Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] [Community-Discuss] Update to Resources review policy proposal

Arnaud AMELINA amelnaud at gmail.com
Sun Nov 27 15:17:11 UTC 2016


2016-11-26 5:23 GMT+00:00 Lu Heng <h.lu at anytimechinese.com>:

> Hi Danny:
>
> See inline
>
> On 25 November 2016 at 18:54, Danny <afahounko at gmail.com> wrote:
>
>> Lu,
>>
>> What I get from this email is that if someone steals a valuable from you
>> and sells it for big money, you better keep quiet, otherwise, s/he will
>> take you to court with that same money stolen from you?
>>
>
> What I am saying is, when someone steal valuable from you, you do not go
> to your bookkeeper, you go to police. And Afrinic is an bookkeeper, not an
> police, it does not has any function, or the resource needed to be an
> enforce power.
>
>
>
>>
>> Section 3.4 of the policy reads: << AFRINIC shall attempt to contact the
>> organization and correct any discrepancy towards the RSA. If the situation
>> cannot be rectified, AFRINIC shall publish the resources to be recovered
>> for a period of three (3) months; during which the organization may at any
>> time, seek compliance. After this period, the resource shall be recovered
>> and therefore the records of the previous holder of the recovered resource
>> shall be removed from AFRINIC’s databases. >> You can see that even in case
>> of discrepancy there’s a process to encourage the Member to seek
>> compliance. The intent of the policy is to encourage compliance and not
>> proceed to resources revocation as first measure. Resources revocation
>> wouldn’t happen if it has to affect end users on African continent.
>>
>> In the case of your hypothetical court case, this is a non-issue. This is
>> a legal issue where 3 stakeholders are involved : AfriNIC, the Member and
>> the Government . AfriNIC and his member are tied through RSA. The Member
>> and its government are tied through operational License. RSA and license
>> define the responsibility of each party.
>>
>> Therefore RSA and License need to be treated with the same level of
>> commitment and any Members shall comply with each of them (RSA and
>> Operational license).
>>
>
> Well, connectivity will need IP address to work, when an org does not
> comply with policy its connectivity to its end customer therefore in danger
> by current RSA, in which, I believe it will put Afrinic in danger instead
> if Afrinic start acting like an enforcing power and managing power to this
> continent's IT infrastructure.
>
> RSA are backed by 30 people with 4 million dollar's budget, and License
> are backed by government with real police and army to enforce it. No
> governing body will function without real power backing it, for now,
> Afrinic does not have that.
>
> If you really want to Afrinic start acting like an enforcing power, then
> maybe Africa government forum will be a more appreciate place to get people
> in real power agreed on.
>

*Legal:*

   - *The RSA is a community approved document and all members are bound by
   each and every clause thereof once they sign the agreement. It is a
   contract where both parties subscribe to clear obligations.*
   - *In application of the law of contract of Mauritius as found in
   Article 1134 of the Mauritius Civil Code Section 4, the RSA is already
   binding, as a result, on all members who sign the agreement.*
   - *It is perfectly lawful , in terms of the application of the Mauritius
   Civil Code , for AFRINIC to act under the said section and reclaim
   resources from those members who/which fail an audit/review exercise.*
   -
*The policy can do no more than allow AFRINIC to do what it is already
   doing in a clear and transparent manner on the basis of a community
   approved document. *


http://afrinic.net/en/community/policy-development/policy-proposals/1947-internet-number-resources-review-by-afrinic

Regards
Arnaud


>
>> regards,
>> --Danny
>>
>> 2016-11-24 1:26 GMT+04:00 Lu Heng <h.lu at anytimechinese.com>:
>>
>>> Hi
>>>
>>> I'd like to contribute my own 2 cents.
>>>
>>> Let's assume, this policy really putting into action and found a policy
>>> breach, stay with me with the example(so let's say the policy in fact works
>>> on its purpose of finding policy breach):
>>>
>>> National telecom A from country B has a lot of its practice that not
>>> following the policy,Afrinic therefore by RSA trying to reclaim the address
>>> from the national telecom A from the requested audit.
>>>
>>> Because of the reclamation, a lot of people lost their connection in
>>> country B.
>>>
>>> National telecom taking Afrinic to court and country B government
>>> talking to UN and ITU to dismiss Afrinic.
>>>
>>> Does Afrinic, being an 30 people organization with only 4 million dollar
>>> in budget, even stay a chance to fight them at all?
>>>
>>> So this reclamation will risk the very existence of Afrinic, for a maybe
>>> a /15 misused address, seriously is it worth it for the community as a
>>> whole?
>>>
>>> Maybe some would claim that not every company has 4 million in budget,
>>> not every member that Afrinic are not able to fight in court, the simple
>>> truth is, the one are smaller than Afrinic in size and budget, their space
>>> will be small enough that will not make difference for the community(audit
>>> an /22 and get it back will really worth nothing to the community, and you
>>> can hardly call /22 stock piling as well).
>>>
>>> And any company go though RIR process and justified their need in which
>>> is greater than, let's say, /16, will surely have multiple times size of
>>> Afrinic with much stronger financial power, Afrinic can not afford fighting
>>> them in court under today's condition. Let's face it, Afrinic has no real
>>> enforcement power like some might think it does, Afrinic is an registration
>>> service, it already does everything it can during the process issuing the
>>> IP address to make sure fair distribution according to the policy, and keep
>>> the whois database accurate, that is all what community ask them to do, and
>>> that is all what Afrinic capable of doing.
>>>
>>> There is no single RIR, RIPE NCC being 5 times bigger budget than
>>> Afrinic included, are able to reclaim address from member who do not need
>>> them anymore, and that is the exact reason why we have a transfer policy in
>>> most of the region now. People transferring are clearly not needing address
>>> anymore, why none of RIR today reclaim them from the holder? There might be
>>> quite few argument to that, but the one I understand is, none of them able
>>> to, most large block holder, if not all, are multiple size of the RIR both
>>> in number of staff and financial power, sometime even in political
>>> influence, and it is really not worth to risk all the member fees to fight
>>> an single member(or multiple members, consider the amount of transfer
>>> happening every month). *Market works better than central planning*,
>>> communist country learned this in hard way.
>>>
>>> *What is the normal practice in every region until now, is that,
>>> assignment can be cancelled by RIR, however, allocation are untouchable
>>> once it is issued, no RIR has ever in history claimed back an allocation
>>> from member due to insufficient usage. *Not to mention Afrinic being
>>> the smallest, least funded RIR among them all.
>>>
>>> Let's distribute the rest v4 at fair pace, and stop asking Afrinic
>>> acting as communist country's central government, *all Afrinic has is
>>> an database, with 30 people maintain it under 4 million USD budget,*
>>> the only reason all those government and large telecom leave Afrinic alone,
>>> is because Afrinic does not claim any power but only maintain the database,
>>> once Afrinic claim its power to manage whole continent's
>>> infrastructure(like one of the hostmaster mistakenly claimed in one of
>>> Afrinic meeting), it will simply be the day Afrinic ends as we know it. *For
>>> that power, we will need a much bigger Afrinic with each country's gov
>>> setting on the board to decided things(and enforce it with real power),
>>> just like you see in most international governing organizations.*
>>>
>>> So please keep Afrinic doing registration service alone, like Rob, the
>>> first RIPE chair and much respected globe community member once said, *RIR
>>> are bookkeepers, nothing more.* The wise man help establish the RIR
>>> system as we know it today, and I believe its bookkeeper analogy are what
>>> protect the RIR's very existence for past 3 decates.
>>>
>>> Otherwise, you will need not just a policy to make the intend of this
>>> policy work, *you will need high level enforcement power from the each
>>> countries' government, and you will need a much bigger Afrinic, or rather,
>>> "Africa internet government".*
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 22 November 2016 at 17:46, Andrew Alston <
>>> Andrew.Alston at liquidtelecom.com> wrote:
>>>
>>> Saul,
>>>
>>>
>>>
>>> As I have stated – due to all evidence presented to me – and while I
>>> cannot go beyond the evidence presented to me and this is merely an
>>> opinion, because I am not a mind reader, my opinion is that there are
>>> motivations behind this policy which are not being clearly stated.  I
>>> personally believe that this policy is designed to give a platform to after
>>> specific individuals who there is a mistaken belief are misusing resources
>>> because people don’t like the fact that they got them in the first place in
>>> full compliance with the policies.
>>>
>>>
>>>
>>> I personally believe that there is a reason why the authors of this
>>> policy have refused to put the safe guards in place that have been
>>> requested, including the mandatory disclosure of the complainant to the
>>> person who is being complained about, and the reasons strike me as deeply
>>> nefarious.
>>>
>>>
>>>
>>> As I said – that is a personal opinion, I leave everyone else to review
>>> everything I have said in previous emails and come to their own conclusions
>>> as to the real motivations behind this.  My objections to this policy stand
>>> based on its ease at which it can be used by operators to harass other
>>> operators with absolutely no recourse to the one being harassed.  My
>>> objections to this policy also stand based on the fact that there is
>>> absolutely zero evidence provided that the abuse that the authors claim
>>> this policy is attempting to deal with exist at all, and based on that the
>>> policy is attempting to deal with a situation that is entirely hypothetical
>>> while having serious ramifications.  My objections to this policy stand,
>>> based on the fact that as of yet, no one is prepared to state how these
>>> audits are meant to occur, or on what basis a complainant can trigger an
>>> audit and what evidence they have to provide to substantiate their
>>> complaint, other than lack of visibility in the routing table.  And if we
>>> use visibility in the routing table – the total amount of space is so
>>> negligible in the context of allocations the policy has absolutely zero
>>> purpose other than to hurt AfriNIC revenues.
>>>
>>>
>>>
>>>
>>>
>>> Andrew
>>>
>>>
>>>
>>>
>>>
>>> *From:* Saul Stein [mailto:saul at enetworks.co.za]
>>> *Sent:* 22 November 2016 12:07
>>> *To:* Badru Ntege <badru.ntege at nftconsult.com>; Andrew Alston <
>>> Andrew.Alston at liquidtelecom.com>; Dewole Ajao <dewole at forum.org.ng>;
>>> sergekbk <sergekbk at gmail.com>; Arnaud AMELINA <amelnaud at gmail.com>; rpd
>>> >> AfriNIC Resource Policy <rpd at afrinic.net>
>>> *Subject:* RE: [rpd] [Community-Discuss] Update to Resources review
>>> policy proposal
>>>
>>>
>>>
>>> Have I perhaps missed the point here, but what is the purpose of this
>>> policy?
>>>
>>> 1)      Is the purpose that there is no current way to reclaim
>>> resources fraudulently applied for?
>>>
>>> 2)      Preserve v4 space (but this policy would have to be for v6 too
>>> – I’d hate to have to audit all that space)
>>>
>>> 3)      To remove space that people are no longer using?
>>>
>>> 4)      Preserve v4 space?
>>>
>>>
>>>
>>> It is one thing saying that there is a need to audit, but for what
>>> purpose? And by purpose I am including the ultimate goal and objectives,
>>> since there is no point in saying lets audit and then there is no
>>> ramifications expect to AFRINIC earning less revenue from the resources it
>>> charges for.
>>>
>>>
>>>
>>> *From:* Badru Ntege [mailto:badru.ntege at nftconsult.com
>>> <badru.ntege at nftconsult.com>]
>>> *Sent:* 17 November 2016 07:09 AM
>>> *To:* Andrew Alston <Andrew.Alston at liquidtelecom.com>; Dewole Ajao <
>>> dewole at forum.org.ng>; sergekbk <sergekbk at gmail.com>; Arnaud AMELINA <
>>> amelnaud at gmail.com>; rpd >> AfriNIC Resource Policy <rpd at afrinic.net>
>>> *Subject:* Re: [rpd] [Community-Discuss] Update to Resources review
>>> policy proposal
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 11/16/16, 1:43 PM, "Andrew Alston" <Andrew.Alston at liquidtelecom.com>
>>> wrote:
>>>
>>>
>>>
>>> So,
>>>
>>>
>>>
>>> I have a hypothetical question – and it will become a lot less
>>> hypothetical once I’ve run the numbers which I’m currently doing.
>>>
>>>
>>>
>>> Let’s say we implement this audit policy – and then – because we have to
>>> act consistently – we act against every member who is not announcing space
>>> because they cannot justify not announcing it – and we terminate their
>>> membership.
>>>
>>>
>>>
>>> Are the authors of this policy and those supporting it prepared to bear
>>> the cost of the fee increases that would be necessary to back fill the loss
>>> in revenue that would effectively bankrupt AfriNIC?  Running through the
>>> preliminary statistics – firstly the auditing process would be immensely
>>> expensive in HR cost – secondly – termination of members that aren’t
>>> “legitimately” announcing space by rough calculations could cost AfriNIC in
>>> excess of 15% of its revenue by the latest numbers available in the
>>> financial reports and correlating the unannounced space that is allocated
>>> with the billing file.
>>>
>>>
>>>
>>> I hardly believe that a drop in 15% of revenue would bankrupt AfriNIC
>>> ??.    If that’s the case then our problems are bigger than an Audit.
>>> Which I definitely doubt.
>>>
>>>
>>>
>>> Lets not add scary variables to support opposition to a policy.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Now, some would argue that is all the more reason to implement the audit
>>> policy – but here is a wake up call – the space you would recover in that
>>> call on those calculations – amounts to less than 10% of space that AfriNIC
>>> has allocated legitimately since May – so effectively, for the gain of
>>> looking tough and being rigid, we may end up bankrupting the organisation
>>> while recovering potentially a /15 worth of space.  Alternatively, from any
>>> logical business perspective – that money would have to be recovered from
>>> the members who are legitimately announcing space – because it certainly
>>> can’t just disappear.
>>>
>>>
>>>
>>> So, has anyone ACTUALLY thought through the implications of this
>>> policy?  I remain firmly opposed.
>>>
>>>
>>>
>>> Andrew
>>>
>>>
>>>
>>>
>>>
>>> *From:* Dewole Ajao [mailto:dewole at forum.org.ng <dewole at forum.org.ng>]
>>> *Sent:* 16 November 2016 12:52
>>> *To:* sergekbk <sergekbk at gmail.com>; Arnaud AMELINA <amelnaud at gmail.com>;
>>> rpd >> AfriNIC Resource Policy <rpd at afrinic.net>; General Discussions
>>> of AFRINIC <community-discuss at afrinic.net>
>>> *Subject:* Re: [Community-Discuss] Update to Resources review policy
>>> proposal
>>>
>>>
>>>
>>> I think all policies (if we really intend to implement them) must be
>>> clear and leave no room for variable interpretation as ambiguity will put
>>> additional burdens of interpretation on staff.
>>>
>>> If the community's preference is for the 24-month window to become
>>> invalid on allocation/assignment of new resources, then the policy
>>> (proposal) should state it clearly; If on the other hand, the intention is
>>> for the 24-month window to stay in place come-what-may, it's better for the
>>> policy (proposal) to be explicit about it.
>>>
>>> Please see below, additional questions for the community to consider.
>>> Hopefully, they can be discussed and the authors can (if they so choose,)
>>> take the inputs from the community into their modified proposal.
>>>
>>> 3.3.2 Selected:
>>>
>>>
>>> A member is selected because of an internal report or due to a lack of
>>> contact between the AFRINIC and the member.
>>>
>>> Q1. Do we presently have an existing (effective) structure (apart from
>>> billing) that measures degree of contact with members?
>>> If there is no agreed means of measuring the degree contact, we need to
>>> define degrees of contact so that "lack of contact" (as referred to in the
>>> proposal) can be measured objectively.
>>>
>>> *Perhaps as a first step for ensuring regular contact without using up
>>> too many resources, this proposal might want to borrow a leaf from RIPE's
>>> Assisted Registry Check (ARC). See
>>> https://www.ripe.net/manage-ips-and-asns/resource-management/assisted-registry-check
>>> <https://www.ripe.net/manage-ips-and-asns/resource-management/assisted-registry-check>*
>>>
>>> *Basically, the RIR does a consistency check on members' Registry,
>>> Resource, and Route/rDNS information and then sends emails to the contacts
>>> on file showing their view. They then schedule a telephone call to work
>>> with the member and fix any identified issues. *
>>>
>>> *My understanding from RIPE is that these non-invasive checks sometimes
>>> reveal issues that may warrant more detailed investigation. The primary
>>> model is by random checks but done in a manner that checks every member at
>>> least once in 3 years (given the size of RIPE). They also have ARCs that
>>> are initiated as a result of information received from the member or third
>>> parties. *
>>>
>>> Q2. Can reachability/cooperation of a member for such a consistency
>>> check-and-fix activity as described above be used to measure the degree of
>>> contact?
>>>
>>> Q3. Given the fact that time taken for consistency checks are more
>>> predictable, can these be implemented as a preliminary step in addressing
>>> the "lack of investigation" problem as well as the concern about taking up
>>> much of members' and/or AFRINIC hostmasters' time?
>>>
>>> Regards,
>>> Dewole.
>>> (with apologies for continuing the cross-posting between RPD and
>>> Community-discuss)
>>>
>>> On 15/11/2016 20:18, sergekbk wrote:
>>>
>>> Hello Dewole,
>>>
>>>
>>> Thanks for this comment.
>>> The limit of 24 months applies to a member based on ressources
>>> portfolio.  If  the portfolio  changes with new allocation,   member can be
>>> audited  anytime on the new ressources if required.
>>>
>>> Is this clear enough or shall we make  it explicit  ?
>>>
>>> Kind Regards.
>>>
>>>
>>>
>>> *Serge Ilunga*
>>>
>>> *Cell: +243814443160 <%2B243814443160>*
>>>
>>> *Skype: sergekbk*
>>>
>>> *R.D.Congo*
>>>
>>> -------- Original message --------
>>>
>>> From: Dewole Ajao <dewole at tinitop.com> <dewole at tinitop.com>
>>>
>>> Date: 11/15/2016 11:38 (GMT+01:00)
>>>
>>> To: Arnaud AMELINA <amelnaud at gmail.com> <amelnaud at gmail.com>, "rpd >>
>>> AfriNIC Resource Policy" <rpd at afrinic.net> <rpd at afrinic.net>, General
>>> Discussions of AFRINIC <community-discuss at afrinic.net>
>>> <community-discuss at afrinic.net>
>>>
>>> Subject: Re: [Community-Discuss] Update to Resources review policy
>>> proposal
>>>
>>>
>>>
>>> Thanks for working to apply the community's input to your proposal,
>>> Arnaud.
>>>
>>> To test the proposed re-wording, consider the following sequence of
>>> events:
>>>
>>> Member XYZ initiates self-requested review;
>>> Review is completed by AFRINIC in X weeks;
>>> After review, Member XYZ applies for "large chunk" of number resources;
>>> Member XYZ receives "large chunk" of number resources in say 60 days;
>>> Member XYZ happens to make some unacceptable use of (previous or new)
>>> number resources and it somehow becomes known to the community;
>>> Regardless of convincing evidence, Member XYZ cannot be subjected to a
>>> review until 24 months have elapsed since the last review.
>>>
>>> Is this a design feature or a bug?
>>>
>>> Regards,
>>>
>>> Dewole.
>>>
>>>
>>>
>>> On 15/11/2016 10:48, Arnaud AMELINA wrote:
>>>
>>> Hi community !
>>> Following, recent discussions and in accordance with text proposal from
>>> Owen and others contributors, authors propose this as replacement to the
>>> section 3.3.3
>>>
>>> -'---old version---''
>>>
>>> 3.3.3 Reported: Here, members are reviewed either because:
>>>
>>> a. They have requested the review themselves or
>>> b. There has been a community complaint made against them that warrants
>>> investigation.
>>>
>>> ----new version-----
>>>
>>> 3.3.3 Reported: Here, members are reviewed either because:
>>>
>>> a..They have requested the review themselves or
>>> b. There has been a community complaint made against them that warrants
>>> investigation. Complaints shall be backed by evidence and AFRINIC  staff
>>> shall evaluate the facts as appropriate to conduct the review. However this
>>> review is not applicable to a member  on which a full review has been
>>> completed in the preceding 24 months.
>>>
>>> Regards.
>>>
>>> Arnaud.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> Community-Discuss mailing list
>>>
>>> Community-Discuss at afrinic.net
>>>
>>> https://lists.afrinic.net/mailman/listinfo/community-discuss
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ RPD mailing list
>>> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>>
>>>
>>>
>>> --
>>> --
>>> Kind regards.
>>> Lu
>>>
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>>
>>
>
>
> --
> --
> Kind regards.
> Lu
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20161127/05876e3e/attachment-0001.html>


More information about the RPD mailing list