocating globally unique addresses this draft creates a system that competes against the existing IETF sanctioned system. This competition may cause the first system not to be used at all, may create confusion about which system users should use, or may allow one allocation system to be used against the other (similar to "registry shopping" today this would be "method of getting global addresses shopping"). To the extent the IETF has an interest in the existing allocation system and all of it's features (working RIR's, allocations tracked in whois servers, SWIP's and other suballocations tracked, etc) this proposal puts those systems at risk. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: