Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Fwd: [arin-ppml] Micfo

Owen DeLong owen at delong.com
Thu May 16 09:13:54 UTC 2019



> On May 16, 2019, at 01:25 , Noah <noah at neo.co.tz> wrote:
> 
> 
> 
> On Thu, May 16, 2019 at 11:11 AM Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
> 
> 
>> On May 16, 2019, at 00:53 , Noah <noah at neo.co.tz <mailto:noah at neo.co.tz>> wrote:
>> 
>> 
>> On Thu, May 16, 2019 at 10:14 AM JORDI PALET MARTINEZ <jordi.palet at consulintel.es <mailto:jordi.palet at consulintel.es>> wrote:
>> And for that, a new policy was not needed.
>> 
>>  
>> Ok, lets just "assume" that you don't need policy to address fraud. Then what is the purpose of section 12 of the ARIN (Number Resource Policy Manual) [1] ?  
> 
> Section 12 was written to place limits on exactly what and how ARIN could conduct resource reviews against organizations in the ARIN region.
> 
> ARIN had virtually unlimited authority to do so prior to implementing section 12.
> 
> Notice that NRPM12 differs from the proposal under discussion here in a number of significant ways:
> 
> In no particular order, here are 5 of the most significant differences:
> 1.	The legal environment is very different
> 2.	The RSA is significantly different
> 3.	NRPM 12 does not require ARIN to make random audits
> 4.	NRPM 12 does not require ARIN to take action on complaints or to judge the voracity of complaints
> 	and go after organizations where ARIN cannot prove a lack of voracity.
> 5.	NRPM 12 gives ARIN staff significantly more discretion to be merciful in such reviews.
> 
>> Ooooh and If a member agreement is sufficient, then why is fraud addressed in ARIN number resource policy?
> 
> It isn’t really. You are thinking that NRPM creates the authority for ARIN to audit. In reality, NRPM 12 was passed in order to limit ARIN’s authority and prevent abuse.
> 
> 
> Well, in the ARIN NRPM section 12 subsection 2b.... I read below hence the whole debate around the fraud case which ARIN just won in the USA courts.
>     
> 2.ARIN may conduct such reviews:
> b. whenever ARIN has reason to believe that the resources were originally obtained fraudulently or in contravention of existing policy, or

Yes… NRPM 12 was written to limit ARIN’s ability to conduct such an audit to specific circumstances. Notice that random audits are NOT one of the criteria permitted.

We put NRPM 12 together specifically so that ARIN couldn’t engage in costly audits at random and to put other reasonable limitations on their ability to audit in a disruptive manner.

So, viewing this in historical context and having some knowledge of the authors’ motivations:

https://www.arin.net/vault/policy/proposals/2007_14.html <https://www.arin.net/vault/policy/proposals/2007_14.html>
Draft Policy 2007-14
Resource Review Process

Author: Owen DeLong, Stephen Sprunk


I say again that the goal of the AfirNIC proposal under discussion and the goal of 2007-14 which created NRPM 12 in the ARIN region are quite different, arguably diametrically opposed.

I quote from the rationale submitted with the policy proposal:

> Rationale:
> 

> Under current policy and existing RSAs, ARIN has an unlimited authority to audit or review a resource holder's utilization for compliance at any time and no requirement to communicate the results of any such review to the resource holder.
> 

> This policy attempts to balance the needs of the community and the potential for abuse of process by ARIN in a way that better clarifies the purpose, scope, and capabilities of ARIN and codifies some appropriate protections for resource holders while still preserving the ability for ARIN to address cases of fraud and abuse on an expedited basis. 
> 

> The intended nature of the review is to be no more invasive than what usually happens when an organization applies for additional resources. Additionally, paragraph 2c prevents ARIN from doing excessive without-cause reviews. 
> 

> The authors believe that this update addresses the majority of the feedback received from the community to date and addresses most of the concerns expressed.
> 



>> And lastly, If I may ask, how would you compare the AfriNIC RSA against the ARIN RSA?
> 
> I wouldn’t. They are quite different documents operating in very different legal traditions and legal environments. I will leave any such attempt at comparison to the lawyers. I have no interest in it.
> 
> Yes we can leave it to the legal folk but I also agree that they are quite different with the ARIN RSA more defined in cases of fraud and non-compliance. 

Well, you are certainly free to suggest improvements to the AfriNIC RSA if you feel they are needed.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20190516/e96b84ce/attachment-0001.html>


More information about the RPD mailing list