[arin-ppml] Clarify /29 assignment identification requirement

Dmitry Burkov dburk at burkov.aha.ru
Mon Apr 30 11:36:05 EDT 2012 

John,
sorry for interruption.

I slightly concerned personally.

During our roundtable meeting in February I was shocked by FBI guy comments on their expectations on future quality of RIR's registry databases.
I personally think that it is not job of RIR's to satisfy all CALEA or any others reqs for assignments details especially
did by our members.
In your case - it seems that you can easily lose the feeling that you are not national registry - but Regional Registry.

It can be a big mistake even in such polite manner to interpret badly (flexible) defined policies to satisfy
local LEAs expectations. It can be dangerous precedent  for all RIRs.

May be I mistaken- but in result of all discussions of last years - for me it seems that you (ARIN) are possible under the 
more pressure of some guys and sometimes it is hard to ignore all their requests - what I can understand.

I saw also  that community splitted in their views - but it seems there are no still reason to concentrate data (PII) in one place.

It could be a bad precedent for RIRs that someone will concentrate such power of information.



Dima

On Apr 30, 2012, at 7:02 PM, John Curran wrote:

> On Apr 30, 2012, at 10:14 AM, Jack Bates wrote:
> 
>> This was my big concern, and I did warn (after the fact) the telco that didn't talk to their lawyer before sending the information to ARIN (probably didn't get an NDA, either). They were most likely audited for asking for some obscene CIDR block initially, but that probably isn't unusual out of people switching from PA to PI. In their ignorance, they ask for someone big and cool and ARIN corrects them in the followup for what they justify.
>> 
>> However, as an ISP that serve's ISPs, I've never been requested to go to my ISP customers and ask them for this information. Some of them would laugh in my face. I wonder if this doesn't create an extra hardship between PI and PA justifications, and if that is something that is desired.
>> 
>> Also, are we just picking on the little guy, while some of the largest networks (as mentioned elsewhere) are leaving huge blocks of networks SWIP'd after they've been released and possibly asking for more space? The smaller ISPs are more likely to have a 4-30% static assignment ratio compared to the larger ISPs, which seems to indicate they are more likely to get PII detail audits. Only ARIN can confirm what size of aggregate allocated space tends to generate this kind of detail, though.
> 
> Jack - 
> 
> If a significant amount of your utilization is based on discrete customer
> assignments (and we have no record of your previous utilization rates, as
> is common for an organization coming directly to ARIN for the first time),
> you are likely to be asked followup questions to verify that some of the 
> individual customer assignments were done for actual customers.
> 
> Also, if you're not actually an ISP serving customers, but instead a nice
> facade which has been created and carefully developed over several months for 
> the sole purpose of getting a PI-allocation IPv4 address block out of ARIN, 
> and now asserting a significant amount of utilization is based on unnamed 
> customer assignments, you are also likely to be asked followup questions
> to verify the some of the individual customer assignments.  (Note - If you
> do get an ARIN allocation for your "ISP", you're on your way to then having
> lots more imaginary firms rotating in and our as customers in the process
> getting your real business done, e.g. innovative marketing efforts, and by 
> 'disconnecting those bad customers' repeatedly you've probably got a year or
> two until folks realize that you & your customers are one and the same...)  
> 
> While ARIN is concerned about IP address management, there are some interesting
> side effects of allowing ISP allocations to parties that are not actually ISPs
> (particularly when those parties are 'managed' via IP address block reputation-
> based countermeasures.)
> 
> As long as the community recognizes that the two requests above (ISP, faux ISP)
> look nearly identical at first, we can perform whatever level of verification is 
> (or is not) desired, and would definitely encourage discussion of the verification
> topic on this list.
> 
> Thanks!
> /John
> 
> John Curran
> President and CEO
> ARIN
> 
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list