[arin-ppml] An article of interest to the community....

Stephen Sprunk stephen at sprunk.org
Fri Sep 2 10:50:18 EDT 2011

On 02-Sep-11 07:54, John Curran wrote:
> On Sep 1, 2011, at 5:44 PM, Stephen Sprunk wrote:
>> I find it interesting that your "quite a bit of time" did not include
>> asking the person who wrote that text, i.e. me, or reviewing the
>> threads here on the subject where the reasoning was discussed several
>> times--including ones I'm pretty sure you participated in--or
>> reviewing the transcripts of the meetings where it was discussed.
> Steve - I'm well aware of that history, and was simply referring to
> the open
> ended option to initiate resource reviews.  Much of what you suggest
> is well
> covered by 12.2b ("whenever ARIN has reason to believe that the resources 
> were originally obtained fraudulently or in contravention of existing
> policy")

There was little discussion of 12.2b, presumably because the need for
reviews in such cases was self-evident.  Nearly all of the discussion
revolved around 12.2c, and specific examples were given (by me and
others) of why ARIN should be using that power--with reasonable limits.

>> Therefore, I will recap the top reason: to find space that has been
>> abandoned and is therefore an attractive target for spammers and
>> other criminals.  We're told ARIN spends a lot of time reacting to
>> hijackings, but IMHO the community would be better served by being
>> proactive.  Returning such space to the free pool would be a minor
>> side benefit.
>> Note that I would /not/ recommend doing this at random; it should be
>> based on indicators of use such as the time since last update,
>> visibility in the DFZ, or whatever other similarities y'all notice
>> between the resources involved in past fraud cases.  Go for the
>> "low-hanging fruit" first and work your way up.
> Understood, and this does occur.

You just said, a few hours ago, that you had never done a 12.2c review. 
Has that changed in the meantime?

> I'd recommend that folks also use the number resource fraud reporting
> page to highlight possible issues, since there are more folks in the
> community than in ARIN staff.

It would be inappropriate to report abandoned/un-/underutilized blocks
as fraudulent prior to them being hijacked, since no fraud as yet been

You appear to be stuck in a reactive mindset, i.e. only dealing with
hijacking /after/ it has occurred.  What I discuss above is being
proactive and initiating reviews on likely targets /before/ they are

Compare this:

abandoned block -> review -> reclaim

with this:

abandoned block -> hijack -> complaint -> review -> revoke

IMHO, the latter exhibits better stewardship.

>> Fears of capricious use of that pre-existing capability in the RSA
>> were the motivator of NRPM 12: to /limit /the harm that could be done
>> if/when ARIN decided to use that power in the future--which the
>> community seemed to desire in general.
> Indeed, and I believe that's quite prudent.

Then why aren't you doing it?


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110902/ff196c46/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3646 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110902/ff196c46/attachment-0001.p7s>

More information about the ARIN-PPML mailing list