[arin-ppml] Micfo

Ronald F. Guilmette rfg at tristatelogic.com
Tue May 14 22:01:22 EDT 2019


In message <CAN-Dau04sWS7k6v411MWtFQFn0eq__m3y1m5Cd5Uc=ZrQ1jVcA at mail.gmail.com>
David Farmer <farmer at umn.edu> wrote:

>Punitive measures taken directly by ARIN, against these guys or anyone
>else, need to be thought through very carefully, such measures are highly
>likely to injure third parties that didn't knowingly participate in the
>fraud.

Could *someone*, i.e. anyone please explain to me, in nice simple terms
that my little pea brain can understand, why it is that ICANN has a proper
response contingency plan already set up, tested, and in place for dealing
with very similar sorts of wickeness in and among their accredited registrars,
and yet none of the five families of the IP address world have yet seen fit
to create any sort of a procedure or mechanism to clean up a mess like this
when it comes to any one of *their* resellers?

And after all, that *is* what this is all about, right?  I mean the valid
concern that David farmer brings up is utterly irrelevant in all cases
were some crooked party is just using the purloined IP addresses strictly
internally, and only for their own private purposes.  In those cases,
there are no innocent third-parties to worry about.  So the only instances
where David Farmer's concern is actually even going to be an issue is where
the crooked party in question is acting in the role of a reseller (of ARIN
issued resources) in a very analogous way to ICANN accredited registrar
simply re-sell what ICANN gives them the rights to resell, i.e. points in
the domain name space, rather than points in the IP address space.

My point is that this shouldn't be treated as a "one off" to be dealt with
and then ignored forever after.  This is a teachable moment, and all of
the five families should get their you-know-what together and come up with
decent emergency response plans to provide for the relocation of innocents
to safe ground in the event of a crooked reseller being discovered... or
even a non-crooked one that happens to get hit by a tornado, either a
physical one or a legal one or a financial one.

I hope that I'm not the only one who has ever seen the ServPro[tm] TV
commercials or heard their tag line "Like it never even happened."

Maybe ARIN needs to sign a contingency contract with Servpro and then let
*them* clean up the mess when crap like this happens.

>I'm pretty sure this isn't over for these guys, this is just the start of
>their problems.
>
>Be patient, "the wheels of justice turn slowly, but grind exceedingly fine."

Swell.  Unfortunately, there is still the problem that you yourself just
raised.  What happens to the innocents when the dust finally settles on
a mess like this?

I am reminded of the old saying:  To fail to plan is to plan to fail.

There should be a formal emergency/contingency plan in place that allows
for the graceful swapping out of a crooked or dead reseller of ARIN IP
space and the graceful swapping in of some replacement provider, as
necessary, so that no innocents are harmed during the making of this film.

I mean seriously, am I the only one who lived through 2008-2009 and the
financial meltdown?  Am I the only one who read Sheila Bair's book?

I am in 100% agreement with David Farmer's concern about innocents, and
hope that someday there will be a plan in place to protect them, even
if/when one of ARIN's reseallers is declared insolvent or otherwise
unable to fulfill its duties to its actual end-lusers.


Regards,
rfg



More information about the ARIN-PPML mailing list