[arin-ppml] Draft Policy 2010-10 (Global Proposal):GlobalPolicy for IPv4 Allocations by the IANA Post Exhaustion- Last Call (textrevised)

On 07 Nov 2010 01:27, Owen DeLong wrote:
> On Nov 6, 2010, at 11:20 AM, Stephen Sprunk wrote:
>> On 06 Nov 2010 04:08, Owen DeLong wrote:
>>> On Nov 5, 2010, at 9:25 AM, Stephen Sprunk wrote:
>>>> OTOH, absent an LRSA, there is no formal agreement that [ARIN] doesn't [have the power to enforce policy].
>>> Uh, generally it's pretty hard to claim that a contract is binding on an opt-out basis.
>>> I can't just make up a contract and then say you are subject to it's terms just because you don't have a contract that says otherwise.
>> A homeless shelter is quite certainly free to dictate people wear shoes in order to get a free meal.
> Yes, but, once you had a man that isn't wearing shoes a meal, you
> can't then take the meal back because you now require shoes.

You can't take the meal back because it's already been eaten and we
haven't discovered time travel yet.  However, just because you gave a
man without shoes a meal yesterday doesn't mean you are obligated to
give him one again tomorrow.

>>>> I was willing to accept granting special privileges to _all_ legacy holders prior to the LRSA being made available; now that it is, though, I'm reluctant to accept continuing to grant those same special privileges to those who do not sign.
>>> First, I don't agree with your use of the term "special privileges".
>> You don't think that being exempt from revocation or having limits on fee increases (or no fees at all, if one doesn't sign an LRSA) qualify as "special privileges"?  How does someone with an RSA get those terms?
> No, I do not. I think they are the existing T&Cs of yesteryear.

Yesteryear did not have a limit on fee increases because yesteryear had
no fees at all.

> There are lots of examples of T&Cs given to people in the past that are not available to new customers. For example, if you have an AT&T unlimited plan for your iPhone or iPad, you are on different T&Cs than anyone can get with new service today.

That's different because they have a contract specifying those
terms--and if the carrier is remotely competent, they'll have clauses in
the contract that allow them to terminate the contract after some period
if they see fit.  They usually don't, since the risk of losing the
customer to a competitor is not worth whatever extra revenue they
_might_ be able to bring in by forcing a change in terms, but they _could_.

Also, do note that ARIN, via the LRSA, is _still_ offering special terms
to legacy registrants that are not available to others, so it's not just
yesteryear we're talking about.

>>> Second, I really don't think legacy holders are a major problem and I don't see the point in pursuing them with pitchforks and torches just because they choose not to join the ARIN community.
>> I don't think pitchforks and torches are necessary, but I do think _at minimum_ ARIN owes the community some due diligence to make sure WHOIS is correct.
> Agreed. However, it appears that your definition of due diligence has
> some elements in common with my definition of pitchforks and torches.

Perhaps.  And, when we get to that point in the process, we can debate
the merits of each viewpoint; however, that should not stop us from
moving forward on the part we do agree on, which is having ARIN actively
doing reviews.

>>> Care to back that up with what ARIN possibly gains by [using a stick] other than litigation expenses?
>> First, a stick would get more legacy holders to sign the LRSA--or perhaps even an RSA.  Second, I believe a significant amount of abandoned or unused resources would be discovered and reclaimed.  Both outcomes benefit the community.
> Sticks can accomplish lots of things. However, the question isn't whether or not it is possible to get signatures using a stick. The question is whether or not it is valid to use a stick.

We have carrots and we have sticks.  I'm all for using the carrots to
entice as many folks as possible to join the community or at least
establish contact with ARIN formalize their resources.  However, at some
point we must break down and admit we have run out of people who carrots
work on, and either we throw up our hands and admit we've failed or we
continue on, using sticks.

>>> Besides who said anything about permanently unavailable. The space is either held by an organization or it isn't.  If we can't findthe organization, we record that fact and make it visible. Eventually, either we find out for sure that the organization is defunct, or, we find out that they do still exist. In the former case, resources can be reclaimed. In the latter case, they cannot.
>> Based on John Curran's recent messages, it is very difficult and time-consuming to reliably determine that a company is defunct.  Given ARIN's demonstrated unwillingness to take on work that policy doesn't explicitly require them to take, the likely result is that space would forever be "temporarily" unavailable.
> Which I don't see as a particular problem as long as it is at least marked that way.

IMHO, simply marking the space unavailable is insufficient.

> 1.	Recovering the space isn't of any particular benefit to the community.

There is benefit in being able to issue that space to other applicants,
though I doubt it'll be significant enough to justify the effort on that
basis alone.

> 2.	Having legacy holders that are using the space able to continue doing so is of benefit and is our moral obligation IMHO.

That's a red herring, since all they have to do to continue using the
space is respond and, if they are not remotely in compliance with
current justification rules, sign an LRSA.

>>> I'm just saying we shouldn't reclaim resources until we are certain that the organization no longer exists.
>> In contrast, I think we should reclaim resources if we cannot, after a reasonable amount of effort, determine the registrant still exists _and_ either is still using those resources or is willing to sign an LRSA.
> Yes... I understood that before. I still disagree with you, as I have
> restated above.

Well, I suppose all that's left is for us to write policy proposals
reflecting our viewpoints and see which, if either, gains consensus and
is adopted.

>>>> ARIN can add or remove any WHOIS/rDNS entry it wishes unless restricted by policy or by a contract, i.e. an RSA or LRSA.  IOW, since non-LRSA legacy holders have no contract restricting what ARIN does, they have no (legal) standing to complain if ARIN decides to stop providing them unpaid, uncontracted registry services--just like a homeless person has no (legal) standing to complain if a shelter decides to stop giving them free meals.  That's purely a moral issue.
>>> That's an interesting theory, but, I doubt that as the successor registry to registries that granted the registrations to organizations on very different terms with no contract stating that the terms could be subsequently changed without agreement, ARIN would actually have as good a standing as you claim in that situation.
>> ARIN only inherited an obligation to provide services gratis and in perpetuity if its predecessors actually contracted with registrants to do so _and_ ARIN is their legal successor in interest.  I'm fairly sure the latter is true, but I'm almost certain the former is not.
> It's very gray, but, whether there is a written contract or not, certainly, at the time the resources were issued, it was the standard policy and expectation that whois, in-addr, and registration services would be performed by the registry gratis in perpetuity.

Ah, but

>> A contract is only valid if there is an exchange of "consideration (usually goods or services in one direction and money in the other).  If I promise you a free meal tomorrow but fail to provide one, you _cannot_ sue me for breach of contract because you paid no "consideration" for my promise and therefore it was not a valid contract.
> The exchange required does not have to be direct. There are many instances where contracts create third-party rights and/or obligations.
> In this case, the USDoD, DARPA, and USDoC have provided consideration and a contract to the predecessor registries to operate the services. Legacy holders are a third-party obligation of those contracts.

AIUI, only the parties to a contract (e.g. DARPA et al) can sue for
breach of that contract .  Still, where are the contracts that would
supposedly be breached?

>>> I'm saying that going after all or even some random number of resources on that basis is a dubious set of selection criteria at best and seems rather arbitrary to me.
>> If I see an elderly lady down the street from me tending her garden every day for years, but then a few days go by without any sign of her and there's an awful smell coming from her house, it's not unreasonable for the police to enter and check to make sure she's still alive.  If it turns out she's fine, no harm was done.
> Sure... But, what you are proposing is that if the police don't find her
> and don't find a body, they should let you sell her house.

There are standard procedures for that--and yes, the state will
eventually auction off her house to cover unpaid taxes, and if she
doesn't show up in a reasonable time to collect any remaining proceeds,
they'll keep that too.

>> And, for the record, I'd like to see LRSA signatories reviewed as well.  We can't revoke their space, but it's useful for the community to understand exactly what it is we're sanctioning so that we can decide if it's a good idea to continue offering the LRSA.
> I have no problem with reviewing LRSA signatories so long as we stick to our contractual obligations and don't attempt to revoke their space.

Of course.  That _would_ be a breach of contract.

>>> This theory that ARIN is somehow entitled as the successor registry to retroactively change the terms under which legacy resources were issued without the consent of the recipients really strikes me as being quite odd.
>> That's exactly what happened with domain names and with the other RIRs that inherited legacy numbers.  ARIN has been far more generous to legacy registrants, but IMHO now that we have the LRSA, it's time for the honeymoon to end.
> Holding up what happened with domain names as an example of how ARIN should behave is not going to win any points with me. I think that domain names have become an unmitigated mess and a profiteering opportunity for ICANN which has led to some seriously misguided policies in that area.

I'm sure we all have complaints about how DNS is managed, but the
reality is that orgs with legacy domains ended up having to sign new
contracts with and pay fees to the successor registry--and DARPA et al
didn't step in and claim it breached some contract with the prior registry.

The _exact_ same thing happened with legacy number resources being
transferred to the other RIRs, so it's ARIN that's the odd one out, not DNS.


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3646 bytes
Desc: S/MIME Cryptographic Signature
URL: <>