[ppml] Policy Proposal: Authentication of Legacy Resources

[michael.dillon at bt.com]

> Finally, the contact data may be 15 years old, but that 
> doesn't relate to it's veracity.  If it's out of date, how do 
> you get a hold of someone to let them know it's out of data?  
> Breaking their Internet isn't a nice thing to do.  Who gets 
> sued when it happens?

I wonder what the courts would think if a plaintiff admitted that they
had not contacted their provider of critical infrastructure for the past
15 years? Might the courts consider that the plaintiff had been
negligent and therefore, the author of their own misfortune?

Lawsuits are like a shotgun with a barrel which shoots out both ends,
and after you pull the trigger, someone else decides whether you blast
yourself in the face, or whether your opponent gets shot.

Also, courts do not like to award a case to plaintiffs who have not
taken some steps to mitigate the damage which they claim to have
suffered. ARIN's duty is to ensure that potential plaintiffs have ample
opportunity to come on board with the rest of the IPv4-using community
so that if someone does point a lawsuit shotgun at ARIN, the blast will
go back on themselves.

Note that ARIN could still break someone's Internet by shutting off
in-addr.arpa and still come off scot free in the courts. It is not the
act of shutting off the free service that determines liability. It is
the whole process surrounding it. The open discussion on this list is
one of the things that strengthens ARIN's ability to shut off free
in-addr.arpa services if a legacy holder does not come on board with the
rest of the community.

--Michael Dillon