ARIN-PPML Message

[ppml] Staff Comments Regarding Policy Proposal 2006-3

On Thu, 5 Oct 2006, Michael.Dillon at btradianz.com wrote:

> The gist of this policy seems to be:
>
>   For each address range which ARIN has issued,
>   ARIN will publish the list of allowed originating
>   ASes as supplied by the authorized user for each
>   netblock within that range. ARIN will form a public
>   working group to produce a document specifying the
>   requirements, and implementation details at the end
>   of 6 months after this policy is ratified by the board
>   of trustees.

With the caveat that I collaborated closely with Sandy in the writing
of 2006-3...

Comparing the text above to 2006-3 as written, they are remarkably
similar except that:
  - 2006-3 explicitly makes providing an AS list to ARIN optional
  - 2006-3 limits the redistributiuon restrictions ARIN can put on
    the publiched list
  - 2006-3 gives ARIN almost complete discretion to choose the
    publication mechanism without setting a timelime nor requiring
    a particular methodology
  - 2006-3 clearly gives ARIN the option of adding additional forms
    of publication in the furture (an IRR, a certificate system, etc.)
  - 2006-3 requires ARIN to (proactively) provide an opportunity to
    update the AS list every time any other maintenance is done on the
    address block

> What more needs to be said in the NPRM?

At the very least, that providing an AS list is optional and that ARIN
may not restrict distribution of the aggregated data.  I think the
instruction to ARIN to invite registrants to provide an AS list at
particular times is pretty important, too.

To be clear, I have doubts about the accuracy of the staff statement: 
"The policy duplicates capabilities of the routing registry and could 
be addressed by enhancing this existing functionality."  First, this 
policy gives ARIN the option of using an IRR as the publication 
mechanism for these mappings.  Two key parts of this proposal, the 
regular invitations to update the AS lists and the implicit 
authentication provided by the template system, might be hard to 
incorporate into ARIN's existing IRR.  There's also the question of 
how to handle the existing, poorly authenticated, data present in the 
IRR.  On the whole, the proponents of this proposal were concerned 
that trying to "enhance" the existing IRR would be intractable. 
Accordingly, this proposal gives ARIN the leeway to publish the data 
in an IRR or elsewhere, including in a certificate system, as it deems 
feasible.

Assuming that we like the idea of ARIN collecting and publishing
address block to ASN mappings, this proposal gives ARIN a great deal
of flexibility to do something that's 1) easy for them and 2) meets
the community's needs, even as those needs change over time.

-- Sam