[ppml] comments on various new possible threads
Dr. Jeffrey Race
jrace at attglobal.net
Tue Feb 18 20:46:29 EST 2003
See inline comments
On Tue, 18 Feb 2003 13:52:03 -0700, John M. Brown wrote:
>> Suggested Thread #1: Revocation
>> I believe this thread began with the idea of having certain
>> services (allocations/assignments) revoked by ARIN under
>> given circumstances (namely fostering SPAM). We need to be
>> more precise on which resources and under which conditions
>> those resources are to be revoked.
>Since there isn't a "standard" lithmus test for what SPAM is,
>ARIN can't have a policy to revoke a prefix because of SPAM.
I have nominated a definition of abuse which would capture
99.9% of it with (so far as I can tell) no false positives.
Please look at it and critique.
>This should be dropped. Spam is a social issue that is not
>in the perview of ARIN or any other RIR.
Well for me (as victim) spam is a MONEY issue because of all
the resources I have to devote to dealing with it. I can't
put an e-mail address or a <mailto> on my firm's website
because of the spam menace. My colleague's machine was
taken down for several days because of a virus infection, and
I had to help him clean it.
Please get out of the "let the victims pay" model.
>> Suggested Thread #2: Enforcement
>> The motor vehicle registry can revoke a license to drive, but
>> not stop you from driving your car - that is the role of law
>> enforcement. ARIN currently has no mechanism to enforce
>> policy other than removing allocations/assignments or other
>> database resources. If there is a specific suggestion on how
>> ARIN could provide enforcement of resources it manages,
>> please take this to that thread (rename the subject please)!
>RIR's are not in the business of providing this service.
They delegate the resources and so they are the enablers. They
cannot, like Pilate, say "I wash my hands of the consequences
of my actions"
>risk is way to high.
Buy insurance. Why should I (the victim) have to pay?
>> Suggested Thread #3: Selling /24's
>> There was an assertion that folks are purchasing /24's for
>> abuse. Sorry, simple taxonomy correction. No address space
>> is ever sold, "leased" is the term here. So, should there be
>> an AUP that describes leasing of space downstream? If you
>> have suggested policy for that purpose, let's discuss.
>A RIR should not dictate or control, what someone does with
>their space in this manner. Having a RIR control that, means
>the RIR is controlling the business model for some organization.
YES! It controls it to the extent that it forbids and
Environmental Polluter business model. You understand it now!
>Terms like Anti-Trust, Monopoly and other such come to mind
>with this thread idea.
ICANN enforces revocation of domain names for fraud. No reason
the RIRs can't do the same thing.
>> Suggested Thread #5: Collaboration with IETF
>> This might be along the lines of soBGP, etc. for
>> authenticating BGP announcements. Perhaps ARIN could provide
>> database information for initial AS_to_allocation/assignments
>> for BGP auth. ARIN has involvement with IETF and other
>> organizations via its staff, the AC and the BOT. If there is
>> a particular service or policy that we should discuss
>> regarding a specific technology, please suggest it here.
>> ARIN involvement with other organizations is more of a staff
>> issue though, and not a specific policy topic. (Richard -
>> correct me if I'm wrong here!)
>Making use of new protocols that affect allocations and their
>uses, is a policy issue to be brought before the membership,
>prior to adoption.
>sBGP and other such things will take multiple years to role
>out, the equipment, IOS-ish, and other costs are way high
>to make this a requirement in the short term.
Lots of things can be done manually TODAY. I am sick of
quarreling with RIRs who reply (in answer to complaints of
bouncing mail to <postmaster> of delegated IP addresses) "Not
our business, go away". It's disgusting and a halt needs to
be called right now to this behavior.
More information about the ARIN-PPML