On 6 Apr 2022, at 1:32 PM, William Herrin <bill@herrin.us> wrote:
On Wed, Apr 6, 2022 at 4:48 AM John Curran <jcurran@arin.net> wrote:
On 5 Apr 2022, at 11:57 PM, William Herrin <bill@herrin.us> wrote:
My objection lies in having ARIN's RSA adhere to my address block overall. I may feel differently about ARIN next year than I do this year but once I've signed that RSA, well, that's just too bad. I now have obligations to ARIN, some of them on shifting sand, and if I don't fulfill them the addresses are gone.
That’s an Interesting perspective - thank you for sending. It is true that both you and ARIN have obligations once you sign an RSA, but that’s true of any standardized agreement that you enter – standard agreements are found everywhere in life and are enforceable if applied uniformly with reasonable terms.
Hi John,
Why should I need an agreement with ARIN on the disposition of addresses which are already mine?
Bill - You don’t need an agreement in such a case (since ARIN’s already maintaining your address blocks in the registry without any fee or contract.)
Offer me an agreement confined to the things I don't have, like RPKI, and you'll empower me to do my part in making BGP a safer place without demanding I take on new risk.
Interesting philosophy - historically ARIN customers have asked for simplicity in the relationship; i.e. a single fee that encompasses all of the services - in this way, an organization can utilize something without having to “get new approval” and there’s no financial or service disincentive for deployment of IPv6, IRR, RPKI, etc. Feel free to propose an alternative structure if you think it makes sense - the suggestion process would be a good step (but feel free to run for the ARIN Board of Trustees if you want to really advocate for a different approach.)
The part of your statement I don’t understand is that some of your obligations to ARIN are "on shifting sand"… If anything, you’ve got more protections in place regarding your ARIN RSA agreement than likely in most other standard agreement contexts (although it is true that we at ARIN don’t exactly emphasize these aspects as often as we might…)
Compliance with ARIN public policy is incorporated by reference. ARIN policy shifts. ARIN business practices such as the fee structure are incorporated by reference. The business practices shift. Indeed, the fee structure was rearranged last year in a way that undermined one of the central tenets of the LRSA. To the consternation of some of the folks who had signed the LRSA.
The RSA requires the registrant to comply not just with the conditions at the time of signing but also with the ones which develop later. And tough luck if the registrant doesn't like them.
I'm on the same shifting sands with nearly every company I do business with. But in each of their cases, it's a trivial matter to switch to a competitor if I don't like next year's deal. I have no such risk mitigation in my interactions with ARIN. Perhaps if I was a multinational company doing business in multiple regions but alas I am not.
Indeed - you only emphasize why it is important for organizations to get involved in ARIN’s governance… It is not intended that your sole interaction with ARIN be via contractual mechanisms, but rather that network operators actually participate as members of the organization. Thanks, /John John Curran President and CEO American Registry for Internet Numbers