[arin-ppml] An article of interest to the community....
Stephen Sprunk
stephen at sprunk.org
Fri Sep 2 10:50:18 EDT 2011
On 02-Sep-11 07:54, John Curran wrote:
> On Sep 1, 2011, at 5:44 PM, Stephen Sprunk wrote:
>> I find it interesting that your "quite a bit of time" did not include
>> asking the person who wrote that text, i.e. me, or reviewing the
>> threads here on the subject where the reasoning was discussed several
>> times--including ones I'm pretty sure you participated in--or
>> reviewing the transcripts of the meetings where it was discussed.
>
> Steve - I'm well aware of that history, and was simply referring to
> the open
> ended option to initiate resource reviews. Much of what you suggest
> is well
> covered by 12.2b ("whenever ARIN has reason to believe that the resources
> were originally obtained fraudulently or in contravention of existing
> policy")
There was little discussion of 12.2b, presumably because the need for
reviews in such cases was self-evident. Nearly all of the discussion
revolved around 12.2c, and specific examples were given (by me and
others) of why ARIN should be using that power--with reasonable limits.
>> Therefore, I will recap the top reason: to find space that has been
>> abandoned and is therefore an attractive target for spammers and
>> other criminals. We're told ARIN spends a lot of time reacting to
>> hijackings, but IMHO the community would be better served by being
>> proactive. Returning such space to the free pool would be a minor
>> side benefit.
>>
>> Note that I would /not/ recommend doing this at random; it should be
>> based on indicators of use such as the time since last update,
>> visibility in the DFZ, or whatever other similarities y'all notice
>> between the resources involved in past fraud cases. Go for the
>> "low-hanging fruit" first and work your way up.
>
> Understood, and this does occur.
You just said, a few hours ago, that you had never done a 12.2c review.
Has that changed in the meantime?
> I'd recommend that folks also use the number resource fraud reporting
> page to highlight possible issues, since there are more folks in the
> community than in ARIN staff.
It would be inappropriate to report abandoned/un-/underutilized blocks
as fraudulent prior to them being hijacked, since no fraud as yet been
committed.
You appear to be stuck in a reactive mindset, i.e. only dealing with
hijacking /after/ it has occurred. What I discuss above is being
proactive and initiating reviews on likely targets /before/ they are
hijacked.
Compare this:
abandoned block -> review -> reclaim
with this:
abandoned block -> hijack -> complaint -> review -> revoke
IMHO, the latter exhibits better stewardship.
>> Fears of capricious use of that pre-existing capability in the RSA
>> were the motivator of NRPM 12: to /limit /the harm that could be done
>> if/when ARIN decided to use that power in the future--which the
>> community seemed to desire in general.
>
> Indeed, and I believe that's quite prudent.
Then why aren't you doing it?
S
--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110902/ff196c46/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3646 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110902/ff196c46/attachment.p7s>
More information about the ARIN-PPML
mailing list