[arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

John Curran jcurran at arin.net
Wed Sep 1 17:06:37 EDT 2021 

On 1 Sep 2021, at 4:35 PM, Chris Woodfield <chris at semihuman.com> wrote:
> In addition to the RSA language John cited, Section 12 of the NRPM gives ARIN the right to review an organization’s resource usage at any time for continued  compliance with community-driven policy. I suspect that these reviews are not common, however. What’s more common, in my view, is an organization’s request for additional resources, which must come with justification that currently-held resources are being used in compliance with policy. I do not believe that these are checked against the original requests for consistency, however.

ARIN has the benefit of clear policy in the NRPM 12 resource review, and as such we guide our activities in registry compliance to that NRPM section (e.g. when/how often we may conduct a review, etc.) 

It is worth noting that in cases of resources potentially obtained under fraudulent circumstances, we can and do reference the original request and whether resources were ever utilized for the purpose requested. 

> I’d be curious if the clause below can be interpreted as giving organizations a duty to report *any* substantial changes in an organization’s allocation plans if they diverge from the justification filed at the time of the request, or only when such changes would have the effect of putting the organization out of compliance with current policy. I can see the former interpretation being rather troublesome for a large number of organizations, given how often business plans and environments can change over time, as well as adding quite a bit of (IMO unnecessary) overhead to IP allocation managers.

Let us avoid trying to read additional duties into the RSA language – I am sure it is possible, but that path is fraught with peril and has no assurance of aligning with community intent. 

Rather, it would be best for the community to determine what reporting is most appropriate, and instantiate policy (e.g. into NRPM section 3) that makes such obligations clear. 
In this manner, ARIN gains solid guidance on administration of the registry, and the terms of the RSA can be used to support enforcement if such becomes necessary. 

> That said, I can see ARIN being quite justified in reclaiming resources if the justification documentation filed with the request had no bearing to the org’s actual plans.

Indeed, as making a fabricated resource request is not only contrary to agreed contractual terms, but may be an actual criminal act depending of the specific circumstances. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

More information about the ARIN-PPML mailing list