Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)"

CTO RENU cto at
Fri May 27 12:23:41 UTC 2016

Thanks Owen. 

This is very encouraging to see that beyond criticisms, we can have good suggestions to improve our policy proposals. 

We will take this into consideration. 

Kind regards, 

Nicholas Mbonimpa 

From: "Owen DeLong" <owen at> 
To: "Andrew Alston" <Andrew.Alston at> 
Cc: "AfriNIC RPD MList." <rpd at> 
Sent: Friday, May 27, 2016 10:45:08 AM 
Subject: Re: [rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)" 

On May 26, 2016, at 22:28 , Andrew Alston < Andrew.Alston at > wrote: 


Would the authors of this policy support an amendment to say that 

A.) Complaints must be PUBLIC, including the name and corporate affiiliation of the complaining entity clearly stated, with ALL evidence backing the complaint be published BEFORE the audit begins 

I would not support this amendment. It is overly burdensome and could require the disclosure of information proprietary to the complainer in terms of how their evidence was acquired or it may result in the undesirable disclosure of proprietary information of the party that is the subject of the complaint even if they have not actually done anything wrong. 

I trust the AfriNIC staff to properly evaluate complaints for credibility and act accordingly. I see no reason to make the entirety of the complaint and all evidence public. 

I would support a requirement that staff, upon receiving a complaint disclose the complainant, the subject of the complaint, and the general nature of the complaint. Upon completion of the investigation, staff should add a general description of the disposition of the complaint (e.g. “Determined not to be credible”, “Subject worked with AfriNIC voluntarily to restore compliance”, “Revoked the following resources: <list>”, etc.) 


B.) Complaints must be backed by Prima Facie evidence to back them up and so as to avoid frivolous complaints that simply tie up resources and are used to harass members 


I think that we can rely on staff to be an adequate gatekeeper for this sort of action. A complaint with no prima facie evidence should be treated by staff as less credible than one with adequate evidence. Staff should request additional evidence from the complainant if they do not feel that there is sufficient evidence for a prima facie case for investigation prior to involving the subject. 


C.) That no member may be audited under this process more than once in a 12 month period. 


I would support this amendment. 


The issue of if I will support this policy if the above 3 are implemented remains up in the air, but I will guarantee that I will not support it without those 3 amendments. 


I think this is too hard of a line in the sand and that you are being a bit absolutist. 

I agree with you about the problems you are attempting to address, but I believe your proposed solution is overboard and I think I have proposed reasonable compromises which can accommodate the desires of both sides. 




From: Omo Oaiya < Omo.Oaiya at > 
Date: Friday, 27 May 2016 at 7:04 AM 
To: "AfriNIC RPD MList." < rpd at > 
Subject: Re: [rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)" 

On 22 May 2016 at 21:32, Nishal Goburdhan < nishal at > wrote: 


i support the intent of the policy :-) but then, i think that most rational persons would. 


indeed ....especially now the authors and Owen have shown that most rational people do support such policies globally. 


but i think that the important part of this is being done now by staff, and, just probably not being communicated. i worry that the burden that this creates will end up simply costing potential resource members even more. and diverting afrinic’s meagre resources from matters that should be addressed, as part of this region’s *future*. 


Your claims about the cost and overheads on AFRINIC staff made me take a closer look. The claims are baseless and cloud objective discussion of the policy. Anyone who thinks there will be any significant change in work done in Mauritius is wrong. 

In 3.3a, b and c, the authors propose classes of audit to make it efficient and cost-effective. On analysis, their proposal works. 

a - Random - from Medium and Above, IPv6-only Large, EU-AS 

b - Selected - This covers what AFRINIC currently does through initial allocation reviews, additional allocations reviews and any other internal reviews 

c - Reported - Allows complaints about resource usage to be investigated - this could come from any member of the community, law enforcement, governments, CSIRTs, peers, etc. Also allows members to request self-audit . 

As at 24/05 (a) constituted less than 9% of the total membership - 117 out of a total 1703 including legacy. 

LIR Medium and above : 112 
End-users Medium and above: 5 
IPv6-only Large: 0 
EU-AS: 0 
In terms of actual mechanism, a complaint registration form that collects enough information for an investigation is easy enough to provide. 


however, i do not support this policy. 


What do you and the others with similar claims say now your assumptions have been proven wrong? 


RPD mailing list 
RPD at 


RPD mailing list 
RPD at 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list