[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

John Curran jcurran at arin.net
Thu May 2 19:06:57 EDT 2019 

On May 2, 2019, at 5:31 PM, William Herrin <bill at herrin.us> wrote:
> 
> As we evaluate the proposal, legal risk is one of the things we'll want to consider. If ARIN tries to enforce a revocation and loses, the policies which permit them to reject registration changes land on much shakier ground. ARIN could end up a pure registry without any policy role despite what its members want. That's one reason the organization has been so reluctant to try.

Bill -

Please do not speak for ARIN (“That's one reason the organization has been so reluctant to try”), as there are folks (ie myself) who have that responsibility.

To be clear, ARIN has _zero_ concerns about enforcing registry policy on all number resources in the ARIN registry, regardless of origin or pedigree.  To state otherwise is incorrect. 

The organizational concern is with new policy which involves new responsibilities; ie, ones which are not directly related to administration of the registry.  Because ARIN has the ability to unilaterally change number resource policy (via processes in the PDP), it has a corresponding duty of fair dealing with all to whom that policy applies.  

Policy which creates new obligations at the time of a request (eg transfer policy) have the benefit that resource holders may freely decide to make the request (or not) based on their circumstances and the policy requirements.  Policy which creates new obligations unilaterally applied to all existing resource holders could easily be seen as other than fair dealing,  if indeed the obligations are unrelated to obligations necessary for registry administration and the existing obligations in our registration services agreement.

For example. if the community were to pass a number resource policy that requires all resource holders to remit 2% of their annual revenues to ARIN (or have the resources revoked), then I am fairly confident it would not survive equitable dealing challenges, even if only such challenges were mounted solely by those who are under RSA.

No one would expect a vendor agreement to be unilaterally modified to include significant new obligations outside of the existing scope, and ARIN policy which creates obligations in how ISPs manage their routing is definitely a new area of obligation - fair dealing with the community is the reason for trepidation regarding such policy changes.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

More information about the ARIN-PPML mailing list