On 1 Sep 2021, at 4:35 PM, Chris Woodfield <ch...@semihuman.com> wrote: > In addition to the RSA language John cited, Section 12 of the NRPM gives ARIN > the right to review an organization’s resource usage at any time for > continued compliance with community-driven policy. I suspect that these > reviews are not common, however. What’s more common, in my view, is an > organization’s request for additional resources, which must come with > justification that currently-held resources are being used in compliance with > policy. I do not believe that these are checked against the original requests > for consistency, however.
ARIN has the benefit of clear policy in the NRPM 12 resource review, and as such we guide our activities in registry compliance to that NRPM section (e.g. when/how often we may conduct a review, etc.) It is worth noting that in cases of resources potentially obtained under fraudulent circumstances, we can and do reference the original request and whether resources were ever utilized for the purpose requested. > I’d be curious if the clause below can be interpreted as giving organizations > a duty to report *any* substantial changes in an organization’s allocation > plans if they diverge from the justification filed at the time of the > request, or only when such changes would have the effect of putting the > organization out of compliance with current policy. I can see the former > interpretation being rather troublesome for a large number of organizations, > given how often business plans and environments can change over time, as well > as adding quite a bit of (IMO unnecessary) overhead to IP allocation managers. Let us avoid trying to read additional duties into the RSA language – I am sure it is possible, but that path is fraught with peril and has no assurance of aligning with community intent. Rather, it would be best for the community to determine what reporting is most appropriate, and instantiate policy (e.g. into NRPM section 3) that makes such obligations clear. In this manner, ARIN gains solid guidance on administration of the registry, and the terms of the RSA can be used to support enforcement if such becomes necessary. > That said, I can see ARIN being quite justified in reclaiming resources if > the justification documentation filed with the request had no bearing to the > org’s actual plans. Indeed, as making a fabricated resource request is not only contrary to agreed contractual terms, but may be an actual criminal act depending of the specific circumstances. Thanks! /John John Curran President and CEO American Registry for Internet Numbers _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
