[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Owen DeLong owen at delong.com
Tue Aug 19 19:12:47 EDT 2008


> I can't and won't try to speak for Randy.  But, read the APNIC non- 
> member agreement;
>
> http://www.apnic.net/docs/corpdocs/non-membership-agreement.html
>
> There seems to be a lot less egregious legal language in it.  I'm  
> not sure that there is a significant difference in actual rights,  
> but it sure seems nicer.  I'm not sure if this is an artifact of the  
> difference in US and Australian legal systems, difference in lawyers  
> or what.  But reading this agreement, I get a completely different  
> feeling than reading the ARIN LRSA.
>
Duly noted.

> Also note, it is mute on the Property issues, while I think this is  
> a bogus issue personally, others do not think it is a bogus issue.   
> (A side-note on why I think this is a bogus issue; I've spent much  
> of the the last couple years working on getting Fiber IRUs for my  
> institution, a very expensive long-term right-to-use.  But not  
> actually a property-right at least by most normal definitions.  So,  
> I'm comfortable with the idea of a right-to-use rather than a normal  
> property right, others may not be as comfortable with the concept)  
> One comment I will make, the LRSA is very clear and strong that  
> there is not a property-right, but it does not seem equally clear  
> and strong in defining what the actual right-to-use entails.
>
Fiber IRUs are the right to use a tangible physical asset.

As I understand it (and this is my own understanding, not something I  
have
clarified with ARIN counsel, so, I could be wrong)...

In the case of ARIN (or any other RIR) registration services, that's  
not what
you are getting.  You are getting a promise from the RIR that they  
(and the
other cooperating registries) will not give the same number to somebody
else so long as you live up to your side of the RSA.  That's it.  No  
rights
in the numbers are conveyed.  You can put any integer you want into any
system you want at any time.  Neither ARIN, nor anyone else has any
ability to restrict where you use the number 2, 5320, 123.45.67.8, or
any other integer of any length, nor do they have any right to  
restrict in
any way the number of places you use any given integer.

However, the internet depends on integers used for the purpose of
numbering globally reachable hosts being unique, so, ARIN and the
other RIRs provide a service of issuing numbers to cooperating
parties in a way that assures no other cooperating party is given the
same number.  For the most part, ISPs choose to route a given number
only to the party that received that number from the appropriate RIR.
All of that, however, is the result of cooperation and is not a  
contractual
or legal right to use anything.

I hope this clarifies the extent and depth to which numbers are not and
cannot be property and the exact nature of what you are or are not  
getting
with an RSA.  The RSA is an agreement for REGISTRATION SERVICES
and is not a right to use.

> I think the LRSA is fundamentally the right idea.  I'm not sure  
> about the T&Cs, but I'm not going to do contract negotiation in a  
> public forum, and especially not this forum as it is a policy  
> forum.  I am trying to work with ARIN counsel on a few issues, that  
> is where contract negotiation should happen.
>
Sure, although, appropriate feedback on policy-related issues in that
contract would be appreciated.

> Maybe one suggestion for the proposal, allow an alternate process to  
> update Legacy records, that doesn't actually require the LRSA or  
> RSA.  It should be procedurally egregious, but yet plausible  
> measures to prevent hijacking, like have to do a full vetting of  
> proof of ownership each time and maybe a 30 day public notice or  
> something.  In other words, in the long run it is much easier to do  
> the LRSA or RSA, but not an absolute requirement.
>
Well... Personally, I'd favor an alternative method for updates that  
provided a
non-egregious plausible process for authentication and update. It  
should be
just thorough enough to provide adequate safeguard against hijacking and
no more egregious than that.

I don't believe that punitive approaches (deliberately making it  
harder to
not sign the (L)RSA are appropriate.


> I'm not sure it would be good for the community for Legacy Resource  
> Holders to not be able to legitimately update their records some  
> how, if they can find their way to signing the LRSA.  It might  
> prevent hijacking, but it does nothing to promote accuracy in the  
> database.
>
I think it would be very bad for the community if that became the case.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080819/7317d4a6/attachment.htm>


More information about the ARIN-PPML mailing list