[ppml] Policy Proposal: Authentication of Legacy Resources

[Stephen Sprunk]

Thus spake "Edward Lewis" <Ed.Lewis at neustar.biz>
> I have strong objection to #2.  In as much as "ARIN does not
> dictate routing policy" how does one detect that a number
> resource is "no-longer in active use?"  The purpose of ARIN
> is uniqueness, not routability.

ARIN's purpose is responsible stewardship, which doesn't stop at uniqueness; 
it includes determining use and justification for resources.  Current policy 
explicitly states that private use of ARIN-issued resources does not 
preclude them being justified.

> After first coming to my personal conclusion that there is no
> reliable way to decide whether a number resource is in use
> (e.g., it could be used in a network between two apartments
> in NYC air-gapped from the rest of the world).

A first step could be to (a) check to see if the prefix shows up in the DFZ, 
and/or (b) ask the holder.  Either should be sufficient as a first pass to 
claim a resource is "in use".

We can always go back and improve that later if needed, but I think ARIN 
staff would have their hands busy for quite a while just getting that first 
step done.  I'd prefer to hold off deciding what to do after that point 
until we have an idea of what the results are going to look like.

>>- Create a relationship with legacy holders, including a yearly
>> "touch-point" to help insure that records are up-to-date
>
> This sounds credible, but touch-point sounds like money
> changing hands.  Then again, I'm sounding cynical based on
> troll-induced threads that the RIRs are only after money and
> power.

There's no requirement that any money change hands.  It appears most legacy 
holders would be willing to pay reasonable fees (currently $100/yr 
regardless of assignment size), but if they aren't that shouldn't prevent 
them from keeping their contact and DNS information up to date.

> Whether what I had suggested is appropriate or not for ARIN,
> this is a model used in other industries in which operational
> data sharing benefits a segment.  The attitude is that
> consumers of the data band together and try to learn all they
> can about the "universe."  Data in is free, data out costs.
>
> But that model is not going to be easy to retrofit into the public
> Internet.  So, perhaps I'm just wasting bits.

That model doesn't seem applicable to someone trying to provide a public 
service, where data out must be free.  The problem is that some people think 
the only option is to charge for data in.  It's possible to charge for 
neither, if we feel other activities should subsidize WHOIS and DNS -- and 
I'd thought until recently there'd never be any disagreement on that point.

S

Stephen Sprunk      "Those people who think they know everything
CCIE #3723         are a great annoyance to those of us who do."
K5SSS                                             --Isaac Asimov