[arin-ppml] Draft Policy ARIN-2016-8: Removal of Indirect POC Validation Requirement
Job Snijders
job at ntt.net
Wed Dec 21 06:15:04 EST 2016
Dear Ted,
Please strive to be excellent. I'm confident your key points can be
formulated in a more professional manner.
Kind regards,
Job
On Wed, Dec 21, 2016 at 03:00:26AM -0800, Ted Mittelstaedt wrote:
>
> I find it a huge joke when you, Alyssa, are so eager to engage in being the
> netiquette policeman and yet have so little to say in support of Validation,
> which is in fact a tool of REAL policemen doing REAL policing work. Are we
> supposed to be OK with a mailbox loaded with spam from spammers hiding
> behind IP addresses with bogus SWIPS on them as long as the spam does not
> "show disrespect"? Don't you realize how ridiculous your position is? Your
> very chiding me is just more proof that we need Validation intact.
>
> In my view the recommendation was disrespectful in the extreme. No
> consideration was given to the work in getting the POC validation into the
> NRPM in the first place, and subjective language was used in the
> recommendation (using the loaded word spam which isn't even an accurate
> description of the alleged problem)
>
> The proposal to ashcan the validation did not come from Newbies who
> deserved some gentle explanation it came from people who knew better and
> some of whom undoubtedly stand to benefit financially from making the
> numbering more anonymous.
>
> It is a recommendation only a spammer could love. And it is wrapping itself
> in the "ARIN is spamming" loaded description. In short, it's a
> proposal that HELPS spammers that claims to be condemning spam!!! You
> cannot lie better than that if you laid the recommendation down in the
> road and ran over it with a steamroller!
>
> It took years for us to get Validation in, and Validation has exposed
> a great amount of either fraud or just lazy-ass bookkeeping, talk to any
> hostmaster at ARIN off the record and they will tell you that because of
> validation they have been able to hold the feet of the sloppy direct holders
> over the fire - Validation has allowed them to deny requests from the large
> sloppy ones which has resulted in more efficient and smaller users to get
> addressing, and it serves as a big giant 500 pound hammer threat to keep
> address holders honest.
>
> You don't casually toss it aside by claiming that it's "spamming" which it
> is not.
>
> You do not ignore the fact that without it nothing is stopping a POC from
> using an unreachable bogus address like santaclaus at castle.northpole
>
> You don't toss it aside when it's proving over and over that the direct
> addressholders are being extremely sloppy and lax (at best) by not
> maintaining their SWIPS and outright fraudulent at worst.
>
> You don't toss it aside when you do not have a workable IPv6 alternative, we
> have scores of extremely large ISPs (like Comcast) in the United States who
> are still not delivering usable IPv6 to businesses
> and as a result there is tremendous need for increasing utilization of
> the IPv4 that we have out there.
>
> You don't ashcan it when there's financial incentive to hoard-and-sell IPv4
> and to make illegitimate requests for the small amount of it that does get
> returned back to ARIN from time to time.
>
> And you do not claim that law enforcement is at all effective at using the
> POCs to chase down what are essentially civil violators.
>
> Nobody is holding a gun to anyone's head and telling them they have to get a
> static block of IP addresses. They are choosing to do this and when they
> make that choice part of it is exposing who they are - just as when you make
> the choice to buy a car part of the responsibility of owning it is
> displaying a license plate that is not fake, and that does in fact say who
> the hell you are. Those "angry callers" cited in the recommendation have
> ZERO moral or legal ground to stand on and be angry. ARIN should be hanging
> up on them when they get angry or telling them to bug off. Most likely they
> are angry because they intended to be up to no good and discovered they
> couldn't hide.
>
> Alyssa, YOU are able to chide me BECAUSE OF THE FACT I AM USING MY REAL NAME
> AND NOT HIDING BEHIND AN ANONYMOUS HANDLE.
>
> Yet you are essentially defending people who want to greatly increase the
> ability of spammers and other ne'er-do-wells to hide on the Internet, by use
> of the old diversion trick of attacking the messenger and pretty much
> ignoring the message.
>
> The people who have a problem with Validation have the onus to propose an
> alternative Validation that does not take a sledgehammer to the existing
> Validation. It is they who need to make the "alternative proposal" If they
> have a problem with it they can take a scalpel to it not a cannon and
> preserve the effect. I explained how to do this after
> about 5 minutes of thought. This is not rocket science.
>
> It seems crystal clear that the anti-Validation people who wrote the
> recommendation have always disliked Validation and are just looking for a
> chance to get rid of it. They came up with the idea of labeling
> Validation spam, and I called them on it. That is what this is all about.
>
>
> Ted
>
>
>
> On 12/20/2016 3:03 PM, Alyssa Moore wrote:
> > Ted, I think contacting a random subset of indirect POCs à la auditing
> > practices is a valid suggestion. This would still address the human
> > resource intensity from part 2 of the problem statement. This is a
> > different approach than 2016-8, and could very well be be the basis of
> > an alternative POC Validation policy proposal.
> >
> > However, the contribution certainly could have been framed with more
> > tact and fewer personal attacks. I think the crass comments were wholly
> > unnecessary additions. As a newer member of the community who is
> > actively trying to get fresh faces involved, it's exactly that kind of
> > rhetoric that serves to discourage new folks from participating in the
> > PDP. Please also note that the Mailing List Acceptable Use Policy states:
> >
> > "The following activities are specifically prohibited on any ARIN
> > mailing list:
> > 1) Statements that include *foul language, personal character attacks,
> > or show disrespect for other participants,* including ARIN."
> >
> > Let's commit to a more refined level of discourse.
> >
> > With respect,
> > Alyssa
> >
> > On Tue, Dec 20, 2016 at 12:32 PM Ted Mittelstaedt <tedm at ipinc.net
> > <mailto:tedm at ipinc.net>> wrote:
> >
> >
> > I think this is a load of baloney. The requirement can be EASILY
> > modified to only contact a RANDOMLY SELECTED SUBSET this is EXACTLY how
> > auditing firms check validity.
> >
> > You can simply modify it to say that instead of contacting every
> > indirect POC every year that you are going to select a random group of
> > POCs and contact them - this will verify if the subnet holders are
> > filing SWIPS that are accurate or if they are just making up stuff to
> > meet utilization requirements.
> >
> > That way the indirect POC holders will never know if this year they are
> > going to be contacted or not - thus they have an incentive to maintain
> > accurate records.
> >
> > If ARIN is having trouble NOW with validating indirect POCs then it is
> > CRYSTAL CLEAR that the direct allocation holders ARE SHIRKING THEIR
> > REQUIREMENT FOR HONESTY AND ACCURACY. The solution of "oh they are
> > being a bunch of LAZY ASSES and not keeping their paperwork up so we are
> > just going to eliminate the requirement" is to me kind of like saying
> > that since the convicted felon out on parole is not honoring
> > his probation terms and checking in with his probation officer, that we
> > are just going to end his probation.
> >
> > Clearly the author of this recommendation was one of those kids who got
> > First prizes for "participation" and other such rubbish when he was
> > growing up.
> >
> >
> > Ted
> >
> > On 12/20/2016 10:09 AM, ARIN wrote:
> > > On 15 December 2016, the ARIN Advisory Council (AC) advanced the
> > > following Proposal to Draft Policy status:
> > >
> > > ARIN-prop-233: Removal of Indirect POC Validation Requirement
> > >
> > > This Draft Policy has been numbered and titled:
> > >
> > > Draft Policy ARIN-2016-8: Removal of Indirect POC Validation
> > Requirement
> > >
> > > Draft Policy text is below and can be found at:
> > > https://www.arin.net/policy/proposals/2016_8.html
> > >
> > > You are encouraged to discuss all Draft Policies on PPML. The AC will
> > > evaluate the discussion in order to assess the conformance of
> > this draft
> > > policy with ARIN's Principles of Internet Number Resource Policy as
> > > stated in the Policy Development Process (PDP). Specifically, these
> > > principles are:
> > >
> > > > Enabling Fair and Impartial Number Resource Administration
> > > > Technically Sound
> > > > Supported by the Community
> > >
> > > The PDP can be found at:
> > > https://www.arin.net/policy/pdp.html
> > >
> > > Draft Policies and Proposals under discussion can be found at:
> > > https://www.arin.net/policy/proposals/index.html
> > >
> > > Regards,
> > >
> > > Sean Hopkins
> > > Policy Analyst
> > > American Registry for Internet Numbers (ARIN)
> > >
> > > ##########
> > >
> > > ARIN-2016-8: Removal of Indirect POC Validation Requirement
> > >
> > > Problem Statement:
> > >
> > > There are over 600,000 POCs registered in Whois that are only
> > associated
> > > with indirect assignments (reassignments) and indirect allocations
> > > (reallocations). NRPM 3.6 requires ARIN to contact all 600,000+
> > of these
> > > every year to validate the POC information. This is problematic for a
> > > few reasons:
> > >
> > > 1) ARIN does not have a business relationships with these POCs. By
> > > conducting POC validation via email, ARIN is sending Unsolicited
> > > Commercial Emails. Further, because of NRPM 3.6.1, ARIN cannot
> > offer an
> > > opt-out mechanism. Finally, ARIN's resultant listing on anti-spam
> > lists
> > > causes unacceptable damage to ARIN's ability to conduct ordinary
> > > business over email
> > >
> > > 2) ARIN has previously reported that POC validation to reassignments
> > > causes tremendous work for the staff. It receives many angry
> > phone calls
> > > and emails about the POC validation process. I believe the ARIN staff
> > > should be focused on POC validation efforts for directly issued
> > > resources, as that has more value to internet operations and law
> > > enforcement than end-user POC information.
> > >
> > > Policy statement:
> > >
> > > Replace the first sentence of 3.6.1:
> > >
> > > "During ARIN's annual Whois POC validation, an email will be sent to
> > > every POC in the Whois database."
> > >
> > > with
> > >
> > > "During ARIN's annual Whois POC validation, an email will be sent to
> > > every POC that is a contact for a direct assignment, direct
> > allocation,
> > > reallocation, and AS number, and their associated OrgIDs."
> > >
> > > Timetable for implementation: Immediate
> > > _______________________________________________
> > > PPML
> > > You are receiving this message because you are subscribed to
> > > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net
> > <mailto:ARIN-PPML at arin.net>).
> > > Unsubscribe or manage your mailing list subscription at:
> > > http://lists.arin.net/mailman/listinfo/arin-ppml
> > > Please contact info at arin.net <mailto:info at arin.net> if you
> > experience any issues.
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net
> > <mailto:ARIN-PPML at arin.net>).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net <mailto:info at arin.net> if you
> > experience any issues.
> >
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list