[arin-ppml] What are necessary registry information updates for ARIN resource holders? (was: Change of Use and ARIN)

Thu Sep 2 07:51:32 EDT 2021

Folks -

We try to base policy changes in the ARIN region on a clear problem statement.  With respect to updates of existing number resources in the registry, the question to be asked is:

– What information (contacts, utilization) do I need updated on an ongoing basis from others (those with number resources in the ARIN registry) so that I can continue to reliably operate my part of the Internet?

One could easily imagine an entire host of information update requirements to be put on those holding number resources, but it is also worth remembering that the Internet number registry system is an instantiation of a mutual cooperation model of the Internet operator community, and as such one must then qualify any requirements as follows:

– What level of cooperation in providing and updating information about my number resources am I willing to commit to (potentially in perpetuity) with the recognition that such cooperation would become required to continue to participate in the registry and continue to hold those rights?

These are not particularly complicated questions, but achieving a shared sense in the community about what is needed here (and thus a statement of the problem with current policy) is a definitely a non-trivial activity.    I leave it to those on this list to further consider the matter.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 1 Sep 2021, at 6:25 PM, Martin Hannigan <hannigan at gmail.com<mailto:hannigan at gmail.com>> wrote:

Utilization after implementation and continued use is not likely to result in any substantial change of need. Addresses are issued based on an initial plan; the word plan is used six times in the NRPM and maps to utilization afterwards in 4.3.3. Whether it starts its utilization life on a server and grows up to move on to a router seems irrelevant. Based on my interpretation (and real world experience)in the NRPM that's defensible. Utilization is a rate of use, not actual use and whether it is on a server today and a router tomorrow? Irrelevant in that optic.

YMMV

-M<

On Wed, Sep 1, 2021 at 5:39 PM Mike Burns <mike at iptrading.com<mailto:mike at iptrading.com>> wrote:
HI Chris and David,

I think reclaiming resources for fraud of any kind is perfectly reasonable.
I do not see any need for reporting to ARIN any change of utilization.
Unlike the AFRINIC RSA (and the LACNIC RSA) the ARIN RSA doesn't put resources at risk for utilization, whether that's a change of utilization or lack of utilization.
This is how it should be in a registry that allows transfers, otherwise sellers wouldn't risk coming to ARIN to book a transfer if ARIN could revoke the addresses for utilization reasons.

(I think this language in the RSA is one reason for LACNIC's anemic transfer market. On the other hand it may prove useful to AFRINIC in this peculiar and likely unique situation.)

I think we need a clear leasing policy in ARIN, one that allows leased addresses to be used as justification if those addresses are leased out with valid recorded assignments (SWIPS).
Leasing has to be recognized as a valid distribution channel for IPv4 addresses and policy must not stand in the way of that channel evolving naturally along with the market.
This AFRINIC situation involves leasing, and everywhere leasing is happening in a policy void. That's asking for problems.

I think we are in the realm of "hard cases make bad law" if we try to generalize from the situation in AFRINIC, which really can't be repeated.
There is no sense in trying to protect against a repeat occurence through a knee-jerk reaction that leads to useless prophylactic policy clutter.
I suppose it bears repeating though, fraud at any point merits revocation.

Regards,
Mike

---- On Wed, 01 Sep 2021 16:35:19 -0400 Chris Woodfield <chris at semihuman.com<mailto:chris at semihuman.com>> wrote ----

David -

In addition to the RSA language John cited, Section 12 of the NRPM gives ARIN the right to review an organization’s resource usage at any time for continued  compliance with community-driven policy. I suspect that these reviews are not common, however. What’s more common, in my view, is an organization’s request for additional resources, which must come with justification that currently-held resources are being used in compliance with policy. I do not believe that these are checked against the original requests for consistency, however.

I’d be curious if the clause below can be interpreted as giving organizations a duty to report *any* substantial changes in an organization’s allocation plans if they diverge from the justification filed at the time of the request, or only when such changes would have the effect of putting the organization out of compliance with current policy. I can see the former interpretation being rather troublesome for a large number of organizations, given how often business plans and environments can change over time, as well as adding quite a bit of (IMO unnecessary) overhead to IP allocation managers.

That said, I can see ARIN being quite justified in reclaiming resources if the justification documentation filed with the request had no bearing to the org’s actual plans. I suspect that to be the unspoken subtext of the current controversy, and I absolutely believe that ARIN would and should act similarly in such a scenario (which, in the past, it has).

Regards,,

-Chris

On Sep 1, 2021, at 1:21 PM, John Curran <jcurran at arin.net<mailto:jcurran at arin.net>> wrote:

David -

Excellent question.   The most important item is for the community to determine its policy goals in this area, and then based on such what requirements/duties belong in policy language in Number Resource Policy Manual (NRPM.)

The ARIN RSA places an explicit duty of “Information and Cooperation” on number resource holders (see below) that can be used to enforce community-developed policy in this area, but the communities thoughts on the appropriate policy really should drive the discussion –

2.(c) Information and Cooperation. Holder has completed an application provided by ARIN for one or more Services (the “Application”). Holder must (i) promptly notify ARIN if any information provided in the Application changes during the term of this Agreement, and (ii) make reasonable efforts to promptly, accurately, and completely provide any information or cooperation required pursuant to the Service Terms or in response to any inquiry or request made to Holder by ARIN during the term of this Agreement. In addition, Holder shall promptly provide ARIN with complete and accurate information, and cooperation as required by any Service Terms or that ARIN requests in connection with ARIN’s provision of any of the Services to Holder. If Holder does not provide ARIN with such information or cooperation that ARIN requests, ARIN may take such failure into account in evaluating Holder’s subsequent requests for transfer, allocation or assignment of additional number resources, or requests for changes to any Services.

Note that material breach of Section 2(c) is one of the events that provides ARIN clear right of termination for the RSA and subsequent revocation of the number resources – so let’s be extra careful when considering any reporting/information duties for placement into NRPM.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 1 Sep 2021, at 3:47 PM, David Farmer <farmer at umn.edu<mailto:farmer at umn.edu>> wrote:

I changed the subject line, as this isn't directly related to the dispute between AFRINIC and CI, but more some questions arising from it specifically related to the ARIN registered resources.
----

So, do ARIN resource holders have a duty to report changes in their use of resources? If they do, where does that duty come from in policy or contract language? And, what are the relevant changes that need to be reported?

In my review of these questions;

In the RSA I see where holders are granted, "The right to use the Included Number Resources within the ARIN database" (RSA section 2.b bullet 2). However, I don't see any limitation to that use, such as "originally justified" or any obligation to report a change in such use.

In policy, "An end-user is an organization receiving assignments of IP addresses exclusively for use in its operational networks." (NRPM 2.6), with an exception for incidental or transient use (last paragraph, section 2.5).

Maybe to align end-user requirements with the new Registration Services Agreement we should change that so end-users have to report any use, other than incidental or transient use, outside their organization.

And ISP's have requirements to report the use by their customers that exceed certain levels (NRPM sections 4.2.3.7 and 6.5.5).

So, other than the ISP reporting requirements, I don't see direct reporting obligations for change in use. Further, I don't see any guidance to what might be a material change in use that is in need of reporting, as I'm sure we don't want ARIN Staff tied up with reports of all possible changes, most of which are probably irrelevant.

Are there reporting requirements I'm missing? Maybe implied or indirect requirement?

Should something be added to ARIN's policies explicitly stating requirements for reporting a change in the use of resources?

Thanks

_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net<mailto:info at arin.net> if you experience any issues.

_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net<mailto:info at arin.net> if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20210902/08007f65/attachment.htm>