On Thu, Feb 3, 2011 at 1:34 PM, Jay Ashworth <jra@baylink.com> wrote:
I strongly suspect that his question is actually "Does ARIN have any enforceable legal authority to compel an entity to cease using a specific block of address space, absent a contract?"
ARIN has about as much to do with legally compelling an entity (who has signed no contract with ARIN) to stop using a block of IP address space, as a DNSBL has to do with compelling some random spammer to stop attempting to send spam. What keeps people using only IPs they were allocated by a registry are network policies of cooperating networks who are independent of ARIN (aside from possibly receiving an assignment of their own from ARIN). The RIRs and IANA have not been shown to have any legally enforceable authority of their own to stop an IP network from using IPs not assigned by the registry, or to prevent someone from starting to use IPs already assigned by the RIR to someone else. If you need examples; look at all the unofficial usage of 1.0.0.0/8 and 5.0.0.0/8 in private networks, that the RIRs did not attempt to compel anyone to stop. ARIN does not appear to directly legally compel any entity to cease using any specific block of address space. Neither is any other RIR in the business of 'enforcing' that only a registrant uses the IPs, nor does the registry detect if a wrong entity is using the IPs. Neither does any internet registry promise that allocations can be routed on the public internet. You can ignore the RIRs and use whatever IP addresses you want, at your own peril. That peril is not created by any RIR, however; the "peril" is the community response, and response by other organizations you rely on for connectivity. Neither does any internet registry promise that allocations will be unique on the public internet. A competing (non-cooperating) registry could have made a conflicting assignment. The RIRs can only make promises about uniqueness within their own allocations, and that they made the allocations within address space they were delegated by other registries according to their policies. The only thing a registration tells you the registrant is this particular registry administers a database containing that block of IPs, and you are the only organization currently assigned that IP space _by that registry_. If you as a network operator do not cooperate with IANA, then, perhaps you create your own registry, and just use whatever IP addresses you want. However, other networks may refuse to interconnect with you due to their policies determining that to be "improper addressing". It is not as if ARIN has a policy of looking for hijacked/unofficial announcements of address space and dispatching an army of lawyers with 'cease and decist' letters. Instead, what happens is members of the internet community investigate IP space and AS numbers before turning up new interconnections, and decide on their own, which blocks to route, based on peering network's request. Internet connected networks will find the entry in the IANA database for the /8 the requested prefix resides in, find delegation to ARIN, look in the ARIN WHOIS database, and then make a decision to route the blocks or not. The new peer might be required to show correct current registry delegation of the block, authorization from the contact listed in the database, OR merely sign a promise that they will only originate prefixes assigned to them through IANA or a RIR recognized by IANA, BUT the registry operator, ARIN itself is not the entity that imposes any specific requirement. If IP address space is legacy and not properly kept up to date in the registry under current RIR policies, then some community members might choose to reject or disallow their use by a peer, based on their own internal routing policies. Also, many members of the community rely on the ICANN delegated DNS root for all DNS lookups. the .ARPA TLD servers refer to ARIN for Reverse DNS; which is important for adequate SMTP operation, in many mail environments, lack of proper reverse DNS can lead to mail being rejected. If IP address spaces appear to be used by a person other than the registrant, the listed registrant might submit complaints to ISPs in order to act according to their network's routing policies; if their policy is to recognize ARIN's listings as the authoritative ones, they might even turn off prior users of the IP addresses. There is the RPKI pilot. In the future, members of the community may authenticate resource assignment through resource certification according to the policies of the accepted registry, through cryptographic methods. That would certainly give ICANN, IANA, and the RIRs stronger technical enforcement powers. It's even conceivable this could be used in the future to "Revoke such and such evil outside country network's Resource certificates" (so they will be forcibly disconnected) But it's still not 'legal' enforcement of resource 'ownership'. The community members still have the ability to accept use of IP address blocks outside what ARIN determines to be the proper registrations, and recourse is not really ARIN's, if someone other than the proper registrant is making use of the IP address space in disagreement with the registry. -- -JH