Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Proposal Update received: Internet Number Resources Review by AFRINIC

Seun Ojedeji seun.ojedeji at gmail.com
Wed Nov 23 11:46:41 UTC 2016


Sent from my LG G4
Kindly excuse brevity and typos

On 23 Nov 2016 09:04, "ALAIN AINA" <aalain at trstech.net
<javascript:_e(%7B%7D,'cvml','aalain at trstech.net');>> wrote:
>
> hello,
>
> inline...
>>
>> On Nov 22, 2016, at 6:16 PM, Seun Ojedeji <seun.ojedeji at gmail.com
<javascript:_e(%7B%7D,'cvml','seun.ojedeji at gmail.com');>> wrote:
>>
>
>> SO: Well this would have been fine but in a unique environment that we
find ourselves
>
> which unique environment ? what makes our environment so unique ?
>

SO: Actually I don't often use that phrase but I note that it's been used
many times on this list to indicate that how we approach things doesn't
have to be "based on normal circumstances". My point was that some level of
effort should be expected from the complainant to reduce rate of
false/invalid complains and maximises staff time.

>> I think it's important to set minimum level of proof that is expected
from the complainant. This ensures that significant level of homework has
been done by whoever is raising a complain and maximises staff resources.
>
> hmmmm. Define all sort of use cases, abuses, frauds and incident
reportable and the level of proof to qualify them?
>

SO: My point was more on incision inclusion of trends and consistency in
complains; Wouldn't you agree that it would be more helpful if someone
presents proof that indicates consistent fraudulent act.

> This seems like a good topic for an informational RFC
>

SO: Oga Alain I hope you will agree with me that the statement above isn't
necessary, especially if we are supposed to be discussing with one another.

>> Perhaps I should add that it may be good that such complain is limited
and open to members alone (since those are the category with "direct stake"
in this)
>
> The Internet Number Ressources(INR) are public ressources and the
community at large is responsible for the management and good utilisation.
Furthermore the INRs  being used  impact everyone and not only AFRINIC
members. Report may come from AFRINIC members, but also  from end-users,
operators, CERTS/CSIRTs, Law enforcement, community member, etc...
>

SO: Would this not then be an abuse related issue and I wonder whether the
abuse policy does not already address this?

http://www.afrinic.net/library/policies/698-abuse-contact-information-in-the-afrinic-service-region


>> and has a more reliable mean to verify source of the complainant.
>
> Why is the source so important  if the facts and evidences are good
enough for the RIR ?
> In all cases AFRINIC will know and can verify the source.
>

SO: My point here is that just because one have an email address should not
be the only thing that identifies the complainant; Further details that
clearly identify the person with his/her affiliation is important and I was
hoping that this policy doesn't restrict the level of information that
staff can request to ascertain source of the complainant. From your
response I think we are on the same page with this one.


>> > - for 3.6 as long as the policy is in force, there must be a report as
there's Random  class review.
>> >
>> > Also,  3.6 does  not prescribe  naming  members. It allows Afrinic
staff to  decide  how to describe  the members, thus reviewed resources
and level of compliance.
>> >
>> SO: Maybe I am the one not interpreting the current text well. Below is
what it currently reads:
>>
>> "AFRINIC shall publish an annual report describing the *members* which
have been reviewed and their level of compliance."
>>
>>
> It sound like the  term “members” in the section 3.6 is  the problem… The
text shall then be amended to satisfy all.
>

SO: If the point implies that this proposal does not envisage/require staff
to publish the specifics of the members audited then we are both in order.

Secondly, my suggested edits about the flexibility in timing has not been
addressed. i.e Staff may indeed not see any need to run an audit throughout
the year hence the point about "annual" report would be misplaced. Will be
good to clarify that wording as well.

Regards



> "Describe the members” in AFRINIC context may at some point looks like:
>
> A- How many members have been reviewed :
>
> - By type:
>  LIR, End-users, etc…
>
> - By Category:
>  Xlarge, Large, Medium, small, etc…
>
> B- Type of ressources invloved:
>     ASN, IPv4 ,IPv6
>
> C- Level of compliance
>>
>> If indeed your intent is similar to mine then I see no reason why it
should not be clearly stated in the proposal as I suggested(or in the line
with that). I believe a proposal should be as unambiguous as much as
possible.
>>
>>
>
> We share the same vision here, but unambiguous does not mean make it
 meaningless  and non evolutive.
>
> —Alain
>
>
>> Regards
>>
>> > Kind Regards.
>> >
>> >
>> > Serge Ilunga
>> > Cell: +243814443160
>> > Skype: sergekbk
>> > R.D.Congo
>> > -------- Original message --------
>> > From: Seun Ojedeji <seun.ojedeji at gmail.com
<javascript:_e(%7B%7D,'cvml','seun.ojedeji at gmail.com');>>
>> > Date: 11/20/2016 09:33 (GMT+01:00)
>> > To: Dewole Ajao <dewole at forum.org.ng
<javascript:_e(%7B%7D,'cvml','dewole at forum.org.ng');>>
>> > Cc: rpd <rpd at afrinic.net
<javascript:_e(%7B%7D,'cvml','rpd at afrinic.net');>>
>> > Subject: Re: [rpd] Proposal Update received: Internet Number Resources
Review by AFRINIC
>> >
>> > Hello,
>> >
>> > May I suggest rewording of section 3.3.3b and 3.6 to the following:
>> >
>> > 3.3.3b:
>> >
>> > ....Complaints shall be backed by evidence, such evidence must have a
consistency duration of at least 3months and AFRINIC staff...."
>> >
>> > 3.6 Compliance Report
>> >
>> > As applicable, AFRINIC shall publish a summary of total number of unit
address (or an approximate prefix) reviewed and their level of compliance.
>> >
>> > Sent from my LG G4
>> > Kindly excuse brevity and typos
>> >
>> >
>> > On 19 Nov 2016 22:09, "Dewole Ajao" <dewole at forum.org.ng
<javascript:_e(%7B%7D,'cvml','dewole at forum.org.ng');>> wrote:
>> >>
>> >> Dear PDWG members,
>> >>
>> >> This is to inform you that authors of the policy proposal named
"Internet Number Resources Review by AFRINIC" have submitted an updated
version as displayed below. PDWG section of AFRINIC website will be updated
in due course.
>> >>
>> >> Thank you.
>> >> PDWG Co-Chairs
>> >>
>> >>
>> >> ------------------------[Proposal Header]-----------------------
>> >>
>> >> Unique identifier: AFPUB-2016-GEN-001-DRAFT03
>> >>
>> >>
>> >> Draft Policy Name: Internet Number Resources Review by AFRINIC
>> >> Author(s)
>> >>      (a) Arnaud A. A. AMELINA | arnaud.amelina at auf.org
<javascript:_e(%7B%7D,'cvml','arnaud.amelina at auf.org');> | AUT.TogoRER
>> >>      (b) Serge ILUNGA KABWIKA | sergekbk at gmail.com
<javascript:_e(%7B%7D,'cvml','sergekbk at gmail.com');> | Vodacom Congo SA
>> >>      (c) Jean-Baptiste MILLOGO | jbmillogo at gmail.com
<javascript:_e(%7B%7D,'cvml','jbmillogo at gmail.com');> | Airtel Burkina
>> >>      (d) DAHMANI ZAAFOURI Wafa | wafa at ati.tn
<javascript:_e(%7B%7D,'cvml','wafa at ati.tn');> | ATI
>> >>
>> >> Draft Policy
>> >>
>> >> Submission Date : 19 Nov. 2016
>> >>
>> >> Related Policies (where applicable)
>> >> Obsoletes : None
>> >> Amends : None
>> >>
>> >> ------------------------[Proposal Header]-----------------------
>> >>
>> >>
>> >> 1. As Internet Number resources are finite, their allocation is based
on the operational needs of end-users and Internet Services Providers,
while avoiding stockpiling in accordance with RFC7020, IPv4 Allocation
Policy CPM 5.5, IPv6 Allocation and assignment policy CPM 6.5 and Policy
for Autonomous System Numbers (ASN) Management in the AFRINIC region CPM
7.0.
>> >>
>> >> Section 4 of the Registration Service Agreement (RSA) provides the
framework for investigations of the usage of allocated Internet Number
resources, defines members’ obligation to cooperate and the measures to be
taken by AFRINIC in case of failure to comply.
>> >>
>> >> The lack of such investigation or regular control can lead to
inefficient usage of the Internet Number resources, to stockpiling and
other type of abuses.
>> >>
>> >>
>> >> 2.0 Summary of How this Proposal Addresses the Problem
>> >>
>> >> In order to ensure efficient and appropriate use of resources,
AFRINIC shall conduct regular reviews of resource utilization held by its
members. This would allow recovery of any type of resource, where usage is
not in compliance with the RSA. Those resources can be reallocated for
better usage.
>> >>
>> >>
>> >> 3.0 Proposal
>> >>
>> >> 3.1 The reviews shall be based on compliance with the terms outlined
in the RSA and Allocation/Assignment Policies.
>> >>
>> >>
>> >> 3.2 The reviews cover all allocated/Assigned resources, but priority
goes to IPv4 and ASN mappable to two-octet ASN.
>> >>
>> >>
>> >> 3.3 Classes of review: Members to be reviewed shall be selected
according to the following classes:
>> >>
>> >> 3.3.1 Random: The member is chosen by AFRINIC at random between
members of the following categories:
>> >>
>> >>     - Medium and above
>> >>     - IPv6-only Large
>> >>     - EU-AS
>> >>
>> >> 3.3.2 Selected:
>> >>
>> >> A member is selected because of an internal report or due to a lack
of contact between the AFRINIC and the member.
>> >>
>> >> 3.3.3 Reported: Here, members are reviewed either because:
>> >>
>> >>     a. They have requested the review themselves or
>> >>     b. There has been a community complaint made against them that
warrants investigation. Complaints shall be backed by evidence and AFRINIC
staff  shall evaluate the facts as appropriate to conduct the review.
However this review is not applicable to a member  with the same resources
portfolio on which a full review has been completed in the preceding 24
months.
>> >>
>> >>
>> >> 3.4 In case of non-compliance and if evidence has been established in
accordance with the non-exhaustive list below:
>> >>
>> >>     - Unjustified lack of visibility of the resource on the global
routing table.
>> >>     - Breach of AFRINIC policies.
>> >>     - Breach of the provisions of the registration service agreement
or other legal agreements between the organization holding the resource and
AFRINIC.
>> >>     - Evidence that an organisation is no more operating and its
blocks have not been transferred.
>> >>         - Unauthorized transfers of resources.
>> >>
>> >> AFRNIC shall initiate the resource recovery process.
>> >>
>> >> AFRINIC shall attempt to contact the organisation and correct any
discrepancy towards the RSA. If the situation cannot be rectified, AFRINIC
shall publish the resources to be recovered for a period of three (3)
months; during which the organisation may at any time, seek compliance.
After this period, the resource shall be recovered and therefore the
records of the previous holder of the recovered resource shall be removed
from AFRINIC’s databases.
>> >>
>> >> Any Internet Number Resources recovered under this policy may be
assigned/allocated under existing Allocation and Assignment Policies.
>> >>
>> >>
>> >> 3.5 Appeal procedure
>> >>
>> >> The review shall be conducted in full transparency and neutrality.
But if the result of the review does not appear to be fair, the reviewed
members has the right to appeal against the result. Appeals shall follow an
arbitration process as defined by AFRINIC, which shall publish the process
and the pool of arbitrators who shall be knowledgeable volunteers from the
community.
>> >>
>> >>
>> >> Outcome of the arbitration process are unequivocal
>> >>
>> >>
>> >> 3.6 Compliance Report
>> >>
>> >> AFRINIC shall publish an annual report describing the members which
have been reviewed and their level of compliance.
>> >>
>> >>
>> >> 3.7 Acknowledgement
>> >>
>> >> - The authors thank Mr. Alain AINA for his contribution in the
development of this Policy proposal.
>> >> - The authors also thank the community for the discussions and
contributions.
>> >>
>> >> 4.0 Revision History
>> >>
>> >> 18 May 2016 Version 1.0
>> >>
>> >> First Draft AFPUB-2016-GEN-001-DRAFT01 Posted on RPD list
>> >>
>> >> 05 Aug 2016 Version 2.0
>> >>
>> >>     - Change on the policy’s name
>> >>     - Addition of the Acknowledgement section
>> >>     - Rephrasing of section 3.3.3
>> >>
>> >> 19 Nov 2016 Version 3.0
>> >>     - Update of section 3.3.3 from discussions on mailing list
>> >>     - Update of section 3.7 (Aknowledgement) to thank the


-- 
------------------------------------------------------------------------





*Seun Ojedeji,Federal University Oye-Ekitiweb:      http://www.fuoye.edu.ng
<http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email:
<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
<seun.ojedeji at fuoye.edu.ng>*

Bringing another down does not take you up - think about your action!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20161123/54e930ab/attachment-0001.html>


More information about the RPD mailing list