[arin-ppml] IPv4 Transfer Policy Change to Keep Whois Accurate

[Ted Mittelstaedt]

On 5/12/2011 12:25 AM, Jimmy Hess wrote:
> On Wed, May 11, 2011 at 8:03 PM, Mike Burns<mike at nationwideinc.com>  wrote:
>> I have personally seen many asset sale agreements which included legacy IP
>> addresses which were completed without notifying ARIN, as there is still no
>> requirement for legacy holders to do that. I have seen asset sale agreements
>> which include ARIN accounts and passwords among the listed assets. The
>
> Any attempt to sell an ARIN account username / ARIN passwords would (hopefully)
> be a violation of the ARIN Online terms of use,  and result in
> termination of the validity of
> the account.
>
>> addresses change control, but whois still shows the original registrant.
>> When it comes time to route the addresses, if the network operator questions
>> the situation, I have seen them accept the asset sales agreements as
>> acceptable proof of routing authority. And the addresses allocated to entity
>
> It is little different than use of a forged LOA, really.
> The network operator will typically take _anything_  that looks like
> plausible documentation.
> If the document is forged or otherwise invalid, the responsibility is
> now on the customer's head,
> and the network operator can plead ignorance.
>
> The network operator may very well be pulling those routes right back
> out, however,
> when the hijacking is found/reported.
>
> This is not a problem with addressing policy; it's a weakness of the
> routing system,
> and certified resources / RPKI  could eventually offer a solution.
>
>
>> A are now in control of entity B, with bogus whois data. This is the kind of
>> eventuality which I believe motivated the APNIC community to place the
>> stewardship role of uniqueness above the stewardship role of needs-based
>> transfers. Obviously I am asserting these things without documentary proof.
>
> Bogus WHOIS data doesn't just haunt ARIN.
> It actually has a possibility to hurt any organization whose resources
> are listed
> with bogus data.
>
> There may be some spammers who would love the idea of not having valid contacts
> in WHOIS.
>
> But legitimate organizations would usually like some certainty that
> they have the
> IP addresses,  they are on record as having the IP addresses, they are under
> proper agreement,  and they won't incur a disruption or loss of number
> resources
> impacting their business  as a result of not doing things right and
> having mucked up records.
>

However most of this really isn't that important.

If ISP A goes out of business and has some Legacy numbers and ISP B
buys them, and never updates with ARIN it is likely that ISP B is
going to have those legacy numbers in use.

If ARIN takes the numbers away from ISP B and gives them to ISP C
all you have ended up doing is taking some numbers away from some
customers of ISP B so that some customers of ISP C can get them.

You have not taken numbers that are not in use and gotten them
into use.  You have in fact done absolutely nothing to increase the
amount of time that IPv4 requests can be satisfied, and you have
created an enemy of ISP B who is much less likely to want to work
with the RIR system and much more likely to want to undermine it.

This is very far away from the situation of an org that has legacy
numbers they have no use for and want to turn into cash, and
that by doing so will yield up some numbers for use that are
currently not in use.

Ted

> --
> -JH
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.