Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Andrew Alston Andrew.Alston at liquidtelecom.com
Wed Jun 28 12:20:12 UTC 2017 

Sami,

Sorry - but my problem here is - the type of information required by AfriNIC is not stated in the policy, and is ambiguous at best.

Those requirements have changed from application to application - and I have very little doubt the same will happen in audit situations - there is simply no way to know exactly what will be asked and how long it will take.  

I have had applications where I have seen requests for direct access to routers - to the point where I saw someone attempt to issue such access and it caused a major problem.
I have been asked for information in application scenarios which was DEEPLY confidential - again - to the point where I was forced to ask for an NDA - and on refusal - walk out without supplying said information
I have spent hours redacting information that was demanded that was out of scope of policy.

To say that the information this required is simply this - you have no way to verify that - and no way to state that categorically.

Andrew


-----Original Message-----
From: Sami [mailto:s.aitalioulahcen at cnrst.ma] 
Sent: 28 June 2017 15:15
To: rpd at afrinic.net
Subject: Re: [rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Hi,

I've been reading through the discussions of this policy for some time and frankly, I think it took some weird turns at times.

To address some of the valid concerns. The audit some people are talking about here are full audits and they certainly take time and considerable resources. Although the kind of output that should be expected from AfriNIC are simply in the form of "we have about x million (verifiable
approximations) of clients and x+1 million of IP resources. Meaning we use most of our resources, thus our allocations are justified". No sensitive information should be involved, since such information is usually available for the public.

As for the second concern, people (or companies) shouldn't be worried about resource loss since this only happens if the resources are "not"
used or are used outside the African continent, in which case it shouldn't  be AfriNIC that gets sued but the company itself.

As a side not, I'd like to point out that "dick measuring" (please excuse the term) does not belong in this list, nor do personal attacks.
We discuss policies not people.


Eid mubarak to all

Greetings from Rabat


--
Sami
GPG Key ID: 0x36d57440

More information about the RPD mailing list