ARIN-PPML Message

[ppml] Policy Proposal 2007-15: Authentication of Legacy Resources

On 19 July 2007, the ARIN Advisory Council (AC) concluded their initial
review of "Authentication of Legacy Resources" and accepted it as a
formal policy proposal for discussion by the community.

The proposal is designated Policy Proposal 2007-15: Authentication of
Legacy Resources. The proposal text is below and can be found at:
http://www.arin.net/policy/proposals/2007_15.html

All persons in the community are encouraged to discuss Policy Proposal
2007-15 prior to it being presented at the ARIN Public Policy Meeting in
Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on the
Public Policy Mailing List and at the Public Policy Meeting will be used
to determine the community consensus regarding this policy proposal.

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

ARIN's Policy Proposal Archive can be found at:
http://www.arin.net/policy/proposals/proposal_archive.html

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Policy Proposal 2007-15
Authentication of Legacy Resources

Author: Andrew Dul

Proposal type: New

Policy term: Permanent

Policy statement:

Add new NRPM section 4.9 - Legacy Records

Legacy resource record holders shall be permitted to sign an
registration services agreement which permits the organization which is
currently using the resources as of January 1, 2007 to continue to use
those resources as long as a registration services agreement is signed
by the organization and the organization is not past-due on their annual
maintenance fee. ARIN will evaluate and verify the chain of custody of
any resource records prior to executing a registration services
agreement with an organization.

If a legacy resource holder requests additional IPv4 resources all IPv4
resources (legacy and non-legacy) shall be evaluated to determine
utilization for additional assignments under NRPM sections 4.2 or 4.3.

ARIN shall use all reasonable methods to attempt to contact legacy
record holders starting on January 1, 2008.

ARIN shall also post information on the public website regarding this
outreach to legacy resource holders.

No changes shall be made to legacy resource records which are not
covered by a registration services agreement after December 31, 2007.

Add new NRPM section 7.3 - Legacy Reverse Delegation Records

Legacy IP address record holders who have not signed a registration
services agreement with ARIN will have their name server delegations for
the in-addr.arpa zone removed starting on June 30, 2009. All name server
delegations shall be removed from the in-addr.arpa zone by December 31,
2009.

If an individual contacts ARIN and claims to represent a legacy record
holder after the removal of an organization's name server delegations,
the individual shall be permitted to request a one-time 6 month
reinstatement of their name server delegations. This 6 month period is
intended to allow an organization to work in good faith to establish a
registration services agreement.

Policy Rationale

An ARIN Legacy resource holder is an organization which was issued
number resources prior to the formation of ARIN and whose registration
information was not transferred to another RIR through the Early
Registration Transfer Project (http://www.arin.net/registration/erx).
Legacy resource holders were issued number resources through an informal
process. This policy proposal attempts to bring these legacy resource
holders into a formal agreement with ARIN, the manager of the IP
numbering resources for many of the legacy record holders.

Some legacy resource holders have expressed concerns about committing to
a registration services agreement when the legacy resource holder cannot
be assured that they will be permitted to retain and their resources for
the long-term. This policy proposal also does not preclude existing
legacy space holders, who may have signed another version of the
registration services agreement from having the same commitment level.
It is suggested that the Board of Trustees formalize the annual
maintenance fees for legacy resource holders at a level similar to the
$100 USD per year for end-sites.

This policy sets in place a notification period of 18 months to contact
all legacy resource holders and creates an incentive for the holders to
formalize their relationship with ARIN. The dates in this policy
proposal were arbitrarily chosen based upon an expected ratification by
the ARIN Board of Trustees by December 31, 2007. If this policy is
implemented after December 31, 2007, the trigger dates in the policy
should be adjusted appropriately.

Given the informal relationship under which the resources were granted,
ARIN current maintains the records including WHOIS and in-addr.arpa
delegations in a best-effort fashion. Many believe that ARIN may not be
obligated to maintain these records. ARIN has experienced some
difficulty maintaining these records. Legacy records have been a popular
target for hijackers, in part due to the out of date information
contained in these records. Having up to date contact information would
assist ARIN and ISP's in insuring the stability of the Internet.

This policy proposal sets a termination date for in-addr.arpa delegation
services for legacy resource record holders who have not formalized
their relationship with ARIN through a registration services agreement.
The 6 month period of delegation record removal was intended to provide
ARIN the flexibility of removing the records on a gradual plan during
second half of 2009 and to avoid a large change on a single day.

Legacy resource holders who sign a registration services agreement would
continue to receive all the services that are currently provided by ARIN
plus they would be eligible for any future services that ARIN may offer,
such as cryptographic signing of resource records.

Timetable for implementation: As stated in policy