<html><body bgcolor="#FFFFFF"><div><br><br>Sent from my iPad</div><div><br>On May 23, 2011, at 14:09, "Mike Burns" <<a href="mailto:mike@nationwideinc.com">mike@nationwideinc.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div><span>Hi John,</span><br><span></span><br><blockquote type="cite"><span>In 2006, ARIN CEO's Ray Plzak said the following in his statement on the Kremen matter:</span><br></blockquote><span></span><br><span> 'Like other “legacy” address holder’s issued resources before ARIN began,</span><br><span> ARIN has never had an agreement with UUNET that would give it authority</span><br><span> over those specific resources.'</span><br><span></span><br><blockquote type="cite"><span>I am certain that Ray believed those words to be true and accurate at the time</span><br></blockquote><blockquote type="cite"><span>he stated them. I will point out that he was referring specifically to lack of an</span><br></blockquote><blockquote type="cite"><span>agreement with that particular legacy holder</span><br></blockquote><span></span><br><span>No, John, he explicitly said "Like other legacy address holders".</span><br><span></span><br></div></blockquote><div><br></div>Point being a lack of agreements with the legacy holders themselves, separate<div>from agreements that do exist with IANA/ICANN, etc.</div><div><br><blockquote type="cite"><div><span></span><br><blockquote type="cite"><span>that would provide the ability to</span><br></blockquote><blockquote type="cite"><span>unilaterally implement the court's order, and also note that he goes on to state</span><br></blockquote><blockquote type="cite"><span>furthermore that sub-allocations had been made out of those blocks to other</span><br></blockquote><blockquote type="cite"><span>parties uncertain to ARIN.</span><br></blockquote><span></span><br><span>Yes, ARIN was basically saying that a subset of addresses Kremen was claiming "ownership" of were legacy addresses.</span><br><span>And in that context, ARIN was saying to the judge, "We have no authority over legacy addresses."</span><br><span></span><br></div></blockquote><div><br></div>Most definitely NOT what ARIN was saying to the judge or what was reflected</div><div>in the final rulings.</div><div><br></div><div><blockquote type="cite"><div><span></span><br><blockquote type="cite"><span>Based on his statements, you've determined that "ARIN head Plzak declared</span><br></blockquote><blockquote type="cite"><span>that ARIN does not control legacy addresses." That's your prerogative, but</span><br></blockquote><blockquote type="cite"><span>it looks to me to be a rather creative generalization of his points.</span><br></blockquote><span></span><br><span>It looks to me like precisely what he was saying when you parse his statement to get rid of extraneous information:</span><br><span></span><br><span>"ARIN has never had an agreement that would give it authority over legacy addresses."</span><br><font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#0023A3"><br></font></font></div></blockquote><blockquote type="cite"><div><span>Do you quibble with my parsing?</span><br></div></blockquote><div><br></div>I'll let John speak for himself as to whether or not he quibbles, but, I most certainly do.</div><div><br></div><div>"ARIN has never had an agreement with particular legacy holders that give them clear</div><div>authority over the conduct of the legacy holders with respect to the addresses." would</div><div>probably be accurate. However, ARIN also has no agreement with particular legacy</div><div>holders that would give those legacy holders authority over the content of the ARIN</div><div>databases, either. In the interests of good stewardship and smooth reliable functioning</div><div>of the internet, ARIN maintains services for legacy holders free of charge within the</div><div>bounds of ARIN policy. Legacy holders that feel this gives them a blanket exemption</div><div>from policy and/or the ability to force changes to the ARIN database(s) outside of policy</div><div>are mistaken. The don't have any contract that would allow that.</div><div><br><blockquote type="cite"><div><span></span><br><blockquote type="cite"><span>Unlike Ray, I was at ARIN's inception. I am also the President and CEO of ARIN</span><br></blockquote><blockquote type="cite"><span>today, and I have stated for the record that ARIN does not control what IP addresses</span><br></blockquote><blockquote type="cite"><span>people choose to use in their routers, but we definitely and with full authority control</span><br></blockquote><blockquote type="cite"><span>the entries in the ARIN Whois DB and that those entries shall be maintained in</span><br></blockquote><blockquote type="cite"><span>accordance with law and the policies developed by the community.</span><br></blockquote><span></span><br><blockquote type="cite"><span>Feel free to keep this more current statement in mind when developing policies</span><br></blockquote><blockquote type="cite"><span>for this region as it will help reduce your confusion greatly.</span><br></blockquote><span></span><br><blockquote type="cite"><span>Thanks!</span><br></blockquote><blockquote type="cite"><span>/John</span><br></blockquote><span></span><br><span>John, whenever confronted with this question, you resort to boilerplate language relating to control over Whois.</span><br><span>Which is a red herring. So I will try to pin you down, to reduce everybody's confusion.</span><br><span></span><br></div></blockquote><div><br></div>It really isn't.</div><div><br><blockquote type="cite"><div><span>If I was allocated legacy space and never signed an LRSA, would it be illegal for me to sell those addresses to Company A?</span><br><span>If Company A tried to route those addresses, would that be illegal?</span><br><span></span><br></div></blockquote><div><br></div>As John has stated, ARIN is not a regulatory authority and does not control what people</div><div>put into their routers. However, it would be against ARIN policy for company A to sell those</div><div>addresses to you unless it was done in line with section 8 of the NRPM. Were ARIN to</div><div>become aware of the unrecognized transfer, I believe their correct action would be</div><div>(and John, please chime in here if you believe I have anything wrong about what</div><div>would likely happen here):</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>1.<span class="Apple-tab-span" style="white-space:pre"> </span>Contact the original legacy holder and confirm that they are no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>longer using the resources and have transferred them to the</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>current user.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Comfirmed: Continue to step 2.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Denied: Reclaim (if no longer in use) or maintain existing record</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>and make sure original holder is aware of the problem with</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>the hijacker.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>2.<span class="Apple-tab-span" style="white-space:pre"> </span>Contact the current user and attempt to resolve the matter and</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>complete the transfer under NRPM 8.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User works with ARIN and complies: Continue to step 3.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User refuses or doesn't qualify: Go to step 4.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>3.<span class="Apple-tab-span" style="white-space:pre"> </span>Complete updating of whois/rDNS and move on. Exit process.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>4.<span class="Apple-tab-span" style="white-space:pre"> </span>Attempt to work with user to come to agreement on the portion</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>of resources that can be reclaimed and bring the other resources</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>in line with policy and work out an RSA.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User works with ARIN and complies: Go to step 3.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User refuses: Reclaim all affected resources and return</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>them to the free pool.</div><div><br></div><div><blockquote type="cite"><div><span>Please answer without relating to Whois. I realize that Whois would not be updated to reflect the sale, that is the whole point of my proposal.</span><br><span>I am not asking about "transfers", okay? I am asking about sales.</span><br></div></blockquote><div><br></div>ARIN has no involvement in sales of number resources or number resource</div><div>registrations, whether or not the resulting transfer is recognized under</div><div>NRPM 8, so, the question is malformed.</div><div><br></div><div>ARIN's role is limited to recognizing the transfer of number resource</div><div>registration as per NRPM 8 (or refusing to do so).</div><div><br></div><div>Further, ARIN has a role where they should reclaim resources they become aware</div><div>have been abandoned by the legitimate registrant unless ARIN can identify a valid</div><div>successor in interest (NRPM 8.2) or a recipient that otherwise qualifies under</div><div>the provisions of NRPM 8.3.</div><div><br><blockquote type="cite"><div><span>I'm not asking whether you could allocate those addresses to somebody else and have Whois reflect the new allocation.</span><br><span>I'm not asking whether a string of numbers has any value.</span><br><span>I'm not claiming ARIN can tell anybody what numbers to configure into their routers.</span><br><span>I'm not looking for a flip answer like "It would not be illegal for me to sell you the address 192.168.1.1, either."</span><br></div></blockquote><div><br></div>Whether or not you consider that flip, that is the real answer.</div><div><br><blockquote type="cite"><div><span></span><br><span>I'm asking if it is illegal to sell legacy addresses without notifying ARIN, as this goes directly to the rationale for my proposal.</span><br></div></blockquote><div><br></div>It's not illegal to sell non-legacy addresses without notifying ARIN. The legacy or non-legacy</div><div>or RFC-1918 or non-RFC-1918 status is irrelevant to the issue.</div><div><br></div><div>OTOH, selling integers is sort of questionable and I doubt that anyone thinks they are</div><div>actually purchasing the integers, but, rather at best the ability to register those integers</div><div>for uniqueness in an internet registry or at worst, some form of right to use those</div><div>integers on the internet.</div><div><br></div><div>In the case of the former, selling them outside of policy is arguably fraud since the registry</div><div>will not recognize such a right sold outside of policy. In the case of the latter, it might be</div><div>considered fraud, since nobody really has the power to universally grant or revoke such</div><div>a right, but, rather it is up to the individual operators of each router in the various networks</div><div>that make up the internet to make that particular determination for themselves.</div><div><br><blockquote type="cite"><div><span>In the real world, if it is not illegal, and if it provides incentives to buyer and to seller, these tranactions WILL happen.</span><br></div></blockquote><div><br></div>Ah, but, doesn't that also depend on the disincentives that may or may not also be present?</div><div><br></div><div>Would you not agree that selling numbers themselves (selling integers) is rather silly?</div><div>How can one actually claim to own the number 5? What, exactly, would ownership</div><div>of the number 5 (or the number 4.4.4.5 or any other number sequence) mean?</div><div>I think the idea of number ownership is, at best, a legal fiction.</div><div><br></div><div>Would you not agree that the best case you could possibly make for your proposal would</div><div>be if there was the ability to sell some form of exclusive right to use the particular integers</div><div>for addressing on the internet?</div><div><br></div><div>However, for that to be what is sold, wouldn't the seller have to possess such a right to</div><div>begin with? Who, exactly would have granted that right to them? How does that right</div><div>extend to control over what other people do with their routers and by what authority?</div><div>Isn't the right to use a set of addresses on any particular network subject to and by</div><div>the permission of the owner of that individual network? Isn't the right to use a set</div><div>of IPv4 addresses globally across the internet subject to and by permission of the</div><div>owners of each and every individual network that makes up the internet? As such,</div><div>wouldn't it be, in the real world, impossible to create, produce, possess, or maintain</div><div>such a right absent a multilateral agreement signed by each and every network operator</div><div>on the entire internet (or at least all of the ones with active ASNs present in the</div><div>superset of all known BGP tables)?</div><div><br></div><div>So, I think I have established that an exclusive right to use numbers is also a legal fiction,</div><div>which leaves us only with the idea of the exclusive registration of a particular set of</div><div>numbers within an internet registry.</div><div><br></div><div>John has been using the "ARIN Whois Database" as shorthand, really, for the complete</div><div>set of registration services provided by ARIN in uniquely registering the association of</div><div>a particular unique set of number resources with a particular unique organization</div><div>identified in the database.</div><div><br></div><div>ARIN manages its database according to policies set by the community, as has been</div><div>stated by John several times.</div><div><br></div><div>It turns out that a lot of ISPs (those ones you'd have to build agreements with to create</div><div>an exclusive right to use), happen to use the ARIN registration database as a source</div><div>of authoritative information about legitimacy of coordinated use of number resources.</div><div><br></div><div><blockquote type="cite"><div><span>And still in the real world, if the addresses continue to be usable after the sale, these sales WILL happen, and Whois accuracy will be lost.</span><br><span></span><br></div></blockquote><div><br></div>And here is the crux of the matter. Will the addresses continue to be usable?</div><div><br></div><div>What would prevent ARIN from registering them to someone else after removing</div><div>the records for the original holder who clearly abandoned them from the database</div><div>per ARIN policy?</div><div><br></div><div>What will ensure that ISPs remain willing to route those addresses to the purchaser</div><div>outside of policy vs. the third party now registered in the RIR database?</div><div><br></div><div>Do you not believe that this uncertainty would actually serve as a disincentive</div><div>to these sales? Again, I think you need to make it clear what, exactly, you think</div><div>is being sold in the real world in these instances of sales that you propose.</div><div><br></div><div><br></div><div>Owen</div><div><br></div></body></html>