[arin-ppml] Proposal to ban Leasing of IP Addresses in the ARIN region
chris at semihuman.com
Wed Sep 22 14:25:14 EDT 2021
> On Sep 22, 2021, at 10:19 AM, William Herrin <bill at herrin.us> wrote:
> Hi Chris,
> As I noted in a recent thread, there's no language you can write which
> will prevent that from happening. The service provider can just bump
> it one step further back. "Oh, we can't provide a VPN? Okay, we don't.
> We do BGP with the customer's virtual server and what they do with it
> is not for us to say. Oh, we can't provide the virtual server or have
> to police the customer's use?Tell that to Amazon before you hassle us.
> Good luck."
> However, just because we can't prevent something doesn't mean we have
> to legitimize it and make it easy for the folks who want to be
> high-price mini-ARINs. And if the status quo has become unstable due
> to the price of IP addresses, I'd rather see the policy moved away
> from leasing addresses for use with BGP rather than moved toward it.
> Bill Herrin
> William Herrin
> bill at herrin.us
Thinking more on this, I don’t disagree. It may be very much the case that any attempt to technically define the type of practice such a policy is intended to discourage - despite everyone having a similar mental model of what that practice is - is doomed to an arms race of technical workarounds and fig leaves.
As such, I’m wondering if the language we’re looking for may not be technical language, but in fact legal language. If you’ll forgive the anecdote, I’m in the process of buying a new car, and I noticed language that gives the dealer the right to cancel the sale if the dealer believes that it is being made “with an eye towards resale, or otherwise in bad faith”. This, IMO is fuzzy enough that it gives the dealer quite a bit of discretion to see through technical workarounds, while keeping organizations that are not engaged in leasing reasonably safe from finding themselves on the wrong side of a technical definition of the practice.
Modifying Fernando’s suggested language, I’d think something like the following could be viable:
"No signatory to any ARIN RSA is permitted to issue addresses to customers who, in ARIN’s belief and discretion, are not contracting for a bona fide connectivity service that makes use of the allocated addresses.”
Does that sound unreasonable?
More information about the ARIN-PPML