[ppml] Policy Proposal: Authentication of Legacy Resources

Andrew Dul andrew.dul at quark.net
Fri Jul 6 12:33:35 EDT 2007


I've been working on this policy with a few people from the AC for a couple of months.  Given today's discussion on the PPML, it seemed like an appropriate time to submit it to the policy process.

==============

Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 
1.	Policy Proposal Name: Authentication of Legacy Resources 
2.	Author 
   a.	name: Andrew Dul
   b.	email: andrew.dul at quark.net
   c.	telephone: +1 206-359-8130
   d.	organization: Perkins Coie LLP
3.	Proposal Version: 1.0
4.	Submission Date: 07012007
5.	Proposal type: New
6.	Policy term: Permanent
7.	Policy statement:

Add new NRPM section 4.9 - Legacy Records

Legacy resource record holders shall be permitted to sign an registration services agreement which permits the organization which is currently using the resources as of January 1, 2007 to continue to use those resources as long as a registration services agreement is signed by the organization and the organization is not past-due on their annual maintenance fee.  ARIN will evaluate and verify the chain of custody of any resource records prior to executing a registration services agreement with an organization.

If a legacy resource holder requests additional IPv4 resources all IPv4 resources (legacy and non-legacy) shall be evaluated to determine utilization for additional assignments under NRPM sections 4.2 or 4.3.

ARIN shall use all reasonable methods to attempt to contact legacy record holders starting on January 1, 2008.  

ARIN shall also post information on the public website regarding this outreach to legacy resource holders.  

No changes shall be made to legacy resource records which are not covered by a registration services agreement after December 31, 2007.

Add new NRPM section 7.3 - Legacy Reverse Delegation Records

Legacy IP address record holders who have not signed a registration services agreement with ARIN will have their name server delegations for the in-addr.arpa zone removed starting on June 30, 2009.  All name server delegations shall be removed from the in-addr.arpa zone by December 31, 2009.  

If an individual contacts ARIN and claims to represent a legacy record holder after the removal of an organization's name server delegations, the individual shall be permitted to request a one-time 6 month reinstatement of their name server delegations.  This 6 month period is intended to allow an organization to work in good faith to establish a registration services agreement.  

8.	Rationale:

An ARIN Legacy resource holder is an organization which was issued number resources prior to the formation of ARIN and whose registration information was not transferred to another RIR through the Early Registration Transfer Project (http://www.arin.net/registration/erx).    Legacy resource holders were issued number resources through an informal process.  This policy proposal attempts to bring these legacy resource holders into a formal agreement with ARIN, the manager of the IP numbering resources for many of the legacy record holders.  

Some legacy resource holders have expressed concerns about committing to a registration services agreement when the legacy resource holder cannot be assured that they will be permitted to retain and their resources for the long-term.  This policy proposal also does not preclude existing legacy space holders, who may have signed another version of the registration services agreement from having the same commitment level.  It is suggested that the Board of Trustees formalize the annual maintenance fees for legacy resource holders at a level similar to the $100 USD per year for end-sites.

This policy sets in place a notification period of 18 months to contact all legacy resource holders and creates an incentive for the holders to formalize their relationship with ARIN.   The dates in this policy proposal were arbitrarily chosen based upon an expected ratification by the ARIN Board of Trustees by December 31, 2007.  If this policy is implemented after December 31, 2007, the trigger dates in the policy should be adjusted appropriately.

Given the informal relationship under which the resources were granted, ARIN current maintains the records including WHOIS and in-addr.arpa delegations in a best-effort fashion.  Many believe that ARIN may not be obligated to maintain these records.  ARIN has experienced some difficulty maintaining these records.  Legacy records have been a popular target for hijackers, in part due to the out of date information contained in these records.  Having up to date contact information would assist ARIN and ISP's in insuring the stability of the Internet.

This policy proposal sets a termination date for in-addr.arpa delegation services for legacy resource record holders who have not formalized their relationship with ARIN through a registration services agreement.   The 6 month period of delegation record removal was intended to provide ARIN the flexibility of removing the records on a gradual plan during second half of 2009 and to avoid a large change on a single day.

Legacy resource holders who sign a registration services agreement would continue to receive all the services that are currently provided by ARIN plus they would be eligible for any future services that ARIN may offer, such as cryptographic signing of resource records.  

9.	Timetable for implementation: As stated in policy
10.	Meeting presenter: Andrew Dul

END OF TEMPLATE 



More information about the ARIN-PPML mailing list