[arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

Thu Jun 23 14:12:41 EDT 2022

Hi Noah,

Thank you for your response. Your perspective is noted.

Regards,
Matthew

On Thu., Jun. 23, 2022, 10:07 a.m. Noah, <noah at neo.co.tz> wrote:

> Hi Matthew
>
> In my humble opinion, attestation is a very fundamental obligation and
> responsibility. The obligator is accountable and lack of accountability is
> what creates room for fraud.
>
> Removing a means by which the parties involved are able to retain
> confidence in the process is rather unwise.
>
> If the party in Authority is aware of the transfer transaction, then let
> them legitimize that awareness by attesting and in case of fraudsters
> gaming the process, then folks at ARIN or parties involved would have a
> starting point in ref: accountability.
>
> The premise for cost and time should not overlook the need for a
> legitimate process.
>
> Cheers
> Noah
>
> On Thu, 23 Jun 2022, 19:06 Matthew Wilder, <matthew.wilder at telus.com>
> wrote:
>
>> Hi Noah, et al.
>>
>> It appears that a few of you are not convinced of the problem statement
>> for this Draft policy. Just a reminder this is a draft policy authored by
>> the Policy Experience Working Group, to solve a customer experience problem
>> identified by staff. Also, taking off my AC hat and putting on my day job
>> hat for a moment - I can assure you that if you are at an organization of
>> significant scale and complexity - this is indeed a real problem. In the
>> case of qualification for transfers (8.5.5) this is a redundant step, in
>> practice, since significant sums of money must be approved by executives in
>> order to execute transfers.
>>
>> Swapping back to my AC hat now. To my mind, the introduction of officer
>> attestations generally helped achieve two positive outcomes. First, it
>> supported the principle of conservation. Second, it reduced the opportunity
>> for fraud. There may be other benefits obtained by the requirement for
>> officer attestation, and I am open to hearing everyone's perspective on
>> this.
>>
>> This draft policy would do away with the need for officer attestation for
>> justification of transfers, but only because the market provides the same
>> benefits mentioned above. Would-be fraudsters on the transfer market would
>> now face significant cost to execute a transfer, and presumably, an
>> organization operating in bad faith could easily provide officer
>> attestation. Similarly, documentation of an overly-optimistic plan -
>> securing more resources than realistically needed - will mean a higher cost
>> to the organization bankrolling the transfer. As a result, the individuals
>> accountable for the organization's decisions are well aware of - and
>> implicitly supportive of - the plan. An officer attestation is therefore
>> redundant in both cases.
>>
>> To Noah and others who have voiced opposition - let me know if you see a
>> case where the officer attestation in 8.5.5 protects the interests of ARIN
>> and the community.
>>
>> Best regards,
>> Matthew
>>
>>
>>
>> On Tue, Jun 21, 2022 at 9:15 PM Noah <noah at neo.co.tz> wrote:
>>
>>>
>>>
>>> On Wed, 22 Jun 2022, 04:56 ARIN, <info at arin.net> wrote:
>>>
>>>> On 16 June 2022, the ARIN Advisory Council (AC) accepted
>>>> "ARIN-prop-309: Remove Officer Attestation Requirement for 8.5.5" as a
>>>> Draft Policy.
>>>>
>>>> Draft Policy ARIN-2022-3: Remove officer attestation requirement for
>>>> 8.5.5
>>>>
>>>> Problem Statement:
>>>>
>>>> Requiring an officer attestation requires unnecessary resources and
>>>> increases the time to complete an IPv4 transfer.
>>>>
>>>>
>>>>
>>>> Policy statement:
>>>>
>>>>
>>>>
>>>> 8.5.5. Block Size
>>>>
>>>>
>>>>
>>>> Organizations may qualify for the transfer of a larger initial block,
>>>> or an additional block, by providing documentation to ARIN which details
>>>> the use of at least 50% of the requested IPv4 block size within 24 months.
>>>>
>>>>
>>>>
>>>> Removing “An officer of the organization shall attest to the
>>>> documentation provided to ARIN.
>>>>
>>> Using time as an excuse does not fly. Attestation is accountability and
>>> enforces legitimacy.
>>>
>>> An authorized officer should not only be aware but MUST also be involved
>>> in attesting of documents that involve any Internet Number Resources
>>> transfers.
>>>
>>> We have experienced fast hand on the negative impact of Admin Contacts
>>> being clueless to what its that Tech contacts do.
>>>
>>> So I oppose the policy for using time as an excuse to remove an
>>> important process that ensures legitimacy.
>>>
>>> Noah
>>>
>>> _______________________________________________
>>> ARIN-PPML
>>> You are receiving this message because you are subscribed to
>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>> Unsubscribe or manage your mailing list subscription at:
>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>> Please contact info at arin.net if you experience any issues.
>>>
>>
>>
>> --
>>
>> *Matthew Wilder*
>>
>> Sr Engineer - IPv6, IP Address Management
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20220623/cc0b577c/attachment.htm>