[arin-ppml] Clarify /29 assignment identification requirement

Jack Bates jbates at brightok.net
Thu Apr 26 22:14:03 EDT 2012 

On 4/26/2012 8:44 PM, Jimmy Hess wrote:
>
> While ARIN's  auditing and review practices are and internal procedure
> issue, and therefore out of scope of the PDP or the number resource
> policy,
Only in the fact that it doesn't limit auditing. The NRPM does provide 
for auditing, so it could be clarified.

> What I feel should happen is ARIN should actually publish guidance,
> and specific forms, stating what will routinely be requested in
> standard resource reviews and application for resources, information
> such that ISPs are appropriately prepared.
> Or  "examples"  of the documentation that ARIN will request.
>

I believe their fear here is that people will just write script kits to 
forge such information.

I believe it would be better to strictly push for meeting sessions and 
direct viewing of information upon request in collaboration with the ISP 
when there is a question concerning the standard forms and the desire to 
verify.

Benefits:

1. The ARIN representative is viewing the information and signing off on 
it. No actual data is being stored by ARIN. This allows the ISP to guide 
and restrict what is being viewed to a degree to safeguard against any 
unauthorized activity an ARIN representative might engage in. It also 
reduces the amount of private data ARIN does store.

2. Except for the smallest requests, it allows ARIN to be very random on 
what they want to view and by questioning the ISP, view a variety of 
datapoints for verification like dhcp pools, snooping pools, ppp 
sessions, dslam screens showing connected ports, data traffic 
loads/counters for a variety of interface types. In some cases, ISP 
might not be against showing live flow data at PE, which could be 
verified against data sent in real time from ARIN representative (see, 
this is a real router!). Or, because not everyone is a connectivity 
provider, I presume one could view a few commands on a server to see 
mass usage of address space for X reason (although I'd think most SSL/IP 
setups just generate a quick scan of those sites by ARIN).

3. Makes it much more difficult for someone to make a fraudulent request 
without creating what equates to a full ISP.

Cons:

1. Representatives may spend more time in a meeting than they would 
analyzing "paper" which is submitted.

2. Representatives would need to understand ISP technologies to be 
versatile in what information to ask for.


Jack

More information about the ARIN-PPML mailing list