Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)"

ALAIN AINA aalain at trstech.net
Fri May 27 09:41:00 UTC 2016 

Hello 

inline…..

> On May 27, 2016, at 11:50 AM, Owen DeLong <owen at delong.com> wrote:
> 
> 
>> On May 26, 2016, at 22:53 , McTim <dogwallah at gmail.com <mailto:dogwallah at gmail.com>> wrote:
>> 
>> Hi Oma,
>> 
>> On Fri, May 27, 2016 at 1:04 AM, Omo Oaiya <Omo.Oaiya at wacren.net <mailto:Omo.Oaiya at wacren.net>> wrote:
>>> 
>>> On 22 May 2016 at 21:32, Nishal Goburdhan <nishal at controlfreak.co.za <mailto:nishal at controlfreak.co.za>> wrote:
>>>> 
>>>> i support the intent of the policy :-)  but then, i think that most
>>>> rational persons would.
>> 
>> 
>> I certainly support audit and revocation powers.  I think we already
>> have that in the toolkit.
>> 
>> 
>>> 
>>> 
>>> 
>>> indeed ....especially now the authors and Owen have shown that most rational
>>> people do support such policies globally.
>>> 
>>> 
>>>> 
>>>> but i think that the important part of this is being done now by staff,
>>>> and, just probably not being communicated.  i worry that the burden that
>>>> this creates will end up simply costing potential resource members even
>>>> more.  and diverting afrinic’s meagre resources from matters that should be
>>>> addressed, as part of this region’s *future*.
>>> 
>>> 
>>> 
>>> Your claims about the cost and overheads on AFRINIC staff made me take a
>>> closer look. The claims are baseless and cloud objective discussion of the
>>> policy.  Anyone who thinks there will be any significant change in work done
>>> in Mauritius is wrong.
>> 
>> Well, I have been a RIR hostmaster/resource analyst and I can tell you
>> that audits
>> take very significant amounts of person hours (per audit).
> 
> I think that would depend on the frequency and complexity of the actual audits
> which is hard to know in advance. I suspect that the random audits proposed would
> not actually take all that much additional resource as they should already be
> largely accomplished by current procedures anyway.
> 
> To the extent that complaint audits result in a significant increase in workload,
> I think that we can solve that by giving some level of discretion to staff and
> management at AfriNIC to do the right thing and make some determinations about the
> credibility of a complaint before turning it into a full-blown audit. Where there’s
> the appearance of actual fraud, an audit is warranted. Where it looks like the
> complaint is most likely frivolous, it’s probably best to focus resources elsewhere.
> 
>> 
>> 
>> Perhaps staff could give us an estimate of the number of new FTE staff
>> they would need to hire (if any) to carry out such a policy?
>> 
>> 
>>> 
>>> In 3.3a, b and c, the authors propose classes of audit to make it efficient
>>> and cost-effective. On analysis, their proposal works.
>>> 
>>> a - Random - from Medium and Above, IPv6-only Large, EU-AS
>>> 
>>> b - Selected - This covers what AFRINIC currently does through initial
>>> allocation reviews, additional allocations reviews and any other internal
>>> reviews
>>> 
>>> c - Reported - Allows complaints about resource usage to be investigated -
>>> this could come from any member of the community, law enforcement,
>>> governments, CSIRTs,  peers, etc.  Also allows members to request self-audit
>>> .
>>> 
>>> As at 24/05  (a) constituted less than 9% of the total membership - 117 out
>>> of a total 1703 including legacy.
>>> 
>>> LIR Medium and above : 112
>>> End-users Medium and above: 5
>>> IPv6-only Large: 0
>>> EU-AS: 0
>>> 
>>> In terms of actual mechanism, a complaint registration form that collects
>>> enough information for an investigation is easy enough to provide.
>>>> 
>>>> 
>>>> however, i do not support this policy.
>>> 
>>> 
>>> What do you and the others with similar claims say now your assumptions have
>>> been proven wrong?
>> 
>> I say the same thing I said before.  the 'NIC already has the power to
>> audit and revoke resources.
>> 
>> I don't see what this proposal gives them that they don't already have.
> 
> I know that in the case of ARIN NRPM 12, we were not intending to give new audit powers to the staff, but, rather to constrain the powers they had and create guidelines so that both staff and the community had a more clear idea of how, when, and how often audits could occur.
> 

That is the exact purpose of the proposal.  

It's not about giving staff powers to do the audit. Section 1 and section 2 are clear..

>> 
>> Are we trying to prolong the lifespan of IPv4 with this proposal, or
>> just ensuring fair and equitable distribution?
> 
> I would certainly hope that it is the latter. The former is ill-advised and harmful. IPv4 has already been on NAT life-support for far too long. It is time to pull the plug on this beleaguered unfortunate soul and lay it to rest along side Novell, DECNET, OSI, ARCNET, and the many other distinguished network technologies that came before it.
> 

Yes it is, but why this focus on IPv4?  The policy proposal is about auditing all Internet Number Resources( IPv4,IPv6,ASN, etc.) compliance and cover all membership categories.


—Alain
> 
> Owen
> 
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20160527/144edcff/attachment-0001.html>

More information about the RPD mailing list