ARIN XII Public Policy Meeting Minutes, Day 1, 22 October 2003
Call to Order and Announcements
Presentation (Read-only): PDF
Ray Plzak opened the first day of the ARIN XII Public Policy Meeting at 09:00 CDT. He welcomed all those in attendance and made the following announcements:
-
Thanks to ARIN XII sponsors - Server Central and ANet
-
First-time live video broadcast of ARIN Public Policy Meeting via multicast provided by the University of Oregon and RealNetworks by Merit
-
Second back-to-back meeting with NANOG and online voting for NANOG attendees in the ASO AC election was available
-
193 ARIN XII registrants, representing 26 states and the District of Columbia, and 21 countries
-
42 first-time ARIN attendees
-
123 people attended both ARIN XII and NANOG 29, with NANOG total attendance at 516
-
Provided ASO AC election information, including a list of candidates and location of candidate information, as well as voting directions
Ray Plzak introduced the ARIN Board of Trustees, the ARIN Advisory Council, and those in attendance from the ICANN ASO AC. He also acknowledged those RIR colleagues in attendance. At the beginning of the meeting there were approximately 125 people in attendance.
Internet Number Resource Status Report
Presentation (Read-only): PDF
Presenter: Leslie Nobile, ARIN Director of Registration Services
Leslie presented a joint RIR report on the current status of all IPv4, IPv6, and Autonomous System number resources. This report is updated several times per year by the 4 RIRs and provides up-to-date statistics on rates of IPv4, IPv6, and AS number consumption.
Highlights included:
-
IPv4 /8 Status: currently 91 /8 equivalents held in reserve by IANA
-
IPv4 allocations rose steadily in all regions up until around 2001, at which time there was a decline in allocation rates in the RIPE NCC and ARIN regions, but not in the APNIC region, which has seen an increase in IPv4 allocations. Same trends holding true since that time.
-
ASN assignments increased in all regions, particularly in the ARIN region, until 2000. Saw the beginning of a pronounced decline in ARIN region at that time, and a very slight rise in other regions, although RIPE NCC started showing a slight decrease in its ASN assignments in 2001, while APNIC has continued to increase its assignments. Overall, ARIN continues to assign more ASNs than any of the other RIRs.
-
IPv6: Continued steady growth in allocation rates in all regions. RIPE NCC pulled way ahead of the other regions in 2002. Top 5 economies with IPv6 allocations are Japan, US, DE, NL, and the UK, and allocations have been made to 205 other economies.
RIR Updates
APNIC
Presenter: Paul Wilson, APNIC Director General
Presentation (Read-only): PDFPaul presented a report on activities in the APNIC region. His report included a breakdown of membership growth since June 1996, an examination of APNIC membership by region, and APNIC staffing information. Paul then went on to describe activities within APNIC Member Services, Technical Services, and Training. He supplied information about an ongoing effort to establish "Area Liaisons" within the subregions of APNIC. Paul supplied information about the most recent APNIC meeting, APNIC 16 in Seoul, Korea, as well an update of policies that reached consensus at that meeting. Paul completed his presentation by giving information about APNIC's Fellowship Fund and the next APNIC meeting, APNIC 17 in Kuala Lumpur, Malaysia.
Highlights included:
Continued membership growth
849 members, with the largest number being in the "Small" category
One day turnaround on all Member Services requests
Established anycast root mirror servers, with Hong Kong, Seoul, and Beijing deployed and five additional sites in the planning phase
Launched version 1.2 of MyAPNIC member-only website in August
Updated training seminars on Internet Resource Management, DNS, and Routing Registry
Slowed training due to the SARS epidemic, with 15 sessions so far this year and 8 more planned
Area Liaison for Pacific region is Savenaca Vocea; currently recruiting for South Asia Area Liaison
Policies reaching consensus at APNIC 16 included a revised policy development process and document revision, as well as procedures for IPv4 resource requests, a follow-up to the RIPE-261 document, historical resource transfers, and a revised IXP assignment policy. Additionally, there were policies dealing with the privacy of customer assignment records, protecting resource records in the APNIC WHOIS database, and a revision in lame delegation cleanup
There were no questions from the floor.
LACNIC
Presenter: Ral Echeberra, LACNIC CEO
Presentation (Read-only): PDFRal presented a report on activities in the LACNIC region. He noted that LACNIC will soon reach its one year anniversary as an officially recognized RIR. His report included a breakdown of the resources within the LACNIC region and information about LACNIC membership, as well as a breakdown of LACNIC members by country. He then talked about the most recent LACNIC meetings and the results of membership and policy discussions at LACNIC IV, which took place in Santiago, Chile in April 2003. Raúl then went on to highlight issues that will be discussed at the next meeting, LACNIC V in Havana, Cuba, in November 2003. He finished his report by providing information about the activities of LACNIC staff including community outreach, training, engineering projects, internal management, and RIR coordination.
Highlights included:
151 members, up from 119 in 2002
Policies approved at LACNIC IV and already implemented cover Bulk WHOIS, IPv6 micro-allocations, and IPv4 micro-allocations for multihomed end-users
Proposal for policy development process to be discussed at LACNIC V
Working groups for LACNIC V include those dealing with lame delegations, IPv6 policy revision, experimental allocations, allocation windows, and RWhois
First election for two Board seats, had 31 percent participation and was held completely online
Six training activities this year
Completed engineering projects including electronic voting system, data warehousing, proactive contacts to lame delegations, daily update of statistics, and new invoicing system
There were no questions from the floor.
RIPE NCC
Presenter: Axel Pawlik, RIPE NCC Managing Director
Presentation (Read-only): PDFAxel gave a report on activities in the RIPE NCC region. Axel's report included updates on the RIPE NCC organizational structure and staff, policies, RIPE NCC Registration Services, mirroring of the k root server, RIR coordination, and RIPE NCC information services. He also announced that RIPE 47 would take place in Amsterdam, the Netherlands in January 2004.
Highlights included:
Community review of RIR IPv4 allocation draft policy and IPv4 allocation policy
Community editorial group working on a policy covering charging by LIRs and creation of a PI task force to address minimum allocation size
New shorter request forms and shorter, stable completion time for requests
Anycast service for k root server has begun, which provides proof of concept. k.root-servers.org website updated with more routing policy information
Have experienced double the expected influx of new members
Increased number of billing categories, now includes extra-small, small, medium, large, and extra-large
RIPE NCC has been active in coordinating with the other RIRs, and has been providing support for the emerging AFRINIC RIR
Will soon provide a central entry point for all statistics maintained by the RIPE NCC
There were no questions from the floor.
AFRINIC
Presenter: Adiel Akplogan, AFRINIC Project Manager
Presentation (Read-only): PDFAdiel presented a report on activities within the emerging AFRINIC RIR. He outlined the region that will become AFRINIC and stated that it is currently being served by three RIRs, including ARIN. Adiel provided a history of the actions taken to date to move the recognition of AFRINIC forward, and provided a detailed account of actions taken within the region in the past year. Of special note was that the host countries for AFRINIC offices have now been determined. He then went on to describe upcoming activities and provided a timeline for the transition to a recognized RIR. He completed his presentation by providing information about current statistics and projected growth of LIRs/ISPs within the region and highlighted support received from the other RIRs.
Highlights included:
Started hostmaster staff training through RIPE NCC in May 2003
Selection of host countries for AFRINIC offices:
- Mauritius - HQ and legal incorporation of AFRINIC
- South Africa - Technical operations
- Ghana - Training Coordination
- Egypt - Mirroring and disaster recovery
Issues discussed at AFRINIC meeting in Johannesburg, South Africa in September included reviewing Terms of Reference for Hosting Countries, an agreement with hosting countries, a policy development process, and outreach and input from the local community
Upcoming activities include further coordination of transition timeline, construction of a new website, launch of a newsletter, incorporation of AFRINIC in Mauritius, technical transition to AFRINIC operations location, and the submittal of an application for recognition as an RIR to ICANN
There were no questions from the floor.
ICANN Address Supporting Organization Address Council Update
Presentation (Read-only): PDF
Speaker: Kim Hubbard
ASO AC Member Kim Hubbard presented the ASO AC status report.
Highlights included:
-
Finalized ICANN Board election process
-
Changed ASO AC teleconference schedule from each month to every other month
-
Ongoing projects include electronic voting and discussion of the NRO draft proposal
ASO AC Election Process
Presentation
(Read-only): PDF
Speaker: Susan Hamlin, ARIN Director of Member Services
Susan explained the ASO AC election process by highlighting the voting and election procedures.She concluded by noting the biographies and statements of support for the candidates are available on ARIN's website and that the person elected will represent the ARIN region for a three-year term to fill the seat currently held by interim-appointee Kim Hubbard.
ASO AC Candidates
Ray Plzak introduced the candidates for the ASO AC, reading the candidate's statement describing their activities within the ARIN region. Candidates present at the meeting were given an opportunity to speak.
- Timothy Biggs - not present, biography URL offered
- Kyle Hamilton - not present, biography URL offered
- Louis Lee - present, introduced himself and offered a statement on his qualifications
For each candidate, Ray pointed out the URLs to more detailed biographical information and statements of support, and asked that the meeting attendees make a point of reviewing this information.
ICANN Update
Presentation (Read-only): PDF
Speaker: Barbara Roseman, ICANN
Barbara gave an update on ICANN. Her presentation included descriptions of the scope of ICANN activities and information about ICANN's organizational structure and ongoing projects.
Highlights included:
-
Staffing reorganization currently underway including recruitment for several open positions
-
Three year Memorandum of Understanding signed with U.S. Department of Commerce in September 2003
-
Exploring new registry services. Internationalized Domain Names have begun to be implemented by ccTLDs and gTLDs
-
To address issues like Verisign's SiteFinder service going forward, a process is being initiated in the Generic Names Supporting Organization to develop a policy requiring the review of new registry services prior to introduction
-
Additional ongoing work also includes WHOIS, the World Summit on the Information Society regarding ITU initiative, and WIPO 2 revolving around recommendations about how to deal with names, personal names, and acronyms of companies
-
Upcoming ICANN meetings include Carthage, Tunisia (October 2003), Rome, Italy (March 2004), Kuala Lumpur, Malaysia (July 2004), and Capetown, South Africa (December 2004)
There were no questions from the floor.
Internet Resource Policy Evaluation Process (IRPEP)
Presentation (Read-only): PDF
Speaker: Richard Jimmerson, ARIN Director of Operations
Richard presented an overview of how the current process works. Richard explained the Internet Resource Policy Evaluation Process in detail.
New policy proposals were posted to the ARIN Public Policy Mailing List for discussion more than 30 days prior to the start of this meeting, with all text and archive material available on the ARIN website (http://www.arin.net/policy/proposal_archive.html).
General Comments:
-
Scott Bradner mentioned that the proposal for a revised policy development process was on the agenda for the next day
Policy Proposal 2002-3: Micro-assignments for Multi-homed Networks
Introduction and presentation: Bill
Darte, Center for the Application of Information Technology (CAIT)
at Washington University
Presentation (Read-only): PDF
- Policy Proposal Introduced - September 23, 2002
- Presented at ARIN X
- Revised version presented at ARIN XI (Memphis)
- Current version posted on PPML - September 22, 2003
- PPML Summary:
- 165 posts
- 37 different people
- No one objected to reducing the minimum assignment to /22
- The ARIN AC clarified that changes to proposals are possible provided there is general consensus for said changes
- Some supporters of 2002-3 expressed their concern that 2003-15 jeopardizes the success of 2002-3
- Pertains to both assignments AND allocations
- What is the impact on ASN exhaustion?
Comments:
-
Statements For and Against:
-
As one of the people who expressed concern, it was mainly expressed when we believed 2002-3 would be for assignments only. And the concern wasn't so much that 2003-15 jeopardized 2002-3, as that it would jeopardize getting allocations boundary moved to /22 later for the rest of the ARIN region. I withdraw my concern.
-
If 2002-3 is to contain assignments and allocations, I will withdraw my concerns about 2003-15 jeopardizing it.
-
My concern for the general use of this in the ARIN region is if anybody who's multi-homed can get a /22, it will negatively impact my routers. I support this idea for an Africa-specific need, but not for the entire ARIN region.
-
I don't see anything in this policy that says just because you're multi-homed you get a /22. It says if you're multi-homed and you have enough address consumption to justify the /22. I believe that the rational boundary that will not make routers fall over is probably more towards /22 than /20. I think that we've been gradually working back towards a saner boundary than /19 as router technology has improved and I think this is a good next step.
-
-
Responses/Clarifications:
-
The interest here is to have a reserved micro-assignment block where our micro-assignments will come from, whether they're /21s, /22s or in the future, /23s, /24s, whatever.
-
During the PPML discussion on this policy, no one objected to reducing the minimum assignment to a /22. Additionally, some supporters of this policy expressed concern that Policy Proposal 2003-15 conflicted with this one. This policy [2002-3] originally was associated with assignments only. On PPML, there was also some question as to the impact on ASN exhaustion.
-
To clarify one point from the previous slide relating to 2003-15, for those who haven't put these side by side, [Proposal] 2003-15, I believe most people would view as a subset of this proposal. So if 2002-3 passes, it covers everything that the 2003-15 people want.
-
I want to clarify the difference between 2002-3 and 2003-15. As far as I understand, 2003-15 is not exactly a subset of this because it also allows African organizations to get a micro-allocation without being multihomed.
-
The effect of this policy can be evaluated by ARIN, and if necessary, the policy can be adjusted through the normal process or in an emergency situation if need be.
-
A very common scenario I see is that certain providers essentially give away a /24 when you buy service from them, and justification is very weak for that. So they will go to two different providers. They will get two /24s and they announce both of them to both providers. The net result is all of these people are putting two prefixes in the global table. So if they were able to get one prefix, I believe the size of our router tables would actually get smaller.
-
People are lazy with their filters, as is evidenced by what we saw when we went from a /19 to a /20. So if people start getting /22s instead of /20s, they're going to start advertising them as multiple /22s because they can. I don't know whether they're really going to go back and clean up those routes or not.
-
I want to make one additional point that all other RIRs right now are actually allowing micro-assignments, so it would be in the best interest to have similar global policies.
-
-
Suggestions:
-
It would make filtering simpler if there could be one block for /23 prefixes and a different block for /22 prefixes
-
Polling of Consensus:
Question:
Approve of Policy Proposal 2002-3?
Yes? 53 No? 5
Policy Proposal 2003-15: IPv4 Allocation Policy for the Africa Region of the ARIN Region
Introduction: Einar Bohlin, ARIN Policy Analyst
Presentation
(Read-only): PDF
- Policy Proposal introduced - September 22, 2003
- PPML Summary
- 254 posts
- 57 different people
- Clear support for the proposal came from about 30 posters, including all posters from Africa
- Those who supported the proposal said it is transitional and would help the creation of AFRINIC, as well as alleviate the problem whereby ISPs in Africa cannot get IPs from their upstreams, telco-monopoly-providers in order to effectively number their customers, multihome, peer, and/or stop using NAT
- Those who spoke against the proposal stated that this is an unfair, special, regional policy which attempts to alleviate a political problem via number resource policy. And how will you get those uncooperative telco monopolies to route the nets anyway? .And we want /22s too
Presenters:
Gregory Massel, DataPro, and Bill Woodcock, Packet Clearing House
and ARIN Board of Trustees
Presentation (Read-only): PDF
- Change minimum allocation criteria for the African portion of the ARIN region only
- Change minimum allocation size from /20 to /22 for the African portion of the ARIN region only
- Africa is currently served by three RIRs (APNIC, ARIN, and RIPE NCC) and cannot yet implement its own policies
- Proposal endorsed by many African ISPs and the AFRINIC Board, which will apply the policy to its region
- Support from the AFRINIC Board
- This policy will bootstrap membership and provide a means for ISPs to enter the RIR system within the next 12-18 months
Comments:
-
Statements For and Against:
-
This policy was discussed at the Joint Internet Week and AFRINIC meeting in September 2003 in Johannesburg. The statement that it will be applied by AFRINIC is, of course, a forward-looking statement. It has the unanimous support of the AFRINIC board. It has the support of all of the AFRINIC members who were present at the meeting. It seems extremely likely that given those facts, it will be applied as soon as AFRINIC is able to create and apply its own policy.
-
This is a good proposal because it comes from the players in the region it would effect.
-
Given the results of 2002-3, and that this would no longer create a significantly privileged subclass within the ARIN region, I withdraw my objection.
-
I'm in favor of this policy mostly because it's probably been five or so years ago since this issue was first mentioned to ARIN and for the consistency of the problem that exists and the fact they need this, I think that we should let them have it.
-
I would like everybody to think back to when the United States and North America in general had a similar level of penetration of Internet technologies that Africa has right now and think what our policies were for allocation at that point. There were /24s and they were free. So I'm very concerned about all the talk about harmonization of requirements between constituencies and the vastly different requirements in vastly different marketplaces.
-
-
Questions
-
While I recognize this is not a policy issue, is the current fee structure economically prohibitive to African ISPs?
-
How much support is there from all of Africa, rather than just the southern region?
-
How much coordination with APNIC and RIPE NCC is there on this issue?
-
Does a year's delay [until AFRINIC is recognized] really matter?
-
Might this create advantages for some ISPs, if implemented in the ARIN region and not in the other RIR regions?
-
Are the micro-allocations made under this proposal coming from the same class or the largest net block that the previous proposal [2002-3] is going to allocate out of also?
-
Is there a need for the /23 justification?
-
Was there a motivation in making it strictly an allocation policy? If we do it like 2002-3, does it negatively impact the intent of this policy?
-
If you characterize the ISPs that are anticipated to use this policy, are they going to be multi-homed anyway?
-
-
Responses/Clarifications
-
Adiel Akplogan - AFRINIC - To clarify, the policy was discussed during the Internet Week meeting and was supported by the African ISPs there. And it will go through the policy development of all Africa when that time comes, but now we are only talking about the southern part of Africa and I express support and I have the support by the AFRINIC Board that I want to read here. [Read letter of support.] So AFRINIC expresses support to this policy and it's just as somebody said, it's made by Africans for Africa.
-
Allocations for Africa are being made from a common /8 that is being administered by APNIC, ARIN, and RIPE NCC. It is planned that after AFRINIC is recognized, this /8 will be transferred to it.
-
A representative from an ISP in Africa stated that the number of prefixes currently announced out of Africa is under 1,000, while the global routing table is over 120,000.
-
The policies [2003-15 and 2002-3] have very different scopes, there is a significant difference between having the multihoming and not having multihoming exception. In Africa generally, multihoming is growing tremendously. If it were just South Africa, only a one bit move would be necessary, but for the rest of the continent, they need the two bit change. Most will be multihomed at local exchanges.
-
-
Suggestions
-
It would be nice if it were possible to coordinate this effort with RIPE and APNIC and there is discussion about that, but this is the first effort to implement this.
-
Two things jump out at me as we go through this. One is the size of the impact and the other is duration. And if these things were pulled out a little bit more in this proposal, it would make it a little bit better for those who are worried about routing table size and so on. If we could maximize what is the actual top end of the number of allocations, and that once AFRINIC is recognized, this policy is no longer applicable to the ARIN region.
-
Polling of Consensus:
Question:
Approve of Policy Proposal 2003-15?
Yes? 66 No? 6
Database Implementation Working Group (DBWG)
Working Group Chair: Ginny Listman, ARIN Director of Engineering
Ginny provided an agenda of the issues that would be discussed involving the DBWG.
DBWG Update
Presentation (Read-only): PDF
Presenter:
Ginny Listman
Ginny presented an update on ARIN database issues including a status update on the Early Registration Transfer (ERX) project and information on ongoing efforts of database cleanup. Highlights included:
-
The bulk of the ERX project is expected to be completed in April 2004. Nineteen /8s have been completed to date, with 23 more scheduled. Three /8s, of what was Class C space, are still to be scheduled.
-
Currently 79 percent of Org IDs have Point of Contact (POC) records.
-
There are 30 percent of networks with detailed reassignments without in-addr name servers. These could be converted to simple reassignments.
-
If an Org ID has no POCs, ARIN is promoting the POCs from resources up to the Org ID if all resources are sub-delegations and all the resource POC handles are the same. For those resources directly assigned or allocated, ARIN will send a notification to the resource POCs if the Org ID has no POCs.
-
Upon request, ARIN will provide a list of all "candidate detailed-reassignments."
There were no questions from the floor.
Cryptographic Authentication
Presentation (Read-only): PDF
Presenter:
Tim Christensen, ARIN Database Administrator
Tim provided a presentation on the status of Cryptographic Authentication (CA) at ARIN. His presentation focused on the goals of implementing Cryptographic Authentication at ARIN, the scope of the project, a description of how it will be implemented, and the progress attained so far. Highlights included:
-
For those who choose CA as their method of authentication, it would provide them improvements in the security of their resource records, and would provide better database integrity for the entire community
-
Scope currently includes secure template-based registration and outbound [from ARIN] communication
-
The first phase of beta testing is currently underway to evaluate the process by which users can create certificate requests and ARIN can issue certificates. Future phases will test the use of certificates in communicating with ARIN and how certificates are renewed and revoked.
-
A demonstration of the first phase was announced to take place after the meeting on Wednesday and Thursday in the Learning Center.
After the presentation, Tim took questions from the floor.
Referral Server Field
Presentation (Read-only): PDF
Presenter:
William Leibzon, Elan Communications
William presented a proposal for changes in the Referral Server field. Highlights included:
-
RWhois, as it exists now, has several limitations
-
In January 2003, ARIN asked a group of volunteers to review and make suggestions on how ARIN can improve presentation and use of RWhois, this was done as part of an RWhois Design Team
-
RWhois Design Team generally supported these actions:
-
Create new policy requiring ISPs to maintain up-to-date RWhois servers and always respond to queries- see policy proposal 2003-5
-
Fix root RWhois server and make sure referrals work
-
Create preferred RWhois data format for reporting information through RWhois
-
Establish standard way for users and automated software to know for sure which RWhois server ISP uses, to be able to do automatic redirect and query of that server
-
-
Proposed ReferralServer field be optional on ASN, network, and organization records, instead of just organizations as is currently implemented
-
Questions for the community:
- Should ARIN add a ReferralServer field to Network and ASN objects as described in this presentation?
- Should we allow use of the ReferralServer field for use as reference to routing database?
General Comments:
-
In regards to question number 1 . . .sure, why not. It seems to make reasonable sense. Number 2 hasn't worked the last five or six times that I know it's been tried, but we can do it again.
-
When was it tried?
-
You can go look at the defunct RIPE working file on the IETF four years ago, you can look at some of the BIRD extensions to RPSL, you can look at some of the old IANA archives that talk about inclusion of ASN information as an alternative to the RIDD service. None of these has actually taken off. Maybe I didn't understand what you were saying, but tying routing information which is kept locally by the ISP to something equivalent to a server has been tried. I will show you my implementation if you'd like later if I can mount the tapes and pull the data.
-
In answer to your question, I don't see a reason not to do it, so sure, what the heck. But I also don't see a lot of benefit to it. In regards to ARIN filling out these values automatically, I don't think so because that might not be their preferred registry even if they are using ARIN's registry.
-
In principle I think the idea of linking information from an ARIN routing database and an ARIN registration database is a good idea. But there's another problem and that is that RIPE is doing this kind of thing and they're doing it in a different way than ARIN. They don't use WHOIS and LACNIC is actually inventing their slight variation on how to do this. And what I see missing here is something looking at the overall architectural problem. I think, in general, it's a good idea to do some work in this direction, but I believe that more architecture work needs to be done before you get into the nitty-gritty details like this.
-
I just want to know of the people in this room who are operators or use RWhois or who would like to use RWhois or any of those variants, would any of you take advantage of these features if they were implemented? [About 6 people raised their hands.]
-
How many people are using RWhois today? Raise your hand. [About 10 people raised their hands.]
-
My company used to use RWhois, but now uses SWIPs. Our security people got tired of dealing with spam complaints because people didn't know how to use RWhois.
-
That was a problem being discussed. And the agreement was the reason they're not being used is that there are no tools deployed that use WHOIS and that's why the referral server field wasn't used in the first place. So there would be a clear reference on where to go to and it would be easier.
- Even if you know how to use RWhois, the referral server that it may point to may not be publicly available.
Policy Proposal 2003-3: Residential Customer Privacy
Introduction: Einar Bohlin, ARIN Policy Analyst
Presentation (Read-only): PDF
- Policy Proposal introduced - March 5, 2003
- Presented at ARIN XI
- Current version introduced - July 24, 2003
- PPML Summary
- 25 posts
- 12 different people
- There is no point in having contact information in the database if those contacts don 't respond
- Non-responsive or outdated info is better than nothing
- Anyone who receives an allocation from ARIN should be in WHOIS. Downstream of that, the only people in WHOIS (or otherwise publicly available) should be people who want to take responsibility for their own abuse complaints.
- What's a private residence? What prevents anyone from calling themselves a private residence? Aren't organizations entitled to privacy too?
- "It's most certainly NOT the RIR's domain to require that my home address be listed because I received an assignment "
Presenter: Dave Barger, SBC
Comments:
-
Statements For and Against:
-
On one level this does partially address the accountability concerns, but on another level, there's really still nothing there that says the ISP will respond in some useful manner. This adds yet another level of indirection in terms of getting to the source of the abuse while not really providing any value to the community. It also provides a wonderful exploit for spammers. A wonderful concept of trying to protect residential privacy, but if people in residence are at a point where they need large enough addresses to be registered, then they can participate in the Internet like the rest of us.
-
It would be very easy for a spammer to purchase or possess by some other means a residential address to use as a cover under this policy. Furthermore, there is no accountability that these residences are even different residences. There is no accountability in any way, shape, or form that anything proper is being done by the ISP.
-
If you can't see the name on the resource, the investigations [into abuse] take longer.
-
I tend to agree if a customer needs more than a /32 and they're going to use a public resource, then they have a certain obligation to provide information.
-
I have a /29, and I don't really care to have my information in the database. And in my experience having a domain name with my home phone number and address in the database, I've gotten many interesting phone calls. And I don't really care to get that.
-
There are folks out there who believe anonymity serves social good. And there are people who set up businesses who would take cash in return for anonymous accounts and I would hate to see that business model trashed because someone wanted everyone to identify every /32 that is issued.
-
I have three telephone numbers in my private residence. When I got No. 2 and No. 3, I was not required to start publishing all of my information because I had a block of telephone numbers. It's the same condition here. Listing this information only leads to abusive behavior and harassment. People have the right to privacy, particularly in a residence.
-
Questions:
-
We trust your ISP will act upon those abuse reports. There are a number of organizations who will not. Organizations may go into Chapter 11 bankruptcy. How are you going to force them to act quickly on abuse requests?
-
What do you define as a residential customer?
-
Why do they need something greater than a /32? If they do, they need to assess some responsibility for them and that's why we [my company] classify them as a small customer.
-
-
Responses/Clarifications:
-
You mention ISP residential customer. There's obviously a lot of other wording that we can wrap around this to further clarify what is an ISP or what is a residence. But, this puts the onus on the ISP from which this block is assigned. This was directed more at someone who has two or three PCs out of their home with a /29, for example.
-
So the bottom line, I agree, is the accountability issue. And, you're right, there is nothing in this that dictates how the ISP is going to be accountable for that. I feel that it is a given that if we have a customer that is participating in some kind of abusive activity, then we're going to go through our own internal processes to deal with that customer, and I'm not sure how we would document every ISP's process doing that.
-
Most spammers aren't going to go to the registry and get valid address space to spam. They're going to announce a prefix that isn't being used and hijack it.
-
ARIN is not in the business of enforcing AUPs or evaluating AUPs. If, in fact, you are having a problem with an ISP that seems to have all these spammers hopping from different addresses over a short period of time that should become pretty plain and evident. And in that case, that entire block can simply be filtered.
-
If you actually have a real customer name in there, let's say, for instance, you have a customer name but the address is marked as private residence, which is actually a guideline already in use with ARIN right now. I honestly don't understand the question then of that and whether that's going to make you act faster or slower in a decision to block traffic from a certain set of addresses.
-
I understand that [quick response to abuse complaints] could be an issue. But, at the same time, if you have a name in the database and possibly a point of contact for them, what makes you think that you're going to get any quicker of a response from that person than you would from the ISP? The intent of the policy proposal is to take those legitimate, valid, bill-paying customers and address their personal concerns for privacy.
-
As far as what is a residence, it's going to be that person who has maybe DSL, for example, with a /29, a couple of PCs set up, you know, in their private residence.
-
At my company, we have managed [addressing privacy] in a contract with a customer. It says specifically that at the moment they want something greater as a single block than a /32, from our perspective they become a small business customer and they are going to have that information presented. If they don't want their information provided, then they don't get that service.
-
Polling of Consensus:
Question:
Approve of Policy Proposal 2003-3?
Yes? 24 No? 5
Policy Proposal 2003-9: WHOIS Acceptable Use
Introduction:
Einar Bohlin, ARIN Policy Analyst
Presentation
(Read-only): PDF
- Introduced - March 6, 2003
- Presented - ARIN XI
- Current version posted - June 4, 2003
- There were no substantive comments on this proposal since June 2003.
Presenter: William Leibzon, Elan Communications
Comments:
-
Statements For and Against:
-
I would just like to make a statement of support in favor of this, not because I think anyone will pay attention to the policy if they're not inclined to, but just because it is a move in favor of uniformity and simplicity.
-
I think a proposal taking the existing wording and applying it everywhere is a good proposal. That's not what this proposal is. It has some changes in wording that I'm not sure are good or bad. I wouldn't support a proposal stronger to take the existing proposal and apply it everywhere rather than take special wording for special cases.
-
-
Questions:
-
If this policy is adopted, how does it improve the use of the WHOIS data?
-
Is it your assertion that the current Bulk WHOIS policy is open to abuse and this one tightens it for a group of people who will pay attention to this policy?
-
Is this information already copyrighted and if it is, does that offer enough protection?
-
-
Responses/Clarifications:
-
With the adoption of a unified WHOIS policy, there will be less abuse of the WHOIS data.
-
I think we probably don't want to rely on copyright. There is discussion in the U.S. Congress and in other parts of the world about taking away copyright protection in databases.
-
I think discussion of the legal wording is out of scope here. This is just a question of taking the existing wording and delivering it in association with the individual queries as well as the bulk queries that are supplied to you right now, and I think presumably after that unification, any future rewording of the policy should apply to all WHOIS queries, not just one or the other.
-
I think that the way that data is acquired shouldn't affect the rights people have and what they could do with it. However, a small amount of data might have some looser rights as is the case with copyrighted works, where you can quote a small piece of a work without having to ask permission.
-
The question as to whether the data should be treated differently, I guess, begs the point that there are two different data sets. As I recall, the Bulk WHOIS database has information stripped from it before it is made publicly available. The implication being that the public has said, we don't want bulk information to be used in the same way that usual queries are used.
-
I have to note though that if you get data from Bulk WHOIS, you go through the additional step of having to provide your name to ARIN and having to sign a service agreement. So there is a higher standard on how you get Bulk WHOIS data. It's still the same way here. It's just that [with this proposal] you have the Bulk WHOIS policy applying to all databases. The higher standard for Bulk WHOIS is still here.
-
Polling of Consensus:
Question:
Approve of Policy Proposal 2003-9?
Yes? 26 No? 1
RFC 2050 Working Group
Presentation (Read-only): PDF
Working Group Chair and Moderator: Mark McFadden
Mark provided a history of actions surrounding the updating of RFC 2050. He then put forward a proposal for drafting an Informational RFC to change the status of RFC 2050 to "Historical" and within the new RFC, reference current RIR policy documentation as well as describe the processes by which RIR policy is created. After that is done, ARIN could disband the RFC 2050 Working Group.
General Comments:
-
An informational document RFC that moves another document historic should explain why it is important to do so. So you should try and make it very clear that RFC 2050 is really not describing current policy and it's confusing to have it still there. I think this is a great way to proceed.
-
If you deprecate RFC 2050 to historical, the RIRs will have to change the portion of their policy that says our policies are all based on RFC 2050.
I have talked with some of the RIRs about this. Many of the RIRs have done that already, referencing their internal documents rather than the RFC 2050.
NRO Memorandum of Understanding Discussion
Presentation (Read-only): PDF
Presenter: Ray Plzak, ARIN CEO
Moderator: John Curran, ARIN Board of Trustees
Ray presented a summary of the purpose and structure of the Number Resource Organization (NRO) as well as a timeline of events leading up to this point.
General Comments:
-
I have a point of clarification. The Numbers Council, are they elected in the exact same fashion as the ASO AC is today or are they appointed?
-
There is a slight difference. Today in the Address Council, there are three members from each region and they are all elected. In the new council or proposed council, two members would be elected in the same manner from each region and a third one would be appointed by the RIR boards. This appointed person would give the RIRs a more direct input into the policy process that they don't have at the global level.
-
First of all, I would like to let the group know on the NRO comments mailing list and also in its archives is a letter that went from the Address Council to the CEOs of the RIRs plus the RIR boards that expressed the concerns and questions that the Address Council had. There was general support for this proposal, but there's also some significant concerns. I'm not going to reprise all of the issues that have been identified on the mailing list, but one of the things that I want to suggest is that there are some issues in the formation document, the second of the three documents that are being proposed by the RIR boards, that clearly have gone through legal counsel and it clearly has a lot of understanding behind them but when other people read them, that clarity isn't there. Is there any meaningful opportunity to change any of those first two documents?
-
These documents went out for a 30 day comment period and comments came in towards the end of the 30 day comment period. On the other hand, there's no reason to ask for input and then ignore it. There is every intention to have very rapid cycling of the documents among the boards to incorporate the comments we received throughout the period, including the comments from the Address Council. I'm afraid there won't be a chance to go out for a second set of comments but we should be able to incorporate the ones we've seen up until today.
Open Microphone
Moderator: Richard Jimmerson
Richard Jimmerson opened the Open Microphone session saying that if there’s anything to be discussed that is not on the public policy agenda, this is the time for those issues to be brought forth.
General Comments:
- George Michaelson - I meant to say this during Ginny's presentation about ERX but didn't have an opportunity. I would like to say a very good vote of thanks to Cathy Murphy who has been doing the work for the ERX transfers. It's very much appreciated.
-
Mark McFadden - In regards to the WHOIS privacy policy proposal, I would like to point people to the IPv4 requirements for requesting additional address space [on the ARIN website]. In the existing policy we have these words "ISPs with residential customers will provide the person's name, city, state, zip code, and country. The customer's street address will be replaced by "Private Residence," and the upstream POC may serve as the customer's contact." I'm not saying that answers the debate, but my point is that language is already in our policy, and so I think any new policy that were crafted has to reflect what's already in our policies, and I think the distance between what we already have and what's being proposed is very small.
Closing Announcements
Ray Plzak encouraged all attendees to complete the meeting survey available on ARIN's website. He again expressed thanks to the meeting sponsors - Server Central and ANet. He reminded the audience about the Cryptographic Authentication demonstration taking place immediately after the meeting, the ARIN Learning Center and Terminal Room, and the ARIN social.
Meeting Adjournment
The meeting was adjourned at 16:48 CDT.