[arin-ppml] Draft Policy ARIN-2014-9: Resolve Conflict Between RSA and 8.2 Utilization Requirements

Owen DeLong owen at delong.com
Thu Mar 20 18:11:44 EDT 2014

On Mar 20, 2014, at 2:06 PM, Michael Peddemors <michael at linuxmagic.com> wrote:

> On 14-03-20 01:48 PM, David Huberman wrote:
>> John Curran can give a more accurate and nuanced history, but as best I can recall, ARIN
>> tried to bring more legacy registration holders into the registry system by offering a
>> Legacy Registration Services Agreement.  One of the takeaways from that initial effort
>> was that legacy registration holders were unwilling to sign any agreement which technically
>> allowed ARIN to de-register address space that they had without their consent.
>> One of the concessions made over time was language in the RSA documents which
>> removed that concern; it prohibits ARIN from forcibly taking away space when the
>> signer is in compliance with the other terms and conditions of the contract.
>> This new language, however, directly conflicts with the plain language of the NRPM 8.2
>> paragraph that this policy proposal seeks to remove.
>>> From a business standpoint -- from the standpoint of actually running the registry of
>> ARIN -- the paragraph I propose to be removed is NON-OPERATIONAL.  It cannot
>> be enforced under the terms of the RSA.
>> The community, therefore, I believe is compelled to address the conflict.
> Thanks, summary is helpful.
> But what about the ones that aren't under a RSA?

Policy applies regardless of RSA.

RSA applies only where an RSA is present.

However, if the RSA contradicts policy, I believe the RSA is controlling for the specific resources covered by the particular RSA. This can get slightly more complicated, however, in that I believe most RSAs have phraseology that makes future policy changes act effectively as updates to the RSA.

> But this again stems to the most basic concern..
> Is ARIN around only for assigning, or it it around to maintain assignments.  If the role of ARIN is to do enforcement, and reclaim unused or abused space, then any agreement that prevents that role should no be allowed.  So does the RSA prevent ARIN from enforcement?

First, it is important to understand what we are really talking about when we use terms like assign, enforce, policy, register, etc.

ARIN is not a legislator and does not have regulatory powers. When we talk about policy enforcement, we are strictly talking about control over what actions can be taken in regards to the data in the ARIN registry. Helpfully, a number of cooperating parties have chosen to use the data in the ARIN registry as an authoritative source for decisions about technical implementation of various parts of the internet. However, they don’t have  a legal obligation to do so. Admittedly, the internet will not work nearly as well as it does now if significant parties or significant numbers of parties begin to do otherwise.

When we talk about reclamation or revocation of resources, we are talking about ARIN modifying the ARIN registry database to indicate that those resources are no longer registered to the previous registrant. We are not talking about federal agents going in and taking the addresses by force. We aren’t even talking about detrimental or contrary announcements of the routes or any other directly destructive action by ARIN.

I still believe that it is important to manage the registry according to reasonable policies. I do not believe that just because the policies cannot prevent someone from taking an action which may be harmful to the community, we should remove prohibitions of those actions from policy.

(I apologize for the awkward  abstract wording, but my past corollaries of making bank robbery legal just because laws don’t actually prevent robberies were criticized as “unhelpful” to the discussion).

I think fear mongering about the “usefulness of the registry” by those that seek to eliminate all policy enforcement in the registry should be seen for what it is and that we as a community must make a decision whether we want to have reasonable policies and a culture of cooperation, or, abandon that culture which has worked thus far and allow the regulatory chips to fall where they may when it becomes obvious that we are unwilling to attempt to regulate ourselves.


More information about the ARIN-PPML mailing list