[arin-ppml] Draft Policy 2010-11: Required Resource Reviews
ARIN
info at arin.net
Wed Oct 6 09:17:10 EDT 2010
We have an update for the following:
> B. ARIN General Counsel
>
> Pending
Counsel found no significant legal issues with this draft policy.
Regards,
Communications and Member Services
American Registry for Internet Numbers (ARIN)
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Member Services
> Sent: Tuesday, July 20, 2010 2:12 PM
> To: arin-ppml at arin.net
> Subject: [arin-ppml] Draft Policy 2010-11: Required Resource Reviews
>
> Draft Policy 2010-11
> Required Resource Reviews
>
> On 15 July 2010 the ARIN Advisory Council (AC) selected "Required
> Resource Reviews" as a draft policy for adoption discussion on the PPML
> and at the Public Policy Meeting in Atlanta in October.
>
> The draft was developed by the AC from policy proposal "117. Required
> Resource Reviews". Per the Policy Development Process the AC submitted
> text to ARIN for a staff and legal assessment prior to its selection as
> a draft policy. Below the draft policy is the ARIN staff and legal
> assessment, followed by the text that was submitted by the AC.
>
> Draft Policy 2010-11 is below and can be found at:
> https://www.arin.net/policy/proposals/2010_11.html
>
> You are encouraged to discuss Draft Policy 2010-11 on the PPML prior to
> the October Public Policy Meeting. Both the discussion on the list and
> at the meeting will be used by the ARIN Advisory Council to determine
> the community consensus for adopting this as policy.
>
> The ARIN Policy Development Process can be found at:
> https://www.arin.net/policy/pdp.html
>
> Draft Policies and Proposals under discussion can be found at:
> https://www.arin.net/policy/proposals/index.html
>
> Regards,
>
> Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ## * ##
>
>
> Draft Policy 2010-11
> Required Resource Reviews
>
> Version/Date: 20 July 2010
>
> Policy statement:
>
> Replace the text "under sections 4-6" in section 12, paragraph 7 with
> "under paragraphs 12.4 through 12.6"
>
> Add to section 12 the following text:
>
> 10. Except as provided below, resource reviews are conducted at the
> discretion of the ARIN staff. In any of the circumstances mentioned
> below, a resource review must be initiated by ARIN staff:
>
> a. Report or discovery of an acquisition, merger, transfer, trade or
> sale in which the infrastructure and customer base of a network move
> from one organization to another organization, but, the applicable IP
> resources are not transferred. In this case, the organization retaining
> the IP resources must be reviewed. The organization receiving the
> customers may also be reviewed at the discretion of the ARIN staff.
>
> b. Upon receipt by ARIN of one or more credible reports of fraud or
> abuse of an IP address block. Abuse shall be defined as use of the
> block
> in violation of the RSA or other ARIN policies and shall not extend to
> include general reports of host conduct which are not within ARIN's
> scope.
>
> c. In the case where an organization wishes to act as recipient of
> resources pursuant to a transfer under section 8.3, unless otherwise
> prohibited by paragraph 12.2(c).
>
> d. An organization which submits a request for additional resources
> when
> more than 25% of their existing resources are obscured in SWIP or
> RWHOIS
> pursuant to section 4.2.3.7.6 (residential customer privacy).
>
> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not
> exempt organizations from the reviews required under section 12.10.
>
> Rationale:
>
> The first change is a minor correction which improves clarity and
> consistency of the original policy without changing the meaning.
>
> The addition of 12.10 (a) through (e) serves to create a set of
> circumstances under which a resource review is required, rather than
> optional and entirely at ARIN staff discretion.
>
> The majority of early comments on this proposal focused on 12.10 (e).
> Mostly it was confusion about the exact ramifications. This section
> will
> cause ARIN to maintain greater scrutiny only in cases where a given ISP
> issues more than 25% of their total space to residential customers who
> wish to remain anonymous and receive network blocks of /29 or larger.
> To
> the best of my knowledge, there are not currently any ISPs which meet
> this criteria. Additionally, it would only apply that scrutiny to IPv4,
> and will not carry forward into IPv6 residential assignments.
>
> This policy should improve the compliance verification of ARIN policies
> and may result in the improved reclamation of under-utilized IP address
> space. It should also serve as a deterrent to certain address hoarding
> tactics which have come to light in recent history.
>
> Timetable for implementation: Immediately upon ratification by the
> Board
>
>
> #####
>
>
> STAFF ASSESSMENT
>
> Proposal: (117) Required Resource Reviews
> Proposal Version (Date): 07 July 2010
> Date of Assessment: 14 July 2010
>
> 1. Proposal Summary (Staff Understanding)
>
> This draft policy establishes new criteria to enact NRPM 12 resource
> reviews. It requires ARIN staff to initiate resource reviews when M&A
> activity occurs but IP addresses are not transferred to the acquirer;
> when fraud or abuse is reported to ARIN, either about a specific IP
> address range or about an OrgID; when any NRPM 8.3 transfer occurs; or
> when staff are reviewing an additional IP address request and find that
> more than a quarter of an OrgID's downstream SWIPs are covered under
> the
> Residential Customer Privacy policy.
>
> 2. Comments
>
> A. ARIN Staff Comments
>
> • This proposal could cause ARIN staff to conduct resource reviews on
> a
> more frequent basis. Any prescription for prioritizing such reviews
> could delay other important registration activities from being
> processed
> in a timely manner.
>
> B. ARIN General Counsel
>
> Pending
>
>
> 3. Resource Impact
>
> This policy would have moderate resource impact. It is estimated that
> implementation would occur within 6 months after ratification by the
> ARIN Board of Trustees. The following would be needed in order to
> implement:
>
> • Resource reviews, audits, and fraud research require many man-hours.
> These new requirements to conduct audits on a much more regular basis
> could necessitate hiring and training additional registration staff.
> • Changes to current business practices
> • Staff training
> • Updated guidelines
>
>
> 4. Proposal Text
>
> Policy statement:
>
> Replace the text "under sections 4-6" in section 12, paragraph 7 with
> "under paragraphs 12.4 through 12.6"
> Add to section 12 the following text:
>
> 10. Except as provided below, resource reviews are conducted at the
> discretion of the ARIN staff. In any of the circumstances mentioned
> below, a resource review must be initiated by ARIN staff:
> a. Report or discovery of an acquisition, merger, transfer, trade or
> sale in which the infrastructure and customer base of a network move
> from one organization to another organization, but, the applicable IP
> resources are not transferred. In this case, the organization retaining
> the IP resources must be reviewed. The organization receiving the
> customers may also be reviewed at the discretion of the ARIN staff.
> b. Upon receipt by ARIN of one or more credible reports of fraud or
> abuse of an IP address block. Abuse shall be defined as use of the
> block
> in violation of the RSA or other ARIN policies and shall not extend to
> include general reports of host conduct which are not within ARIN's
> scope.
> c. In the case where an organization wishes to act as recipient of
> resources pursuant to a transfer under section 8.3, unless otherwise
> prohibited by paragraph 12.2(c).
> d. An organization which submits a request for additional resources
> when more than 25% of their existing resources are obscured in SWIP or
> RWHOIS pursuant to section 4.2.3.7.6 (residential customer privacy).
> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not
> exempt organizations from the reviews required under section 12.10.
>
> Rationale:
>
> The first change is a minor correction which improves clarity and
> consistency of the original policy without changing the meaning.
> The addition of 12.10 (a) through (e) serves to create a set of
> circumstances under which a resource review is required, rather than
> optional and entirely at ARIN staff discretion.
>
> The majority of early comments on this proposal focused on 12.10 (e).
> Mostly it was confusion about the exact ramifications. This section
> will
> cause ARIN to maintain greater scrutiny only in cases where a given ISP
> issues more than 25% of their total space to residential customers who
> wish to remain anonymous and receive network blocks of /29 or larger.
> To
> the best of my knowledge, there are not currently any ISPs which meet
> this criteria. Additionally, it would only apply that scrutiny to IPv4,
> and will not carry forward into IPv6 residential assignments.
>
> This policy should improve the compliance verification of ARIN policies
> and may result in the improved reclamation of under-utilized IP address
> space. It should also serve as a deterrent to certain address hoarding
> tactics which have come to light in recent history.
>
>
>
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the Info
mailing list