ARIN-PPML Message

[arin-ppml] Draft Policy 2010-11: Required Resource Reviews

I oppose this based on following thought.

1) how can we differentiate /32 assignment for residential customers or /29 or large assignment? 
A lot of cable modem or triple play ISP (start-up?) use /24 using Residential Privacy method per market. 
/32 assignment is not obligated to report through SWIP or RWHOIS. 
So the judgement for 25% is pretty much vague. 
And mostly triple-play ISP or cable modem provider may be affected by this 25% triggers in most case.
So it may be target for specific industry if this is mandated trigger. 
A lot of triple-play markets under RUS funding may be most of their customers are residential, and no business customers at all given that their market will be tier-3/4 rural area. 


2) I don't see the any exception for repeated audit triggered by this policy if any ISP's business model is really residential ISP...
If this policy is mandating the audit for triggered conditions without exceptions, they may be penalted unfairly under this policy. 

Alex


-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of ARIN
Sent: Wednesday, October 06, 2010 9:17 AM
To: arin-ppml at arin.net
Subject: Re: [arin-ppml] Draft Policy 2010-11: Required Resource Reviews

We have an update for the following:
> B. ARIN General Counsel
>
> Pending

Counsel found no significant legal issues with this draft policy.

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)



> -----Original Message-----

> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On

> Behalf Of Member Services

> Sent: Tuesday, July 20, 2010 2:12 PM

> To: arin-ppml at arin.net

> Subject: [arin-ppml] Draft Policy 2010-11: Required Resource Reviews

>

> Draft Policy 2010-11

> Required Resource Reviews

>

> On 15 July 2010 the ARIN Advisory Council (AC) selected "Required

> Resource Reviews" as a draft policy for adoption discussion on the PPML

> and at the Public Policy Meeting in Atlanta in October.

>

> The draft was developed by the AC from policy proposal "117. Required

> Resource Reviews". Per the Policy Development Process the AC submitted

> text to ARIN for a staff and legal assessment prior to its selection as

> a draft policy. Below the draft policy is the ARIN staff and legal

> assessment, followed by the text that was submitted by the AC.

>

> Draft Policy 2010-11 is below and can be found at:

> https://www.arin.net/policy/proposals/2010_11.html

>

> You are encouraged to discuss Draft Policy 2010-11 on the PPML prior to

> the October Public Policy Meeting. Both the discussion on the list and

> at the meeting will be used by the ARIN Advisory Council to determine

> the community consensus for adopting this as policy.

>

> The ARIN Policy Development Process can be found at:

> https://www.arin.net/policy/pdp.html

>

> Draft Policies and Proposals under discussion can be found at:

> https://www.arin.net/policy/proposals/index.html

>

> Regards,

>

> Member Services

> American Registry for Internet Numbers (ARIN)

>

>

> ## * ##

>

>

> Draft Policy 2010-11

> Required Resource Reviews

>

> Version/Date: 20 July 2010

>

> Policy statement:

>

> Replace the text "under sections 4-6" in section 12, paragraph 7 with

> "under paragraphs 12.4 through 12.6"

>

> Add to section 12 the following text:

>

> 10. Except as provided below, resource reviews are conducted at the

> discretion of the ARIN staff. In any of the circumstances mentioned

> below, a resource review must be initiated by ARIN staff:

>

> a. Report or discovery of an acquisition, merger, transfer, trade or

> sale in which the infrastructure and customer base of a network move

> from one organization to another organization, but, the applicable IP

> resources are not transferred. In this case, the organization retaining

> the IP resources must be reviewed. The organization receiving the

> customers may also be reviewed at the discretion of the ARIN staff.

>

> b. Upon receipt by ARIN of one or more credible reports of fraud or

> abuse of an IP address block. Abuse shall be defined as use of the

> block

> in violation of the RSA or other ARIN policies and shall not extend to

> include general reports of host conduct which are not within ARIN's

> scope.

>

> c. In the case where an organization wishes to act as recipient of

> resources pursuant to a transfer under section 8.3, unless otherwise

> prohibited by paragraph 12.2(c).

>

> d. An organization which submits a request for additional resources

> when

> more than 25% of their existing resources are obscured in SWIP or

> RWHOIS

> pursuant to section 4.2.3.7.6 (residential customer privacy).

>

> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not

> exempt organizations from the reviews required under section 12.10.

>

> Rationale:

>

> The first change is a minor correction which improves clarity and

> consistency of the original policy without changing the meaning.

>

> The addition of 12.10 (a) through (e) serves to create a set of

> circumstances under which a resource review is required, rather than

> optional and entirely at ARIN staff discretion.

>

> The majority of early comments on this proposal focused on 12.10 (e).

> Mostly it was confusion about the exact ramifications. This section

> will

> cause ARIN to maintain greater scrutiny only in cases where a given ISP

> issues more than 25% of their total space to residential customers who

> wish to remain anonymous and receive network blocks of /29 or larger.

> To

> the best of my knowledge, there are not currently any ISPs which meet

> this criteria. Additionally, it would only apply that scrutiny to IPv4,

> and will not carry forward into IPv6 residential assignments.

>

> This policy should improve the compliance verification of ARIN policies

> and may result in the improved reclamation of under-utilized IP address

> space. It should also serve as a deterrent to certain address hoarding

> tactics which have come to light in recent history.

>

> Timetable for implementation: Immediately upon ratification by the

> Board

>

>

> #####

>

>

> STAFF ASSESSMENT

>

> Proposal: (117) Required Resource Reviews

> Proposal Version (Date): 07 July 2010

> Date of Assessment: 14 July 2010

>

> 1. Proposal Summary (Staff Understanding)

>

> This draft policy establishes new criteria to enact NRPM 12 resource

> reviews. It requires ARIN staff to initiate resource reviews when M&A

> activity occurs but IP addresses are not transferred to the acquirer;

> when fraud or abuse is reported to ARIN, either about a specific IP

> address range or about an OrgID; when any NRPM 8.3 transfer occurs; or

> when staff are reviewing an additional IP address request and find that

> more than a quarter of an OrgID's downstream SWIPs are covered under

> the

> Residential Customer Privacy policy.

>

> 2. Comments

>

> A. ARIN Staff Comments

>

> * This proposal could cause ARIN staff to conduct resource reviews on

> a

> more frequent basis. Any prescription for prioritizing such reviews

> could delay other important registration activities from being

> processed

> in a timely manner.

>

> B. ARIN General Counsel

>

> Pending

>

>

> 3. Resource Impact

>

> This policy would have moderate resource impact. It is estimated that

> implementation would occur within 6 months after ratification by the

> ARIN Board of Trustees. The following would be needed in order to

> implement:

>

> * Resource reviews, audits, and fraud research require many man-hours.

> These new requirements to conduct audits on a much more regular basis

> could necessitate hiring and training additional registration staff.

> * Changes to current business practices

> * Staff training

> * Updated guidelines

>

>

> 4. Proposal Text

>

> Policy statement:

>

> Replace the text "under sections 4-6" in section 12, paragraph 7 with

> "under paragraphs 12.4 through 12.6"

> Add to section 12 the following text:

>

> 10. Except as provided below, resource reviews are conducted at the

> discretion of the ARIN staff. In any of the circumstances mentioned

> below, a resource review must be initiated by ARIN staff:

> a. Report or discovery of an acquisition, merger, transfer, trade or

> sale in which the infrastructure and customer base of a network move

> from one organization to another organization, but, the applicable IP

> resources are not transferred. In this case, the organization retaining

> the IP resources must be reviewed. The organization receiving the

> customers may also be reviewed at the discretion of the ARIN staff.

> b. Upon receipt by ARIN of one or more credible reports of fraud or

> abuse of an IP address block. Abuse shall be defined as use of the

> block

> in violation of the RSA or other ARIN policies and shall not extend to

> include general reports of host conduct which are not within ARIN's

> scope.

> c. In the case where an organization wishes to act as recipient of

> resources pursuant to a transfer under section 8.3, unless otherwise

> prohibited by paragraph 12.2(c).

> d. An organization which submits a request for additional resources

> when more than 25% of their existing resources are obscured in SWIP or

> RWHOIS pursuant to section 4.2.3.7.6 (residential customer privacy).

> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not

> exempt organizations from the reviews required under section 12.10.

>

> Rationale:

>

> The first change is a minor correction which improves clarity and

> consistency of the original policy without changing the meaning.

> The addition of 12.10 (a) through (e) serves to create a set of

> circumstances under which a resource review is required, rather than

> optional and entirely at ARIN staff discretion.

>

> The majority of early comments on this proposal focused on 12.10 (e).

> Mostly it was confusion about the exact ramifications. This section

> will

> cause ARIN to maintain greater scrutiny only in cases where a given ISP

> issues more than 25% of their total space to residential customers who

> wish to remain anonymous and receive network blocks of /29 or larger.

> To

> the best of my knowledge, there are not currently any ISPs which meet

> this criteria. Additionally, it would only apply that scrutiny to IPv4,

> and will not carry forward into IPv6 residential assignments.

>

> This policy should improve the compliance verification of ARIN policies

> and may result in the improved reclamation of under-utilized IP address

> space. It should also serve as a deterrent to certain address hoarding

> tactics which have come to light in recent history.

>

>

>

>

>

>

> _______________________________________________

> PPML

> You are receiving this message because you are subscribed to

> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).

> Unsubscribe or manage your mailing list subscription at:

> http://lists.arin.net/mailman/listinfo/arin-ppml

> Please contact info at arin.net if you experience any issues.



_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.