[arin-ppml] Draft Policy ARIN-2019-2: Waiting List Block Size Restriction

[Ronald F. Guilmette]

In message <Pine.LNX.4.64.1903030119350.26017 at localhost.localdomain>, 
hostmaster at uneedus.com wrote:

>Strictly speaking, the laws talked about do not REQUIRE each customer have 
>his/her own IP address, but from a practical point of view, giving each 
>customer his/her own IP address is the easiest way to comply with these 
>laws.
>
>Examples include CALEA, which starts at 42 USC 1002.  This law requires 
>certain parties including internet access providers to provide under court 
>order the content of communications upon service of a Court Order. 
>Effectively, this is a wiretap.  Without each customer connection having 
>its own unique address, it is nearly impossible to comply with this law. A 
>wiretap order can be obtained against a website, and the law requires the 
>communication operator to deliver to the government JUST the communication 
>of the subject of the order.  In the case of shared hosting, without a 
>unique identifer such as an IP address, it would be very difficult to 
>comply with the order and redirect a copy of their communications to the 
>government that does not contain the communications of all your customers.

I believe that I have understood you, but I also believe that it sounds
like utter lunacy to me that nobody working on, say, Apache, has yet
devised a solution for that seemingly simple (individual web site
"wiretap") problem that would work in the case of shared hosting.

It doesn't sound on the face of it like a terrifically hard problem.

I guess that somebody should ask the Apache folks about that.  I guess
that will be me, since it appers that nobody who is actually in the
hosting business has yet bothered to do so.

>The other well known example is the DMCA. which is at 17 USC 512 et seq. 
>It requires disabling or taking down content that someone swears is 
>violating their copyright, or the operator becomes responsible for the 
>infringement.

Yeabut they can't just come to you and say "Please immediately take
down SOMETHING" and not adeuqately specify what they mean, specifically,
by "SOMETHING".  They've got to give you a URL, and that URL has to begin
with a domain name, so you can just remove that one domain name from your
Apache config and be done with it.  What's the problem?

>If all the websites are hosted by a single server instance on the same 
>machine, of course this can be easily done by the operator by simply 
>knowing the URL of the content.  However, not all shared hosting happens 
>that way.  Those with high demand content might be hosted on a dedicated 
>server that is leased to another party.

Great!  So then if you get a DMCA for that, then you just shut off power
to that one server.  Problem solved, no?

>For less demanding content, an 
>instance of the webserver running on a shared server might instead be 
>used.  In any case, each person leasing a server or webserver instance 
>controls completely what websites they choose to support.  If the IP is 
>shared as suggested, all the DMCA notices are going to be directed to the 
>owner of the server, who will not without engaging in a logging operation 
>know which instance (and therefore which customer) is hosting the 
>offending content.

You're talking in circles.  You have a DMCA complaint.  It specifies
a URL.  You are in the professional hosting business and yet you're
seriously telling me that you can't for the life of you figure out
how to shut off -just- that one revelant domain name without burning
all sorts of other and unrelated stuff to the ground?

Please do excuse my incredulity.

>By keeping each customer on his/her own IP address, 
>the owner will know which customer is responsible since the report will 
>contain the IP.

So your claim is that its actually legally impossible to do shared hosting,
using Apache, anywhere in these United States, because if anyone tries
to do that, they will have to burn their whole shop to the ground in order
to eliminate that one pesky infringer who only owns one single domain name?

>While this is the not the most efficient use of address space...

That's got to be the understatement of the millenia.

You've just asserted that even though Apache can host a few million web
sites all on one IPv4 address, the dumbasses who write the laws in this
country have cereated these requirements -and- that neither you nor anybody
else in the hosting businsess has managed to figure out how to satisfy
those requirements without unpacking each and every individual web site
onto its own unique IP address.  (And of course these all have to be IPv4
addresses, specifically.  IPv6 addresses just won't do, because otherwise
90% of the planet still won't be able to see the content.)

I can't help being facinated by these assertions because I could have
sworn that I saw, in some of the passive DNS data that I was looking at,
really quite recently, evidence indicating that at least -some- hosting
companies right here in the good old U.S. of A. *are* in fact packing
in their web hosting clients, like sardines, thousands at a time, onto
-single- shared IPv4 addresses.  But now you inform me that they can't
possibly do that without violating feredal law.  So I guess it must
all have been a big halicunation on my part.  Sorry.  My mistake.

Well, anyway, this all is still beating around the bush.  I give you a /24
and you *can* still host 256 separate customers on that, right?  For all
those that only need to run clients, you give them IPv6 instead. Only
the ones who really need to run their own servers, you give each of those
persons or organizations -one- IPv4 address to do it on.  If one organization
needs to have fifteen different corporate web sites, then fine.  They can
do that all from that one IPv4 address, and much much more, as needed.

>The other thing I disagree with is your suggestion that clients should be 
>on IPv6 and servers on IPv4.  In fact, without the use of translation 
>technology, the two protocols cannot directly talk to each other.

Yes.  And?

Are you telling me that no such translators have been deployed already,
even here in 2019?

And isn't there a nice simple one-to-one mapping of each and every IPv4
address to its counterpart in the IPv6 space, so that translating from
IPv6 down to IPv4 and/or back again is actually rather straightfoward
and highly efficient, if not to say trivial?


Regards,
rfg