[arin-ppml] Draft Policy ARIN-2014-14: Needs Attestation for some IPv4 Transfers - Revised
Owen DeLong
owen at delong.com
Tue Feb 24 15:04:42 EST 2015
I do not oppose the policy as written. I’m not sure I support it, but if we want to conduct such an experiment, then I believe this policy provides adequate protections and limitations on the scope of the experiment.
Owen
> On Feb 24, 2015, at 09:17 , ARIN <info at arin.net> wrote:
>
> ARIN-2014-14 has been revised. This draft policy is open for discussion
> on this mailing list.
>
> ARIN-2014-14 is below and can be found at:
> https://www.arin.net/policy/proposals/2014_14.html
>
> Regards,
>
> Communications and Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ## * ##
>
>
> Draft Policy ARIN-2014-14
> Needs Attestation for some IPv4 Transfers
>
> Date: 24 Feb 2015
>
> Problem Statement:
>
> The process of 'needs testing' or 'needs basis' allocation has evolved
> over the history of the Internet registry system. The earliest number
> resource policy required that an operator intend to use the number
> resources on an operational Internet Protocol network before the
> resource would be registered to an organization. Organizations were
> assigned either a Class A, B, or C block roughly depending on the
> organization's size. With the implementation of CIDR, additional 'needs
> testing' was done to right size allocations to fit organizations. These
> testing requirements continued to evolve under various organizations
> prior to the RIRs inception and then later formally under the RIR's
> policy development process.
>
> In the 2000s, ARIN began a systematic "trust but verify" process for
> IPv4 requests. This was necessary due to both IPv4 address registration
> hijackings in ARIN Whois and the accelerated amount of systematic fraud
> being perpetrated on ARIN.
>
> As IPv4 exhaustion occurred, some RIRs have reconsidered the necessity
> of some of the needs testing requirements and implemented policies
> which reduced the requirements on organizations to show need or
> utilization for some transfer transactions with the RIR.
>
> The cost of performing a needs assessment and auditing of this
> information vs. the public benefit of restricting allocations to
> specifically qualified organizations has been noted by some
> organizations to be out of alignment. The ability to predict future use
> toward a 24-month utilization rate can also be challenging for some
> organizations and relies on projections and estimates rather than
> verifiable facts. Thus, the current needs testing requirements may be
> more than is necessary and desirable for small transfers. This policy
> seeks to reduce the complexity of transfers by removing the utilization
> needs testing requirement and replacing it with a needs attestation by
> a corporate officer.
>
> Additionally, other requirements are placed around the 'needs
> attestation only' requirement to reduce the Number Resource Community's
> concern that this type of policy could be abused for speculation or
> hording. Furthermore, the policy includes a sunset clause to limit the
> total number of transfers under this policy proposal. This sunset is
> intended to force the community to reexamine the success or failure of
> the practices contained in this policy proposal.
>
> Policy statement:
>
> Section 8.3
>
> Replace the 'Conditions on recipient of the transfer' with
> the following conditions.
>
> Conditions on recipient of the transfer:
>
> The organization must sign an RSA.
>
> The resources transferred will be subject to current ARIN policies.
>
> In addition, the recipient must meet one of the following requirements
> sets:
>
> 1. The organization must demonstrate the need for up to a 24-month
> supply of IP address resources under current ARIN policies.
>
> OR
>
> 1.The organization, its parent(s), or subsidiary organizations, must
> not have received IPv4 address resources, via transfer, within the past 12 months.
>
> 2.An officer of the organization must attest that the IPv4 address
> block is needed for and will be used on an operational network.
>
> 3.The maximum transfer size is /20.
>
> 4.Fewer than 5,000 needs attestation transfers have occurred.
>
>
> Section 8.4
>
> Replace the 'Conditions on recipient of the transfer' with
> the following conditions.
>
> Conditions on recipient of the transfer:
>
> The conditions on a recipient outside of the ARIN region will be
> defined by the policies of the receiving RIR.
>
> Recipients within the ARIN region will be subject to current ARIN
> policies and sign an RSA for the resources being received.
>
> The minimum transfer size is a /24.
>
> In addition, the recipient must meet one of the following requirements
> sets:
>
> 1. The organization must demonstrate the need for up to a 24-month
> supply of IP address resources under current ARIN policies.
>
> OR
>
> 1.The organization, its parent(s), or subsidiary organizations, must
> not have received IPv4 address resources, via transfer, within the past 12 months.
>
> 2.An officer of the organization must attest that the IPv4 address
> block is needed for and will be used on an operational network.
>
> 3.The maximum transfer size is /20.
>
> 4.Fewer than 5,000 needs attestation transfers have occurred.
>
> Comments:
>
> Timetable for implementation: Immediate
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list