<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If 2013-6 were passed then those who might abuse ARIN’s policies for nefarious means might use other RIRs, possibly (likely?) less cooperative in sharing ownership information than ARIN, which is HQ’ed in the U.S. I don’t see how 2013-6 helps U.S. LEA’s with the identification of netblock owners because it’s just going to drive the bad guys away from using ARIN and to use other RIRs.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Second, I don’t believe a US LEA has more or less authority to track or subpoena the actual traffic, or go after nefarious activity, if they’re using non-ARIN address space <u>within</u> the US. A corollary, I don’t think if the bad guys used ARIN-assigned address space <u>outside</u> the U.S. that a U.S. LEA will have a greater advantage than if the bad guys used non-ARIN assigned space outside the U.S.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Honestly, I don’t see how 2013-6 aids U.S. LEA in tracking down or taking down the bad guys.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> arin-ppml-bounces@arin.net [mailto:arin-ppml-bounces@arin.net] <b>On Behalf Of </b>nathalie coupet<br><b>Sent:</b> Saturday, October 05, 2013 4:05 PM<br><b>To:</b> arin-ppml@arin.net<br><b>Cc:</b> jcurran@arin.net<br><b>Subject:</b> Re: [arin-ppml] ARIN-PPML Digest, Vol 100, Issue 2<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal style='background:white'><span style='color:black'>Hello John,<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='color:black'>As far as law enforcement agencies are concerned, the problem is not so much a question of depletion of the IPv4 pool but of traceability back to the attacker in case of misuse of the Internet, such as for MitMA or DDoS (many attackers of US websites being located in the APNIC/Middle East Regions). The problem is even more acute for IPv6 addresses, since blocks allocated are larger than those for IPv4. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:black'>Maybe ARIN's policy should be consistent regarding the allocation of both IPv4 and IPv6 addresses requesting that stakeholders have sufficient attachment to the region prior to receiving IP addresses from ARIN. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:black'>If we do not take into consideration security concerns into our own hands and decide for ourselves what we tolerate and what we don't, others will enact rules and procedures that might end up affecting the organization in a way that could really detrimental to business. <o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:black'> <o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:black'>Nathalie Coupet<br>ARIN Member<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:black'><o:p> </o:p></span></p></div><div><div><div><div class=MsoNormal align=center style='text-align:center;background:white'><span style='color:black'><hr size=1 width="100%" align=center></span></div><p class=MsoNormal style='background:white'><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>From:</span></b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> "<a href="mailto:arin-ppml-request@arin.net">arin-ppml-request@arin.net</a>" <<a href="mailto:arin-ppml-request@arin.net">arin-ppml-request@arin.net</a>><br><b>To:</b> <a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a> <br><b>Sent:</b> Friday, October 4, 2013 7:32 PM<br><b>Subject:</b> ARIN-PPML Digest, Vol 100, Issue 2</span><span style='color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt;background:white'><span style='color:black'><br>Send ARIN-PPML mailing list submissions to<br> <a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br>or, via email, send a message with subject or body 'help' to<br> <a href="mailto:arin-ppml-request@arin.net">arin-ppml-request@arin.net</a><br><br>You can reach the person managing the list at<br> <a href="mailto:arin-ppml-owner@arin.net">arin-ppml-owner@arin.net</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of ARIN-PPML digest..."<br><br><br>Today's Topics:<br><br> 1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6<br> Address Space to Out-of-region Requestors - Revised (John Curran)<br> 2. Out-of-region overreaction? (Frank Bulk)<br> 3. Re: Out-of-region overreaction? (Scott Leibrand)<br> 4. Re: Out-of-region overreaction? (Jimmy Hess)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Fri, 4 Oct 2013 19:55:59 +0000<br>From: John Curran <<a href="mailto:jcurran@arin.net">jcurran@arin.net</a>><br>To: Gary Buhrmaster <<a href="mailto:gary.buhrmaster@gmail.com">gary.buhrmaster@gmail.com</a>><br>Cc: "<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>" <<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>><br>Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4<br> and IPv6 Address Space to Out-of-region Requestors - Revised<br>Message-ID: <<a href="mailto:42C9B415-75DB-4AB7-955F-BD84AB9C64EC@arin.net">42C9B415-75DB-4AB7-955F-BD84AB9C64EC@arin.net</a>><br>Content-Type: text/plain; charset="us-ascii"<br><br>Gary -<br><br>Since June 2013, there have been 52 requests that would not have <br>been approved under the new policy because these organizations <br>had only some equipment in a data center in the ARIN region, but <br>either all or most of their technical infrastructure outside of the region<br>and most or all of their customers outside of the ARIN region. <br><br>Total amount of space issued to these 52 organizations: 9,672 /24s,<br>(which is a bit more than a /11 in total) and nearly all organizations were based in the APNIC region.<br><br>FYI,<br>/John<br><br>John Curran<br>President and CEO<br>ARIN<br><br>> On Sep 27, 2013, at 11:37 PM, John Curran <<a href="mailto:jcurran@arin.net">jcurran@arin.net</a>> wrote:<br>> <br>>> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <<a href="mailto:gary.buhrmaster@gmail.com">gary.buhrmaster@gmail.com</a>> wrote:<br>>> <br>>>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <<a href="mailto:jcurran@arin.net">jcurran@arin.net</a>> wrote:<br>>>> ...<br>>>> That is correct (and reflects current practice handling resource requests.)<br>>> <br>>> John,<br>>> <br>>> I support the policy, but I do have a few questions that<br>>> would help finalize my thinking (that I do not recall seeing<br>>> asked or answered). I understand that any answers are<br>>> going to be more WAGs than facts, and you may not<br>>> have the information or ability to provide the answers,<br>>> but any answers would help me (and perhaps others)<br>>> recognize the implications of such a change (if any)?<br>>> I'll accept as many additional caveats you want to add<br>>> to any response.<br>>> <br>>> * If this policy was in place for (say) the last year, what<br>>> is the order of magnitude of number of requests that<br>>> would have been referred to another RIR (1, 10, 100, 1000)?<br>>> <br>>> * If this policy was in place for (say) the last year, can<br>>> you break down the requests by the RIR that the<br>>> requester appeared to be have their plurality?<br>>> <br>>> * If this policy was in place for (say) the last year, what<br>>> is the order of magnitude of the IPv4 numbers that<br>>> would not have been issued by ARIN (/24 ... /8)?<br>> <br>> Gary - <br>> <br>> We're looking into your concerns, and will see whether we<br>> can provide any insights/WAGs can be provided regarding <br>> the potential impact of the policy (as compared to past<br>> requests.)<br>> <br>> Thanks for the thought-provoking questions!<br>> /John<br>> <br>> John Curran<br>> President and CEO<br>> ARIN<br>> <br>> _______________________________________________<br>> PPML<br>> You are receiving this message because you are subscribed to<br>> the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br>> Unsubscribe or manage your mailing list subscription at:<br>> <a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br>> Please contact <a href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br><br><br>------------------------------<br><br>Message: 2<br>Date: Fri, 4 Oct 2013 15:31:32 -0500<br>From: "Frank Bulk" <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>><br>To: <<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>><br>Subject: [arin-ppml] Out-of-region overreaction?<br>Message-ID: <<a href="mailto:00ef01cec140$b6ccb5e0$246621a0$@iname.com">00ef01cec140$b6ccb5e0$246621a0$@iname.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>I was requesting some ISP IPv6 space and the kindly ARIN staff posted this<br>in their response:<br><br> Please reply and verify that you will be using <br> the requested number resources within the ARIN region <br> and announcing all routing prefixes of the requested <br> space from within the ARIN region. In accordance with <br> section 2.2 of the NRPM, ARIN issues number resources <br> only for use within its region. ARIN is therefore only <br> able to provide for your in-region numbering needs.?<br><br>I'm familiar with the concern about out-of-region folk taking advantage of<br>ARIN's current IPv4 supply, but I have a few concerns about the wording of<br>the staff communication.<br><br>a) It's been my understanding thus far that if I'm an ISP that provides<br>service in multiple places around the world that I may divide my allocation<br>into smaller prefixes and advertise those to area peers. It seems ARIN<br>staff would preclude me from doing any of that. "All" is a pretty strong<br>word, and if ARIN really believes it, a lot of violators could be found. <br><br>b) It seems that Section 2.2 of the NRPM is being misapplied. <br> 2.2. Regional Internet Registry (RIR)<br><br> Regional Internet Registries (RIRs) are established and<br> authorized by respective regional communities, and <br> recognized by the IANA to serve and represent large <br> geographical regions. The primary role of RIRs is to <br> manage and distribute public Internet address space <br> within their respective regions.<br><br>While ARIN does issue numbers within its region, section 2.2 does not say<br>"only for use". If an "only" had be applied, I would suggest that it's<br>"only manage and distribute".<br><br>If I could be so bold, I'd suggest ARIN to use language something along<br>these lines in their communications:<br><br> Please reply and verify that you will be using <br> the requested number resources primarily within the <br> ARIN region and announcing the majority of routing prefixes<br> of the requested space from within the ARIN region. <br> In accordance with section 2.2 of the NRPM, ARIN issues <br> number resources within its region. <br><br>Frank<br><br><br><br>------------------------------<br><br>Message: 3<br>Date: Fri, 4 Oct 2013 14:42:50 -0700<br>From: Scott Leibrand <<a href="mailto:scottleibrand@gmail.com">scottleibrand@gmail.com</a>><br>To: Frank Bulk <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>><br>Cc: ARIN-PPML List <<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>><br>Subject: Re: [arin-ppml] Out-of-region overreaction?<br>Message-ID:<br> <CAGkMwz4cOch2v8M6HBw4-2N4x_QG9X5dYu8arehow1+<a href="mailto:86y9OXw@mail.gmail.com">86y9OXw@mail.gmail.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Agreed. IMO this is *not* was intended by current policy, *particularly*<br>IPv6 policy. If you get a /32, there's no reason you shouldn't be able to<br>use it globally.<br><br>Thanks for bringing this up. I think we're going to have a lively<br>discussion next week in Phoenix. :-)<br><br>-Scott<br><br><br>On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>> wrote:<br><br>> I was requesting some ISP IPv6 space and the kindly ARIN staff posted this<br>> in their response:<br>><br>> Please reply and verify that you will be using<br>> the requested number resources within the ARIN region<br>> and announcing all routing prefixes of the requested<br>> space from within the ARIN region. In accordance with<br>> section 2.2 of the NRPM, ARIN issues number resources<br>> only for use within its region. ARIN is therefore only<br>> able to provide for your in-region numbering needs.<br>><br>> I'm familiar with the concern about out-of-region folk taking advantage of<br>> ARIN's current IPv4 supply, but I have a few concerns about the wording of<br>> the staff communication.<br>><br>> a) It's been my understanding thus far that if I'm an ISP that provides<br>> service in multiple places around the world that I may divide my allocation<br>> into smaller prefixes and advertise those to area peers. It seems ARIN<br>> staff would preclude me from doing any of that. "All" is a pretty strong<br>> word, and if ARIN really believes it, a lot of violators could be found.<br>><br>> b) It seems that Section 2.2 of the NRPM is being misapplied.<br>> 2.2. Regional Internet Registry (RIR)<br>><br>> Regional Internet Registries (RIRs) are established and<br>> authorized by respective regional communities, and<br>> recognized by the IANA to serve and represent large<br>> geographical regions. The primary role of RIRs is to<br>> manage and distribute public Internet address space<br>> within their respective regions.<br>><br>> While ARIN does issue numbers within its region, section 2.2 does not say<br>> "only for use". If an "only" had be applied, I would suggest that it's<br>> "only manage and distribute".<br>><br>> If I could be so bold, I'd suggest ARIN to use language something along<br>> these lines in their communications:<br>><br>> Please reply and verify that you will be using<br>> the requested number resources primarily within the<br>> ARIN region and announcing the majority of routing prefixes<br>> of the requested space from within the ARIN region.<br>> In accordance with section 2.2 of the NRPM, ARIN issues<br>> number resources within its region.<br>><br>> Frank<br>><br>> _______________________________________________<br>> PPML<br>> You are receiving this message because you are subscribed to<br>> the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br>> Unsubscribe or manage your mailing list subscription at:<br>> <a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br>> Please contact <a href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html" target="_blank">http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html</a>><br><br>------------------------------<br><br>Message: 4<br>Date: Fri, 4 Oct 2013 18:25:16 -0500<br>From: Jimmy Hess <<a href="mailto:mysidia@gmail.com">mysidia@gmail.com</a>><br>To: Frank Bulk <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>><br>Cc: "<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>" <<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>><br>Subject: Re: [arin-ppml] Out-of-region overreaction?<br>Message-ID:<br> <CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=<a href="mailto:pkYdxU2DedJ4bhBg@mail.gmail.com">pkYdxU2DedJ4bhBg@mail.gmail.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>> wrote:<br><br>><br>> I'm familiar with the concern about out-of-region folk taking advantage of<br>> ARIN's current IPv4 supply, but I have a few concerns about the wording of<br>> the staff communication.<br>><br>> a) It's been my understanding thus far that if I'm an ISP that provides<br>> service in multiple places around the world that I may divide my allocation<br>> into smaller prefixes and advertise those to area peers. It seems ARIN<br>><br><br>No. You can subdelegate portions of your allocation to customers.<br>Your upstreams are not going to necessarily let you pick apart your<br>allocation<br>and advertise every /29; Although ARIN staff should have no objections<br>to this,<br>if your upstreams will allow it, and you show that to be the case.<br><br>If you are chopping up your block; you do not need a big allocation from<br>ARIN, though,<br>of sufficient size for all your regions. It only makes sense if you<br>intend to keep your block _whole_;<br>and advertise a single block in multiple regions.<br><br>If you intend to chop up your blocks anyways; then a sensible thing to do<br>is to obtain multiple blocks instead -- from the appropriate regions<br>where they will be used.<br><br><br><br>> staff would preclude me from doing any of that. "All" is a pretty strong<br>> word, and if ARIN really believes it, a lot of violators could be found.<br>><br><br>Routing is out of scope of ARIN policy in the first place; you have an<br>option of<br>not advertising your allocation at all. You are allowed to have a<br>privately interconnected network<br>that spans regions.<br><br>ARIN staff can reject your verification justification for the allocation;<br>if you don't show you have an intention<br>to use a significant amount of resources in the ARIN region<br><br>While ARIN does issue numbers within its region, section 2.2 does not say<br>> "only for use". If an "only" had be applied, I would suggest that it's<br>> "only manage and distribute".<br>><br><br>Policy does not say "only for use"; however there is not policy<br>specifically encouraging ARIN to recognize use outside of the ARIN region.<br><br>It is not sufficient for use to merely be "allowed"; ARIN has to have<br>procedures<br>for validating and auditing the use.<br><br>It is possible, that you may be allowed to use out of region, but not be<br>able to<br>cite your out of region networks requirements as justification for<br>obtaining<br>a larger block than if your out-of-region usage did not exist at all,<br><br>or it may not be accepted as current use to satisfy utilization requirement<br>for a future allocation.<br><br><br>> If I could be so bold, I'd suggest ARIN to use language something along<br>> these lines in their communications:<br>><br>> Please reply and verify that you will be using<br>> the requested number resources primarily within the<br>> ARIN region and announcing the majority of routing prefixes<br>> of the requested space from within the ARIN region.<br>> In accordance with section 2.2 of the NRPM, ARIN issues<br>> number resources within its region.<br>><br>><br>This is very similar to the original quote of what they had said.......<br><br><br><br>> Frank<br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html" target="_blank">http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html</a>><br><br>------------------------------<br><br>_______________________________________________<br>ARIN-PPML mailing list<br><a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a><br><a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br><br>End of ARIN-PPML Digest, Vol 100, Issue 2<br>*****************************************<br><br><o:p></o:p></span></p></div></div></div></div></div></body></html>