<div dir="ltr"><div dir="ltr"><div><br></div><div><br></div><div>Utilization after implementation and continued use is not likely to result in any substantial change of need. Addresses are issued based on an initial plan; the word plan is used six times in the NRPM and maps to utilization afterwards in 4.3.3. Whether it starts its utilization life on a server and grows up to move on to a router seems irrelevant. Based on my interpretation (and real world experience)in the NRPM that's defensible. Utilization is a rate of use, not actual use and whether it is on a server today and a router tomorrow? Irrelevant in that optic.<br></div></div><div dir="ltr"><br><div>YMMV<br></div><div><br></div></div><div>-M<</div><div><br></div><div><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 1, 2021 at 5:39 PM Mike Burns <<a href="mailto:mike@iptrading.com">mike@iptrading.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u><div><div style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10pt"><div>HI Chris and David,<br></div><div><br></div><div>I think reclaiming resources for fraud of any kind is perfectly reasonable.<br></div><div>I do not see any need for reporting to ARIN any change of utilization.<br></div><div>Unlike the AFRINIC RSA (and the LACNIC RSA) the ARIN RSA doesn't put resources at risk for utilization, whether that's a change of utilization or lack of utilization.<br></div><div>This is how it should be in a registry that allows transfers, otherwise sellers wouldn't risk coming to ARIN to book a transfer if ARIN could revoke the addresses for utilization reasons.<br></div><div><br></div><div>(I think this language in the RSA is one reason for LACNIC's anemic transfer market. On the other hand it may prove useful to AFRINIC in this peculiar and likely unique situation.)<br></div><div><br></div><div>I think we need a clear leasing policy in ARIN, one that allows leased addresses to be used as justification if those addresses are leased out with valid recorded assignments (SWIPS).<br></div><div>Leasing has to be recognized as a valid distribution channel for IPv4 addresses and policy must not stand in the way of that channel evolving naturally along with the market.<br></div><div>This AFRINIC situation involves leasing, and everywhere leasing is happening in a policy void. That's asking for problems.<br></div><div><br></div><div>I think we are in the realm of "hard cases make bad law" if we try to generalize from the situation in AFRINIC, which really can't be repeated. <br></div><div>There is no sense in trying to protect against a repeat occurence through a knee-jerk reaction that leads to useless prophylactic policy clutter.<br></div><div>I suppose it bears repeating though, fraud at any point merits revocation.</div><div><br></div><div><br></div><div>Regards,<br>Mike</div><div><br></div><div><br></div><div><br></div><div style="border-top:1px solid rgb(204,204,204);height:0px;margin-top:10px;margin-bottom:10px;line-height:0px"><br></div><div><div><br></div><div id="gmail-m_1904890338223082971Zm-_Id_-Sgn1">---- On Wed, 01 Sep 2021 16:35:19 -0400 <b>Chris Woodfield <<a href="mailto:chris@semihuman.com" target="_blank">chris@semihuman.com</a>></b> wrote ----<br></div><div><br></div><blockquote style="margin:0px"><div><div>David - <br></div><div><br></div><div>In addition to the RSA language John cited, Section 12 of the NRPM gives ARIN the right to review an organization’s resource usage at any time for continued compliance with community-driven policy. I suspect that these reviews are not common, however. What’s more common, in my view, is an organization’s request for additional resources, which must come with justification that currently-held resources are being used in compliance with policy. I do not believe that these are checked against the original requests for consistency, however.<br></div><div><br></div><div>I’d be curious if the clause below can be interpreted as giving organizations a duty to report *any* substantial changes in an organization’s allocation plans if they diverge from the justification filed at the time of the request, or only when such changes would have the effect of putting the organization out of compliance with current policy. I can see the former interpretation being rather troublesome for a large number of organizations, given how often business plans and environments can change over time, as well as adding quite a bit of (IMO unnecessary) overhead to IP allocation managers.<br></div><div><br></div><div>That said, I can see ARIN being quite justified in reclaiming resources if the justification documentation filed with the request had no bearing to the org’s actual plans. I suspect that to be the unspoken subtext of the current controversy, and I absolutely believe that ARIN would and should act similarly in such a scenario (which, in the past, it has).<br></div><div><br></div><div>Regards,,<br></div><div><br></div><div>-Chris<br></div><div><div><br></div><blockquote><div>On Sep 1, 2021, at 1:21 PM, John Curran <<a href="mailto:jcurran@arin.net" target="_blank">jcurran@arin.net</a>> wrote:<br></div><div><br></div><div><div><div>David - <br></div><div><br></div><div><span style="white-space:pre-wrap"></span>Excellent question. The most important item is for the community to determine its policy goals in this area, and then based on such what requirements/duties belong in policy language
in Number Resource Policy Manual (NRPM.)<br></div><div><br></div><div><span style="white-space:pre-wrap"></span>The ARIN RSA places an explicit duty of “Information and Cooperation” on number resource holders (see below) that can be used to enforce community-developed policy in this area, but the
communities thoughts on the appropriate policy really should drive the discussion – <br></div><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><div><div title="Page 2"><div><div><p><i><span style="font-family:ArialMT"><span style="font-size:10pt">2.(c) Information and Cooperation. Holder has completed an application provided by ARIN for one or more </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">Services (the “Application”). Holder must (i) promptly notify ARIN if any information provided in the Application </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">changes during the term of this Agreement, and (ii) make reasonable efforts to promptly, accurately, and completely provide any information or cooperation required pursuant to the
Service Terms or in response to any inquiry or request made to Holder by ARIN during the term of this Agreement. In addition, Holder shall promptly provide ARIN with complete and accurate information, and cooperation as required by any Service Terms or </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">that ARIN requests in connection with ARIN’s provision of any of the Services to Holder. If Holder does not </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">provide ARIN with such information or cooperation that ARIN requests, ARIN may take such failure into account in evaluating </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">Holder’s subsequent requests for transfer, allocation or assignment of additional number </span></span><span style="font-family:ArialMT"><span style="font-size:10pt">resources, or requests for changes to any Services. </span></span></i><br></p></div></div></div></div></blockquote><div><span style="white-space:pre-wrap"></span>Note that material breach of Section 2(c) is one of the events that provides ARIN clear right of termination for the RSA and subsequent revocation of the number resources – so let’s be extra careful
when considering any reporting/information duties for placement into NRPM. <br></div><div><br></div><div>Thanks! <br></div><div><div>/John<br></div><div> <br></div><div><div><br></div><div><div>John Curran<br></div><div>President and CEO<br></div><div>American Registry for Internet Numbers<br></div></div><div><br></div><div><br></div><div>On 1 Sep 2021, at 3:47 PM, David Farmer <<a href="mailto:farmer@umn.edu" target="_blank">farmer@umn.edu</a>> wrote:<br></div><div> <br></div><div><blockquote><div><br></div><div><div dir="ltr"><div>I changed the subject line, as this isn't directly related to the dispute between AFRINIC and CI, but more some questions arising from it specifically related to the ARIN registered resources.<br></div><div>----<br></div><div><br></div><div>So, do ARIN resource holders have a duty to report changes in their use of resources? If they do, where does that duty come from in policy or contract language? And, what are the relevant changes that need to be reported?<br></div><div><br></div><div>In my review of these questions;<br></div><div><br></div><div>In the RSA I see where holders are granted, "The right to use the Included Number Resources within the ARIN database" (RSA section 2.b bullet 2). However, I don't see any limitation to that use, such as "originally justified" or any obligation to
report a change in such use.<br></div><div><br></div><div>In policy, "An end-user is an organization receiving assignments of IP addresses exclusively for use in its operational networks." (NRPM 2.6), with an exception for incidental or transient use (last paragraph, section 2.5).<br></div><div><br></div><div>Maybe to align end-user requirements with the new Registration Services Agreement we should change that so end-users have to report any use, other than incidental or transient use, outside their organization.<br></div><div><br></div><div>And ISP's have requirements to report the use by their customers that exceed certain levels (NRPM sections 4.2.3.7 and 6.5.5).<br></div><div><br></div><div>So, other than the ISP reporting requirements, I don't see direct reporting obligations for change in use. Further, I don't see any guidance to what might be a material change in use that is in need of reporting, as I'm sure we don't want ARIN
Staff tied up with reports of all possible changes, most of which are probably irrelevant. <br></div><div><br></div><div>Are there reporting requirements I'm missing? Maybe implied or indirect requirement?<br></div><div><br></div><div>Should something be added to ARIN's policies explicitly stating requirements for reporting a change in the use of resources?<br></div><div><br></div><div>Thanks<br></div></div></div></blockquote></div><div><br></div></div></div></div><div>_______________________________________________<br></div><div>ARIN-PPML<br></div><div>You are receiving this message because you are subscribed to<br></div><div>the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br></div><div>Unsubscribe or manage your mailing list subscription at:<br></div><div><a href="https://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br></div><div>Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br></div></div></blockquote></div><div><br></div></div><div>_______________________________________________ <br></div><div>ARIN-PPML <br></div><div>You are receiving this message because you are subscribed to <br></div><div>the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>). <br></div><div>Unsubscribe or manage your mailing list subscription at: <br></div><div><a href="https://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a> <br></div><div>Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues. <br></div></blockquote></div><div><br></div></div><br></div>_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div></div>