[arin-ppml] Post PPM Revision of ARIN-2011-7: Compliance Requirement

Michael Sinatra michael+ppml at burnttofu.net
Wed Oct 26 18:49:28 EDT 2011


Now that 12.5 is getting updated and 12.6 stays the same, that fixes my 
concern about the six month revocation window being eliminated.  I think 
Chris has done a good job of working the text here.

However, I am still generally opposed to this policy (in addition to 
being one of the 34 who didn't like this policy, I was one of the 6 who 
said we shouldn't spend more time on this).  I am opposed for two reasons:

1. Disabling reverse DNS, which is one of two main forms of 
documentation that ARIN supports (the other being WHOIS) for a 
documentation-compliance violation (not maintaining RWHOIS/SWIP 
reassignment information) seems like shooting the community in the foot.

2. Building on #1, this policy wouldn't affect bad guys (those who 
haven't actually committed fraud, but may or may not be acting in good 
faith or may simply be lazy and don't care about reverse DNS), but it 
would up the ante with respect to placing burdens on those trying to 
operate in good faith.  I am mainly thinking here of large Universities 
who are reassigning IPv6 /64s to students in their residences.  Since 
such reassignments fall under section 6.5.5.3.1 (Residential Privacy), 
do we really need to worry about enforcement mechanisms for a policy 
that will create thousands of SWIP entries of the form "Private 
residential student #XXXX" and the like?  Maybe that's a corner case, 
but again, it feels like shooting in the foot to me.

Again, I understand the role of this sort of documentation in IPv4, 
where the enforcement mechanism can be withholding future allocations. 
I understand the rationale for putting teeth (however feeble) in this 
policy is for IPv6, as future allocations for the majority of LIRs may 
never be necessary.  If that's the case, how much do we care about 
proper reassignment documentation, as long as the LIR can respond to 
community and/or law enforcement requests with accurate and timely 
information?

thanks,
michael

On 10/24/11 7:04 PM, Scott Leibrand wrote:
> I'm not sure we heard a consensus from the community in favor of
> requiring ARIN to revoke reverse DNS for organizations out of compliance
> with policy.  I don't think the transcripts are available yet, so all I
> have aside from my own memory is the poll counts, which were 20-34 on
> the text presented, and 57-6 in favor of continuing to work on it.
>
> So I guess I'd like to hear from the community (particularly those 34 of
> you who didn't like the presented text) as to whether you think these
> changes address your concerns or not.
>
> -Scott
>
> On Mon, Oct 24, 2011 at 12:29 PM, Chris Grundemann
> <cgrundemann at gmail.com <mailto:cgrundemann at gmail.com>> wrote:
>
>     Hello,
>
>     As the primary shepherd of draft policy ARIN-2011-7: Compliance
>     Requirement, I took your feedback from the Public Policy Meeting in
>     Philadelphia and revised the text. I believe that this new text
>     continues to meet the originators intentions while also addressing all
>     significant concerns raised thus far. Please let me know what you
>     think. If there are no major objections from the community here, I
>     plan to recommend this policy for last call at the next AC meeting.
>
>     New text:
>
>     ----8<----8<----8<----
>
>     12.4 - Update to:
>     Organizations found by ARIN to be out of compliance with current ARIN
>     policy shall be required to update reassignment information or return
>     resources as needed to bring them into (or reasonably close to)
>     compliance.
>     1. The degree to which an organization may remain out of compliance
>     shall be based on the reasonable judgment of the ARIN staff and shall
>     balance all facts known, including the organization's utilization
>     rate, available address pool, and other factors as appropriate so as
>     to avoid forcing returns which will result in near-term additional
>     requests or unnecessary route de-aggregation.
>     2. To the extent possible, entire blocks should be returned. Partial
>     address blocks shall be returned in such a way that the portion
>     retained will comprise a single aggregate block.
>
>     12.5 - Update to:
>     Except in cases of fraud when immediate action can be taken, an
>     organization shall be given thirty (30) days to respond. If an
>     organization fails to respond within thirty (30) days, ARIN may cease
>     providing reverse DNS services to that organization. If progress of
>     resource returns or record corrections has not occurred within sixty
>     (60) days after ARIN initiated contact, ARIN shall cease providing
>     reverse DNS services for the resources in question. At any time ninety
>     (90) days after initial ARIN contact, ARIN may initiate the revocation
>     of any resources issued by ARIN as required to bring the organization
>     into overall compliance. ARIN may permit a longer period of time to
>     come into compliance, if ARIN believes the organization is working in
>     good faith to restore compliance with policy and has a valid need for
>     additional time to comply, including but not limited to renumbering
>     out of the affected blocks. ARIN shall follow the same guidelines for
>     revocation that are required for voluntary return in the previous
>     paragraph.
>
>     (leave 12.6 as is)
>
>     ----8<----8<----8<----
>
>     Cheers,
>     ~Chris
>     _______________________________________________
>     PPML
>     You are receiving this message because you are subscribed to
>     the ARIN Public Policy Mailing List (ARIN-PPML at arin.net
>     <mailto:ARIN-PPML at arin.net>).
>     Unsubscribe or manage your mailing list subscription at:
>     http://lists.arin.net/mailman/listinfo/arin-ppml
>     Please contact info at arin.net <mailto:info at arin.net> if you
>     experience any issues.
>
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.




More information about the ARIN-PPML mailing list