<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Cuerpo en alfa";
panose-1:2 2 6 3 5 4 5 2 3 4;}
@font-face
{font-family:Roboto;
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
h3
{mso-style-priority:9;
mso-style-link:"Título 3 Car";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:13.5pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.Ttulo3Car
{mso-style-name:"Título 3 Car";
mso-style-priority:9;
mso-style-link:"Título 3";
font-family:"Calibri Light",sans-serif;
color:#1F3763;}
span.EstiloCorreo19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=ES link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=ES-TRAD style='font-size:12.0pt;mso-fareast-language:EN-US'>Hi Owen,<o:p></o:p></span></p><p class=MsoNormal><span lang=ES-TRAD style='font-size:12.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div><p class=MsoNormal style='margin-left:35.4pt'>El 2/5/19 11:23, "Owen DeLong" <<a href="mailto:owen@delong.com">owen@delong.com</a>> escribió:<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Speaking only for myself...<o:p></o:p></p><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal style='margin-left:35.4pt'>On May 2, 2019, at 00:55 , JORDI PALET MARTINEZ via ARIN-PPML <<a href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:35.4pt'>Hi Owen,<br><br>I think that the comparison with a property is not good, so I'm top posting to make it simple.<br><br>ARIN is providing a registration service for unique and exclusive rights for resources, following a membership organization model.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>What are these exclusive rights? What are these resources?<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>I know we refer to them as number resources, but in reality, a number is just a number until you put meaning to it.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>I think we all know that we are discussing about ASN and IPv4 and IPv6 allocated to a given RIR member.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>Take, for example 5. Nobody has any particular exclusive rights to 5 in and of itself. Almost anyone can use it to count their digits on an appendage. <o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>On a private network or even an internet not connected to “the internet” (for however you define that), anyone is free to use 5 unless that network is governed by some organization or owner who exercises some control over such things.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>On “the internet”, ARIN has no such control. ARIN nor any other RIR cannot control who uses a set of numbers for addressing their hosts. What ARIN can do is say that among cooperating entities, these numbers are registered to this entity. That’s what they do.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>So, you’re saying that if an ARIN member is *<b>acting</b>* against the exclusive rights of use resources allocated to other members, not by accident, and repeatedly, is just *<b>fine</b>* and ARIN should not even remind the member that he is acting against the rules?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>They don’t grant exclusive rights in those numbers other than the right to maintain the registry data and the right to transfer said registration to a third party in so far as the transfer complies with registry policy.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>So, the right to use the allocated resources is not exclusive for the time they are allocated?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>ARIN does not control (many) routers and any network that wishes to accept the advertisement of a particular prefix from someone other than the ARIN registered resource holder is under no legal obligation to respect the ARIN registration unless they’ve signed some form of contract to that effect.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>And nobody asked for that control (in our proposal). We just say “it is against the rules to misuse the resources from other members”.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Let's take another similar "association membership model". </span>Please, note that I'm not a lawyer and my reading from US laws may be different as what we have in Spain.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Neither of us is a lawyer, and I haven’t a clue about Spanish law.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>Let's suppose it is a sports club and you can request that at some time in the week, the tennis court is allocated to member A, at another time to B, and another time to X. Member X decides to ignore that allocation and uses the court. Even more, X is doing from time to time the same with the allocation to member B, and many others. This is clearly against the rules *and* repeatedly against the rights of other association members.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>This is flawed… The sports club owns the tennis court. ARIN does not own the Internet.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>No, it may be a public tennis court, but the club has the right to manage that for a certain number of years. It is a very similar case to the RIRs one. It doesn’t matter who owns the resource, what it matters is the use is for a given member, and all the other members must follow the rules and respect the rights of the rest of the members. None of the members has the right to act in bad faith.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>If ARIN owned the Internet, then you’d have a valid example. Since ARIN doesn’t, you don’t.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>It’s more like a bunch of people got together and agreed that they wanted to cooperate with a third party about scheduling the public tennis court down the street. So those people that are cooperating register their schedules with the SchedOrg they created and SchedOrg takes care of making sure everyone who is involved has a unique slot on the schedule. Along comes a third party who isn’t in a contract with SchedOrg who chooses to ignore the schedule and use the tennis courts on a first come first served basis.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>A third party is a different case. We are talking here to have the parties that agreed to participate in SchedOrg. They must respect the rules.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>When we talk (in the RIRs case) about legacy resources is another situation. But I expect that those legacy “owners” (which is a different discussion because as you said the Internet doesn’t belong to anyone), they may need ASNs, or IPv6, which means that they must be bound also to the RIR rules. Moreover, they still may need to use some services from the RIR (registration, reverse DNS, RPKI, whatever). So, if they do not follow the rules and respect the other members (for all the resources, even if are legacy), they are acting in bad faith.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>Since they are public tennis courts not owned by SchedOrg, SchedOrg can’t really do much about it unless the city that actually owns the tennis courts chooses to identify SchedOrg as the authoritative scheduling platform.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In the case of ARIN, some cities (ISPs) have done so and will take down routes that don’t map to the originating entity in the ARIN database. Others won’t.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>The association clearly can tell X, we don't want you to be anymore a member. You've done this not just by mistake, it was a repetitive action in violation of our rules and not respecting other members rights.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Right, _IF_ X is a member and _IF_ the association in question owns the tennis courts in question.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In the case of much of the hijacking we see on a daily basis, X is not a member and ARIN most certainly doesn’t own the tennis courts (routers) X is using.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>Our goal is to have this in the 5 RIRs. If some of the regions decide not to go for it, they will have less credibility than those that go for it. I’ve already mention before about the legacy resources.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>You can find other examples, such a shared property. </span>You have a right to use a property for a week, and if another member is usurping that right for other members "time", they don't follow the rules.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>All of your other examples also involve either shared ownership of the property by the individual in question _OR_ ownership by the registering entity.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>That doesn’t map into the situation as it exists here.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>One more example, in Spain there have been many cases of pick-pockets that the public transport authority (and confirmed by courts if they complain), has denied using the public transport, just because they have been caught once and again.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Once again, in this case, you have two things ARIN doesn’t have… 1. The public transit authority owns the public transit. (ARIN doesn’t own the routers). 2. The public transit authority is coupled with law enforcement as they are both agencies of the same government.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>Governments have law enforcement powers. ARIN has no ability to enforce a contract against someone who never signed one.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>All the RIR have administrative power on the resources. We aren’t asking for ARIN to interfere with routers. We are saying it must be clearly written that a member can’t hijack other members resources, and if that happens, ARIN should be able to take administrative decision on the membership.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>A more extreme example. </span>You can have a property, let's say your home, and there are some common areas (for example a garden, a small summer swimming pool, etc.). You are a member of the neigbourhood, that of course has rules about how the garden and swiming pool can be used. If you act against those rules, or act against the rights of other neighbours, you can get cancelled your rights to use those common areas. Even more, in an extreme case, a judge will even tell you (this is not a theory, there have been many cases), you can't anymore use your home: find another one, and you can rent this to someone else, because you demonstrated that you don't know how to follow the rules.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Sure, but once again, the judge has law enforcement powers as a judiciary. The HOA has ownership of the common areas.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>ARIN doesn’t own the routers and isn’t a judiciary body.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>And again, we aren’t asking for that, but ARIN has administrative power that can enforce if a member doesn’t follow the rules and is acting in bad faith against others.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>In all those cases, the membership organization has the right to state (according to the bylaws), what are the rules. </span>If the rules are accepted by the members, they must be followed and respected.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>In all those cases the bad actor _IS_ a member of the organization and wouldn’t have any access if he were not.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In this case, many of the hijackers are _NOT_ members of the organization.<o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>Even if there are some non-members (they don’t have any registration service from ARIN), and we only succeed to protect 70 or 80% of the cases (just making an example here, I’m not looking into real proportion of legacy vs non-legacy), is better than nothing, and because the transfers are happening, LESS and LESS legacy resources stay as legacy, so this problem is being reduced as time passes.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In all those cases, there’s an entirely different ownership model in that the organization actually owns the resources being used. ARIN does not own the IP addresses, because IP addresses aren’t property, they’re just numbers.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>I think it is obvious that the RIRs provide the unique and exclusive rights to members. I thinkk it is obvious *even* if we don't have such explicit rule, that a member can't act against those unique and exclusive rights granted to other members.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Yes, but use of a particular number in a router isn’t one of those rights…<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>Section 1.3 of the NRPM is quite clear on this matter…<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><blockquote style='margin-left:30.0pt;margin-right:0cm'><blockquote style='margin-left:30.0pt;margin-right:0cm'><div><h3 style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:7.5pt;margin-left:35.4pt;box-sizing: border-box;caret-color: rgb(51, 51, 51)' id=1-3-routability><span style='font-size:18.0pt;font-family:"Roboto",serif;color:#333333;font-weight:normal'>1.3. Routability<o:p></o:p></span></h3></div></blockquote><blockquote style='margin-left:30.0pt;margin-right:0cm'><div><p class=MsoNormal style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:19.2pt;margin-left:35.4pt;box-sizing: border-box;word-wrap: break-word;caret-color: rgb(51, 51, 51)'><span style='font-size:12.0pt;font-family:"Roboto",serif;color:#333333'>The principle of routability guarantees that Internet number resources are managed in such a manner that they may be routed on the Internet in a scalable manner.<o:p></o:p></span></p></div></blockquote><blockquote style='margin-left:30.0pt;margin-right:0cm'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span style='font-size:12.0pt;font-family:"Roboto",serif;color:#333333'>While routing scalability is necessary to ensure proper operation of Internet routing, allocation or assignment of Internet number resources by ARIN in no way guarantees that those addresses will be routed by any particular network operator.<o:p></o:p></span></p></div></div></blockquote></blockquote><div><div><p class=MsoNormal style='margin-left:35.4pt'><span style='font-size:12.0pt;font-family:"Roboto",serif;color:#333333'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><span style='font-size:12.0pt;font-family:"Roboto",serif;color:#333333'>Unique registration and the limited ability to transfer that registration in certain circumstances are the exclusive rights provided by an RIR. There may be others, but those are the primary ones.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><span style='font-size:12.0pt;font-family:"Roboto",serif;color:#333333'><o:p> </o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>Our policies are there, some times, to state in an explicit way, what it may be considered obvious. This is what our policy proposal is tryint to do.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>IMHO, it utterly fails to do that because it is built on a flawed theory that RIRs are capable of granting rights of exclusive use of numbers on the internet.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>Are not? Then I think many of us get a wrong impression of the RIRs function and many of the policies are already breaking what are you saying …<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>A resource hijack, is violating other member rights, and is also violating the rules about how the resources should be *correctly* registered, even if this hijack is violating the rules only during a few minutes or hours, it is still violating the rules.<o:p></o:p></span></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p></div><p class=MsoNormal style='margin-left:35.4pt'>Agreed… HOWEVER, those rights are a civil contract matter in this case and you can’t expect to enforce contractual obligations against a party that never signed a contract.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>Again, you’re mixing here legacy. We are talking about members.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>There is some wording in the RSA that talks about some relevant aspects to this discussion (coping only some of the text):<br>2. </span>CONDITIONS OF SERVICE<br>(1) The exclusive right to be the registrant of the Included Number Resources within the ARIN database;<br>(2) The right to use the Included Number Resources within the ARIN database;<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Yes… note that both of those rights are constrained to what happens within the ARIN database. They don’t talk about use of the numbers on the global internet.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>However, I'm mising a more clear "unique and exlusive right to use" in 2.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>You’re not missing it, it doesn’t and cannot exist because ARIN has no power to grant or enforce such a rite.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>Also:<br>(d) Prohibited Conduct By Holder. In using any of the Services, Holder shall not: (i) disrupt or interfere with the security or use of any of the Services; (ii) violate any applicable laws, statutes, rules, or regulations; or (iii) assist any third party in engaging in any activity prohibited by any Service Terms.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>Sure, but that provision is only binding on those that have signed the RSA. Most hijackers haven’t. Also, all of this is in the RSA which is not the purview of the PDP, so you’re kind of making the case for out of scope even if you could get the changes you want in the RSA.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>Already responded to this. If we are resolving the issue for members, that’s already an good path to improve.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Policies can increase that wording and make it more obvious and facilitate both the organization and the members to take actions if those are not accidental and if they become repetitive.<o:p></o:p></span></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p></div><p class=MsoNormal style='margin-left:35.4pt'>Policies cannot change the wording of the RSA, actually. The Board has to do that and your best path to getting the board to do so would be through the ACSP.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>I guess I written it with the wrong wording. I don’t mean the policy can amend the RSA. I meant that policies can add details that aren’t in the RSA, because the RSA explicitly say that members must follow the rules (policies).<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><br><br><o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'>I believe bylaws are not clear on this, but it may be because it is clearly illegal to act against the membership rights of other members, so you don't need to re-state it in bylaws, but making it clear in policies it is definitively a good thing.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>You are conflating illegal (actually against the law) with against policy (which does not have the force of law).<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'>It is RIR administrative power. In any association, there are member rights, and the association must protect those.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Policies are easier to adapt to the community needs, by means of the PDP, which may change with the time, evolution of protocols, etc. </span>While the bylaws and RSA aren't so easy to modify, but they clearly state that the policies are part of the rules to be followed by members.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:35.4pt'>The RSA is quite easy to modify. You only need to convince a majority of the members of the board. Changing policies means 10 of the 15 members of the AC have to believe there is community consensus for the policy and that it is in scope, technically sound, fair and equitable number resource policy.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>The bylaws are more difficult, but not immutable.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>Owen<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:35.4pt'><br>Regards,<br>Jordi<br><br><br><br>El 2/5/19 8:59, "ARIN-PPML en nombre de Owen DeLong" <<a href="mailto:arin-ppml-bounces@arin.net">arin-ppml-bounces@arin.net</a> en nombre de <a href="mailto:owen@delong.com">owen@delong.com</a>> escribió:<br><br><br><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='margin-left:35.4pt'>On May 1, 2019, at 18:08 , Fernando Frediani <<a href="mailto:fhfrediani@gmail.com">fhfrediani@gmail.com</a>> wrote:<br><br>On 01/05/2019 17:17, Joe Provo wrote:<br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='margin-left:35.4pt'><br>"Distribution function" is indeed merely agreeing that the data<br>recorded in the registry is accurate. There's no dibursement of<br>anything. When we bought our house and land, the registry of<br>deeds was similar only involved in verifying that the transfer<br>from the previous holders to us was a valid contract within the<br>scope of its operations (the state in which we live). When a<br>neighbor was doing a construction project and we had to go block<br>their heavy equipment, the registrar of deeds sure didn't come<br>and settle the dispute. We went down, got the county map and<br>they agreed. if they hadn't, law enforcement and courts would<br>have been the next step.<br><br>This, like all Internet analogies, is poor; my thrust is that rfg's<br>is worse. To parallel ARIN with a transportation agency's "line<br>drawing" and officials embued with law enforcement is wildly off<br>track.<o:p></o:p></p></blockquote><p class=MsoNormal style='margin-left:35.4pt'>That's not that same thing unfortunately. Your house and land belong to you until you sell it, the resources the RIR assign to people **never** belong to them, they are not a property. Instead they remain under their responsibility and they may unassigned if misused or for other reasons.<o:p></o:p></p></blockquote><p class=MsoNormal style='margin-left:35.4pt'><br> The following is strictly my opinion. It may well deviate from the legal theories under which the RIRs currently operate.<br><br> The county can revoke your deed if you don’t pay your property taxes.<br><br> ARIN can revoke your registration if you don’t pay your ARIN fees.<br><br> The county can revoke your deed if they find that it was recorded under fraudulent pretense.<br><br> ARIN can revoke your resources if they find your registration was obtained under fraudulent pretense.<br><br> The only difference is in what is being registered/recorded by the different registries. The property registry in the various counties registers property.<br><br> ARIN registers numbers to guarantee uniqueness among cooperating parties.<br><br> As has been repeatedly stated in this debate, ARIN has no control or authority over non-cooperating parties that have not signed a contract with ARIN.<br><br> An entity which has no contract with the RIRs really can use any integers they want in any way they want to the extent that others are willing to accept that use.<br><br> If someone wants to claim 10.0.0.0/8 as a public address and route it on the internet, the RIRs cannot do anything to stop them unless it violates an RIR contract that said entity is a party to.<br><br> If they can find enough ISPs willing to route that on their behalf, then de facto, that address range will be theirs and it really doesn’t matter what the RIRs have to say about it.<br><br> The internet works because the vast majority of networks choose to cooperate with the RIR system and work within the system to preserve uniqueness.<br><br> There’s no law that prevents this from becoming balkanized and disintegrating into competing non-unique uses of address space. I hope that doesn’t happen and fortunately, there’s enough financial interest in the process to make sure the majority of ISPs continue to not want it as well.<br><br> Nonetheless, it is important to understand just how fragile this ecosystem actually is and just how limited the power of the RIRs actually is.<br><br> Owen<br><br> _______________________________________________<br> ARIN-PPML<br> You are receiving this message because you are subscribed to<br> the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br> Unsubscribe or manage your mailing list subscription at:<br> <a href="https://lists.arin.net/mailman/listinfo/arin-ppml">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br> Please contact <a href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br><br><br><br><br>**********************************************<br>IPv4 is over<br>Are you ready for the new Internet ?<br><a href="http://www.theipv6company.com">http://www.theipv6company.com</a><br>The IPv6 Company<br><br>This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br><br><br><br>_______________________________________________<br>ARIN-PPML<br>You are receiving this message because you are subscribed to<br>the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).<br>Unsubscribe or manage your mailing list subscription at:<br>https://lists.arin.net/mailman/listinfo/arin-ppml<br>Please contact info@arin.net if you experience any issues.<o:p></o:p></p></div></div></blockquote></div><p class=MsoNormal style='margin-left:35.4pt'><br><br><o:p></o:p></p></div><br>**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
http://www.theipv6company.com<br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
</body></html>