[arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5
Mike Burns
mike at iptrading.com
Thu Jun 23 14:15:25 EDT 2022
Hi Matthew,
Thank you for reminding us that this relates only to transfers of expensive IP addresses.
So protections against fraud which were vital to protect the free pool can be relaxed a bit in the context of buying addresses.
I don’t think this is a very important issue, but we have seen transfers delayed while locating the appropriate party to meet ARIN’s requirements for an “officer.”
I lean towards support for the policy just because removing non-essential verbiage from the NRPM makes it clearer and easier to understand.
Has ARIN ever utilized an officer attestation in a fraud investigation related to an address buyer, as opposed to free-pool recipient?
What additional legal benefit does the notarized attestation afford ARIN if fraud is suspected?
Regards,
Mike
From: ARIN-PPML <arin-ppml-bounces at arin.net> On Behalf Of Noah
Sent: Thursday, June 23, 2022 1:08 PM
To: Matthew Wilder <matthew.wilder at telus.com>
Cc: PPML <arin-ppml at arin.net>
Subject: Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5
Hi Matthew
In my humble opinion, attestation is a very fundamental obligation and responsibility. The obligator is accountable and lack of accountability is what creates room for fraud.
Removing a means by which the parties involved are able to retain confidence in the process is rather unwise.
If the party in Authority is aware of the transfer transaction, then let them legitimize that awareness by attesting and in case of fraudsters gaming the process, then folks at ARIN or parties involved would have a starting point in ref: accountability.
The premise for cost and time should not overlook the need for a legitimate process.
Cheers
Noah
On Thu, 23 Jun 2022, 19:06 Matthew Wilder, <matthew.wilder at telus.com <mailto:matthew.wilder at telus.com> > wrote:
Hi Noah, et al.
It appears that a few of you are not convinced of the problem statement for this Draft policy. Just a reminder this is a draft policy authored by the Policy Experience Working Group, to solve a customer experience problem identified by staff. Also, taking off my AC hat and putting on my day job hat for a moment - I can assure you that if you are at an organization of significant scale and complexity - this is indeed a real problem. In the case of qualification for transfers (8.5.5) this is a redundant step, in practice, since significant sums of money must be approved by executives in order to execute transfers.
Swapping back to my AC hat now. To my mind, the introduction of officer attestations generally helped achieve two positive outcomes. First, it supported the principle of conservation. Second, it reduced the opportunity for fraud. There may be other benefits obtained by the requirement for officer attestation, and I am open to hearing everyone's perspective on this.
This draft policy would do away with the need for officer attestation for justification of transfers, but only because the market provides the same benefits mentioned above. Would-be fraudsters on the transfer market would now face significant cost to execute a transfer, and presumably, an organization operating in bad faith could easily provide officer attestation. Similarly, documentation of an overly-optimistic plan - securing more resources than realistically needed - will mean a higher cost to the organization bankrolling the transfer. As a result, the individuals accountable for the organization's decisions are well aware of - and implicitly supportive of - the plan. An officer attestation is therefore redundant in both cases.
To Noah and others who have voiced opposition - let me know if you see a case where the officer attestation in 8.5.5 protects the interests of ARIN and the community.
Best regards,
Matthew
On Tue, Jun 21, 2022 at 9:15 PM Noah <noah at neo.co.tz <mailto:noah at neo.co.tz> > wrote:
On Wed, 22 Jun 2022, 04:56 ARIN, <info at arin.net <mailto:info at arin.net> > wrote:
On 16 June 2022, the ARIN Advisory Council (AC) accepted "ARIN-prop-309: Remove Officer Attestation Requirement for 8.5.5" as a Draft Policy.
Draft Policy ARIN-2022-3: Remove officer attestation requirement for 8.5.5
Problem Statement:
Requiring an officer attestation requires unnecessary resources and increases the time to complete an IPv4 transfer.
Policy statement:
8.5.5. Block Size
Organizations may qualify for the transfer of a larger initial block, or an additional block, by providing documentation to ARIN which details the use of at least 50% of the requested IPv4 block size within 24 months.
Removing “An officer of the organization shall attest to the documentation provided to ARIN.
Using time as an excuse does not fly. Attestation is accountability and enforces legitimacy.
An authorized officer should not only be aware but MUST also be involved in attesting of documents that involve any Internet Number Resources transfers.
We have experienced fast hand on the negative impact of Admin Contacts being clueless to what its that Tech contacts do.
So I oppose the policy for using time as an excuse to remove an important process that ensures legitimacy.
Noah
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net <mailto:ARIN-PPML at arin.net> ).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net <mailto:info at arin.net> if you experience any issues.
--
Matthew Wilder
Sr Engineer - IPv6, IP Address Management
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20220623/66b9e658/attachment.htm>
More information about the ARIN-PPML
mailing list