[ppml] Posting of Legacy RSA and FAQ

Ted Mittelstaedt tedm at ipinc.net
Mon Oct 15 20:56:50 EDT 2007

>-----Original Message-----
>From: Alexander, Daniel [mailto:Daniel_Alexander at cable.comcast.com]
>Sent: Monday, October 15, 2007 3:40 PM
>To: Ted Mittelstaedt; David S. Madole; ppml at arin.net
>Subject: RE: [ppml] Posting of Legacy RSA and FAQ
>I understand the scenario you are pointing out. What I'm curious about
>is your assertion that all the Legacy holders will have the opportunity
>to provide input to this modified RSA.

On October 11th when ARIN put out it's Legacy RSA notification, I
thought that it sounded arbitrary, that they
were making a decision without Legacy or non-Legacy input.

But then I read the ENTIRE notice and at the bottom it says:

"...This legacy RSA will be described during presentations at the upcoming
NANOG meeting, ARIN Public Policy Meeting, and ARIN Members meeting..."

and the obvious point is that IF there would be NO input, then there
would have been no point in "describing it during presentations" at
the ARIN members meeting.

This is a meeting that ARIN has already posted instructions on how to
remotely access - ie: it's a public meeting.

Clearly what is going on is a dog-and-pony show.  ARIN is trotting out
this legacy RSA document, version 1.0 if you will.  The community will
have an opportunity for review and comment during the meetings.

ARIN very likely thinks it has anticipated all of the concerns that would
be raised by Legacy and non-Legacy holders, and that is why they are not
releasing a copy early - they want to make sure that they release the copy
in a forum where they can answer a dozen or so RTFM-style questions, and
everyone will get the benefit of the answers.

If this question and answer period turns up concerns that need to be
addressed - or the subsequent discussion that will undoubtedly occur
here (and on NANOG's list) turns up concerns, then obviously no Legacy
holder will sign until those are fixed - and ARIN certainly knows this,
and will make changes.  So we will see a revision 1.01, 1.02, 1.1 and
so on.  Then ARIN will trot around - non-publically of course - and
try getting Legacy signatures, and that may prompt even more revisions.

Eventually ARIN will get a document that enough Legacy holders are willing
to sign that they will feel comfortable publishing it as a permanent
"Legacy RSA" document on the ARIN website.

It is THAT final document that I am saying is the "last chance" the
Legacy holders have.  I do NOT believe there will be any will to produce
another that is significantly different from the first.  If there was
such a will then no Legacy would sign the first one - since they would
be waiting for the next, and the next and so on, forever and ever.  But,
I DO think that during this time period after introduction that the
Legacy holders - espically the ones with very large holdings which
are the primary purpose we are wasting time on this in the first place -
will have PLENTY of input.  If, they haven't already, secretly, HAD

Now I may be wrong and Dean may be right and ARIN may be composed of
a bunch of intractable fools who are willing to cut off their nose to
spite their face and be unwilling to listen to any Legacy holder concerns
or make any changes - in which case this whole initative will go nowhere
and 6 months from now we will all still be arguing over this.

But fortunately, as I'm not employed by ARIN I am free to speculate
and guess that ARIN has already been in talks with some Legacy holders
already - something that no employee of ARIN could possibly confirm
or deny - and that ARIN will be in further talks with Legacy holders
under NDA in the future.  And fortunately since I'm not a /8 Legacy
holder, ARIN will not be making me sign an NDA so I am free to sit back
and observe and comment on the political workings of large organizations.

> Also about the assertion that if
>a number of them do sign, the remaining ones are all of the opinion they
>are turning their back on the RIR system.

Well, that kind of follows I think.  I don't necessairly think this has
the negative connotations though that some folks are attributing.

Look at it another way.  I own a car.  I carry liability insurance only
on it.  I have "turned my back" on the Insurance company's system - which
is everyone carries comprehensive, if they get in an accident they claim
against their own policy, and the insurance companies just argue with
each other.

Thus, when I am rear-ended (which by the way has happened) then I am
the one filing the claim against the other carrier, and fighting with
the other carrier when they almost automatically attempt to deny or
reduce the claim (which by the way has happened, and yes I won and
got the money I wanted, yadda yadda yadda)

In short, I am taking the responsibility for what happens when I
"turn my back" on the Insurance companies nice little system for handling
claims between themselves.  I am going into this with my eyes open.

If Dean as a legacy holder wants to turn his back on ARIN that's fine
with me.  I presume he is fully aware of the consequences and lack of
protection of NOT signing an RSA.

The problem is that I'm not running around telling people to save money
on their car insurance by carrying liability only and it is always going to
be to their advantage.  I'm not the Legacy holder running around telling
other Legacy holders to turn their back on ARIN and not sign an RSA
because it's always going to be to their advantage.  Not like Dean and
Randy.  Do you get my drift, here?

I read a lot from Dean and a few others about these so-called "rights"
of the Legacy holders that are so all-fired important.  But not once
have I seen a word from him, particularly, about responsibility.

>My concern is that many of the conversations on the list have tried to
>simplify the topics down to an "us and them". It is not that simple, and
>we need to avoid this tendency. There have been a number of Legacy
>holders post to this list that are more than willing to try, and find a
>middle ground that is a win-win for everyone, and this is just the first
>step. It may not have been the intent, but I read your note as "you
>better get on board, before the opportunity passes you by", which is not
>the best approach.

Maybe not - but look here, what does it do to ARIN and the non-Legacy
holders credibility to tell the Legacy holders lies?  If this Legacy RSA is
merely the first in a long series of version 1.X, 2.X 3.X and so on
"Legacy RSA" that are going to come down the pike, then to be honest
we should tell the Legacy holders this now, up front.  "Wait for the best
one" we should be saying.  "You don't have to sign now if you don't like it,
there will be a different one tomorrow" we should be saying.

What does it do to our credibility to IMPLY that this is the final
solution, then turn around and screw any Legacy holders that sign it
next year with another Legacy RSA that has better terms?

Do you see where this is going?

The sentence from ARIN was:

"...This legacy RSA
also contractually promises ARIN Internet number resource policies
adopted after the contract is signed will not lessen the legacy RSA
address holder's contract rights...

But, it DOES NOT say that it promises to NOT INCREASE the legacy RSA holders
rights.  In other words, it promises them that ARIN won't offer another
policy change later that will roll back whatever rights they get from
the Legacy RSA - but it leaves it open to release another RSA
that -increases-
rights for yet more Legacy holders?  And the first Legacy holders that sign
are going to be happy about that happening?  You see, already ARIN's
credibility is being risked by such sloppy language.

Either the non-Legacy community makes a decision to create a fair "Legacy
and offer it now, in good faith, or we don't do it AT ALL.  To offer one
ASSUMING that we are going to change it in the future - that will shoot
credibility into the toilet.  ARIN will get a first batch of Legacy holders
signed up - then the second ARIN tries offering another Legacy RSA that has
substantively different terms, then ALL the Legacy holders that have not yet
signed will just say screw ARIN, let's litigate.

>Who are the admins for all legacy allocations? Are they authorized to
>sign an RSA for said company? Has ARIN made the appropriate effort to
>track down or verify the legacy allocation, before they are labelled as
>advesarial? What is "the appropriate effort"? There is much work that
>needs to be done before anyone is given a label, or a final option.

You are right - there are a lot of details to work out.  That is even more
the reason that for this to work ARIN is going to have to revise it after
Legacy and non-Legacy input - and even more reason that once the revisions
are completed and people have all had their say, that is MUST be etched
in stone.

The Legacy holders right NOW all feel that their assignments are etched
in stone.  ARIN CANNOT offer them something that is etched in quicksand and
reasonably expect any of them to buy off on it.


More information about the ARIN-PPML mailing list