[ppml] Policy Proposal: Resource Review Process

Stephen Sprunk stephen at sprunk.org
Thu Jul 19 15:46:08 EDT 2007 

Thus spake "Dean Anderson" <dean at av8.com>
> On Wed, 18 Jul 2007 michael.dillon at bt.com wrote:
>> I think this whole "legal power" thing is a red herring.
>
> I think this whole 'resource review' is a red herring.
>
>   2.  ARIN may conduct such reviews:
>     a. when any new resource is requested,
>     b. whenever ARIN has cause to believe that the resources had
> originally been obtained fraudulently, or
>     c. at any other time without cause unless a prior review has been
> completed in the preceding 12 months.
>
> I have no problem with a. or b. above.

Of course not; ARIN already does both.  If you had a serious problem with 
either action, you'd have proposed a policy change to correct it -- and, I 
predict, gotten thoroughly trounced.

> But option c. is just begging for trouble "without cause". It gives an
> unlimited power to review the private customer data of a recipient
> "without cause" once a year.

The RSA already gives ARIN unlimited power to conduct reviews as often as 
they want.  Go read it; it's enlightening.  This proposal seeks to put a 
_limit_ on that power and create process around how it's conducted.

As far as the "once a year" angle, Owen and I are open to suggestions for a 
longer period.  I said so in the last round of debate, and got zero 
suggestions for other periods, which indicates either (a) people weren't 
that unhappy with 12 months, or (b) they objected to the proposal as a whole 
and not the frequency.

The reason I originally settled on 12 months is that, according to policy, 
ARIN members are to get a six-month supply of addresses.  Any member 
complying with that policy will be exempt from "without cause" reviews if 
they're even minimally growing, even if they are getting twice the address 
space per round that policy allows.  Those who are shrinking deserve a 
review.  Those who are doing neither are rare but collateral damage; I 
expect staff would recognize that fact and not bother them again after the 
first review, at least not for several years.

> ARIN shouldn't be doing anything without cause and justification.
> One wonders why that would ever be good policy
> in any circumstance.

ARIN's charter dictates stewardship.  Since we're getting dangerously close 
to running out of v4 addresses, it is ARIN's responsibility to make sure 
that none are being wasted.  To do so, it must perform reviews on existing 
allocations and assignments, not just new ones.

> The total legacy allocations do not amount to much. The amount of
> _unused_ legacy allocations do not amount to a drip in the bucket.

As far as we're able to tell without reviews, roughly half of legacy 
resources are unused.  However, this proposal is principally aimed at 
non-legacy resources, which is particularly obvious with the wording of 
section 8.

> The underlying premise that resources are not being reclaimed is
> a red herring. ... (It was asserted against Kremen, though)

It has been asserted several times, by several different folks, that ARIN 
doesn't have policy power to reclaim unused space.  Owen and I were asked 
independently to make a proposal to fix that.  We have.  If the community 
rejects it, that's fine.

> There are some _bad_ reasons that Vixie cronies want this.

I'd think twice before accusing me of being a Vixie crony.  I've had very 
few dealings with him over the years, and his most recent response to me (in 
another forum) was that I'd called him a liar.  That's not quite what I 
said, but I stand by my original statement that inspired his comment.  In 
any case, I'm hardly an ardent supporter; he's just another guy to me, one I 
disagree with as often as we agree.

Just because you and Paul have some long-standing antipathy doesn't mean 
that everyone who doesn't hate him is part of some conspiracy against you.

> Policies should be scrutinized closely for their potential to be
> abused for ulterior purposes that aren't in the public interest.

Neither Owen nor I have any ulterior motives in this matter; the policy's 
intent is exactly what its plain text says and the rationale explains.

If it happens to offend some spammers because they know they wouldn't 
survive a review, that is not my problem.  They're being handled adequately 
by existing fraud processes, IMHO, and they're not a specific target of this 
proposal.  I'm only interested in folks that are hoarding addresses they no 
longer have any justification for, no longer exist, etc.  The size of that 
target pool is irrelevant; we're rapidly approaching the point where even a 
/24 will be valuable, and we have a duty to reduce blatant waste.

> Anytime I see things "without cause", I wonder why that unlimited
> power would be needed.  Unlimited powers need to be reviewed
> carefully, and need to be very well justified as being absolutely
> necessary.  In this case, there isn't even a hint of necessity for
> such a power.

See above.

S

Stephen Sprunk      "Those people who think they know everything
CCIE #3723         are a great annoyance to those of us who do."
K5SSS                                             --Isaac Asimov

More information about the ARIN-PPML mailing list