[arin-ppml] Errors in 2007-14 Revision 3.2

Owen DeLong owen at delong.com
Tue Oct 14 17:47:30 EDT 2008 

Unfortunately, somehow the version 3.2 that was sent to the mailing list
was apparently the result of applying the intended 3.2 updates to an  
older
version than 3.1.

Below is the corrected 3.2 which for clarity I will call version 3.3.

Apologies for any inconvenience or misunderstanding.  The updates  
actually
conducted remain the same...

Section 3 updated to address concerns from ARIN staff.
Section 7 and 8 changed to address concerns from legal.


Policy Proposal 2007-14
Resource Review Process

Author: Owen DeLong, Stephen Sprunk

Proposal Version: 3.3

Date: 14 October 2008

Proposal type: modify

Policy term: permanent

Policy statement:

Add the following to the NRPM:

Resource Review

1. ARIN may review the current usage of any resources maintained in  
the ARIN database. The organization shall cooperate with any request  
from ARIN for reasonable related documentation.

2. ARIN may conduct such reviews:

a. when any new resource is requested,

b. whenever ARIN has reason to believe that the resources were  
originally obtained fraudulently or in contravention of existing  
policy, or

c. at any other time without having to establish cause unless a prior  
review has been completed in the preceding 24 months.

3. At the conclusion of a review in which ARIN has solicited  
information from the resource holder, ARIN shall communicate to the  
resource holder that the review has been concluded and what, if any,  
further actions are required.

4. Organizations found by ARIN to be  materially out of compliance  
with current ARIN policy shall be requested or required to return  
resources as needed to bring them into (or reasonably close to)  
compliance.

4a. The degree to which an organization may remain out of compliance  
shall be based on the reasonable judgment of the ARIN staff and shall  
balance all facts known, including the organization’s utilization rate,
available address pool, and other factors as appropriate so as to  
avoid forcing returns which will result in near-term additional  
requests or unnecessary route de-aggregation.

4b. To the extent possible, entire blocks should be returned. Partial  
address blocks shall be returned in such a way that the portion  
retained will comprise a single aggregate block.

5. If the organization does not voluntarily return resources as  
requested, ARIN may revoke any resources issued by ARIN as required to  
bring the organization into overall compliance. ARIN shall follow the  
same guidelines for revocation that are required for voluntary return  
in the previous paragraph.

6. Except in cases of fraud, or violations of policy, an organization  
shall be given a minimum of six months to effect a return. ARIN shall  
negotiate a longer term with the organization if ARIN believes the  
organization is working in good faith to substantially restore  
compliance and has a valid need for additional time to renumber out of  
the affected blocks.

7. ARIN shall continue to provide services for the resource(s) while  
their return or revocation is pending, except any maintenance fees  
assessed during that period shall be calculated as if the return or  
revocation was complete.

8. This policy does not create any additional authority for ARIN to  
revoke legacy address space. However, the utilization of legacy  
resources shall be considered during a review to assess overall  
compliance.

9. In considering compliance with policies which allow a timeframe  
(such as a requirement to assign some number of prefixes within 5  
years), failure to comply cannot be measured until after the timeframe  
specified in the applicable policy has elapsed. Blocks subject to such  
a policy shall be assumed in compliance with that policy until such  
time as the specified time since issuance has elapsed.

Delete NRPM sections 4.1.2, 4.1.3, 4.1.4

Remove the sentence "In extreme cases, existing allocations may be  
affected." from NRPM section 4.2.3.1.

Rationale:

Under current policy and existing RSAs, ARIN has an unlimited  
authority to audit or review a resource holder's utilization for  
compliance at any time and no requirement to communicate the results  
of any such review to the resource holder.

This policy attempts to balance the needs of the community and the  
potential for abuse of process by ARIN in a way that better clarifies  
the purpose, scope, and capabilities of ARIN and codifies some  
appropriate protections for resource holders while still preserving  
the ability for ARIN to address cases of fraud and abuse on an  
expedited basis.

The intended nature of the review is to be no more invasive than what  
usually happens when an organization applies for additional resources.  
Additionally, paragraph 2c prevents ARIN from doing excessive without- 
cause reviews.

The authors believe that this update addresses the majority of the  
feedback received from the community to date and addresses most of the  
concerns expressed.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20081014/219baede/attachment.htm>

More information about the ARIN-PPML mailing list