[ppml] Policy Proposal: Authentication of Legacy Resources

Andrew Dul andrew.dul at quark.net
Mon Jul 9 17:04:34 EDT 2007 

>  -------Original Message-------
>  From: Edward Lewis <Ed.Lewis at neustar.biz>
>  Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources
>  Sent: 09 Jul '07 06:10
>  
>  At 8:33 -0800 7/6/07, Andrew Dul wrote:
>  >==============
>  >
>  >Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0
>  
>  >Legacy IP address record holders who have not signed a registration services
>  >agreement with ARIN will have their name server delegations for the
>  >in-addr.arpa zone removed starting on June 30, 2009.  All name server
>  >delegations shall be removed from the in-addr.arpa zone by December 31, 2009.
>  
>  Speaking as a member of ARIN (persumably in good standing but I can't
>  say as I don't sign the checks here) I beg that this is not done.
>  
>  I rely upon ARIN maintaining and publishing information on the
>  allocation of address space.  What is more important to me, as a
>  paying member, is complete, accurate, and up to date information.
>  What is not important to me i whether the information is about an
>  organization in good, bad, or indifferent standing with ARIN.
>  
>  We should always highlight the responsible/authorized party for
>  address space.  Members of ARIN benefit from this.  Please don't hide
>  network registrations.  (Yes, maybe the WhoIs is there, but still,
>  the registrant in the reverse map is not the reliant party.)

While I agree that we shouldn't be taking away information, the fact that approx. 50% of the legacy records have not been updated since ARIN's inception tells me that more needs to be done to make sure that the records are updated as best as possible.   This policy is an attempt to conduct an outreach to legacy resource holders with some consequences for not taking any action. 

By setting a sunset time line for Legacy reverse DNS records we hopefully can accomplish two goals.  1. Formalize the relationship between the ARIN and active legacy address holders.  2. Start the process of marking address space that is no-longer in active use.   The goal here is not reclamation but rather updating the database with accurate information from Legacy holders and continuing that relationship long-term. 

>  
>  Some questions about the rationale:
>  
>  >8.	 Rationale:
>  >
>  >   This policy proposal attempts to bring these legacy resource holders into a
>  >formal agreement with ARIN, the manager of the IP numbering resources for many
>  >of the legacy record holders.
>  
>  Why do this?  I wish we could list the reasons why it is so essential
>  to the membership to make sure legacy holders are members too, so
>  essential we are willing to drop information about this space if we
>  don't get what we want.  Perhaps you would rather prevent DNS queries
>  from the free-loading legacy holders from being answered?

There are a lot of reasons that have been discussed.  I'll just name some that I have heard, there are probably others.

- Legitimize & confirm legacy holders right to use space they were assigned
- Remove ambiguity about the status of legacy holder's address space
- Create a relationship with legacy holders, including a yearly "touch-point" to help insure that records are up-to-date 
- ARIN currently provides services to legacy holders for "free", as ARIN is a cost-recovery non-profit, some believe that all address space holders should share in the costs of providing these services.
- 

Preventing the in-addr DNS queries from returning answers is an interesting concept, and not one that I have considered.  If people think this is a better method than removing the delegations to motivate legacy holders to create a formal agreement with ARIN, I'd be open to modifying the policy.  My initial concern with this approach would be that this approach could be more operationally difficult to deal with.  It is pretty easy to understand why a query returns no records if there isn't a valid set of NS records for a zone.  If your query was answered or not depending on the source of your query, that could be hard to troubleshoot and understand for the operational community. 

>  
>  "I want the dirt about the legacy space, but if they don't want to
>  pay, they shouldn't get to look stuff up about me."
>  
>  >Some legacy resource holders have expressed concerns about committing to a
>  >registration services agreement when the legacy resource holder cannot be
>  >assured that they will be permitted to retain and their resources for the
>  >long-term.  This policy proposal also does not preclude existing legacy
>  >space holders, who may have signed another version of the registration
>  >services agreement from having the same commitment level.  It is suggested
>  >that the Board of Trustees formalize the annual maintenance fees for legacy
>  >resource holders at a level similar to the $100 USD per year for end-sites.
>  
>  I have yet to see a good reason why I would (if I were in position to
>  do so), choose to pay $100/year to keep what I already have or
>  continue to pay nothing for what I already have.

The best reason I have seen is that it legitimizes an organizations right to use specific IP address resources.  There is no ambiguity or risk that the resources could be reused, reissued, or records otherwise invalidated. 

>  
>  >Given the informal relationship under which the resources were granted, ARIN
>  >current maintains the records including WHOIS and in-addr.arpa delegations
>  >in a best-effort fashion.  Many believe that ARIN may not be obligated to
>  >maintain these records.  ARIN has experienced some difficulty maintaining
>  >these records.  Legacy records have been a popular target for hijackers, in
>  >part due to the out of date information contained in these records.  Having
>  >up to date contact information would assist ARIN and ISP's in insuring the
>  >stability of the Internet.
>  
>  ARIN is obligated to encourage this - up to date record keeping.  The
>  members of ARIN are expecting ARIN to do this as part of its role in
>  maintaining uniqueness in address resource utilization.  ARIN does
>  rely on the registrants to perform this as the staff does not trawl
>  the data for accuracy.  ARIN ought to be encouraging updates, ought
>  to be lowering any barrier to voluntary updates.  Creating a barrier
>  to having up to date information is the wrong course of action.

I agree that creating barriers in general is not a good idea.  I would certainly like to see ARIN do an outreach specifically to legacy holders.  My attempt with this policy was to create an incentive (loss of current in-addr service) to encourage the establishing of a formal relationship and the ongoing relationship that would help keep the records as up-to-date.  In addition I see additional incentives in affirming an organizations right to use number resources granted prior to the formation of ARIN.

I would also point out that APNIC passed a policy which was similar to the first section of this proposed policy.
http://www.apnic.net/docs/policy/proposals/prop-018-v001.html

More information about the ARIN-PPML mailing list