[ppml] Revised Policy Proposal Resource Reclamation

[Owen DeLong]

>
>> This policy doesn't really do anything new to
>> ISPs; it really only affects end-user orgs who currently _never_ have
> to
>> rejustify space after they get it -- and that's where most of the
> waste
>> (and
>> low-hanging fruit) is.
>
> If this policy is directed at end-users, then why does it start  
> with the
> phrase "resources allocated or assigned to an organization."?
>

Perhaps, Mr. Dillon, you are unclear on ARIN terminology in this area.

ARIN issues resources only to organizations.

Those organizations are divided into two categories for purposes of
ARIN policy.  "Subscriber" organizations (also termed variously LIR
and ISP in various parts of ARIN policy) receive allocations eligible
for subsequent reassignment and/or reallocation to other entities,
and "End User" organizations (also termed "Direct Assignments"
in ARIN policy).

In all cases, it refers to resources issued to organizations because
it is clear in ARIN policy that resources are issued to organizations
and not individuals.

>> Hint: The RSA requires you to submit anything ARIN wants at any time.
>> This
>> proposal is an _improvement_ since it limits how often ARIN can do
> that to
>> you, what your options are if they're not happy, and how much of a
> grace
>> period you get.
>
> The RSA does not specify punitive actions that ARIN will take.
>
The RSA does specify that ARIN may discontinue the registration of
your resources to you.  I do not see how this differs from what you are
referring to as punitive action in our proposal.

>> You're welcome to create separate proposal on what records constitute
>> "justification", which would be a complementary limit.
>
> You're NOT welcome to propose policies which give ARIN policing powers
> and allow ARIN to impose punitive measures until AFTER you fix the
> policy on which you base your proposal.
>
It is our belief that this proposal simply clarifies existing policy  
in this area
and provides a more direct representation of what is already codified
in the NRPM and the RSA. In fact, we believe this proposal places a
greater burden on ARIN for process prior to revocation, AND, more
limitations on the speed with which resources can be revoked.
>
>>> This is a proposal to make a MAJOR change to ARIN practice.
>>
>> I suggest you go read your RSA before you say that again.
>
> Contract terms and ARIN practices are different things.
>
Contract terms and policies are not.  The contract and policies should
be consistent with each other. Practice should, at least on some level,
be consistent with both.
>
> Bingo!
> All of these are things that ARIN can and should do better. Policy can
> be used to enable some aspects of this. Official suggestions can deal
> with some other aspects.
>
Fantastic... Propose something.  That's not the issue we're trying to  
address
here, so, such effort is orthogonal to discussion of this policy  
proposal.

>> What's wrong is you're deliberately misreading things.  I said  
>> several
>> times
>> that I'm all for education, and even the quote you were responding to
> was
>> directed at members and the comment about staff was only
> parenthetical.
>
> Then why do you want to take punitive measure in an area where  
> education
> could resolve the problem. And if the education activity doesn't work,
> it lays the groundwork for punitive measures that would stand up in  
> the
> courts.
>
First of all, I take issue with your use of the term punitive.  ARIN  
has a
responsibility of stewardship over community resources and issues
those resources to organizations in the community based on justified
need. Reclamation of resources which no longer have justified need
is not punitive, it is good stewardship.

>>> IP addresses are virtually unlimited. IPv4 may be running low,
>>> but there is a vast supply of IPv6 addresses now available.
>>
>> If you really think that IPv4 and IPv6 addresses are interchangeable,
> I've
>> got a bridge in Brooklyn to sell you.
>
>> From the point of view of applications, IPv4 and IPv6 are indeed
> interchangeable. From the point of view of network topology, they are
> also interchangeable. It isn't necessary for every org to switch new
> consumption to IPv6 addresses in order to remove the pressures on IPv4
> address space.
>
Actually, that depends a great deal on the application.  To the best  
of my
knowledge, there are no applications where a v6 only client can open a
socket directly to a v4 only server without some intervening translation
process. Hence, any claim of interchangeability is specious at best.

>
> We need to get this IRS and fraud issue out of the discussion. The  
> words
> used in ARIN's policies will be interpreted by ordinary business  
> people
> and therefore, ARIN should use the meaning commonly accepted in the
> business world. The word "audit" does not imply fraud. It is a common
> business term referring to a systematic review of data to verify its
> accuracy. The word "audit" implies that there is a certain systematic
> process, and a certain thoroughness to the review. It also implies  
> that
> the review goes according to some sort of plan which is considered  
> best
> practice in the business discipline (accounting, quality control,  
> etc.).
> There is a business dictionary that I found via Google which  
> defines it
> here:
> http://www.businessdictionary.com/definition/audit.html
>
I could care less whether we term it an audit or a review. Either  
way, there
is emotion surrounding the terms on one side or another.  Personally, I
think review is the less emotionally charged term, but, in any case, it
is a review of the justification and documentation supporting the  
justification
of a resource allocation that is intended here.

>> ARIN staff know that everyone fibs a little when trying to justify a
>> request, plus some percentage of that justification being subject to
> bit
>> rot.  Neither of those realities stop people from getting new space,
> nor
>> would they stop them from passing a review under the same
> circumstances a
>> year or three later.  In fact, it's the looseness of the term
> "justify"
>> that
>> requires ARIN to err on the side of the member in practice.  Defining
> what
>> exactly it means may hurt more than it helps, depending on your
>> perspective.
>
> It's the looseness of this whole process that leads me to object to
> using this as the basis for punitive action. I don't object to  
> auditing,
> per se, but because of the looseness, today and in the past, I don't
> think that the audit should lead to any punitive measures.
>
Then we are agreed.  Since what is proposed is not a punitive measure,
merely the reclamation of a resource if the utilization is no longer
justified, I am glad to see you will be supporting the policy after all.

Owen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2105 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070507/c3405d18/attachment.p7s>