<div dir="ltr"><div>Hi David,<br><br></div>Please make me understand both the ARIN and RIPE NCC references below which are related to INR reviews in each of their respective regions. <br><br><font size="4"><b>ARIN</b></font><br><br><b><a href="https://www.arin.net/policy/nrpm.html#twelve" target="_blank">https://www.arin.net/policy/<wbr>nrpm.html#twelve</a> <br><br>And below is the content of ARIN NRP section 12.</b><br><h3>12. Resource Review</h3>
<div class="m_-7782215549158977723gmail-indent">
<ol><li>ARIN may review the current usage of any resources maintained in
the ARIN database. The organization shall cooperate with any request
from ARIN for reasonable related documentation.</li><li>ARIN may conduct such reviews:
<ol><li>when any new resource is requested,</li><li>whenever ARIN has reason to believe that the resources were
originally obtained fraudulently or in contravention of existing
policy, or</li><li>whenever ARIN has reason to believe that an organization is not complying with reassignment policies, or</li><li>at any other time without having to establish cause unless a full review has been completed in the preceding 24 months.</li></ol>
</li><li>At the conclusion of a review in which ARIN has solicited
information from the resource holder, ARIN shall communicate to the
resource holder that the review has been concluded and what, if any,
further actions are required.</li><li>Organizations found by ARIN to be materially out of compliance
with current ARIN policy shall be requested or required to return
resources as needed to bring them into (or reasonably close to)
compliance.
<ol><li>The degree to which an organization may remain out of
compliance shall be based on the reasonable judgment of the ARIN staff
and shall balance all facts known, including the organization's
utilization rate, available address pool, and other factors as
appropriate so as to avoid forcing returns which will result in
near-term additional requests or unnecessary route de-aggregation.</li><li>To the extent possible, entire blocks should be returned.
Partial address blocks shall be returned in such a way that the portion
retained will comprise a single aggregate block.</li></ol>
</li><li>If the organization does not voluntarily return resources as
requested, ARIN may revoke any resources issued by ARIN as required to
bring the organization into overall compliance. ARIN shall follow the
same guidelines for revocation that are required for voluntary return
in the previous paragraph.</li><li>Except in cases of fraud, or violations of policy, an organization
shall be given a minimum of six months to effect a return. ARIN shall
negotiate a longer term with the organization if ARIN believes the
organization is working in good faith to substantially restore
compliance and has a valid need for additional time to renumber out of
the affected blocks.</li><li>In case of a return under paragraphs 12.4 through 12.6, ARIN shall
continue to provide services for the resource(s) while their return or
revocation is pending, except any maintenance fees assessed during
that period shall be calculated as if the return or revocation was
complete.</li><li>This policy does not create any additional authority for ARIN to
revoke legacy address space. However, the utilization of legacy
resources shall be considered during a review to assess overall
compliance.</li><li>In considering compliance with policies which allow a timeframe
(such as a requirement to assign some number of prefixes within 5
years), failure to comply cannot be measured until after the timeframe
specified in the applicable policy has elapsed. Blocks subject to such a
policy shall be assumed in compliance with that policy until such time
as the specified time since issuance has elapsed.</li></ol>
<br></div><div class="m_-7782215549158977723gmail-indent"><font size="4"><b>RIPE NCC</b><br></font><br><b>please also make me understand the RIPE NCC version as per the link below.</b><br><br><b><a href="https://www.ripe.net/publications/docs/ripe-423" target="_blank">https://www.ripe.net/<wbr>publications/docs/ripe-423</a></b><br><br>
<p>1. Introduction <br></p><p>At the 1996 Contributors Committee Meeting the RIPE NCC was asked to
significantly increase its efforts to ensure the validity of registry
data. Audit has been a specific activity of the RIPE NCC since that
time.</p>
<p>2. Goals</p><p>Audit activity is done to ensure fair and neutral application of
policies set by the RIPE community, to the general benefit of the
Internet.</p>
<p>Auditing can also provide the RIPE community with information about
specific policy areas where problems are occurring, helping to ensure
the efficient investment of resources in appropriate areas. This can
include policy areas that need revision by the RIPE community, or areas
where the RIPE NCC can improve compliance through better education and
communication with the membership.<b><br> </b></p>
<p>3. Principles<br></p>
<p>Audit evaluation is based on compliance with the RIPE community
policies current at the time of the audit. Audits are conducted with the
intent to educate RIPE NCC members on how to achieve compliance.</p>
<p>Members that are already working in compliance with the RIPE
community policies will have as little disturbance to their operations
as possible.</p>
<p>Impartiality and confidentiality are given the highest priority throughout the audit process.</p><p>4. Types<br></p>
<p><b> <a name="m_-7782215549158977723_4.1"></a> Random:</b></p>
<p>The member to be audited is chosen by the RIPE NCC at random.</p>
<p><b> <a name="m_-7782215549158977723_4.2"></a> Selected:</b></p>
<p>A member is selected because of an internal report or due to a lack of contact between the RIPE NCC and the member.</p>
<p><b> <a name="m_-7782215549158977723_4.3"></a> Reported:</b></p>
<p>The member has requested the audit themselves or there has been a
community complaint made against them that requires investigation.</p>
<p>5. Process<br></p>
<p>The RIPE NCC informs the member that they are in audit and then
provides individual assistance in checking LIR data, resource records
and validity of RIPE Database records.</p>
<h2><a name="m_-7782215549158977723_6"></a></h2><p>6. Compliance Measures<br></p>
<p>All measures used to ensure compliance with RIPE community policies
are based on current policies and on the service agreements signed with
RIPE NCC members.</p>
<p>The RIPE NCC will provide audit subjects with individual assistance
and education, and will make every effort to help members comply with
the policies. If the member is found to be unable to comply with the
RIPE community policies, further measures may be necessary. This may
include, but is not restricted to, a review of the audited
organisation's membership status.<b><br> </b></p>
7. Appeals<br><p>Audits are carried out in a completely neutral and transparent
manner. However, if at any time a RIPE NCC member feels it is
appropriate, they may appeal any decision of the auditing team. An
appeal is made by applying for arbitration, as described in the RIPE NCC
arbitration process:</p><br></div><div class="m_-7782215549158977723gmail-indent">Cheers,<br></div><div class="m_-7782215549158977723gmail-indent">Noah<br></div><div class="m_-7782215549158977723gmail-indent"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 12, 2017 at 1:04 PM, David Hilario <span dir="ltr"><<a href="mailto:d.hilario@laruscloudservice.net" target="_blank">d.hilario@laruscloudservice.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Noah,<br>
<br>
Just to make it clear in regards to the repeated comments trying to<br>
justify this proposal by saying that RIPE NCC or ARIN are having a<br>
similar policy and practice.<br>
<br>
The video and the section where both ARIN and RIPE NCC are speaking:<br>
<br>
<a href="https://youtu.be/XBv44KAgFVQ?list=PLLJRUWAm1GCZAGzqiCzX2CRU7oqLDC9e5" rel="noreferrer" target="_blank">https://youtu.be/XBv44KAgFVQ?<wbr>list=<wbr>PLLJRUWAm1GCZAGzqiCzX2CRU7oqLD<wbr>C9e5</a><br>
<br>
At around 08:27:50 Andrea Cima from RIPE NCC<br>
He goes on to explain that their reviews are called "ARC", and it is<br>
to keep in touch and keep data up to data, registry data, that is the<br>
contact details and so on.<br>
Investigation, that is part of the "fraud".<br>
<br>
08:29:50 Leslie from ARIN.<br>
Explains the scope of their policy, they only Audit in Fraud cases<br>
only deregister in case of fraud.<br>
<br>
Neither the RIPE NCC or ARIN does a re-evaluation of the resources and<br>
questioning how the LIRs are currently using their resources.<br>
So, this was debunked at an AFRINIC meeting, I don't understand how it<br>
is still being spread like this.<br>
<br>
It is being ignored or forgotten by the people here on this list, but<br>
already stated publicly by RIRs registration services managers<br>
directly that it isn't within the scope of what they do.<br>
<br>
<br>
If you want to say AFRINIC can do it like RIPE NCC, simply copy the<br>
ARC procedure:<br>
<a href="https://www.ripe.net/manage-ips-and-asns/resource-management/assisted-registry-check" rel="noreferrer" target="_blank">https://www.ripe.net/manage-<wbr>ips-and-asns/resource-<wbr>management/assisted-registry-<wbr>check</a><br>
<br>
Non-intrusive review of LIRs information and contacts, no<br>
re-evaluation of their ressources, no discrimination and categories,<br>
ALL LIRs.<br>
<br>
No one can really have any objections to that review system, other<br>
than the staff costs for it, but if done as a side project it should<br>
not be a problem to review 1500+ LIRs within a 2 to 3 years time.<br>
<span class="im HOEnZb"><br>
David Hilario<br>
<br>
IP Manager<br>
<br>
Larus Cloud Service Limited<br>
<br>
p: <a href="tel:%2B852%2029888918" value="+85229888918">+852 29888918</a> m: <a href="tel:%2B359%2089%20764%201784" value="+359897641784">+359 89 764 1784</a><br>
f: <a href="tel:%2B852%2029888068" value="+85229888068">+852 29888068</a><br>
a: Flat B5, 11/F, TML Tower, No.3 Hoi Shing Road, Tsuen Wan, HKSAR<br>
w: <a href="http://laruscloudservice.net" rel="noreferrer" target="_blank">laruscloudservice.net</a><br>
e: <a href="mailto:d.hilario@laruscloudservice.net">d.hilario@laruscloudservice.<wbr>net</a><br>
<br>
<br>
</span><span class="im HOEnZb">On 12 July 2017 at 11:30, Noah <<a href="mailto:noah@neo.co.tz">noah@neo.co.tz</a>> wrote:<br>
><br>
><br>
</span><div class="HOEnZb"><div class="h5">> On 12 Jul 2017 9:47 a.m., "Bill Woodcock" <<a href="mailto:woody@pch.net">woody@pch.net</a>> wrote:<br>
><br>
><br>
> 18 Against:<br>
> "<a href="mailto:chenghn@chinaccsi.com">chenghn@chinaccsi.com</a>" <<a href="mailto:chenghn@chinaccsi.com">chenghn@chinaccsi.com</a>><br>
> Andrew Alston <<a href="mailto:Andrew.Alston@liquidtelecom.com">Andrew.Alston@liquidtelecom.<wbr>com</a>><br>
> Bastein Li <<a href="mailto:bastienlee@qq.com">bastienlee@qq.com</a>><br>
> Christopher Mwangi <<a href="mailto:christopher.mwangi@liquidtelecom.com">christopher.mwangi@<wbr>liquidtelecom.com</a>><br>
> David Hilario <<a href="mailto:d.hilario@laruscloudservice.net">d.hilario@laruscloudservice.<wbr>net</a>><br>
> Derrick Harrison <<a href="mailto:derrick.harrison@sonictelecoms.co.za">derrick.harrison@<wbr>sonictelecoms.co.za</a>><br>
> Douglas Onyango <<a href="mailto:ondouglas@gmail.com">ondouglas@gmail.com</a>><br>
> Kris Seeburn <<a href="mailto:seeburn.k@gmail.com">seeburn.k@gmail.com</a>><br>
> Lu Heng <<a href="mailto:h.lu@anytimechinese.com">h.lu@anytimechinese.com</a>><br>
> Mark Elkins <<a href="mailto:mje@posix.co.za">mje@posix.co.za</a>><br>
> Mark Tinka <<a href="mailto:mark.tinka@seacom.mu">mark.tinka@seacom.mu</a>><br>
> McTim <<a href="mailto:dogwallah@gmail.com">dogwallah@gmail.com</a>><br>
> Mike Silber <<a href="mailto:silber.mike@gmail.com">silber.mike@gmail.com</a>><br>
> Nishal Goburdhan <<a href="mailto:nishal@controlfreak.co.za">nishal@controlfreak.co.za</a>><br>
> Noah <<a href="mailto:noah@neo.co.tz">noah@neo.co.tz</a>><br>
> S Moonesamy <<a href="mailto:sm%2Bafrinic@elandsys.com">sm+afrinic@elandsys.com</a>><br>
> Saul Stein <<a href="mailto:saul@enetworks.co.za">saul@enetworks.co.za</a>><br>
><br>
><br>
> Hi Bill<br>
><br>
> on the contrary, I actually support the policy just like other folks which<br>
> is why it reached the last call. This policy would enable AFRINIC just like<br>
> ARIN, RIPE NCC and other RIR to effect compliance.<br>
><br>
><br>
><br>
> So, the next question might be whether this is a winner-take-all vote, or an<br>
> assessment of whether a clear consensus exists.<br>
><br>
><br>
> We continue to trust the co-chairs who have guided us to this stage.<br>
><br>
> Cheers<br>
> Noah<br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> ______________________________<wbr>_________________<br>
> RPD mailing list<br>
> <a href="mailto:RPD@afrinic.net">RPD@afrinic.net</a><br>
> <a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/<wbr>mailman/listinfo/rpd</a><br>
><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><b>./noah</b></div></div></div>
</div>