Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] IPv4 Inter-RIR Resource Transfers (Comprehensive Scope) - AFPUB-2019-IPv4-002-DRAFT07

Owen DeLong owen at delong.com
Tue Nov 16 15:09:52 UTC 2021



> On Nov 16, 2021, at 00:47 , JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> wrote:
> 
> Regarding the bylaws vs PDP.
>  
> ARIN may be a strange case, but if you look at LACNIC, APNIC and RIPE (as you said already), there is no such interference.

That is more coincidence than structure. Such interference is not precluded by the structure, it simply hasn’t come up yet in LACNIC and APNIC (perhaps). I haven’t done a sufficiently comprehensive study of the history to say for certain about occurrence. But I can say that structurally, it is certainly possible in both of those cases.
 
> The community is always on top of the Board, in terms of responsibility on the PDP and resource decisions. Otherwise, consensus, community, etc., etc., will be a pure fiction and the RIR systems will be pure theater!.

Nope.

In APNIC, for example, the community comes to consensus on a policy, the co-chairs determine that to be the case, and then the EC has the option to ratify it or not.

I believe the same occurs in LACNIC.

> The Board can’t take decisions that harm the membership or organization, that’s right, but if those decision come because the bylaws are written in a conflictive way with the community or the country legislation is simply not understanding what are the resources and what is the community, then: a) the bylaws should be amended, b) the organization must be changed to a country where the jurisdiction doesn’t create those problems. If this I not approached soon, the community has the right to form another RIR that either replaces AFRINIC, or set it in a different country. Note that I’m *not* for that, but to avoid that, the organization must resolve those conflicts.

A more accurate statement would be that the board SHOULD NOT make decisions that harm the organization or the membership.

There are many areas where I believe the AFRINIC bylaws should be amended. However, it is not possible to remove the fiduciary responsibilities of the board members of a company chartered under the Mauritian companies act. The same is true in every jurisdiction where I have any knowledge of the governing laws for such things. I suppose it’s possible there is some location where this is not the case, but I suspect it is not likely.

If the community creates another RIR, who’s to say ICANN will grant it accreditation if the NRO objects? How would such an RIR interact with the NRO, ICANN (as the IANA functions provider), etc.? Remember, ICP-2 provides a set of requirements before ICANN may grant accreditation. It does NOT (contrary to popular belief) provide governance of an RIR once accredited, nor does it force ICANN to accredit any particular RIR even if the criteria are met. Another interesting thing about ICP-2 is that it is an ICANN document. If the IANA functions contract is ever given to another organization, ICP-2 may or may not be adopted by that IANA functions provider.

Owen

>  
> Regards,
> Jordi
> 
> @jordipalet
> 
>  
> 
>  
>  
> El 14/11/21 10:19, "Owen DeLong" <owen at delong.com <mailto:owen at delong.com>> escribió:
>  
>>  
>> [Jordi] This is already prevented by:
>> “5.7.2.3 An entity that has received IPv4 resources from AFRINIC within the preceding 16 months will not be approved as a transfer source.”
>>  
>> Also, if you obtain resources from AFRINIC with the only goal to transfer them to make profit and consequently your justification for the need is artificial, the transfer pre-check at 5.7.5 will discover that and you will not be only not able to transfer but also the resources may become recovered.
>  
> Since I’m opposed to the policy so long as 5.7.5 persists, I hardly think that using it as an explanation or to address my concern here is going to work.
> 
> 
>>> Chairs shall notice that even if the impact analysis is extremely useful to authors and community, the staff can have a totally different view from the community, so the impact analysis is good as a point for discussion but never can be considered “per se” as objections unless duly justitified
>>  
>> Here, I mostly agree, but with greater constraints. The impact analysis should be limited in scope to those impacts which the staff sees as a predictable impact to the RIR from the proposed policy. It shouldn’t go into speculation or ideology. It should stick to the facts and be a neutral report of the reasonably predictable results of implementing the policy and document how staff would interpret the policy as written and how it would be implemented.
>>  
>> It should not be considered an objection unless there is a legal or fiduciary concern expressed and any such concern should be clearly called out as such and its basis should be well documented.
>>  
>> [Jordi] I mostly agree here with you. However, if there is a persistent problem in all the impact analysis, as it is happening, because a “legal” friction between the community right (which are always on top of any RIR) and the RIR/membership itself, then it shows a clear problem with the bylaws and/or RSA that must be corrected. The only RIR which the bylaws are generating such kind of interferences is AFRINIC: that should tell us something! In fact, if we strictly follow the bylaws, many of the most active participants in the PDP will not be able to participate, because the definition of (17) “Internet community” in the bylaws restrict that to “any person or corporate body living or operating in the AFRINIC service region” and then the PDP definition (23) calls for that “Internet community” definition. Also 11.3 talks about “Regional”. There many other problems, those are just examples. Somebody was not really doing a good job at all when the bylaws where written and even worst, they should have not passed the ICP-2 approval!
>  
> The legal fiction is the idea that the community is on top of the RIR. This might somehow be true in the case of RIPE. It’s not at all true in any of the four other RIRs based on the way they are chartered and structured under the laws of the various jurisdictions where they are incorporated.
>  
> The bylaws create thee same kind of interference in ARIN, the difference is that there is less controversy because:
>                 1)            The ARIN bylaws are better written and more internally consistent.
>                 2)            The ARIN bylaws are not misinterpreted in a situationally dependent way. They are applied consistently and in a
>                                 predictable manner that is in line with the actual text.
>                 3)            The ARIN community while diverse is significantly less fractious than the AFRINIC community.
>                 4)            The ARIN board and ARIN AC tend to be significantly more transparent and communicative about their
>                                 actions and the reasoning behind them.
>                 5)            As a result, the community knows not only what the ARIN board and ARIN AC have done, but they also know
>                                 why.
>                 6)            As a result, the ARIN community tends to accept the limitations on the policy process and the AC tends to
>                                 reject out-of-scope policies early in the process such that there isn’t so much of an issue with policies coming
>                                 to consensus that cannot be implemented.
>  
>>> 2.       Regarding the AFRINIC role, while this is not considered in any other RIR, because in my opinion is something very obvious (the role of the RIR is just helping, and the final responsibility is on the source and recipient of the transfers), I understand that having some text that clarify that is not harming, so I’ve added section 5.7.6 (Due digilence) in the new version of the proposal to address it.
>>  
>> 5.7.6 is utterly unnecessary. It has nothing to do with number resource policy and should be stricken.
>>  
>> AFRINIC is a registry. They keep track of who is the registrant of a set of number resources within a cooperating set of entities (the RIR system and those ISPs who choose to implement their networks in accordance with the RIR system). They are there to guarantee uniqueness among those cooperating entities, manage the registrations within that database according to policies set by the community, and provide a forum for the community to develop said policies.
>>  
>> They are not a governing body. They are not a regulator. They are not kings of the internet, gods, or even a court of arbitration. They are just an NGO with a mission. That mission is to provide unique registrations of internet number resources according to community developed policies and facilitate the use of those registrations among cooperating entities who choose to work within the system.
>>  
>> Recent attempts to weaponize AFRINIC are proof that some, including many among AFRINIC leadership have either lost sight of this or have an alternate agenda seeking to enrich themselves. I honestly don’t know which is the case at this point, but it is clear that there are problems which need to be addressed.
>>  
>> [Jordi] 5.7.6 has been added under request form the IA. As said I agree it is not needed, because it is obvious, however it doesn’t harm if it avoids objections based on the IA text on this.
>  
> It is harmful in that it creates unnecessary confusion for participants in a transfer as to what kind and level of due diligence is required or expected of them.
>  
> It goes beyond disclaiming AFRINIC’s liability and creates an unclear set of requirements with no useful explanation.
>  
> It should be removed. Even if such a clarification is needed somewhere, it belongs in a contract, not in the CPM.
>  
>>> 3.       Regarding the RSA signature, again, while I believe this is obvious and once more is not explicit in other RIRs, I’ve added text to clarify it. Note that there is no such 3.6 in the proposal, so I believe there is some mismatch in your text, may be chairs also reading the wrong IA? So, in summary, section 5.7.3.3 of the proposal, already was clear, but now has been eddited to be even more exlicit on this in 5.7.3.1.
>>  
>> I think you mean edited and explicit.
>>  
>> [Jordi] Yes, I’ve resend this text in a subsequent email (and added a point that I missed) because I was using a previous email from a previous proposal … I believe I corrected those typos as well in my subsequent email.
>>  
>> 
>> 
>>> 4.       Section 5.7.5 has been updated to be more clear and now explicitly allows that other violations of the RSA/CPM aren’t “protected” by the pre-check.
>>  
>> Section 5.7.5 is getting worse instead of better. This entire pre-check provision is an opportunity to weaponize AFRINIC to hold resources captive in the case that some staff member or leadership person dislikes a transfer source for whatever reason. It provides broad latitude to inflict arbitrary judgment.
>>  
>> Given recent weaponization of AFRINIC processes against certain members, I must strenuously object to any policy proposal that contains this provision.
>>  
>> [Jordi] As said, even if we don’t have this text explicit, AFRINIC can and shall do exactly the same. This text actually protects the resource holders from being reclaimed for the resources in case of a failed transfer, because the lack of need will come on the back of the resource holder in that case: “I don’t need any more the resources, but I’m transferring them – oh because the transfer failed – the recipient is not fulfilling the requirements – now I can “artificially” justify again the need otherwise I need to return the resources of face a reclamation”.
>  
> The language as currently written does not prevent AFRINIC from subsequently attempting to reclaim the resources after a failed transfer.
>  
> So it does not offer protection, it merely creates a convenient place for staff to point as they weaponize their discretion against members they don’t like.
>  
> It should be removed or it should be replaced with a clause that reads something like this:
>  
> 5.7.5 AFRINIC may deny a registrant as the source of a transfer only if one or more of the following applies:
>             1.         Clear evidence that the resources were fraudulently obtained.
>             2.         Registrant is not current on their AFRINIC fees.
>             3.         There is some question or dispute as to whether registrant is the resource holder of record.
>             4.         There is an unresolved third-party claim to the registration.
>  
> If one of the above does not apply, then AFRINIC must approve the registrant as source of the transfer and proceed unless there is a problem with the recipient.
>  
> That would actually protect resource holders.
>  
> Owen
>  
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com <http://www.theipv6company.com/>
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20211116/dba162ec/attachment-0001.html>


More information about the RPD mailing list