[arin-ppml] ARIN-prop-136 Services Opt-out Allowed for Unaffiliated Address Blocks

[Benson Schliesser]

Hi, Dan.

On Feb 25, 2011, at 11:56 AM, Alexander, Daniel wrote:

> [DA] I agree, I hear it is tough to keep a hold of a genie. While prop 136
> does not deal directly with address markets, how markets develop would be
> a direct consequence of prop 136. If 136 were abandoned, transfers from
> one to another can still occur under existing policies. What you are
> proposing here is the difference between an unrestricted market that this
> proposal could enable, and an attempt at evolving a structured market that
> we hope could limit abuse under existing policies. I'm not naïve enough to
> think that existing policy couldn't be abused, but I cannot see how 136
> could provide an environment with fewer negative consequences.

I don't necessarily disagree with you - in fact, I think you make valid points.  But I'm coming from the perspective that transfers (bypassing ARIN policy) are already happening, and that ARIN would better serve the community by recognizing them.

If we want to go the other path, and force all transfers to comply with ARIN policy, then we have a difficult legal position with regard to legacy holders.  If all legacy holders were under LRSA then we'd be fine.  Or if there was some unambiguous delegation of regulatory authority then we'd be fine.  But ARIN is just a 501(c)6 business league with a loosely-defined ICANN relationship.  I'm not sure that strong-arm tactics will work.  Is there another alternative?

> [DA] I should also revise an earlier point I made that brokers would be
> the only beneficiaries. This change is not limited to brokers facilitating
> the exchange of /24's or /16's between individuals or companies. This
> proposal could open the door for governments or international
> organizations to acquire /8's and circumvent the RIR's. I think the
> potential of these implications far outweigh the desires that a legacy
> resource holder may have to avoid ARIN policy.

Another good point.  Of course, (as we've recently seen) governments can control Internet connectivity regardless of whether they "own" the address blocks.

>> If an organization were to opt-out, the goal would be for them to
>> continue maintaining their own whois records and have ARIN point to them.
>> Under those circumstances I think the model works.  But I agree, if
>> somebody fails to maintain their delegated whois records then we have an
>> undesired outcome.  As I mentioned above, I'm interested in feedback on
>> how to solve this.  Revoking the opt-out seems awkward, but I'm not sure
>> what else is possible.
> 
> [DA] I don't see a way around this problem. If a holder X has a non-(L)RSA
> resource and opts out of ARIN provided services, you suggest ARIN would
> provide a pointer to holder X. Now holder X transfers to holder Y. Holder
> Y has no obligations whatsoever to provide WHOIS services or pointers.
> While holder X may have a pointer, which they are not obligated to do, it
> will likely be irrelevant since holder Y, or anyone further down the chain
> has no obligation to do anything. This makes WHOIS services far worse then
> they are today. 

Naturally, we can avoid this specific problem by not allowing opt-out.  But that may result in inaccurate whois data, too - based on my comments above.

Perhaps the right approach is to modify the proposal 136 text, so that it requires a legal agreement for ongoing accuracy in the whois.  The agreement would have to be inherited or novated to each new holder or assignee.  That seems to be similar to what happens today, for holders that opt-in.  Does that seem good enough?

Cheers,
-Benson