[arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised

William Herrin bill at herrin.us
Wed Sep 25 14:33:57 EDT 2013

On Wed, Sep 25, 2013 at 10:59 AM, ARIN <info at arin.net> wrote:
> must
> provide proof that they (1) are an active business entity legally
> operating within the ARIN service region


Speaking for myself, this is unacceptable. I am adamantly, totally,
100% against this, in concept and execution.

This kind of restriction on international commerce is usually reserved
for national security issues. Foreign interests own ARIN region
infrastructure and do business with ARIN region customers all the
time, without registering themselves with the government. Just as
ARIN-region businesses do in Europe, Asia and elsewhere. Until there's
a need for employees in a country, it's not generally necessary and
often inappropriate to incorporate there.

I think ARIN should continue to follow the same ordinary business
practice everyone else does when it comes to the legal status of its
registrants: as long as there's a contactable legal existence
somewhere (and it's incumbent on the registrant to prove it) they
should pass muster as an organization capable of requesting resources.

>, and (2) are operating a
> network located within the ARIN service region. In addition to meeting
> all other applicable policy requirements, a plurality of new resources

"Plurality" is a non-starter for me. You really want to do this, pick a percent.

The reasons have all been stated before, both in the previous
discussion, the staff comments and the legal assessment. In context,
plurality is a sloppy, hard to pin down concept that makes management
and analysis needlessly hard.

> As reported at the last meeting in Barbados, ARIN staff is having
> difficulty verifying organizations out-of-region. In many of the cases,
> particularly in VPS (Virtual Private Service), the only information
> received on these organizations by ARIN is a customer name and IP
> address. This information cannot be properly verified by ARIN. Accuracy
> of registration data is critical to not only law enforcement, but the
> greater ARIN community as it relates to abuse contact and complaints. In
> fact, most issues facing law enforcement are also shared by legitimate
> companies attempting, for instance, to identify an organization that has
> hijacked their IP address space.

Do I correctly read the expectation that the verification process ARIN
would apply to its direct registrants is expected to be adopted down
stream by service providers as they assign addresses to their
customers? What a godawful mess that would make!

If not, then how exactly does the draft policy address the problem noted above?

I don't say this often, but for all of the reasons above I
respectfully encourage the AC to abandon this proposal. The issues
raised by our law enforcement colleagues are legitimate, but this
approach to solving them is not credible.

Bill Herrin

William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

More information about the ARIN-PPML mailing list