Re: [arin-ppml] 2014-1 (Out of region use)

Tue, 14 Apr 2015 11:17:59 -0700 

On Tue, 14 Apr 2015, Andrew Dul wrote:
Here is a suggested addition to the draft policy's first paragraph in an attempt to alleviate some of the issues raised by the staff & legal assessment by increasing the nexus requirement slightly. 



Out of region use of IPv4, IPv6, or ASNs are valid justification for 
additional number resources if the applicant is currently using at least the 
equivalent of a /22 of IPv4, /44 of IPv6, or 1 ASN within the ARIN service 
region, respectively.  At least 10% of the additional resource request or 20% 
of all an organizations resources must be used in the ARIN service region.



I wouldn't object to this (now that it's been tempered with the "or 
20%..."), but I don't think this will be effective in preventing the sort 
of fraudulent or "RIR shopping" requests people seem to be worried about.



As was just mentioned at the meeting, a major concern some seem to have 
with 2014-1 is a question of security:



"How do we allow ARIN members to use ARIN space globally without 
restrictions, but prevent out of region organizations from becoming ARIN 
members for the purpose of acquiring ARIN resources to be used entirely

outside the ARIN region?"


I don't have a good answer for that question, but I do wonder if the 
question is relevant?  As has previously been mentioned on PPML, an 
organization can setup a "dummy" network using as little as some in-region 
cloud computing resources to "fake out" the nexus requirement.  What's to 
stop them from doing the same thing to hide that their request is for 
resources to be used out of region?  If an org is going to commit fraud to 
obtain ARIN resources, I don't see that 2014-1 opening additional 
fraudulent routes to obtaining ARIN resources is the huge problem some 
seem to think it is.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.






















					Reply via email to