Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Policy Compliance Dashboard - AFPUB-2020-GEN-001-DRAFT01

Gregoire EHOUMI gregoire.ehoumi at yahoo.fr
Thu Aug 27 04:04:42 UTC 2020


Thanks Jordi for the responses.

Let not miss the essences of my comments which are :

- let staff do what fall under operation

- be less prescriptive to avoid interpretations and give AFRINIC the flexibility to take necessary actions when appropriate

- allow the compliance to apply to policy context evolution over time.


—Greg



> On Aug 26, 2020, at 5:00 PM, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> wrote:

>

> Hi Gregoire,

>

> Sorry, totally missed this email. I could not find it in my inbox, don’t know the reason …

>

> Tks for your inputs and see my responses below, in-line as [Jordi].

>

> Regards,

> Jordi

>

> @jordipalet

>

>

>

>

>

> El 26/8/20 22:11, "gregoire.ehoumi" <gregoire.ehoumi at yahoo.fr <mailto:gregoire.ehoumi at yahoo.fr>> escribió:

>

> Hello Jordi and co-authors,

>

> See my email below, in case you missed it.

>

> Best regards,

> — Greg

>

>

>> On Aug 12, 2020, at 3:32 PM, Gregoire EHOUMI via RPD <rpd at afrinic.net <mailto:rpd at afrinic.net>> wrote:

>>

>> Jordi and team,

>>

>> Thanks for putting together this proposal. Review of usage of distributed resources is an important instrument to assess how we collectively assume the responsibilities associated to the right to use the numbers. It also helps assess effectiveness of our policies and ease their evolution.

>>

>> Below are few questions to help clarify some aspects and improve the proposal.

>>

>> 1- ######

>> Section 2 Summary of how this proposal addresses the problem

>>

>> “Considering the exhaustion of IPv4, recovered/returned IPv4 resources are placed at the end of the actual pool. However, other resources are quarantined for a period of 2 years. This way, the staff can take measures to ensure that all the resources are as clean as possible, before being allocated/assigned again.”

>> #####

>> why no provision for quarantine and clean of v4?

>>

>> [Jordi] We have no more IPv4 resources. If we set a quarantine period in the policy, it will be mandatory and people willing to receive them need to wait, or we need to send a policy proposal to change it again. At the moment there is already an internal procedure that does that. The internal procedure could be modified if needed. The policy text needs more time to achieve the same. Why you want to quarantine resources that may be “clean” or “needed even if not 100% clean”?

>>

>> 2- ######

>> Section 3(2) Policy Compliance Dashboard

>>

>> “Contractual obligations (such as status of payments or documents).

>> Lack of response from the member.

>> Unused or unannounced resources (where mandatory).

>> Unavailable or outdated Whois information.

>> Lack of maintenance of the reverse delegation.

>> Forbidden sub-assignments (from PI assignments).

>> Unauthorized transfers.

>> Tracking of repeated and/or continued policy violations.”

>> ######

>>

>> How is list on compliance measures evolved? Is it that every new policy specify dashboard impact and what to measure in order to assess compliance?

>>

>> [Jordi] The list is “such as”, so just examples of what we believe are the starting points. But the dashboard proposal sets only the framework, so the staff can do the same with every possible CPM/RSA aspect that can be automated.

>>

>> 3- ######

>> 3(3) Notifications

>>

>> “The dashboard will automatically send notifications of the status of compliance to members, after each review or dashboard update. “

>> ######

>> With what periodicity are members reviewed?

>>

>> [Jordi] Being automated, the idea is that it is “continuously run”. It is difficult to set specific periodicity, because it may take just hours to check “again” if resources are announced (an example), vs another different “test” that may need weeks to re-check the status of all the members. There may be operational decisions, such as “even if we can test this every week, do we really need to do at that speed” (AFRINIC DC bandwidth, members bandwidth, computational and power resources, etc.).

>>

>> 4- ######

>> 3(4) Lack of Compliance

>>

>> “AFRINIC will be able to initiate a more exhaustive investigation and take further actions, according to the RSA, when there is evidence suggesting that there is a lack of compliance. “

>> ######

>>

>> This should not overrule Afrinic right to investigate and take action under RSA at anytime

>>

>> [Jordi] And is not the case. RSA is *on top* of CPM when relates to member obligations. However, the CPM can reinforce the compliance with the RSA.

>>

>> 5- ######

>> 3(5) Service Withholding, Revocation or Member Closure

>>

>> “Unauthorized transfers, lack of payment or document fraud, once confirmed, will be cause of the revocation of the services and member closure. “

>> ######

>>

>> Are these the only conditions for revocation? What about other provisions in RSA eg fraud, misrepresentation, abuse or other acts contrary to RSA etc?

>>

>> [Jordi] As said above. RSA is *on top*. This is not changing the RSA. We, considered that those are key aspects that should be protected by the community (via the CPM) in case the RSA is not doing that already.

>>

>> 6- ######

>>

>> “f. All other provisions specified in the RSA and Bylaws will apply.”

>>

>> ######

>> Why other provisions only? Should be all provisions apply as Afrinic should not loose any of its powers in RSA and bylaws

>>

>> [Jordi] This is an informative/clarifying text, we could even omit it and the result is the same. Even if we don’t say that, when a member signs the RSA, is being obligated by the bylaws, and the RSA, and *anything* indicated in those documents. Those “other documents”, can changed over the time, as that is a board/membership decision and the CPM is not affected by that. If we have an explicit mention of other document in the policy, it may become “broken” if “other documents” change.

>>

>> 7- ######

>> 3(9) Use of Recovered or Returned Resources

>>

>> “IPv4 resources will be incorporated at the “end” of the pool in force at the time of the recovery or return, for use in the order in which they have been added to that pool. “

>> ######

>>

>> Why treating v4 resources differently and prescribing a queuing policy? Is this not better to leave to staff to manage?

>>

>> [Jordi] As said before, this leaves to the staff to manage it, but I think, it is obvious that it should be re-used, as they are recovered (you recover, clean if needed, quarantine if needed, put them back into the appropriate pool). See the mention of RFC7020 which allows that staff to adapt this if needed.

>>

>> 8- ######

>> “The IPv6 and ASN resources will be incorporated into their respective pools, after 2 years of their recovery or return. “

>> ######

>>

>> Why 2 years quarantine for v6 and a queuing policy for v4?

>>

>> [Jordi] Because there is no lack of ASN and IPv6 resources. So, it is the easier way to handle it. However see the mention of RFC7020 section 2, that allows the staff …

>>

>> 9- ######

>> section 3(6)..

>> "When the revocation of resources involves essential strategic infrastructure that is necessary for the operation of the Internet in the region, or in exceptional situations such as natural disasters or political instability, the AFRINIC Board may extend the resource revocation period"

>> ######

>>

>> What is the definition of “essential strategic infrastructure” ? How long may the board extend the revocation period? And what actions the parties must take during this period?

>>

>> As for the exceptional situations, can we leave them to be handled by staff as they deal with in normal operation?

>>

>>

>> [Jordi] I understand that those strategic infrastructures are well defined (ccTLDs, IXPs, etc.). We believe that is better not to try to redefine it, and leave to the board. Otherwise we enter into a discussion nightmare about how much time, what is strategic and what not, etc. In every exceptional situation, because it is exceptional, need to be considered by the board. The staff will suggest the board what to do, but it should be up to the membership representation (the board) to formally decide on that.

>>

>> HTH

>>

>> - Greg

>>

>>

>> -------- Original message --------

>> From: JORDI PALET MARTINEZ via RPD <rpd at afrinic.net <mailto:rpd at afrinic.net>>

>> Date: 2020-08-05 5:58 a.m. (GMT-05:00)

>> To: rpd at afrinic.net <mailto:rpd at afrinic.net>

>> Subject: [rpd] Policy Compliance Dashboard - AFPUB-2020-GEN-001-DRAFT01

>>

>> Hi all,

>>

>> I will like to know if anyone has any inputs for the proposal "Policy Compliance Dashboard" (Draft1) - AFPUB-2020-GEN-001-DRAFT01.

>>

>> https://www.afrinic.net/policy/proposals/2020-gen-001-d1#proposal <https://www.afrinic.net/policy/proposals/2020-gen-001-d1#proposal>

>>

>> It will be also good to get at least, a draft impact analysis from the staff. Even if it is not a complete/formal one it will be fine, just the key points/issues that they want to consider, if any.

>>

>> It is not nice to get issues presented the same day that we should reach consensus, when we have the opportunity, several weeks ahead, to resolve them!

>>

>> Those inputs, could be used to improve this version if we get them during this week or early next one, so we have an updated version to be presented in the on-line PPM.

>>

>> So please, provide your comments.

>>

>> Tks!

>>

>> Regards,

>> Jordi

>> @jordipalet

>>

>>

>>

>>

>>

>> **********************************************

>> IPv4 is over

>> Are you ready for the new Internet ?

>> http://www.theipv6company.com <http://www.theipv6company.com/>

>> The IPv6 Company

>>

>> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

>>

>>

>>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net <mailto:RPD at afrinic.net>

>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net <mailto:RPD at afrinic.net>

>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com <http://www.theipv6company.com/>

> The IPv6 Company

>

> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200827/e7a2a475/attachment-0001.html>


More information about the RPD mailing list