[arin-ppml] IPv4 Transfer Policy Change to Keep Whois Accurate

Owen DeLong owen at delong.com
Thu May 12 19:19:58 EDT 2011 

On May 12, 2011, at 12:35 PM, Chris Engel wrote:

> 
>> -----Original Message-----
>> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
>> Behalf Of Owen DeLong
>> Sent: Thursday, May 12, 2011 1:20 PM
>> To: Martin Millnert
>> Cc: arin-ppml at arin.net
>> Subject: Re: [arin-ppml] IPv4 Transfer Policy Change to Keep Whois Accurate
>> 
>> 
>> On May 12, 2011, at 10:11 AM, Martin Millnert wrote:
>> 
>>> Owen,
>>> 
>>> On Thu, May 12, 2011 at 5:14 AM, Owen DeLong <owen at delong.com>
>> wrote:
>>>>>> You left out:
>>>>>> 
>>>>>> 4) The RIR eventually identifies these outliers and reclaims the
>> numbers
>>>>>> to be reissued to members of the community willing to comply with
>> policy.
>>>>> 
>>>>> Well, you'd potentially destroy uniqueness if the other party and its
>>>>> ISPs disagrees and continues to use the addresses.
>>>>> 
>>>> That is a theoretical risk today with hijackings. I fail to see the difference.
>>> 
>>> Well, in your case *the RIR* is the one doing the hijacking, if it
>>> acts against the will of the ISP it takes numbers away from.
>>> 
>> The RIR is not hijacking, it is reclaiming a community resource from someone
>> using it outside of the policies set by the community, just as squatters would
>> be
>> evicted from land if the owner pursues the issue prior to the expiration of
>> the time limits in the adverse possession laws.
>> 
>> Indeed, by the community policy definition, it is provider B that is doing the
>> hijacking.
>> 
>> Owen
>> 
> 
> 
> Owen,
> 
> It seems to me that the above analogy is a little problematic. With land there is a clear legal ownership which is enforced by an outside governing authority. Ownership of the land encompasses within it the legal right to exclude others from using that property. The governing authority has the legal (and practical) power to enforce the ownership rules it recognizes.
> 

Agreed.

> Your own stance, in previous postings here seems to have been that numbers (i.e. IP addresses) can't be "owned". If that's the case neither ARIN, nor anyone else possesses the legal authority to exclude an entity from their use. (Absent a Court or Government Agency proclaiming the contrary)
> 

Also agreed.

> Unless I misunderstand the situation here (which admittedly I may) ARIN has no real legal authority over the address spaces it registers. It's a self-appointed non-profit, not a government agency.... and has no real legal authority to regulate address usage outside of the individual contracts it has with many organizations.  Therefore, if an organization never entered into a contract with ARIN, it really has no legal mechanism for regulating it's use of any particular set of addresses. Do I misunderstand the nature of ARIN as an organization?
> 

Correct. ARIN's authority is limited to control of what it does or does not maintain in a database.
When I talk about reclamation in this context, I am talking about ARIN removing a registration
record from the database and then subsequently issuing a different record with the same
numbers to another entity.

> In practical terms, ARIN's, functional authority seems to derive from the fact that most of the organizations responsible for routing traffic voluntarily accept it as the official keeper of records for what address space belongs to whom. Would that be a correct summation?

Correct.

> 
> It seems to me that if ARIN started reclaiming address space from those organizations (or their clients) on any sort of significant scale, it would pretty rapidly risk undermining it's own authority and relevance to them. Whether, ARIN, from a policy standpoint has the technical ability to do so, strikes me as somewhat ancillary as to whether it would actually be a good idea for them to do so.

I do not believe that the scale of these existing hijackings is very large.
Further, I believe that if ARIN started taking proper action to prevent or correct these
hijackings of addresses, it would reduce the likelihood of their increasing in the
near future.

> 
> As a hypothetical, if an extremely large organization which had no contractual arrangement with ARIN believed it had legitimate claim to a certain address blocks. I would assume that many of the ISP's who were financially dependent on that organization would be inclined to route said block regardless of what ARIN might have to say about it. I would also presume that it would be in ARIN's self-interest to generally try and recognize the legitimacy of such claim, if at all possible... and try to get that organization into some sort of contractual relationship so that it could exert some sort of legal authority. Are those presumptions reasonable?

What if another large organization also felt they had claim to the block and had a record
in ARIN whois to document it?

Frankly, I do not believe that the problem here involves large organizations for the
most part. I believe that most of the illicit transfers have been much smaller blocks.
Further, in the case of a large transfer, I think it is unlikely that the large organization
would take the risk of refusing to work with ARIN to come to an agreement on
an appropriate RSA.

Owen

More information about the ARIN-PPML mailing list