Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
NANOGers - At present ARIN continues to provide the favorable annual maintenance fee cap for legacy resource holders who enter into an LRSA with ARIN, but this cap on total maintenance fees not be offered to those entering an LRSA after 31 Dec 2023 and they will instead paying the same registration services plan fees as all other ARIN customers. See attached announcement for details. We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services as well as being able to access ARIN’s more advanced services such as the Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI) services. FYI, /John John Curran President and CEO American Registry for Internet Numbers Begin forwarded message: From: ARIN <info@arin.net<mailto:info@arin.net>> Subject: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023 Date: 13 September 2022 at 2:54:03 PM EDT To: "arin-announce@arin.net<mailto:arin-announce@arin.net>" <arin-announce@arin.net<mailto:arin-announce@arin.net>> On 11 October 2007, ARIN implemented the first version of the Legacy Registration Services Agreement (LRSA). This agreement and the fees associated with legacy resources have been modified several times over the past 15 years. The most recent change was in 2022 when ARIN transitioned all customers with IPv4 and/or IPv6 number resources to the same Registration Services Plan (RSP) Fee Schedule which has fee categories based on the total amount of resources held. This most recent change brought those organizations that were issued resources before the formation of ARIN (also known as “legacy resource holders”) into the new Fee Schedule. ARIN also continued providing legacy resource holders a cap on the total amount of maintenance fees due annually – the “annual legacy maintenance fee cap” – that has been offered since the introduction of the LRSA to encourage entry into an LRSA and normalization of these customers’ contractual relationship with ARIN. The “annual legacy maintenance fee cap” is presently set at $150 per year (and will increase by $25 in each subsequent year.) On 4 August 2022, the ARIN Board of Trustees voted unanimously in favor of ending the annual legacy maintenance fee cap applied to legacy resources brought under an LRSA beginning 1 January 2024. All organizations with active LRSA agreements entered prior to 1 January 2024 will continue to have their fees limited for legacy resources covered before that date per the annual legacy maintenance fee cap as noted above. Any new legacy resources brought under an LRSA as of 1 January 2024 forward will fall under the full, normal RSP fees. We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services as well as being able to access ARIN’s more advanced services such as the Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI) services. If you have any questions about billing or the 2022 Fee Schedule, please contact 2022Fees@arin.net<mailto:2022Fees@arin.net>. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) ----------- REFERENCE LINKS 11 October 2007 Announcement: https://www.arin.net/vault/announcements/2007/20071011.html ARIN Fee Schedule: https://www.arin.net/resources/fees/ August 2022 Board of Trustees Minutes: https://www.arin.net/about/welcome/board/meetings/2022_0803/ ARIN Services Available to Legacy Organizations: https://www.arin.net/resources/guide/legacy/services/ _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce@arin.net<mailto:ARIN-announce@arin.net>). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-announce Please contact info@arin.net if you experience any issues.
On Tue, 13 Sep 2022, Randy Bush wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
consult a competent lawyer before signing an LRSA randy I concur , And seconded .
Hth , JimL -- +---------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network & System Engineer | 3237 Holden Road | Give me Linux | | jiml@system-techniques.com | Fairbanks, AK. 99709 | only on AXP | +---------------------------------------------------------------------+
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof. The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite. By contrast, RIPE has developed a much more welcoming stance on legacy resources, including: * retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead. Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that. Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes. John
John - Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region. For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region. As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs. In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
NANOGers - My bad – one typo in the message that follows; it should read “… it is important that ARIN not _sunset_ availability of the legacy fee cap …” (NOT subset, subnet, subject, etc.) Thanks! /John John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 4:34 PM, John Curran <jcurran@arin.net> wrote:
John -
Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.
For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region.
As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs.
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Yo John! On Thu, 15 Sep 2022 20:34:43 +0000 John Curran <jcurran@arin.net> wrote:
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Not been my experience. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
On 15 Sep 2022, at 4:45 PM, Gary E. Miller <gem@rellim.com> wrote:
On Thu, 15 Sep 2022 20:34:43 +0000 John Curran <jcurran@arin.net> wrote:
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Not been my experience.
Gary - We do have some cases where folks have difficulty demonstrating that the resources were issued to them (and/or have disputes between parties over who is the actual rights holder), but otherwise you should be able to create an ARIN Online account and administer ARIN services for the address block without any agreement - see https://www.arin.net/resources/guide/legacy/services/ <https://www.arin.net/resources/guide/legacy/services/> for details. The intent is that legacy resource holders receive the same registry services (w/o fee or contract) as they did before ARIN’s inception. If you’ve got a situation where you believe that has not been the case, reach out to our Registration Services Helpdesk <https://www.arin.net/resources/guide/helpdesk/ <https://www.arin.net/resources/guide/helpdesk/>>, and if that fails, reach out to me and provide a reference to the appropriate ARIN ticket(s) so that I can review. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working. We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.) Tom Krenn Network Architect Enterprise Architecture - Information Technology -----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of John Curran Sent: Thursday, September 15, 2022 3:35 PM To: John Gilmore <gnu@toad.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments. John - Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region. For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region. As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs. In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders. As you mentioned, that would probably have a price tag attached to it to cover the costs for such operations, but a contract could stay away from ownership issues and not either say the blocks are yours or that the blocks could be taken from you. Pay for the services, get RPKI; don't pay them, RPKI ROAs expire. I have a feeling that the recurring cost would be higher than using the scale that the RIR system has in providing those services, and that doing RIR-shopping (like what was already suggested here, moving the resources to RIPE) is simpler and more cost effective. But this would at least expose the real costs without making the RIR-allocated resource holders subsidize legacy resource holders, which is the good thing I see in the direction ARIN is going. Rubens On Fri, Sep 16, 2022 at 5:18 AM Tom Krenn via NANOG <nanog@nanog.org> wrote:
Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working.
We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.)
Tom Krenn Network Architect Enterprise Architecture - Information Technology
-----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of John Curran Sent: Thursday, September 15, 2022 3:35 PM To: John Gilmore <gnu@toad.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
John -
Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.
For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region.
As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs.
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh? randy
On Fri, Sep 16, 2022 at 7:07 AM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
I'm not fond of that decision either, but at this point it is how it is. We already have the operation of inter-RIR reverse DNS synchronization since each /8 is not single-RIR anymore, and I believe a similar mechanism could have allowed for a single RPKI root. But I note that the 0/0 trust anchors preceded IANA transition to PTI, and that even after the transition, we still have an organization that doesn't have jurisdictional immunity in the US to prevent possible petty challenges to the system. So the world at large still benefits from the multiple trust anchor design, when all trade-offs are accounted for. Rubens
On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
Which means that all you'd need is a volunteer group with "street cred" to set up an RPKI for legacy holders and then convince folks to use their trust anchor too. Or have I missed something? Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 9:46 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
Which means that all you'd need is a volunteer group with "street cred" to set up an RPKI for legacy holders and then convince folks to use their trust anchor too. Or have I missed something?
Merit, perhaps ? But they would need to do a much stricter validation that they currently have in RADB, which is more like Sledgehammer motto "Trust me, I know what I'm doing". Rubens
On Thu, Sep 15, 2022 at 7:32 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 9:46 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
Which means that all you'd need is a volunteer group with "street cred" to set up an RPKI for legacy holders and then convince folks to use their trust anchor too. Or have I missed something?
Merit, perhaps ?
But they would need to do a much stricter validation that they currently have in RADB, which is more like Sledgehammer motto "Trust me, I know what I'm doing".
Hi Rubens, Last I checked, Merit was -really- expensive for RADB. I don't really see getting more than about 5 figures total per year out of the legacy registrants for RPKI, if that much. I think it'd have to be a volunteer effort or something funded by someone who finds it to their advantage that the legacy registrants publish RPKI records. Like the way Letsencrypt is funded. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 10:41 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 7:32 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 9:46 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
Which means that all you'd need is a volunteer group with "street cred" to set up an RPKI for legacy holders and then convince folks to use their trust anchor too. Or have I missed something?
Merit, perhaps ?
But they would need to do a much stricter validation that they currently have in RADB, which is more like Sledgehammer motto "Trust me, I know what I'm doing".
Hi Rubens,
Last I checked, Merit was -really- expensive for RADB. I don't really see getting more than about 5 figures total per year out of the legacy registrants for RPKI, if that much. I think it'd have to be a volunteer effort or something funded by someone who finds it to their advantage that the legacy registrants publish RPKI records. Like the way Letsencrypt is funded.
Legacy holders are sitting on millions or billions worth of assets. RADB USD 595 a year is pennies in comparison, and USD 1k or 2k a year for the RPKI service would still be 1E-10 of the asset value. Rubens
On Thu, Sep 15, 2022 at 7:46 PM Rubens Kuhl <rubensk@gmail.com> wrote:
Legacy holders are sitting on millions or billions worth of assets. RADB USD 595 a year is pennies in comparison, and USD 1k or 2k a year for the RPKI service would still be 1E-10 of the asset value.
Hi Rubens, Well, I'm one of the people who'd publish RPKI records for my /23 if I had the ability to do so and I definitely would NOT pay merit $595/yr (let alone $1k or $2k) to gain that ability. YMMV but I'm willing to bet there's not enough money out there to fund it with direct user fees and even if there was, the level of participation in the presence of more than trivial user fees would be too low to be worth the effort. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 10:56 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 7:46 PM Rubens Kuhl <rubensk@gmail.com> wrote:
Legacy holders are sitting on millions or billions worth of assets. RADB USD 595 a year is pennies in comparison, and USD 1k or 2k a year for the RPKI service would still be 1E-10 of the asset value.
Hi Rubens,
Well, I'm one of the people who'd publish RPKI records for my /23 if I had the ability to do so and I definitely would NOT pay merit $595/yr (let alone $1k or $2k) to gain that ability. YMMV but I'm willing to bet there's not enough money out there to fund it with direct user fees and even if there was, the level of participation in the presence of more than trivial user fees would be too low to be worth the effort.
Your /23 is worth only USD 30k, so you are definitely not in a position to find that affordable. It seems ARIN LRSA with the current fees and caps would be the best option, and that option has a time limit. Rubens
On Thu, Sep 15, 2022 at 8:51 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 10:56 AM William Herrin <bill@herrin.us> wrote:
Well, I'm one of the people who'd publish RPKI records for my /23 if I had the ability to do so and I definitely would NOT pay merit $595/yr (let alone $1k or $2k) to gain that ability. YMMV but I'm willing to bet there's not enough money out there to fund it with direct user fees and even if there was, the level of participation in the presence of more than trivial user fees would be too low to be worth the effort.
Your /23 is worth only USD 30k, so you are definitely not in a position to find that affordable. It seems ARIN LRSA with the current fees and caps would be the best option, and that option has a time limit.
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 8:51 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 10:56 AM William Herrin <bill@herrin.us> wrote:
Well, I'm one of the people who'd publish RPKI records for my /23 if I had the ability to do so and I definitely would NOT pay merit $595/yr (let alone $1k or $2k) to gain that ability. YMMV but I'm willing to bet there's not enough money out there to fund it with direct user fees and even if there was, the level of participation in the presence of more than trivial user fees would be too low to be worth the effort.
Your /23 is worth only USD 30k, so you are definitely not in a position to find that affordable. It seems ARIN LRSA with the current fees and caps would be the best option, and that option has a time limit.
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change. But it will be too late then to join the system, so you just sell it for USD 50k and start using NAT. Just a calculation: current LRSA fee is USD 150, cap is 25 USD per year increase. 2X-Small is USD 500 per year, so it will take 14 years to reach that level. Pick your poison, NAT or LRSA. Rubens Rubens
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens, If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
But it will be too late then to join the system, so you just sell it for USD 50k and start using NAT.
Since I can convert to the regular ARIN RSA at any time and gain access to RPKI the concept of "too late" doesn't really exist here.
Just a calculation: current LRSA fee is USD 150, cap is 25 USD per year increase. 2X-Small is USD 500 per year, so it will take 14 years to reach that level. Pick your poison, NAT or LRSA.
Yah, except at some point I'll get a /48 bumping my $150/yr AS fee up to a $250/yr service fee. Then the delta to add my legacy /23 is only $250. In 4 years, the LRSA fee will be $250, the same amount. But that's not the break-even point. If I wait one year, its $250*3=$750 vs $150+$175+$200+$225=$750. I break even on the legacy fee schedule by waiting just one year and then taking the regular annual fee. Actually, it's a little funkier than that because my AS and /23 are under different org ids. When I do all this, I'll have to pay the one time $500 M&A fee or else in year 5 the LRSA for the /23 plus the $250/yr for IPv6 and an AS will actually cost more than $500/yr and will keep growing annually to $750. Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 12:45 PM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens,
If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
I don't think people will look at even the class, and definitively not to legacy or non-legacy partitions. They will either drop it all, or not drop it at all. Note that when the only IP blocks that spammers and abusers can inject in the system are non-signed ones, those blocks will get bad reputations pretty fast. So the legacy holders use case for RPKI might come sooner than you think.
Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI.
Discarding RPKI-invalids is something you can do right now and that doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is the thankless gift you can give to the community. Rubens
On Sep 15, 2022, at 22:04 , Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 12:45 PM William Herrin <bill@herrin.us <mailto:bill@herrin.us>> wrote:
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens,
If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
I don't think people will look at even the class, and definitively not to legacy or non-legacy partitions. They will either drop it all, or not drop it at all.
Note that when the only IP blocks that spammers and abusers can inject in the system are non-signed ones, those blocks will get bad reputations pretty fast. So the legacy holders use case for RPKI might come sooner than you think.
Nah… Because the reputations will still be the individual /24s and while lots of /24s around mine have bad reputations, mine doesn’t and never has (modulo a couple of administrative errors that were on me and legitimately my fault, not actual spammers).
Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI.
Discarding RPKI-invalids is something you can do right now and that doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is the thankless gift you can give to the community.
Yes, but I think that RPKI unknowns are never going to be something that can be safely dropped and 90% of RPKI invalids so far seem to be people making RPKI mistakes with their legitimate announcements. The more I look at RPKI, the more it looks like a lot of effort with very little benefit to the community. YMMV Owen
On 18 Sep 2022, at 20:17, Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Sep 15, 2022, at 22:04 , Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 12:45 PM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens,
If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
I don't think people will look at even the class, and definitively not to legacy or non-legacy partitions. They will either drop it all, or not drop it at all.
Note that when the only IP blocks that spammers and abusers can inject in the system are non-signed ones, those blocks will get bad reputations pretty fast. So the legacy holders use case for RPKI might come sooner than you think.
Nah… Because the reputations will still be the individual /24s and while lots of /24s around mine have bad reputations, mine doesn’t and never has (modulo a couple of administrative errors that were on me and legitimately my fault, not actual spammers).
Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI.
Discarding RPKI-invalids is something you can do right now and that doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is the thankless gift you can give to the community.
Yes, but I think that RPKI unknowns are never going to be something that can be safely dropped and 90% of RPKI invalids so far seem to be people making RPKI mistakes with their legitimate announcements.
The more I look at RPKI, the more it looks like a lot of effort with very little benefit to the community.
While I’m sure that most would agree that RPKI offers at least some benefits, perhaps the problem is the cost/benefit of doing RPKI in the ARIN region compared to the rest of the world, e.g. ticketed requests to set it up, no indication of what the effect of your ROA is going to be before you publish, handling ROA expiry manually, etc. In other regions using RPKI is orders of magnitude simpler to set up and maintain, and a lot less error prone. They provide alerting when your ROA do not seem to match what is seen in BGP, create matching route: objects, etc. To illustrate, here’s a video of the RIPE NCC management UI from 2015 (!): https://youtu.be/gLwHp12wOGw (And no, the nonrepudiation requirement in ARIN is not an excuse) -Alex
YMMV
Owen
Since at its best, all RPKI can provide is a hint at how to properly lie about an announcement (i.e. what you must prepend in order for it to be believed), I remain unconvinced that it provides any actual benefit except, perhaps, to the largest and most well known ASNs as originators. Owen
On Sep 18, 2022, at 11:38 , Alex Band <alex@nlnetlabs.nl> wrote:
On 18 Sep 2022, at 20:17, Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Sep 15, 2022, at 22:04 , Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 12:45 PM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens,
If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
I don't think people will look at even the class, and definitively not to legacy or non-legacy partitions. They will either drop it all, or not drop it at all.
Note that when the only IP blocks that spammers and abusers can inject in the system are non-signed ones, those blocks will get bad reputations pretty fast. So the legacy holders use case for RPKI might come sooner than you think.
Nah… Because the reputations will still be the individual /24s and while lots of /24s around mine have bad reputations, mine doesn’t and never has (modulo a couple of administrative errors that were on me and legitimately my fault, not actual spammers).
Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI.
Discarding RPKI-invalids is something you can do right now and that doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is the thankless gift you can give to the community.
Yes, but I think that RPKI unknowns are never going to be something that can be safely dropped and 90% of RPKI invalids so far seem to be people making RPKI mistakes with their legitimate announcements.
The more I look at RPKI, the more it looks like a lot of effort with very little benefit to the community.
While I’m sure that most would agree that RPKI offers at least some benefits, perhaps the problem is the cost/benefit of doing RPKI in the ARIN region compared to the rest of the world, e.g. ticketed requests to set it up, no indication of what the effect of your ROA is going to be before you publish, handling ROA expiry manually, etc.
In other regions using RPKI is orders of magnitude simpler to set up and maintain, and a lot less error prone. They provide alerting when your ROA do not seem to match what is seen in BGP, create matching route: objects, etc.
To illustrate, here’s a video of the RIPE NCC management UI from 2015 (!):
https://youtu.be/gLwHp12wOGw <https://youtu.be/gLwHp12wOGw>
(And no, the nonrepudiation requirement in ARIN is not an excuse)
-Alex
YMMV
Owen
On 18 Sep 2022, at 20:42, Owen DeLong <owen@delong.com> wrote:
Since at its best, all RPKI can provide is a hint at how to properly lie about an announcement (i.e. what you must prepend in order for it to be believed), I remain unconvinced that it provides any actual benefit except, perhaps, to the largest and most well known ASNs as originators.
Owen
That’s not the point I’m making. You said something about the number of invalids and people making mistakes. I argue that may be because of ARIN’s service offering. After over a decade of service, I wonder why it’s not better. There is plenty of inspiration to take from the other RIRs. -Alex
On Sep 18, 2022, at 11:38 , Alex Band <alex@nlnetlabs.nl> wrote:
On 18 Sep 2022, at 20:17, Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Sep 15, 2022, at 22:04 , Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 12:45 PM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote: > No, the best option for me right now is that I just don't participate > in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens,
If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
I don't think people will look at even the class, and definitively not to legacy or non-legacy partitions. They will either drop it all, or not drop it at all.
Note that when the only IP blocks that spammers and abusers can inject in the system are non-signed ones, those blocks will get bad reputations pretty fast. So the legacy holders use case for RPKI might come sooner than you think.
Nah… Because the reputations will still be the individual /24s and while lots of /24s around mine have bad reputations, mine doesn’t and never has (modulo a couple of administrative errors that were on me and legitimately my fault, not actual spammers).
Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI.
Discarding RPKI-invalids is something you can do right now and that doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is the thankless gift you can give to the community.
Yes, but I think that RPKI unknowns are never going to be something that can be safely dropped and 90% of RPKI invalids so far seem to be people making RPKI mistakes with their legitimate announcements.
The more I look at RPKI, the more it looks like a lot of effort with very little benefit to the community.
While I’m sure that most would agree that RPKI offers at least some benefits, perhaps the problem is the cost/benefit of doing RPKI in the ARIN region compared to the rest of the world, e.g. ticketed requests to set it up, no indication of what the effect of your ROA is going to be before you publish, handling ROA expiry manually, etc.
In other regions using RPKI is orders of magnitude simpler to set up and maintain, and a lot less error prone. They provide alerting when your ROA do not seem to match what is seen in BGP, create matching route: objects, etc.
To illustrate, here’s a video of the RIPE NCC management UI from 2015 (!):
(And no, the nonrepudiation requirement in ARIN is not an excuse)
-Alex
YMMV
Owen
"Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI." Excellent 1 line summary! Tom Krenn Network Architect Enterprise Architecture - Information Technology -----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of William Herrin Sent: Thursday, September 15, 2022 11:45 PM To: Rubens Kuhl <rubensk@gmail.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us> wrote:
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change.
Hi Rubens, If you want to bet me on folks ever deciding to discard RPKI-unknowns down in the legacy class C's I'll be happy to take your money.
But it will be too late then to join the system, so you just sell it for USD 50k and start using NAT.
Since I can convert to the regular ARIN RSA at any time and gain access to RPKI the concept of "too late" doesn't really exist here.
Just a calculation: current LRSA fee is USD 150, cap is 25 USD per year increase. 2X-Small is USD 500 per year, so it will take 14 years to reach that level. Pick your poison, NAT or LRSA.
Yah, except at some point I'll get a /48 bumping my $150/yr AS fee up to a $250/yr service fee. Then the delta to add my legacy /23 is only $250. In 4 years, the LRSA fee will be $250, the same amount. But that's not the break-even point. If I wait one year, its $250*3=$750 vs $150+$175+$200+$225=$750. I break even on the legacy fee schedule by waiting just one year and then taking the regular annual fee. Actually, it's a little funkier than that because my AS and /23 are under different org ids. When I do all this, I'll have to pay the one time $500 M&A fee or else in year 5 the LRSA for the /23 plus the $250/yr for IPv6 and an AS will actually cost more than $500/yr and will keep growing annually to $750. Anyway, the risk/reward calculation for NOT signing the LRSA right now is really a no-brainer. It's just unfortunate that means I won't get an early start on RPKI. Regards, Bill Herrin -- For hire. https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbill.herri... Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
On Sep 15, 2022, at 21:09 , Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 11:55 AM William Herrin <bill@herrin.us <mailto:bill@herrin.us>> wrote:
On Thu, Sep 15, 2022 at 8:51 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 10:56 AM William Herrin <bill@herrin.us> wrote:
Well, I'm one of the people who'd publish RPKI records for my /23 if I had the ability to do so and I definitely would NOT pay merit $595/yr (let alone $1k or $2k) to gain that ability. YMMV but I'm willing to bet there's not enough money out there to fund it with direct user fees and even if there was, the level of participation in the presence of more than trivial user fees would be too low to be worth the effort.
Your /23 is worth only USD 30k, so you are definitely not in a position to find that affordable. It seems ARIN LRSA with the current fees and caps would be the best option, and that option has a time limit.
No, the best option for me right now is that I just don't participate in RPKI and the system has one less participant. And that's a shame.
That's only true in the current environment where RPKI is only used to invalidate bogus routes. When any reachability for RPKI-unknowns is lost, that will change. But it will be too late then to join the system, so you just sell it for USD 50k and start using NAT.
I think that the likelihood of that happening while IPv4 is still important is very near 0%.
Just a calculation: current LRSA fee is USD 150, cap is 25 USD per year increase. 2X-Small is USD 500 per year, so it will take 14 years to reach that level. Pick your poison, NAT or LRSA.
Neither… I am pretty convinced that neither one will be necessary. Owen
An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything. As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years. Tom Krenn Network Architect Enterprise Architecture - Information Technology -----Original Message----- From: Rubens Kuhl <rubensk@gmail.com> Sent: Thursday, September 15, 2022 5:56 PM To: Tom Krenn <Tom.Krenn@hennepin.us> Cc: John Curran <jcurran@arin.net>; John Gilmore <gnu@toad.com>; North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders. As you mentioned, that would probably have a price tag attached to it to cover the costs for such operations, but a contract could stay away from ownership issues and not either say the blocks are yours or that the blocks could be taken from you. Pay for the services, get RPKI; don't pay them, RPKI ROAs expire. I have a feeling that the recurring cost would be higher than using the scale that the RIR system has in providing those services, and that doing RIR-shopping (like what was already suggested here, moving the resources to RIPE) is simpler and more cost effective. But this would at least expose the real costs without making the RIR-allocated resource holders subsidize legacy resource holders, which is the good thing I see in the direction ARIN is going. Rubens On Fri, Sep 16, 2022 at 5:18 AM Tom Krenn via NANOG <nanog@nanog.org> wrote:
Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working.
We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.)
Tom Krenn Network Architect Enterprise Architecture - Information Technology
-----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of John Curran Sent: Thursday, September 15, 2022 3:35 PM To: John Gilmore <gnu@toad.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
John -
Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.
For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region.
As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs.
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything. As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years. Tom - Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/>) strikes much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA. FYI, /John John Curran President and CEO American Registry for Internet Numbers
Thanks John! I've been working on this with our attorneys for almost a year. I did send over the revisions and it will be good to see what they say. But I'm not sure it will be enough to reduce the perceived risk. Has ARIN considered separating the fee structure and service goals from the drive to get everyone under an RSA? Tom Krenn Network Architect Enterprise Architecture - Information Technology [Hennepin County logo] From: John Curran <jcurran@arin.net> Sent: Thursday, September 15, 2022 8:42 PM To: Tom Krenn <Tom.Krenn@hennepin.us> Cc: Rubens Kuhl <rubensk@gmail.com>; North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything. As John said " I will note that ARIN's approach is the result of aiming for a different target - that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years. Tom - Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.net%2Fannouncements%2F20220912%2F&data=05%7C01%7CTom.Krenn%40hennepin.us%7C970ff4a0fade4b7b0d3308da9784b663%7C8aefdf9f878046bf8fb74c924653a8be%7C0%7C0%7C637988893501824755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbnXoX6%2BXkkwKC6sbxokXipFpmdFq8839TvtK0F4SNY%3D&reserved=0>>) strikes much of the language in section 7 that some legal teams had objection to... It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA. FYI, /John John Curran President and CEO American Registry for Internet Numbers Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
Tom - It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable. (This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming – https://www.arin.net/announcements/20220906-arinslate/ ) FYI, /John John Curran President and CEO American Registry for Internet Numbers On 16 Sep 2022, at 9:55 AM, Tom Krenn via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: Thanks John! I’ve been working on this with our attorneys for almost a year. I did send over the revisions and it will be good to see what they say. But I’m not sure it will be enough to reduce the perceived risk. Has ARIN considered separating the fee structure and service goals from the drive to get everyone under an RSA? Tom Krenn Network Architect Enterprise Architecture - Information Technology From: John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> Sent: Thursday, September 15, 2022 8:42 PM To: Tom Krenn <Tom.Krenn@hennepin.us<mailto:Tom.Krenn@hennepin.us>> Cc: Rubens Kuhl <rubensk@gmail.com<mailto:rubensk@gmail.com>>; North American Network Operators' Group <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything. As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years. Tom - Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.net%2Fannouncements%2F20220912%2F&data=05%7C01%7CTom.Krenn%40hennepin.us%7C970ff4a0fade4b7b0d3308da9784b663%7C8aefdf9f878046bf8fb74c924653a8be%7C0%7C0%7C637988893501824755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbnXoX6%2BXkkwKC6sbxokXipFpmdFq8839TvtK0F4SNY%3D&reserved=0>>) strikes much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA. FYI, /John John Curran President and CEO American Registry for Internet Numbers Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
On Fri, Sep 16, 2022, 8:55 AM John Curran <jcurran@arin.net> wrote:
Tom -
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming –
Unless the rules have changed, this statement is incorrect. The board is not elected by the community, it is elected by ARIN customers who pay for the privilege to vote. Even though I pay significant money to ARIN I am not allowed to vote, but as far as I know, I am a part of the community. https://www.arin.net/announcements/20220906-arinslate/ )
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
On 16 Sep 2022, at 9:55 AM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
Thanks John! I’ve been working on this with our attorneys for almost a year. I did send over the revisions and it will be good to see what they say. But I’m not sure it will be enough to reduce the perceived risk. Has ARIN considered separating the fee structure and service goals from the drive to get everyone under an RSA?
Tom Krenn
Network Architect
Enterprise Architecture - Information Technology
*From:* John Curran <jcurran@arin.net> *Sent:* Thursday, September 15, 2022 8:42 PM *To:* Tom Krenn <Tom.Krenn@hennepin.us> *Cc:* Rubens Kuhl <rubensk@gmail.com>; North American Network Operators' Group <nanog@nanog.org> *Subject:* Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything.
As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years.
Tom -
Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - < https://www.arin.net/announcements/20220912/ <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.net%2Fannouncements%2F20220912%2F&data=05%7C01%7CTom.Krenn%40hennepin.us%7C970ff4a0fade4b7b0d3308da9784b663%7C8aefdf9f878046bf8fb74c924653a8be%7C0%7C0%7C637988893501824755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbnXoX6%2BXkkwKC6sbxokXipFpmdFq8839TvtK0F4SNY%3D&reserved=0>>) strikes much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA.
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
*Disclaimer:* If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
On 16 Sep 2022, at 12:09 PM, Steve Noble <snoble@sonn.com<mailto:snoble@sonn.com>> wrote: (This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming – Unless the rules have changed, this statement is incorrect. The board is not elected by the community, it is elected by ARIN customers who pay for the privilege to vote. Even though I pay significant money to ARIN I am not allowed to vote, but as far as I know, I am a part of the community. Steve - If you have IPv4 or IPv6 resources under an RSA/LRSA, then you are an ARIN service member. ARIN service members in good standing can (via ARIN online or by contacting the RSD helpdesk) opt to become ARIN general members and participate in ARIN governance – this includes agreeing to be included on the ARIN member list, assigning a voting contact for your organization, and participating in ARIN elections. See more information here - https://www.arin.net/participate/oversight/membership/explained/ Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022, 9:23 AM John Curran <jcurran@arin.net> wrote:
On 16 Sep 2022, at 12:09 PM, Steve Noble <snoble@sonn.com> wrote:
(This is the direction that the ARIN Board of Trustees has set based on
community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming –
Unless the rules have changed, this statement is incorrect.
The board is not elected by the community, it is elected by ARIN customers who pay for the privilege to vote.
Even though I pay significant money to ARIN I am not allowed to vote, but as far as I know, I am a part of the community.
Steve -
If you have IPv4 or IPv6 resources under an RSA/LRSA, then you are an ARIN service member.
ARIN service members in good standing can (via ARIN online or by contacting the RSD helpdesk) opt to become ARIN general members and participate in ARIN governance – this includes agreeing to be included on the ARIN member list, assigning a voting contact for your organization, and participating in ARIN elections.
Hi John, My point was that you said community, not general members. I understand that I am blocked from voting because I don't pay enough.
See more information here - https://www.arin.net/participate/oversight/membership/explained/
Thanks, /John
John Curran President and CEO American Registry for Internet Numbers
On 16 Sep 2022, at 12:26 PM, Steve Noble <snoble@sonn.com<mailto:snoble@sonn.com>> wrote: On Fri, Sep 16, 2022, 9:23 AM John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: Steve - If you have IPv4 or IPv6 resources under an RSA/LRSA, then you are an ARIN service member. ARIN service members in good standing can (via ARIN online or by contacting the RSD helpdesk) opt to become ARIN general members and participate in ARIN governance – this includes agreeing to be included on the ARIN member list, assigning a voting contact for your organization, and participating in ARIN elections. Hi John, My point was that you said community, not general members. I understand that I am blocked from voting because I don't pay enough. There is no additional fee involved in becoming an ARIN general member - it’s available to all service members in good standing upon request (“good standing” meaning current with ARIN on their invoiced fees.) For more information see here – https://www.arin.net/announcements/20211229/ Thanks, /John John Curran President and CEO American Registry for Internet Numbers
John Curran wrote on 9/16/22 9:30 AM:
On 16 Sep 2022, at 12:26 PM, Steve Noble <snoble@sonn.com <mailto:snoble@sonn.com>> wrote:
On Fri, Sep 16, 2022, 9:23 AM John Curran <jcurran@arin.net <mailto:jcurran@arin.net>> wrote:
Steve -
If you have IPv4 or IPv6 resources under an RSA/LRSA, then you are an ARIN service member.
ARIN service members in good standing can (via ARIN online or by contacting the RSD helpdesk) opt to become ARIN general members and participate in ARIN governance – this includes agreeing to be included on the ARIN member list, assigning a voting contact for your organization, and participating in ARIN elections.
Hi John,
My point was that you said community, not general members. I understand that I am blocked from voting because I don't pay enough.
There is no additional fee involved in becoming an ARIN general member - it’s available to all service members in good standing upon request (“good standing” meaning current with ARIN on their invoiced fees.)
For more information see here – https://www.arin.net/announcements/20211229/
Hi John, In my reading of that announcement that there is an additional fee. I do not have any IPv4 or IPv6 resources so I would need to acquire them and pay for them to be allowed to vote on things that directly affect me. I am not sure how this is different than before. I am still disenfranchised as a ASN only customer. "Presently be an ARIN Service Member in good standing with IPv4 and/or IPv6 number resources receiving services under a valid ARIN registration services agreement." -- Thank you, Steven
On Fri, Sep 16, 2022 at 9:09 AM Steve Noble <snoble@sonn.com> wrote:
On Fri, Sep 16, 2022, 8:55 AM John Curran <jcurran@arin.net> wrote:
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming –
Unless the rules have changed, this statement is incorrect.
The board is not elected by the community, it is elected by ARIN customers who pay for the privilege to vote.
Even though I pay significant money to ARIN I am not allowed to vote, but as far as I know, I am a part of the community.
Hi Steve, Actually, the rules HAVE changed. Under the new fee schedule, every payer except AS-only payers are eligible to vote. ARIN still has a lot of structural deficiencies but in this particular respect they made a major improvement. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
William Herrin wrote on 9/16/22 9:28 AM:
On Fri, Sep 16, 2022 at 9:09 AM Steve Noble <snoble@sonn.com> wrote:
On Fri, Sep 16, 2022, 8:55 AM John Curran <jcurran@arin.net> wrote:
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming –
Unless the rules have changed, this statement is incorrect.
The board is not elected by the community, it is elected by ARIN customers who pay for the privilege to vote.
Even though I pay significant money to ARIN I am not allowed to vote, but as far as I know, I am a part of the community. Hi Steve,
Actually, the rules HAVE changed. Under the new fee schedule, every payer except AS-only payers are eligible to vote. ARIN still has a lot of structural deficiencies but in this particular respect they made a major improvement.
Regards, Bill Herrin
Hi Bill, I appreciate your response, I remember all of the discussions around this change and the positive/negative aspects of it, but it did not correct the disenfranchisement of ASN only holders who are customer and do have to pay for services which are voted on and affected by the voting. -- Thank you, Steven
On Fri, Sep 16, 2022 at 9:51 AM Steve Noble <snoble@sonn.com> wrote:
William Herrin wrote on 9/16/22 9:28 AM:
Actually, the rules HAVE changed. Under the new fee schedule, every payer except AS-only payers are eligible to vote. ARIN still has a lot of structural deficiencies but in this particular respect they made a major improvement.
I appreciate your response, I remember all of the discussions around this change and the positive/negative aspects of it, but it did not correct the disenfranchisement of ASN only holders who are customer and do have to pay for services which are voted on and affected by the voting.
True. But the practical effects of ARIN policy on AS numbers are so minimal that with a choice between paying the AS annual fee and the minimum service member annual fee, it makes sense to pay the smaller fee. The AS number annual fee is a tad heftier than it ought to be for the work reasonably expected of ARIN to operate the relevant registry components. I expect they're lumping more into general overhead than they really ought to and then spreading the overhead among all payers. But c'est la vie. A lean, mean machine ARIN is not, at least not any more. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On 16 Sep 2022, at 12:51 PM, Steve Noble <snoble@sonn.com> wrote:
I appreciate your response, I remember all of the discussions around this change and the positive/negative aspects of it, but it did not correct the disenfranchisement of ASN only holders who are customer and do have to pay for services which are voted on and affected by the voting.
Steve - You are correct – while ARIN did open up the ability to vote to all IPv4 and IPv6 resource holders (as opposed to previously just “ISPs”), we did not go as far as to open up membership to ASN-only customers… Note - if the reason that you are paying "significant money” to ARIN is because you have more than one ASN (and therefore are paying $150 per-ASN annual maintenance fee), I would suggest you review if you qualify for a /24 IPv4 block from the ARIN waiting list (and applying asap if that’s the case), as your annual ARIN payment would drop upon receipt (i.e. you would become a 3X-Small registration services plan customer paying $250/year in total rather than paying the per-ASN maintenance fees), and also be able to opt into general membership and thus participating in voting if desired. FYI, /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022 at 10:12 AM John Curran <jcurran@arin.net> wrote:
Note - if the reason that you are paying "significant money” to ARIN is because you have more than one ASN (and therefore are paying $150 per-ASN annual maintenance fee), I would suggest you review if you qualify for a /24 IPv4 block from the ARIN waiting list (and applying asap if that’s the case), as your annual ARIN payment would drop upon receipt (i.e. you would become a 3X-Small registration services plan customer paying $250/year in total rather than paying the per-ASN maintenance fees), and also be able to opt into general membership and thus participating in voting if desired.
Or get an IPv6 /48 which could be fulfilled immediately (no waiting list) and have the same impact of making you a 3x-small services plan customer paying $250/year total. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On 16 Sep 2022, at 1:22 PM, William Herrin <bill@herrin.us> wrote:
On Fri, Sep 16, 2022 at 10:12 AM John Curran <jcurran@arin.net> wrote:
Note - if the reason that you are paying "significant money” to ARIN is because you have more than one ASN (and therefore are paying $150 per-ASN annual maintenance fee), I would suggest you review if you qualify for a /24 IPv4 block from the ARIN waiting list (and applying asap if that’s the case), as your annual ARIN payment would drop upon receipt (i.e. you would become a 3X-Small registration services plan customer paying $250/year in total rather than paying the per-ASN maintenance fees), and also be able to opt into general membership and thus participating in voting if desired.
Or get an IPv6 /48 which could be fulfilled immediately (no waiting list) and have the same impact of making you a 3x-small services plan customer paying $250/year total.
Thank you Bill – obviously another excellent option… (He could even do both, since the RSP plan category is based on the largest of the two resource holding – so that when an IPv4 /24 is eventually issued, his overall customer category would still remain at 3X-Small, i.e. $250/year) FYI, /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022 at 10:29 AM John Curran <jcurran@arin.net> wrote:
On 16 Sep 2022, at 1:22 PM, William Herrin <bill@herrin.us> wrote: On Fri, Sep 16, 2022 at 10:12 AM John Curran <jcurran@arin.net> wrote:
Note - if the reason that you are paying "significant money” to ARIN is because you have more than one ASN (and therefore are paying $150 per-ASN annual maintenance fee), I would suggest you review if you qualify for a /24 IPv4 block from the ARIN waiting list (and applying asap if that’s the case), as your annual ARIN payment would drop upon receipt (i.e. you would become a 3X-Small registration services plan customer paying $250/year in total rather than paying the per-ASN maintenance fees), and also be able to opt into general membership and thus participating in voting if desired.
Or get an IPv6 /48 which could be fulfilled immediately (no waiting list) and have the same impact of making you a 3x-small services plan customer paying $250/year total.
Thank you Bill – obviously another excellent option…
(He could even do both, since the RSP plan category is based on the largest of the two resource holding – so that when an IPv4 /24 is eventually issued, his overall customer category would still remain at 3X-Small, i.e. $250/year)
Hi John, He might not qualify for an IPv4 /24 under current ARIN policy but with AS numbers in use it's a near certainty that he qualifies for an IPv6 /48 with little effort. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Sep 16, 2022, at 10:37 , William Herrin <bill@herrin.us> wrote:
On Fri, Sep 16, 2022 at 10:29 AM John Curran <jcurran@arin.net <mailto:jcurran@arin.net>> wrote:
On 16 Sep 2022, at 1:22 PM, William Herrin <bill@herrin.us> wrote: On Fri, Sep 16, 2022 at 10:12 AM John Curran <jcurran@arin.net> wrote:
Note - if the reason that you are paying "significant money” to ARIN is because you have more than one ASN (and therefore are paying $150 per-ASN annual maintenance fee), I would suggest you review if you qualify for a /24 IPv4 block from the ARIN waiting list (and applying asap if that’s the case), as your annual ARIN payment would drop upon receipt (i.e. you would become a 3X-Small registration services plan customer paying $250/year in total rather than paying the per-ASN maintenance fees), and also be able to opt into general membership and thus participating in voting if desired.
Or get an IPv6 /48 which could be fulfilled immediately (no waiting list) and have the same impact of making you a 3x-small services plan customer paying $250/year total.
Thank you Bill – obviously another excellent option…
(He could even do both, since the RSP plan category is based on the largest of the two resource holding – so that when an IPv4 /24 is eventually issued, his overall customer category would still remain at 3X-Small, i.e. $250/year)
Hi John,
He might not qualify for an IPv4 /24 under current ARIN policy but with AS numbers in use it's a near certainty that he qualifies for an IPv6 /48 with little effort.
Regards, Bill Herrin
Under current policy structure, it’s pretty difficult to qualify for a /48 and not qualify for a /24. If you’ve got ASNs in use, you almost certainly qualify for a /24 at this point. Owen
I'm not trying to troll, this is a serious question: Is there a formal agreement that says that all legacy resources will receive free registry services forever and ever or is it just an informal "That's how it was done"? Aaron
On 16 Sep 2022, at 2:21 PM, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
I'm not trying to troll, this is a serious question:
Is there a formal agreement that says that all legacy resources will receive free registry services forever and ever or is it just an informal "That's how it was done”?
No formal agreement, but those involved in ARIN’s formation did indicate that at transition the existing registrations would be maintained without a need for agreement or fee. The ARIN Board has maintained that same position over the last 25 years – I’d expect that to continue similarly unless a strong reason emerged why that is no longer advisable and/or the community reached consensus on different approach. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
On Sep 16, 2022, at 11:49 , John Curran <jcurran@arin.net> wrote:
On 16 Sep 2022, at 2:21 PM, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
I'm not trying to troll, this is a serious question:
Is there a formal agreement that says that all legacy resources will receive free registry services forever and ever or is it just an informal "That's how it was done”?
No formal agreement, but those involved in ARIN’s formation did indicate that at transition the existing registrations would be maintained without a need for agreement or fee.
The ARIN Board has maintained that same position over the last 25 years – I’d expect that to continue similarly unless a strong reason emerged why that is no longer advisable and/or the community reached consensus on different approach.
Again, I think you mean membership rather than community. Since this is basically a board decision, the membership would have to elect a board that has a different opinion. Owen
On 18 Sep 2022, at 2:28 PM, Owen DeLong via NANOG <nanog@nanog.org> wrote:
No formal agreement, but those involved in ARIN’s formation did indicate that at transition the existing registrations would be maintained without a need for agreement or fee.
The ARIN Board has maintained that same position over the last 25 years – I’d expect that to continue similarly unless a strong reason emerged why that is no longer advisable and/or the community reached consensus on different approach.
Again, I think you mean membership rather than community. Since this is basically a board decision, the membership would have to elect a board that has a different opinion.
Owen - Technically correct, but not necessarily the case operationally since the ARIN Board tends to pay attention to input that comes from the entire number registry community in the region (as opposed to just those who are ARIN members via number issuance or those legacy resources holders who become ARIN members via entry into an LRSA...) This level of attention to the entire community (even those legacy holders who opt not to participate as ARIN members) is reflected in having a policy development process open to all, discussions about a wide range of matters on the ARIN-ppml mailing list [an open list], and discussions of service-related matters (both suggestions and ARIN-initiated consultations) on the open-to-all arin-consult mailing list. If for some reason a new consensus were to emerge regarding the handling for legacy number resources, it would not necessarily take any change in Board composition to recognize that and direct implementation at ARIN accordingly. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022 at 11:21 AM Aaron Wendel <aaron@wholesaleinternet.net> wrote:
Is there a formal agreement that says that all legacy resources will receive free registry services forever and ever or is it just an informal "That's how it was done"?
Hi Aaron, That is a... complicated... topic. To help illuminate it, I'm going to rephrase the question. Absent a contract between ARIN and an organization assigned IP addresses prior to ARIN's existence (legacy registrant), what rights does the legacy registrant have over the addresses and what rights does ARIN have? The original assignment process from representatives of the United States government was woefully nonspecific about address recipients' rights. During ARIN's formation, representations were made to the government to the effect that ARIN would maintain the pre-existing registrations without impairment. The agreement with the US government which allowed ARIN to subsume address registry duties failed to speak at all to the matter of rights retained by legacy registrants or transferred to ARIN. Every time the question has come up in court, the matter has ended either with a determination that the part was not, in fact, the registrant or with a negotiated settlement between the registrant an ARIN. So the bottom line is: we don't know what, if anything, ARIN is legally required to do for the legacy registrants AND we don't know what, if anything, ARIN is legally allowed to unilaterally do with respect to the legacy registrations. ARIN has its official theories and each of the legacy registrants have theirs. For the past 25 years, ARIN has not elected to challenge the legacy registrants in a manner substantive enough to require the question to be resolved. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On 16 Sep 2022, at 2:53 PM, William Herrin <bill@herrin.us<mailto:bill@herrin.us>> wrote: ARIN has its official theories and each of the legacy registrants have theirs. For the past 25 years, ARIN has not elected to challenge the legacy registrants in a manner substantive enough to require the question to be resolved. <chuckle> I’d disagree with that characterization - since this has been before judges and resolved numerous times. We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings. Yes, we do settle cases, but only when that basic principle is upheld. At no time has the alternative (that for some reason legacy resource holders do not have meet the policies developed by the ARIN community) been upheld in any orders granted – and not for lack of trying. Alas, those who seek such an outcome have never been successful in arguing its merits, and instead consistently end up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy, including the application of the policy to their address blocks. ARIN simply doesn’t settle absent those terms, as it is simply a fundamental principle of our inception. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022 at 12:00 PM John Curran <jcurran@arin.net> wrote:
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings. Yes, we do settle cases, but only when that basic principle is upheld. At no time has the alternative (that for some reason legacy resource holders do not have meet the policies developed by the ARIN community) been upheld in any orders granted – and not for lack of trying.
Well John, the thing about settled cases and orders the court -doesn't- make is that they create no precedent and ultimately fail to answer the legal question for the next case. All they show is that in cases where the registrant could prove he was the real registrant, ARIN offered terms more attractive to the registrant than pursuing litigation to its conclusion. Whatever line you'd have to cross for a registrant to go the distance with you in court, the status quo doesn't cross it.
instead consistently end up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy
That's quite an overstatement. As far as I'm aware, with respect to the legacy registrations the only order any court ever made was that within the facts of that particular case, ARIN could refuse to -record- a transfer of registration absent a contract. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
William- I am trying to follow your train of thought here. Are you stating that it is somehow ARIN's responsibility to force a legal case to a conclusion solely to settle the question of legacy allocation rights, a problem which predates ARIN's existence? Or am I misunderstanding you? On Fri, Sep 16, 2022 at 3:22 PM William Herrin <bill@herrin.us> wrote:
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings. Yes, we do settle cases, but only when that basic
On Fri, Sep 16, 2022 at 12:00 PM John Curran <jcurran@arin.net> wrote: principle is upheld. At no
time has the alternative (that for some reason legacy resource holders do not have meet the policies developed by the ARIN community) been upheld in any orders granted – and not for lack of trying.
Well John, the thing about settled cases and orders the court -doesn't- make is that they create no precedent and ultimately fail to answer the legal question for the next case. All they show is that in cases where the registrant could prove he was the real registrant, ARIN offered terms more attractive to the registrant than pursuing litigation to its conclusion.
Whatever line you'd have to cross for a registrant to go the distance with you in court, the status quo doesn't cross it.
instead consistently end up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy
That's quite an overstatement. As far as I'm aware, with respect to the legacy registrations the only order any court ever made was that within the facts of that particular case, ARIN could refuse to -record- a transfer of registration absent a contract.
Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Fri, Sep 16, 2022 at 12:31 PM Tom Beecher <beecher@beecher.cc> wrote:
I am trying to follow your train of thought here. Are you stating that it is somehow ARIN's responsibility to force a legal case to a conclusion solely to settle the question of legacy allocation rights, a problem which predates ARIN's existence?
Hi Tom, Not at all! I'm saying that the status quo for legacy registrants is legally stable while the legal boundaries beyond the status quo are murky no matter what anyone cares to claim. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On 16 Sep 2022, at 3:21 PM, William Herrin <bill@herrin.us> wrote:
instead consistently end up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy
That's quite an overstatement. As far as I'm aware, with respect to the legacy registrations the only order any court ever made was that within the facts of that particular case, ARIN could refuse to -record- a transfer of registration absent a contract.
Bill – What is “an IP address block assignment”? i.e. what exactly are we talking about having rights to? You talk about a transfer of something distinct from the registry entry, but don’t actually say what that is... We know what it is not – it not “the right to route a range of IP addresses on the Internet” – as ISPs control their own routers (and at no time did any of them delegate some portion of control over their network routing to USG/SRI/ISI/GSI/NSI/NetSol/ARIN…) I’ll assert that an “IP address block assignment” (regardless of when made) was the issuance of a set of rights to a specific entry in the registry database: e.g., the right to have your organization associated with a range of numbers in the Internet number registry, the right to be able to update the relevant fields of that entry (like contact info), and the right to transfer these rights to other parties in accordance with registry policy. Parties issued IP address blocks were given those rights to their particular IP address block entry in the registry database, and that registry database was transferred to ARIN at our inception. As such, if you want an IP address block entry updated, it’s necessary to comply with ARIN’s policies as set by this community. Now you may believe the IP address blocks are something other than a limited set of rights to an entry in the registry, and that’s just great. I think you’ll find that nearly everyone who wants to buy rights to an IP address block expects that the registry entry will be updated, and that the update of the entry constitutes the transfer of the rights, but you should feel free to hawk something else if you think folks will buy it. Similarly, if you believe that you can transfer an “IP address block” and somehow that gives you some legal authority over a portion of the ARIN registry, then you should avail yourself of all appropriate legal means to enforce your purported rights and effect that change. (It’s not that people haven’t come up with such interesting theories before, rather that they’ve never held up in court…) Again, to make sure there is 100% clarity: we have consistently ended up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy, including the application of that policy to legacy address blocks. ARIN simply doesn’t settle absent those terms, as it is fundamental principle of our inception that this community can set the policies used to administer the registry for this region. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Fri, Sep 16, 2022 at 12:47 PM John Curran <jcurran@arin.net> wrote:
Again, to make sure there is 100% clarity: we have consistently ended up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy, including the application of that policy to legacy address blocks. ARIN simply doesn’t settle absent those terms, as it is fundamental principle of our inception that this community can set the policies used to administer the registry for this region.
Bottom line: * There is a status quo for ARIN's relationship with the legacy registrants. * It hasn't materially changed since ARIN's inception a quarter century ago. * ARIN has indicated no intention of changing it. * Were ARIN's behavior to materially drift from the status quo, they would be sued with an uncertain outcome. You want to dispute that last item, we can go another ten rounds on it, but what's the point? Nothing has changed since the last time we debated on the PPML list: In 25 years no one has successfully induced ARIN to act contrary to the status quo and in 25 years no one has successfully challenged ARIN on the status quo. Summarizing the status quo: * ARIN continues to report the legacy registrations. * Legacy registrants do not pay ARIN for anything associated with the legacy registrations. * Legacy registrants change POCs and RDNS servers associated with legacy registrations at their pleasure. * ARIN will not record a transfer of a legacy resource to another registrant absent ARIN's current approved contracts. * ARIN provides "new" services (developed after ARIN's inception) to legacy registrants only where those services directly replace functionality that has been retired. For example, the Web UI replaces the old email forms so it's provided to legacy registrants but RPKI is entirely new so it is not. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
* bill@herrin.us (William Herrin) [Fri 16 Sep 2022, 22:58 CEST]: [..]
* ARIN will not record a transfer of a legacy resource to another registrant absent ARIN's current approved contracts.
RIPE NCC, however, will facilitate this. If you as a legacy resource holder in the RIPE NCC service region sign a contract with a sponsoring LIR they will happily allow creation of ROAs for your space. Psst: you can transfer IPv4 to other RIRs if you don't like your current RIR's charging scheme. ARIN discriminates against IPv6 so you're stuck with them for those resources, however. -- Niels.
Bill – From a great height or distance, your “bottom line” summary of a some form of status quo probably appears accurate. (I am unfortunately much closer and see quite a bit a of detail lost in it; for example, we have been enforcing different community-developed transfer policies that have changed over the years, and that has very real-world implications for those who wish monetize their excess number resources – similarly, we revoke legacy resources from parties who have hijacking or otherwise surreptitiously obtained them so that the proper party can recover their resources, etc. These activities routinely take place today and are based on application of policies that did not exist 25 years ago to all of the number resources in the registry - legacy number resources included.) We have had parties litigate to prevent application of community policy to their legacy number resources and they have never prevailed to date – ARIN continues to operate the registry according to the community-developed policies in the region. Indeed, this record of success is likely just as much the result of the community not creating burdensome policy obligations on resource holders (such an approach is particularly prudent when it comes to legacy resource holders since many have not updated their contact information over the years and therefore the ability to reliably inform them of any new obligations is a rather reasonable concern.) The ARIN policy development process is open to all and transparent in operation, and ARIN operates the registry in accordance to the developed policies. I am not aware of any obligations of ARIN that prevent us from doing so or might even remotely suggest that any party be immune from such policies, but can say without any doubt that the US government expects our developed policies to define how the Internet numbers "are managed and allocated within the North American region.” To the extent that the community continues to be reasonable in its obligations on number resource holders in the region, we may indeed see a lack of contentious outcomes (and continuity of what you may perceive as an apparent “status quo”) – but that only means that ARIN will continue enforce the policy – including as it evolves – for all number resources in the registry - just we do today. Folks who have any concerns about the potential of policy developed by this community affecting their IP number resources are advised to participate in the open policy development process (you can find more details here - https://www.arin.net/participate/policy/) Thanks! /John John Curran President and CEO American Registry for Internet Numbers On 16 Sep 2022, at 4:56 PM, William Herrin <bill@herrin.us<mailto:bill@herrin.us>> wrote: On Fri, Sep 16, 2022 at 12:47 PM John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: Again, to make sure there is 100% clarity: we have consistently ended up settling with orders that recognize ARIN’s ability to operate the registry according to the community-developed policy, including the application of that policy to legacy address blocks. ARIN simply doesn’t settle absent those terms, as it is fundamental principle of our inception that this community can set the policies used to administer the registry for this region. Bottom line: * There is a status quo for ARIN's relationship with the legacy registrants. * It hasn't materially changed since ARIN's inception a quarter century ago. * ARIN has indicated no intention of changing it. * Were ARIN's behavior to materially drift from the status quo, they would be sued with an uncertain outcome. You want to dispute that last item, we can go another ten rounds on it, but what's the point? Nothing has changed since the last time we debated on the PPML list: In 25 years no one has successfully induced ARIN to act contrary to the status quo and in 25 years no one has successfully challenged ARIN on the status quo. Summarizing the status quo: * ARIN continues to report the legacy registrations. * Legacy registrants do not pay ARIN for anything associated with the legacy registrations. * Legacy registrants change POCs and RDNS servers associated with legacy registrations at their pleasure. * ARIN will not record a transfer of a legacy resource to another registrant absent ARIN's current approved contracts. * ARIN provides "new" services (developed after ARIN's inception) to legacy registrants only where those services directly replace functionality that has been retired. For example, the Web UI replaces the old email forms so it's provided to legacy registrants but RPKI is entirely new so it is not. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
John Curran <jcurran@arin.net> wrote:
[challenges by legacy registrants] has been before judges and resolved numerous times.
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings.
Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)? What can the community learn from what help resource holders have asked courts for, and what help they eventually got? John PS: Re another RIR: There's a short list of some of the ~50 lawsuits against AFRINIC in its Wikipedia page: https://en.wikipedia.org/wiki/AFRINIC#Controversies_&_Scandals These are mostly to do with corruption, theft, and harassment. But an important subtheme includes what power AFRINIC has to seize IP addresses that were legitimately allocated to recipients. In the "Cloud Innovation" case, CI got addresses under standard policy, but years later, as I recall, AFRINIC tried to retroactively impose a new "no renting vm's" policy and a new requirement that all the addresses be hosted in Africa, even by global customers. After AFRINIC threatened to immediately revoke CI's membership and take back the addresses over this, CI sued AFRINIC to keep the status quo, keeping their business alive, while the courts sort out whether AFRINIC has the power to do so. Since then, it's mostly been procedural scuffling and some bad faith negotiations. If neither party goes bankrupt nor settles, it's possible that the courts of Mauritius will answer the question about whether their RIR has the power to impose new policies and then reclaim allocated addresses for violating them.
On 19 Sep 2022, at 10:48 PM, John Gilmore <gnu@toad.com> wrote:
John Curran <jcurran@arin.net> wrote:
[challenges by legacy registrants] has been before judges and resolved numerous times.
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings.
Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)?
John - Not to my knowledge for ARIN - we are routinely involved in various civil, criminal, bankruptcy and probate matters as necessary to protect the rights of the resource holders (in cases where they are being hijacked or otherwise converted by parties not affiliated with the registrant) and the rights of the ARIN community (in cases where parties attempt to dispose of number resources contrary to community-developed policy.) We do not publish an index of cases, but those cases that are public matters are available in appropriate court record searches. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On 19 Sep 2022, at 11:08 PM, John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: On 19 Sep 2022, at 10:48 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: ... Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)? John - Not to my knowledge for ARIN - we are routinely involved in various civil, criminal, bankruptcy and probate matters as necessary to protect the rights of the resource holders (in cases where they are being hijacked or otherwise converted by parties not affiliated with the registrant) and the rights of the ARIN community (in cases where parties attempt to dispose of number resources contrary to community-developed policy.) We do not publish an index of cases, but those cases that are public matters are available in appropriate court record searches. John - It occurred to me that there is a discussion of many of the legal aspects in the transfer of IP address blocks (from ARIN’s view) including references some of relevant cases that have been through the courts contained in the following 2013 ABA article written by Ben Edelman and ARIN’s General Counsel (at that time) Steve Ryan – https://www.americanbar.org/groups/business_law/publications/blt/2013/05/03_... While this doesn’t provide a list of the legal proceedings, it does provide reference to some of the more seminal ones as well as provide pointers to several examples of orders that have occur in bankruptcy events (the most common circumstances that ARIN ends up involved in) FYI, /John John Curran President and CEO American Registry for Internet Numbers
Why not publish such a table? It shouldn’t be a particularly difficult task and could prove rather enlightening. Owen
On Sep 19, 2022, at 20:09, John Curran <jcurran@arin.net> wrote:
On 19 Sep 2022, at 10:48 PM, John Gilmore <gnu@toad.com> wrote:
John Curran <jcurran@arin.net> wrote: [challenges by legacy registrants] has been before judges and resolved numerous times.
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings.
Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)?
John -
Not to my knowledge for ARIN - we are routinely involved in various civil, criminal, bankruptcy and probate matters as necessary to protect the rights of the resource holders (in cases where they are being hijacked or otherwise converted by parties not affiliated with the registrant) and the rights of the ARIN community (in cases where parties attempt to dispose of number resources contrary to community-developed policy.) We do not publish an index of cases, but those cases that are public matters are available in appropriate court record searches.
Thanks, /John
John Curran President and CEO American Registry for Internet Numbers
Owen - It’s certainly worth looking into… Might you submit that idea into the ARIN suggestion process so it may be formally considered? (ARIN ACSP <https://www.arin.net/participate/community/acsp/process/) Thanks! /John John Curran President and CEO American Registry for Internet Numbers On 19 Sep 2022, at 11:58 PM, Owen DeLong via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: Why not publish such a table? It shouldn’t be a particularly difficult task and could prove rather enlightening. Owen On Sep 19, 2022, at 20:09, John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: On 19 Sep 2022, at 10:48 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: [challenges by legacy registrants] has been before judges and resolved numerous times. We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings. Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)? John - Not to my knowledge for ARIN - we are routinely involved in various civil, criminal, bankruptcy and probate matters as necessary to protect the rights of the resource holders (in cases where they are being hijacked or otherwise converted by parties not affiliated with the registrant) and the rights of the ARIN community (in cases where parties attempt to dispose of number resources contrary to community-developed policy.) We do not publish an index of cases, but those cases that are public matters are available in appropriate court record searches. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On 9/19/22 20:58, Owen DeLong via NANOG wrote:
Why not publish such a table?
It shouldn’t be a particularly difficult task and could prove rather enlightening.
Individual trial court cases aren't generally published. There may be a transcript at the local courthouse, but rarely available in any kind of online database. Appellate court decisions are more widely published as they are often cited as precedent in future cases. Even in those cases it may be difficult to find a freely available copy. While the decisions are public domain, they aren't widely distributed. Legal publishing houses find and "annotate" them making the annotated decision subject to copyright. These are then paywalled. ARIN could certainly, if they chose, produce a listing of the cases to which it was a party as well as those where ARIN counsel was called as an expert witness. Actual access to the text of such cases would be left as an exercise for the reader. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On Tue, Sep 20, 2022 at 10:58 AM Jay Hennigan <jay@west.net> wrote:
ARIN could certainly, if they chose, produce a listing of the cases to which it was a party as well as those where ARIN counsel was called as an expert witness. Actual access to the text of such cases would be left as an exercise for the reader.
Or ARIN could both enumerate the cases and publish the materials. Since they were party to the cases, they already have the case materials. I think there's some real merit in the suggestion from Owen and John Gilmore. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
An important detail in the CI case is that there was no PDP based change in the policy text, AFRINIC simply suddenly contradicted their own prior statements and began (mid)interpreting their own governing documents to say things that they don’t actually say. Owen
On Sep 19, 2022, at 19:49, John Gilmore <gnu@toad.com> wrote:
John Curran <jcurran@arin.net> wrote:
[challenges by legacy registrants] has been before judges and resolved numerous times.
We’ve actually had the matter before many judges, and have never been ordered to do anything other than operate the registry per the number resource policy as developed by this community – this has been the consistent outcome throughout both civil and bankruptcy proceedings.
Is there a public archive of these court proceedings? Or even a list of which cases have involved ARIN (or another RIR)?
What can the community learn from what help resource holders have asked courts for, and what help they eventually got?
John
PS: Re another RIR: There's a short list of some of the ~50 lawsuits against AFRINIC in its Wikipedia page:
https://en.wikipedia.org/wiki/AFRINIC#Controversies_&_Scandals
These are mostly to do with corruption, theft, and harassment. But an important subtheme includes what power AFRINIC has to seize IP addresses that were legitimately allocated to recipients. In the "Cloud Innovation" case, CI got addresses under standard policy, but years later, as I recall, AFRINIC tried to retroactively impose a new "no renting vm's" policy and a new requirement that all the addresses be hosted in Africa, even by global customers. After AFRINIC threatened to immediately revoke CI's membership and take back the addresses over this, CI sued AFRINIC to keep the status quo, keeping their business alive, while the courts sort out whether AFRINIC has the power to do so. Since then, it's mostly been procedural scuffling and some bad faith negotiations. If neither party goes bankrupt nor settles, it's possible that the courts of Mauritius will answer the question about whether their RIR has the power to impose new policies and then reclaim allocated addresses for violating them.
On Sep 16, 2022, at 10:12 , John Curran <jcurran@arin.net> wrote:
On 16 Sep 2022, at 12:51 PM, Steve Noble <snoble@sonn.com> wrote:
I appreciate your response, I remember all of the discussions around this change and the positive/negative aspects of it, but it did not correct the disenfranchisement of ASN only holders who are customer and do have to pay for services which are voted on and affected by the voting.
Steve -
You are correct – while ARIN did open up the ability to vote to all IPv4 and IPv6 resource holders (as opposed to previously just “ISPs”), we did not go as far as to open up membership to ASN-only customers…
You again mis-state this sir. It was only opened up to IPv4 and IPv6 resource holders WITH CONTRACT and paying fees. Owen
John, In the interest of routing security, when you say ‘basic services’ would ARIN consider offering resource holders who did not sign an (L)RSA the ability to run their own RPKI CA, i.e. you offer them a resource certificate and nothing else, much like what NIC.br currently does in Brazil. Regards, -Alex
On 16 Sep 2022, at 17:53, John Curran <jcurran@arin.net> wrote:
Tom -
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming – https://www.arin.net/announcements/20220906-arinslate/ )
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
On 16 Sep 2022, at 9:55 AM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
Thanks John! I’ve been working on this with our attorneys for almost a year. I did send over the revisions and it will be good to see what they say. But I’m not sure it will be enough to reduce the perceived risk. Has ARIN considered separating the fee structure and service goals from the drive to get everyone under an RSA?
Tom Krenn Network Architect Enterprise Architecture - Information Technology
From: John Curran <jcurran@arin.net> Sent: Thursday, September 15, 2022 8:42 PM To: Tom Krenn <Tom.Krenn@hennepin.us> Cc: Rubens Kuhl <rubensk@gmail.com>; North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything.
As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years.
Tom -
Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/>) strikes much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA.
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
Alex - We only provide certification services to resource holders who have a registration services agreement with ARIN. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On 16 Sep 2022, at 12:21 PM, Alex Band <alex@nlnetlabs.nl> wrote:
John,
In the interest of routing security, when you say ‘basic services’ would ARIN consider offering resource holders who did not sign an (L)RSA the ability to run their own RPKI CA, i.e. you offer them a resource certificate and nothing else, much like what NIC.br currently does in Brazil.
Regards,
-Alex
On 16 Sep 2022, at 17:53, John Curran <jcurran@arin.net> wrote:
Tom -
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming – https://www.arin.net/announcements/20220906-arinslate/ )
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
On 16 Sep 2022, at 9:55 AM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
Thanks John! I’ve been working on this with our attorneys for almost a year. I did send over the revisions and it will be good to see what they say. But I’m not sure it will be enough to reduce the perceived risk. Has ARIN considered separating the fee structure and service goals from the drive to get everyone under an RSA?
Tom Krenn Network Architect Enterprise Architecture - Information Technology
From: John Curran <jcurran@arin.net> Sent: Thursday, September 15, 2022 8:42 PM To: Tom Krenn <Tom.Krenn@hennepin.us> Cc: Rubens Kuhl <rubensk@gmail.com>; North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
On 15 Sep 2022, at 9:29 PM, Tom Krenn via NANOG <nanog@nanog.org> wrote:
An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything.
As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years.
Tom -
Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly, and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/>) strikes much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer concern regarding the legal obligations in the prior version of the RSA/LRSA.
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
John Curran <jcurran@arin.net> wrote:
... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed". As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else. This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen. ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...") ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service. ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote). That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse. Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses. Addresses now have prices, and if you want some, you buy them. Deed registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive. Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them". They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness. So they reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try! ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving. John Gilmore
On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: ... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable. There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed". John - ARIN can most certainly charge different fees for different customers – we’re actually doing exactly that today for all of the legacy resource holders who have entered an agreement with ARIN already or who choose to do so in the coming year. Rather than paying the same registration service fees as everyone else, they have a cap on their total registry maintenance fees (presently $150 per year, subject to an increase $25 per year) which is a unique fee benefit that’s been provided only to the legacy resource holders. The announcement just made is that we will cease offering this fee cap for legacy resource holders who sign an agreement after 31 Dec 2023; i.e. they will pay the same fees as everyone else based on total resources held. As others have already noted, this will move ARIN towards charging more customers the same fees for the same services. If you are a legacy resource holder that was planning on entering into an LRSA with ARIN, it would be beneficial to do so before 2024. If you are legacy resource holder that is not planning to enter an agreement with ARIN, then the change doesn’t matter to you (other than perhaps a providing an opportunity to rail on the mailing list in response anyway…) As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else. A wonderful assertion, but false. Those issued resource before ARIN’s formation have a choice – if they wish to enter an agreement and normalize their relationship they can do so, but at that point they are subject to the same agreement as everyone else. ARIN has made a conscious decision to treat everyone the same, both in terms of agreements and fees (aside from the legacy resource holder fee cap that has been provided for last two decades as an incentive and, as noted, is being sunset at the end of 2023.) Note that there are indeed circumstances where a party can exit the RSA and the number resources return to the prior status – this is what occurs if ARIN is found in litigation to have breached the agreement. This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen. If that the goal were "take away legacy resources”, then there are far easier and more direct means to accomplish that, but as noted previously, the goal is rather provide legacy resource holders a choice if they want a formal relationship with ARIN or not. Enter into an LRSA or don’t, that’s entirely up to each legacy resource holder. ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...") ARIN certainly encourages legacy resource holders to enter an agreement - this helps spread our costs among a larger customer base and provides the customer access to our full suite of services – I’m not sure how that encouragement is seen as "stealth and misdirection”, particularly as we go out of our way to communicate changes well in advance and in forums such as this one. ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service. Again, ARIN encourages operators to deploy RPKI services to better protect their network routing, but we are very clear to take no stance on _requiring_ deployment of such services – this is matter best left for the operator community to decide. ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote). Almost accurate - the voting community is indeed those customers who have resources under services agreement (i.e. members) and therefore that does not include legacy resource holders unless they opt to enter an LRSA. That voting community does elect the ARIN Board of Trustees and our ARIN Advisory Council. However, the ARIN policy development process is open to all, and there are many participants who have legacy resources not under agreement and advocate on behalf of that community – again, it’s your choice is you wish to participate or not, but it would be specious to assert that the community that develops ARIN registry policy is limited to ARIN members. That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse. Wow - I’m not certain you could be more incorrect. Note that the policies that were in effect _prior to ARIN’s formation_ reflect exactly that sentiment above: i.e., per RFC 2050 – IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space. The community in this region (via ARIN’s policy development process) created registry policies that specifically recognize that “underused" IP address space is not subject to reclamation but can be transferred to another party that has need. (You can find these in ARIN’s number resource policy manual (NRPM) in section 8) <https://www.arin.net/participate/policy/nrpm/#8-transfers>. ARIN has also enshrined that same principle of ability to retain “underused number resources” in its RSA/LRSA, in section 6 – 6. REVIEW OF HOLDER’S NUMBER RESOURCES Whenever a transfer or additional IP address space is requested by Holder, ARIN may review Holder’s utilization of previously allocated or assigned number resources and other Services received from ARIN to determine if Holder is complying with the Service Terms. Except as set forth in this Agreement, (i) ARIN will take no action to reduce the Services currently provided for Included Number Resources due to lack of utilization by the Holder, and (ii) ARIN has no right to revoke any Included Number Resources under this Agreement due to lack of utilization by Holder. However, ARIN may refuse to permit transfers or additional allocations of number resources to Holder if Holder’s Included Number Resources are not utilized in accordance with Policy. Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses. That’s pretty much what ARIN’s policies have evolved into, although we do still at present have a requirement that the recipient of an address block during a transfer have operational need (i.e. they’re going to be used in an actual network at some point.) If you don’t like that constraint, you can whine about it here on the nanog mailing list, or you can join others of similar mind working in the ARIN policy development process – I actually don’t care either way; ARIN operates the registry per the policy but leaves the development of registry policy to the community. Addresses now have prices, and if you want some, you buy them. Deed registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive. Agreed regarding contracts and courts - if you have an RSA with ARIN, you have contract and your IP address block is a specific set of contractual rights that civil, criminal, probate, bankruptcy and other courts all seem to have no problem understanding and dealing with under rule of law. Absent such, I think you’ll find courts to be an interesting place indeed. Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them". Factually incorrect. We never refused to transfer address blocks from one party to another _if the transfer met the policies set by the community_. It was actually the ARIN community that established the first number resource transfer policy in 2009 <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html> and this was done at the encouragement of the ARIN Board of Trustees…. (please let’s try to stick with facts so an to keep the discussion here occurring on an informed basis.) They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness. As noted, the above is completely specious; the ARIN Board and the community developed our registry policies for transfers to unrelated parties ahead of the first transactions. Sothey reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try! ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving. John - if you don’t like ARIN policies, I’d suggest that you join the others in the policy development process working to change them. ARIN makes sure that there’s open and transparent policy development process, leaves the community to set those policies, and then we operate the registry accordingly. That’s what we define as stewardship" of the number registry. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
I would honestly love it if IANA was able to say "As of X date, all LEGACY IPv4 allocations are transferred to the RIRs . Assignees will not change, but will now need to comply with each RIRs policies." Of course this will never happen, because it would just be a flood of billable hours, lawsuits, and injunctions, where companies will claim 'intellectual property' over something they didn't develop. It's exhausting to watch this two tiered system where the legacy holders bleat about what the rules should be for the rest of us, while they can do whatever the heck they want, simply because they had the foresight to exist at the right time. On Sat, Sep 17, 2022 at 10:41 AM John Curran <jcurran@arin.net> wrote:
On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com> wrote:
John Curran <jcurran@arin.net> wrote:
... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed".
John -
ARIN can most certainly charge different fees for different customers – we’re actually doing exactly that today for all of the legacy resource holders who have entered an agreement with ARIN already or who choose to do so in the coming year. Rather than paying the same registration service fees as everyone else, they have a cap on their total registry maintenance fees (presently $150 per year, subject to an increase $25 per year) which is a unique fee benefit that’s been provided only to the legacy resource holders. The announcement just made is that we will cease offering this fee cap for legacy resource holders who sign an agreement after 31 Dec 2023; i.e. they will pay the same fees as everyone else based on total resources held.
As others have already noted, this will move ARIN towards charging more customers the same fees for the same services. If you are a legacy resource holder that was planning on entering into an LRSA with ARIN, it would be beneficial to do so before 2024. If you are legacy resource holder that is not planning to enter an agreement with ARIN, then the change doesn’t matter to you (other than perhaps a providing an opportunity to rail on the mailing list in response anyway…)
As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else.
A wonderful assertion, but false. Those issued resource before ARIN’s formation have a choice – if they wish to enter an agreement and normalize their relationship they can do so, but at that point they are subject to the same agreement as everyone else. ARIN has made a conscious decision to treat everyone the same, both in terms of agreements and fees (aside from the legacy resource holder fee cap that has been provided for last two decades as an incentive and, as noted, is being sunset at the end of 2023.)
Note that there are indeed circumstances where a party can exit the RSA and the number resources return to the prior status – this is what occurs if ARIN is found in litigation to have breached the agreement.
This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen.
If that the goal were "take away legacy resources”, then there are far easier and more direct means to accomplish that, but as noted previously, the goal is rather provide legacy resource holders a choice if they want a formal relationship with ARIN or not. Enter into an LRSA or don’t, that’s entirely up to each legacy resource holder.
ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...")
ARIN certainly encourages legacy resource holders to enter an agreement - this helps spread our costs among a larger customer base and provides the customer access to our full suite of services – I’m not sure how that encouragement is seen as "stealth and misdirection”, particularly as we go out of our way to communicate changes well in advance and in forums such as this one.
ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service.
Again, ARIN encourages operators to deploy RPKI services to better protect their network routing, but we are very clear to take no stance on _requiring_ deployment of such services – this is matter best left for the operator community to decide.
ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote).
Almost accurate - the voting community is indeed those customers who have resources under services agreement (i.e. members) and therefore that does not include legacy resource holders unless they opt to enter an LRSA. That voting community does elect the ARIN Board of Trustees and our ARIN Advisory Council.
However, the ARIN policy development process is open to all, and there are many participants who have legacy resources not under agreement and advocate on behalf of that community – again, it’s your choice is you wish to participate or not, but it would be specious to assert that the community that develops ARIN registry policy is limited to ARIN members.
That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse.
Wow - I’m not certain you could be more incorrect. Note that the policies that were in effect _prior to ARIN’s formation_ reflect exactly that sentiment above: i.e., per RFC 2050 –
IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space.
The community in this region (via ARIN’s policy development process) created registry policies that specifically recognize that “underused" IP address space is not subject to reclamation but can be transferred to another party that has need. (You can find these in ARIN’s number resource policy manual (NRPM) in section 8) < https://www.arin.net/participate/policy/nrpm/#8-transfers>.
ARIN has also enshrined that same principle of ability to retain “underused number resources” in its RSA/LRSA, in section 6 –
*6. REVIEW OF HOLDER’S NUMBER RESOURCES*
*Whenever a transfer or additional IP address space is requested by Holder, ARIN may review Holder’s utilization of previously allocated or assigned number resources and other Services received from ARIN to determine if Holder is complying with the Service Terms. Except as set forth in this Agreement, (i) ARIN will take no action to reduce the Services currently provided for Included Number Resources due to lack of utilization by the Holder, and (ii) ARIN has no right to revoke any Included Number Resources under this Agreement due to lack of utilization by Holder. However, ARIN may refuse to permit transfers or additional allocations of number resources to Holder if Holder’s Included Number Resources are not utilized in accordance with Policy.*
Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses.
That’s pretty much what ARIN’s policies have evolved into, although we do still at present have a requirement that the recipient of an address block during a transfer have operational need (i.e. they’re going to be used in an actual network at some point.) If you don’t like that constraint, you can whine about it here on the nanog mailing list, or you can join others of similar mind working in the ARIN policy development process – I actually don’t care either way; ARIN operates the registry per the policy but leaves the development of registry policy to the community.
Addresses now have prices, and if you want some, you buy them. Deed
registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive.
Agreed regarding contracts and courts - if you have an RSA with ARIN, you have contract and your IP address block is a specific set of contractual rights that civil, criminal, probate, bankruptcy and other courts all seem to have no problem understanding and dealing with under rule of law. Absent such, I think you’ll find courts to be an interesting place indeed.
Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them".
Factually incorrect. We never refused to transfer address blocks from one party to another _if the transfer met the policies set by the community_. It was actually the ARIN community that established the first number resource transfer policy in 2009 <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html> and this was done at the encouragement of the ARIN Board of Trustees…. (please let’s try to stick with facts so an to keep the discussion here occurring on an informed basis.)
They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness.
As noted, the above is completely specious; the ARIN Board and the community developed our registry policies for transfers to unrelated parties ahead of the first transactions.
Sothey reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try!
ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving.
John - if you don’t like ARIN policies, I’d suggest that you join the others in the policy development process working to change them. ARIN makes sure that there’s open and transparent policy development process, leaves the community to set those policies, and then we operate the registry accordingly. That’s what we define as stewardship" of the number registry.
Thanks, /John
John Curran President and CEO American Registry for Internet Numbers
I believe that’s known as “saying the quiet part out loud”, Tom 😊. Without stating my own opinion, I merely observe that I know a great many people who agree with you, and a not-insignificant number who vehemently disagree with you. Most of the conclusions to be drawn there are obvious, but humans can be infinitely surprising… Whether ultimately good or bad, IANA decreeing “there’s no such thing as legacy any more” would absolutely simplify the future governance and administration of the RIRs, especially ARIN. I don’t see it happening, albeit for political reasons instead of legal. And I, as a Canadian citizen, have approximately zero influence over IANA and the organizations to which it is beholden, as they’re still, ultimately, mostly, arms of the U.S. government in one for or another. I’d even be happy if ARIN were able to implement a validation/verification process for legacy assignments, as I’m aware of a decent number of abandoned legacy blocks currently being squatted on by [usually] WISPs who very definitely do NOT have the right to do so, but I cannot provide any proof of that so nothing can be done. My own, VERY informal research suggests that while legacy blocks are around 34% of 0/0, between 1/5 and 1/3 of legacy blocks themselves (mostly the old Class-C blocks) are abandoned, and frequently being squatted-on. Some of those blocks are assigned to my clients, most of whom would probably be happy to transfer, or (gasp) lease those IPs to the current, probably-illegitimate, users – public schools can always use a bit more cash! Absent a clean-up effort, however, with appropriate policy supporting it, we’re stuck with the status-quo. -Adam Adam Thompson Consultant, Infrastructure Services [MERLIN] 100 - 135 Innovation Drive Winnipeg, MB R3T 6A8 (204) 977-6824 or 1-800-430-6404 (MB only) https://www.merlin.mb.ca<https://www.merlin.mb.ca/> [cid:image002.png@01D8CAF7.9540E2A0]Chat with me on Teams<https://teams.microsoft.com/l/chat/0/0?users=athompson@merlin.mb.ca> From: NANOG <nanog-bounces+athompson=merlin.mb.ca@nanog.org> On Behalf Of Tom Beecher Sent: September 17, 2022 10:19 AM To: John Curran <jcurran@arin.net> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) I would honestly love it if IANA was able to say "As of X date, all LEGACY IPv4 allocations are transferred to the RIRs . Assignees will not change, but will now need to comply with each RIRs policies." Of course this will never happen, because it would just be a flood of billable hours, lawsuits, and injunctions, where companies will claim 'intellectual property' over something they didn't develop. It's exhausting to watch this two tiered system where the legacy holders bleat about what the rules should be for the rest of us, while they can do whatever the heck they want, simply because they had the foresight to exist at the right time. On Sat, Sep 17, 2022 at 10:41 AM John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: ... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable. There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed". John - ARIN can most certainly charge different fees for different customers – we’re actually doing exactly that today for all of the legacy resource holders who have entered an agreement with ARIN already or who choose to do so in the coming year. Rather than paying the same registration service fees as everyone else, they have a cap on their total registry maintenance fees (presently $150 per year, subject to an increase $25 per year) which is a unique fee benefit that’s been provided only to the legacy resource holders. The announcement just made is that we will cease offering this fee cap for legacy resource holders who sign an agreement after 31 Dec 2023; i.e. they will pay the same fees as everyone else based on total resources held. As others have already noted, this will move ARIN towards charging more customers the same fees for the same services. If you are a legacy resource holder that was planning on entering into an LRSA with ARIN, it would be beneficial to do so before 2024. If you are legacy resource holder that is not planning to enter an agreement with ARIN, then the change doesn’t matter to you (other than perhaps a providing an opportunity to rail on the mailing list in response anyway…) As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else. A wonderful assertion, but false. Those issued resource before ARIN’s formation have a choice – if they wish to enter an agreement and normalize their relationship they can do so, but at that point they are subject to the same agreement as everyone else. ARIN has made a conscious decision to treat everyone the same, both in terms of agreements and fees (aside from the legacy resource holder fee cap that has been provided for last two decades as an incentive and, as noted, is being sunset at the end of 2023.) Note that there are indeed circumstances where a party can exit the RSA and the number resources return to the prior status – this is what occurs if ARIN is found in litigation to have breached the agreement. This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen. If that the goal were "take away legacy resources”, then there are far easier and more direct means to accomplish that, but as noted previously, the goal is rather provide legacy resource holders a choice if they want a formal relationship with ARIN or not. Enter into an LRSA or don’t, that’s entirely up to each legacy resource holder. ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...") ARIN certainly encourages legacy resource holders to enter an agreement - this helps spread our costs among a larger customer base and provides the customer access to our full suite of services – I’m not sure how that encouragement is seen as "stealth and misdirection”, particularly as we go out of our way to communicate changes well in advance and in forums such as this one. ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service. Again, ARIN encourages operators to deploy RPKI services to better protect their network routing, but we are very clear to take no stance on _requiring_ deployment of such services – this is matter best left for the operator community to decide. ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote). Almost accurate - the voting community is indeed those customers who have resources under services agreement (i.e. members) and therefore that does not include legacy resource holders unless they opt to enter an LRSA. That voting community does elect the ARIN Board of Trustees and our ARIN Advisory Council. However, the ARIN policy development process is open to all, and there are many participants who have legacy resources not under agreement and advocate on behalf of that community – again, it’s your choice is you wish to participate or not, but it would be specious to assert that the community that develops ARIN registry policy is limited to ARIN members. That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse. Wow - I’m not certain you could be more incorrect. Note that the policies that were in effect _prior to ARIN’s formation_ reflect exactly that sentiment above: i.e., per RFC 2050 – IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space. The community in this region (via ARIN’s policy development process) created registry policies that specifically recognize that “underused" IP address space is not subject to reclamation but can be transferred to another party that has need. (You can find these in ARIN’s number resource policy manual (NRPM) in section 8) <https://www.arin.net/participate/policy/nrpm/#8-transfers>. ARIN has also enshrined that same principle of ability to retain “underused number resources” in its RSA/LRSA, in section 6 – 6. REVIEW OF HOLDER’S NUMBER RESOURCES Whenever a transfer or additional IP address space is requested by Holder, ARIN may review Holder’s utilization of previously allocated or assigned number resources and other Services received from ARIN to determine if Holder is complying with the Service Terms. Except as set forth in this Agreement, (i) ARIN will take no action to reduce the Services currently provided for Included Number Resources due to lack of utilization by the Holder, and (ii) ARIN has no right to revoke any Included Number Resources under this Agreement due to lack of utilization by Holder. However, ARIN may refuse to permit transfers or additional allocations of number resources to Holder if Holder’s Included Number Resources are not utilized in accordance with Policy. Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses. That’s pretty much what ARIN’s policies have evolved into, although we do still at present have a requirement that the recipient of an address block during a transfer have operational need (i.e. they’re going to be used in an actual network at some point.) If you don’t like that constraint, you can whine about it here on the nanog mailing list, or you can join others of similar mind working in the ARIN policy development process – I actually don’t care either way; ARIN operates the registry per the policy but leaves the development of registry policy to the community. Addresses now have prices, and if you want some, you buy them. Deed registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive. Agreed regarding contracts and courts - if you have an RSA with ARIN, you have contract and your IP address block is a specific set of contractual rights that civil, criminal, probate, bankruptcy and other courts all seem to have no problem understanding and dealing with under rule of law. Absent such, I think you’ll find courts to be an interesting place indeed. Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them". Factually incorrect. We never refused to transfer address blocks from one party to another _if the transfer met the policies set by the community_. It was actually the ARIN community that established the first number resource transfer policy in 2009 <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html> and this was done at the encouragement of the ARIN Board of Trustees…. (please let’s try to stick with facts so an to keep the discussion here occurring on an informed basis.) They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness. As noted, the above is completely specious; the ARIN Board and the community developed our registry policies for transfers to unrelated parties ahead of the first transactions. Sothey reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try! ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving. John - if you don’t like ARIN policies, I’d suggest that you join the others in the policy development process working to change them. ARIN makes sure that there’s open and transparent policy development process, leaves the community to set those policies, and then we operate the registry accordingly. That’s what we define as stewardship" of the number registry. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
Tom – While this may be surprising, it’s my personal view that ARIN and our community has benefited significantly from the approach taken with the legacy resource holders – as opposed to what might have occurred with some form of automatic or mandatory conversion of legacy resource holders to ARIN members… In particular, legacy resource holders making their own voluntary decision on relative merits of becoming an ARIN member (with consideration of the associated tradeoffs in services, fees, legal agreements, etc.) has caused ARIN to weigh and address concerns with ARIN agreements/fees/services and make improvements that might not have otherwise been prioritized. By way of example, several revisions of the LRSA were made to provide for more balanced terms and conditions as a result of feedback from uncontracted legacy resource holders, and these same improvements were incorporated into the RSA for all customers when the LRSA and RSA became a single uniform agreement in 2015. As noted on this list, resource holders have some potential alternatives due to the adoption of the Inter-RIR transfer policy, but in general ARIN still has significant “market power” due to the structure of the RIR system and network effects from large scale adoption in the region. I manage ARIN with a clear awareness of this situation, and under the circumstances, the community of uncontracted legacy resource holders are a key source of unvarnished and (mostly) objective insight into how ARIN could be doing a better job. To the extent that ARIN can heed and incorporate such input, I believe we better serve the entire community of those using number resources in the region. Thanks! /John John Curran President and CEO American Registry for Internet Numbers On 17 Sep 2022, at 11:18 AM, Tom Beecher <beecher@beecher.cc<mailto:beecher@beecher.cc>> wrote: I would honestly love it if IANA was able to say "As of X date, all LEGACY IPv4 allocations are transferred to the RIRs . Assignees will not change, but will now need to comply with each RIRs policies." Of course this will never happen, because it would just be a flood of billable hours, lawsuits, and injunctions, where companies will claim 'intellectual property' over something they didn't develop. It's exhausting to watch this two tiered system where the legacy holders bleat about what the rules should be for the rest of us, while they can do whatever the heck they want, simply because they had the foresight to exist at the right time. On Sat, Sep 17, 2022 at 10:41 AM John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: ... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable. There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed". John - ARIN can most certainly charge different fees for different customers – we’re actually doing exactly that today for all of the legacy resource holders who have entered an agreement with ARIN already or who choose to do so in the coming year. Rather than paying the same registration service fees as everyone else, they have a cap on their total registry maintenance fees (presently $150 per year, subject to an increase $25 per year) which is a unique fee benefit that’s been provided only to the legacy resource holders. The announcement just made is that we will cease offering this fee cap for legacy resource holders who sign an agreement after 31 Dec 2023; i.e. they will pay the same fees as everyone else based on total resources held. As others have already noted, this will move ARIN towards charging more customers the same fees for the same services. If you are a legacy resource holder that was planning on entering into an LRSA with ARIN, it would be beneficial to do so before 2024. If you are legacy resource holder that is not planning to enter an agreement with ARIN, then the change doesn’t matter to you (other than perhaps a providing an opportunity to rail on the mailing list in response anyway…) As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else. A wonderful assertion, but false. Those issued resource before ARIN’s formation have a choice – if they wish to enter an agreement and normalize their relationship they can do so, but at that point they are subject to the same agreement as everyone else. ARIN has made a conscious decision to treat everyone the same, both in terms of agreements and fees (aside from the legacy resource holder fee cap that has been provided for last two decades as an incentive and, as noted, is being sunset at the end of 2023.) Note that there are indeed circumstances where a party can exit the RSA and the number resources return to the prior status – this is what occurs if ARIN is found in litigation to have breached the agreement. This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen. If that the goal were "take away legacy resources”, then there are far easier and more direct means to accomplish that, but as noted previously, the goal is rather provide legacy resource holders a choice if they want a formal relationship with ARIN or not. Enter into an LRSA or don’t, that’s entirely up to each legacy resource holder. ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...") ARIN certainly encourages legacy resource holders to enter an agreement - this helps spread our costs among a larger customer base and provides the customer access to our full suite of services – I’m not sure how that encouragement is seen as "stealth and misdirection”, particularly as we go out of our way to communicate changes well in advance and in forums such as this one. ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service. Again, ARIN encourages operators to deploy RPKI services to better protect their network routing, but we are very clear to take no stance on _requiring_ deployment of such services – this is matter best left for the operator community to decide. ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote). Almost accurate - the voting community is indeed those customers who have resources under services agreement (i.e. members) and therefore that does not include legacy resource holders unless they opt to enter an LRSA. That voting community does elect the ARIN Board of Trustees and our ARIN Advisory Council. However, the ARIN policy development process is open to all, and there are many participants who have legacy resources not under agreement and advocate on behalf of that community – again, it’s your choice is you wish to participate or not, but it would be specious to assert that the community that develops ARIN registry policy is limited to ARIN members. That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse. Wow - I’m not certain you could be more incorrect. Note that the policies that were in effect _prior to ARIN’s formation_ reflect exactly that sentiment above: i.e., per RFC 2050 – IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space. The community in this region (via ARIN’s policy development process) created registry policies that specifically recognize that “underused" IP address space is not subject to reclamation but can be transferred to another party that has need. (You can find these in ARIN’s number resource policy manual (NRPM) in section 8) <https://www.arin.net/participate/policy/nrpm/#8-transfers>. ARIN has also enshrined that same principle of ability to retain “underused number resources” in its RSA/LRSA, in section 6 – 6. REVIEW OF HOLDER’S NUMBER RESOURCES Whenever a transfer or additional IP address space is requested by Holder, ARIN may review Holder’s utilization of previously allocated or assigned number resources and other Services received from ARIN to determine if Holder is complying with the Service Terms. Except as set forth in this Agreement, (i) ARIN will take no action to reduce the Services currently provided for Included Number Resources due to lack of utilization by the Holder, and (ii) ARIN has no right to revoke any Included Number Resources under this Agreement due to lack of utilization by Holder. However, ARIN may refuse to permit transfers or additional allocations of number resources to Holder if Holder’s Included Number Resources are not utilized in accordance with Policy. Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses. That’s pretty much what ARIN’s policies have evolved into, although we do still at present have a requirement that the recipient of an address block during a transfer have operational need (i.e. they’re going to be used in an actual network at some point.) If you don’t like that constraint, you can whine about it here on the nanog mailing list, or you can join others of similar mind working in the ARIN policy development process – I actually don’t care either way; ARIN operates the registry per the policy but leaves the development of registry policy to the community. Addresses now have prices, and if you want some, you buy them. Deed registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive. Agreed regarding contracts and courts - if you have an RSA with ARIN, you have contract and your IP address block is a specific set of contractual rights that civil, criminal, probate, bankruptcy and other courts all seem to have no problem understanding and dealing with under rule of law. Absent such, I think you’ll find courts to be an interesting place indeed. Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them". Factually incorrect. We never refused to transfer address blocks from one party to another _if the transfer met the policies set by the community_. It was actually the ARIN community that established the first number resource transfer policy in 2009 <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html> and this was done at the encouragement of the ARIN Board of Trustees…. (please let’s try to stick with facts so an to keep the discussion here occurring on an informed basis.) They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness. As noted, the above is completely specious; the ARIN Board and the community developed our registry policies for transfers to unrelated parties ahead of the first transactions. Sothey reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try! ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving. John - if you don’t like ARIN policies, I’d suggest that you join the others in the policy development process working to change them. ARIN makes sure that there’s open and transparent policy development process, leaves the community to set those policies, and then we operate the registry accordingly. That’s what we define as stewardship" of the number registry. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Sep 17, 2022, at 08:18 , Tom Beecher <beecher@beecher.cc> wrote:
I would honestly love it if IANA was able to say "As of X date, all LEGACY IPv4 allocations are transferred to the RIRs . Assignees will not change, but will now need to comply with each RIRs policies."
The first part of that statement is the status quo. The latter is not within IANA’s ability to effect. Some RIRs claim it is already the case. Some legacy holders disagree. A true court test of this with precedent has yet to actually occur, but generally the RIRs have prevailed in most cases.
Of course this will never happen, because it would just be a flood of billable hours, lawsuits, and injunctions, where companies will claim 'intellectual property' over something they didn't develop.
I think it won’t happen more likely because to the extent that it can happen (and matter), it already has.
It's exhausting to watch this two tiered system where the legacy holders bleat about what the rules should be for the rest of us, while they can do whatever the heck they want, simply because they had the foresight to exist at the right time.
I don’t think that is an accurate characterization of the issue at all. And I say that with a pretty good knowledge of both perspectives as someone who holds both legacy and non-legacy resources and has been very involved in the community and the ARIN policy process for a long time. Owen
On Sat, Sep 17, 2022 at 10:41 AM John Curran <jcurran@arin.net <mailto:jcurran@arin.net>> wrote:
On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com <mailto:gnu@toad.com>> wrote:
John Curran <jcurran@arin.net <mailto:jcurran@arin.net>> wrote:
... the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
There are many "anything else"s that would indeed be equitable. It is equitable for businesses to sell yesterday's bread at a lower price than today's bread. Or to rent unused hotel rooms to late-night transients for lower prices than those charged to people who want pre-booked certainty about their overnight shelter. ARIN could equitably charge different prices to people in different situations; it already does. And ARIN could equitably offer services to non-members, by charging them transaction fees for services rendered, rather than trying to force them into a disadvantageous long term contract. Please don't confuse "seeking equity" with "forcing everyone into the same procrustean bed".
John -
ARIN can most certainly charge different fees for different customers – we’re actually doing exactly that today for all of the legacy resource holders who have entered an agreement with ARIN already or who choose to do so in the coming year. Rather than paying the same registration service fees as everyone else, they have a cap on their total registry maintenance fees (presently $150 per year, subject to an increase $25 per year) which is a unique fee benefit that’s been provided only to the legacy resource holders. The announcement just made is that we will cease offering this fee cap for legacy resource holders who sign an agreement after 31 Dec 2023; i.e. they will pay the same fees as everyone else based on total resources held.
As others have already noted, this will move ARIN towards charging more customers the same fees for the same services. If you are a legacy resource holder that was planning on entering into an LRSA with ARIN, it would be beneficial to do so before 2024. If you are legacy resource holder that is not planning to enter an agreement with ARIN, then the change doesn’t matter to you (other than perhaps a providing an opportunity to rail on the mailing list in response anyway…)
As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's an existence proof: RIPE's doesn't.) Such a contract would likely result in more-equitable sharing of costs, since it would encourage legacy holders to pay ARIN (and legacy holders are still more than a quarter of the total IP addresses, possibly much more). The fact that ARIN hasn't made this happen says nothing about equity; it's about something else.
A wonderful assertion, but false. Those issued resource before ARIN’s formation have a choice – if they wish to enter an agreement and normalize their relationship they can do so, but at that point they are subject to the same agreement as everyone else. ARIN has made a conscious decision to treat everyone the same, both in terms of agreements and fees (aside from the legacy resource holder fee cap that has been provided for last two decades as an incentive and, as noted, is being sunset at the end of 2023.)
Note that there are indeed circumstances where a party can exit the RSA and the number resources return to the prior status – this is what occurs if ARIN is found in litigation to have breached the agreement.
This whole tussle is about power. ARIN wants the power to take away legacy resources, while their current owners don't want that to happen.
If that the goal were "take away legacy resources”, then there are far easier and more direct means to accomplish that, but as noted previously, the goal is rather provide legacy resource holders a choice if they want a formal relationship with ARIN or not. Enter into an LRSA or don’t, that’s entirely up to each legacy resource holder.
ARIN wants to be the puppeteer who pulls all the strings for the North American Internet. It pursues this desire by stealth and misdirection (e.g. "We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services...")
ARIN certainly encourages legacy resource holders to enter an agreement - this helps spread our costs among a larger customer base and provides the customer access to our full suite of services – I’m not sure how that encouragement is seen as "stealth and misdirection”, particularly as we go out of our way to communicate changes well in advance and in forums such as this one.
ARIN is also trying to encourage ISPs to demand RPKI before providing transit to IP address holders, which would turn its optional RPKI service (that it has tied by contract into ARIN gaining control over legacy resources) into an effectively mandatory RPKI service.
Again, ARIN encourages operators to deploy RPKI services to better protect their network routing, but we are very clear to take no stance on _requiring_ deployment of such services – this is matter best left for the operator community to decide.
ARIN hides its power grab behind "our policies are set by our community" and "our board is elected by our community" misdirections. Its voting community consists almost entirely of those who aren't legacy holders (by definition: if you accept their contract, your legacy resource ownership goes away; if you don't, you can't vote).
Almost accurate - the voting community is indeed those customers who have resources under services agreement (i.e. members) and therefore that does not include legacy resource holders unless they opt to enter an LRSA. That voting community does elect the ARIN Board of Trustees and our ARIN Advisory Council.
However, the ARIN policy development process is open to all, and there are many participants who have legacy resources not under agreement and advocate on behalf of that community – again, it’s your choice is you wish to participate or not, but it would be specious to assert that the community that develops ARIN registry policy is limited to ARIN members.
That community would love to confiscate some "underused" legacy IP addresses to be handed out for free to their own "waiting list". So this is equivalent to putting foxes in charge of policy for a henhouse.
Wow - I’m not certain you could be more incorrect. Note that the policies that were in effect _prior to ARIN’s formation_ reflect exactly that sentiment above: i.e., per RFC 2050 –
IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space.
The community in this region (via ARIN’s policy development process) created registry policies that specifically recognize that “underused" IP address space is not subject to reclamation but can be transferred to another party that has need. (You can find these in ARIN’s number resource policy manual (NRPM) in section 8) <https://www.arin.net/participate/policy/nrpm/#8-transfers <https://www.arin.net/participate/policy/nrpm/#8-transfers>>.
ARIN has also enshrined that same principle of ability to retain “underused number resources” in its RSA/LRSA, in section 6 –
6. REVIEW OF HOLDER’S NUMBER RESOURCES
Whenever a transfer or additional IP address space is requested by Holder, ARIN may review Holder’s utilization of previously allocated or assigned number resources and other Services received from ARIN to determine if Holder is complying with the Service Terms. Except as set forth in this Agreement, (i) ARIN will take no action to reduce the Services currently provided for Included Number Resources due to lack of utilization by the Holder, and (ii) ARIN has no right to revoke any Included Number Resources under this Agreement due to lack of utilization by Holder. However, ARIN may refuse to permit transfers or additional allocations of number resources to Holder if Holder’s Included Number Resources are not utilized in accordance with Policy.
Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office. IP addresses no longer need a bureacracy for socialistic determinations about which supplicants "deserve" addresses.
That’s pretty much what ARIN’s policies have evolved into, although we do still at present have a requirement that the recipient of an address block during a transfer have operational need (i.e. they’re going to be used in an actual network at some point.) If you don’t like that constraint, you can whine about it here on the nanog mailing list, or you can join others of similar mind working in the ARIN policy development process – I actually don’t care either way; ARIN operates the registry per the policy but leaves the development of registry policy to the community.
Addresses now have prices, and if you want some, you buy them. Deed registries get to charge fees for transactions, but they don't get to take away your property, nor tell you that you can't buy any more property because they disapprove of how you managed your previous properties. Actual ownership of real estate is defined by contracts and courts, not by the registry, which is just a set of pointers to help people figure out the history and current status of each parcel. The registry is important, but it's not definitive.
Agreed regarding contracts and courts - if you have an RSA with ARIN, you have contract and your IP address block is a specific set of contractual rights that civil, criminal, probate, bankruptcy and other courts all seem to have no problem understanding and dealing with under rule of law. Absent such, I think you’ll find courts to be an interesting place indeed.
Deed-registry is apparently not a model that ARIN wants to be operating in. They initially tried to refuse to record purchases of address blocks, because it violated their model of "if you don't use your IP addresses, you must give them back to us and receive no money for them".
Factually incorrect. We never refused to transfer address blocks from one party to another _if the transfer met the policies set by the community_. It was actually the ARIN community that established the first number resource transfer policy in 2009 <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html <https://www.arin.net/vault/announcements/2009/20090601_nrpm.html>> and this was done at the encouragement of the ARIN Board of Trustees…. (please let’s try to stick with facts so an to keep the discussion here occurring on an informed basis.)
They saw their job as being the power broker who hands out free favors. But when their supply of free IP addresses dried up, they had no remaining function other than to record ownership (be a deed registry), and to run an occasional conference. It dawned on them that if they refused to record these transactions, they would not even be a reliable deed-registry; they would have entirely outlived their usefulness.
As noted, the above is completely specious; the ARIN Board and the community developed our registry policies for transfers to unrelated parties ahead of the first transactions.
Sothey reluctantly agreed to do that job, but their policies are still left over from their power-broker past. They'd love to go back to it, if only they could figure out how. IPv6? Sure! RPKI maybe? Worth a try!
ARIN prefers to be a power broker rather than a scribe. Who can blame them for that? But don't mistake their strategy for stewardship. "Doing what the community wants" or "seeking the equitable thing" quacks like stewardship, so of course they brand themselves that way. But in my opinion their power-seeking is self-serving, not community-serving.
John - if you don’t like ARIN policies, I’d suggest that you join the others in the policy development process working to change them. ARIN makes sure that there’s open and transparent policy development process, leaves the community to set those policies, and then we operate the registry accordingly. That’s what we define as stewardship" of the number registry.
Thanks, /John
John Curran President and CEO American Registry for Internet Numbers
On Sat, Sep 17, 2022 at 7:39 AM John Curran <jcurran@arin.net> wrote:?
On 16 Sep 2022, at 10:11 PM, John Gilmore <gnu@toad.com> wrote:
As a simple example, ARIN's contract need not require its customers to give up their resources when ceasing to pay ARIN for services. (There's
A wonderful assertion, but false.
Of course ARIN could adjust its contract that way. That ARIN -chooses- not to.does not make John Gilmore's claim false. Moreover, ARIN could choose to offer RPKI service under a contract which specifies only that the RPKI services are applicable only to IP addresses registered to the contractee at ARIN without saying anything about how they're registered. Such an approach would meet ARIN's self-imposed requirement to treat everybody the same without disturbing the status quo for legacy registrations. ARIN chooses not to SOLELY as a -forcing function- to get legacy registrants to sign an RSA declaring that they've no rights over the IP addresses. And ARIN does so to the detriment of the routing community which would benefit from those legacy registrants joining the RPKI system. And I'd be willing to bet that if you polled the ARIN members, the majority would rather have the legacy registrants participate in RPKI even if they didn't have to sign the RSA covering their IP addresses to do it. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
* gnu@toad.com (John Gilmore) [Sat 17 Sep 2022, 04:14 CEST]:
Now that markets exist for IP addresses, all that IP addresses need is a deed-registry to discourage fraud, like a county real-estate registrar's office.
Are IP addresses like houses, though? Aren't they more like other intellectual property such as trademarks or patents? What happens to those when you don't pay the USPTO? -- Niels.
On Mon, Sep 19, 2022 at 10:04 AM <niels=nanog@bakker.net> wrote:
Are IP addresses like houses, though? Aren't they more like other intellectual property such as trademarks or patents? What happens to those when you don't pay the USPTO?
You lose the ability to sue for triple damages. You can only sue for injunctions and regular damages. -- For hire. https://bill.herrin.us/resume/
On September 19, 2022 at 10:16 bill@herrin.us (William Herrin) wrote:
On Mon, Sep 19, 2022 at 10:04 AM <niels=nanog@bakker.net> wrote:
Are IP addresses like houses, though? Aren't they more like other intellectual property such as trademarks or patents? What happens to those when you don't pay the USPTO?
You lose the ability to sue for triple damages. You can only sue for injunctions and regular damages.
Put another way in the US, at least, trademarks, at least, do not rely on USPTO or WIPO for legal force other than those mentioned above. You don't have to register a trademark with either to claim legal force. You just have to be ready to show that your trademark was used in commerce, not a high barrier, and a use by another party potentially causes confusion, dilution, reputational &c damage to your use of your mark, or whatever. That can also include geographic scope (don't make me type in Trademarks 101 here!) Trademarks are, at their core, a consumer protection, not a property right. Their principle purpose is, for example, so a consumer knows if they buy a bottle of Coca-Cola beverage it is a product of the Coca-Cola corporation. Everything else mostly derives from that principle tho with 200+ years of practice, legislation, and precedent of course there are other details. And vice-versa, use it or lose it, the mark has to represent some product or service. Which is why for example the USPTO/WIPO don't allow you to just register clever names &c and claim rights in those names &c. Well, they may allow you but it's a legally worthless thing to do. Compare and contrast to the internet domain system...ahem. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Mon, Sep 19, 2022 at 1:06 PM <bzs@theworld.com> wrote:
You don't have to register a trademark with either to claim legal force.
Trademarks have a fascinating history. Originally they were a requirement rather than a right: producers of certain commodities were required to place a distinctive mark to authenticate themselves as the maker. They were literally a mark of your trade that you placed on the thing you sold. Forgery of these marks became a problem after which laws were passed making it illegal to use another's mark. Goes all the way back to 13th century England. Modern trademark law, in which it became possible to protect words instead of line-art, didn't come about until the mid 19th century. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On Sep 16, 2022, at 08:53 , John Curran <jcurran@arin.net> wrote:
Tom -
It’s an artifact of our formation that we are presently providing services to any customers absent any agreement and while ARIN continues to do so (by providing basic services to legacy customers), the long-term direction is to provide the same services to all customers under the same agreement and fees – anything else wouldn’t be equitable.
(This is the direction that the ARIN Board of Trustees has set based on community input; I will note that the ARIN Board is itself elected by the community and that we have our annual election upcoming – https://www.arin.net/announcements/20220906-arinslate/ <https://www.arin.net/announcements/20220906-arinslate/> )
You keep saying this, but it is still false. The community includes legacy holders that don’t have contracts. It also includes end users that don’t have voting rights (until their next renewal and demand of those voting rights by said end users). The ARIN board is elected by the members… In other words, you have specifically excluded anyone with an interest contrary to the stated position from electing the board, so of course the board is rather lopsided on this issue. Whether that is by design or simply by nature is left as an exercise for the reader. Owen
I could be mistaken, but I believe that RIPE NCC provides RPKI services for Legacy without Contract resource holders. Owen
On Sep 15, 2022, at 15:55 , Rubens Kuhl <rubensk@gmail.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders. As you mentioned, that would probably have a price tag attached to it to cover the costs for such operations, but a contract could stay away from ownership issues and not either say the blocks are yours or that the blocks could be taken from you. Pay for the services, get RPKI; don't pay them, RPKI ROAs expire.
I have a feeling that the recurring cost would be higher than using the scale that the RIR system has in providing those services, and that doing RIR-shopping (like what was already suggested here, moving the resources to RIPE) is simpler and more cost effective. But this would at least expose the real costs without making the RIR-allocated resource holders subsidize legacy resource holders, which is the good thing I see in the direction ARIN is going.
Rubens
On Fri, Sep 16, 2022 at 5:18 AM Tom Krenn via NANOG <nanog@nanog.org> wrote:
Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working.
We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.)
Tom Krenn Network Architect Enterprise Architecture - Information Technology
-----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of John Curran Sent: Thursday, September 15, 2022 3:35 PM To: John Gilmore <gnu@toad.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
John -
Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.
For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region.
As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs.
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
On 18 Sep 2022, at 20:04, Owen DeLong via NANOG <nanog@nanog.org> wrote:
I could be mistaken, but I believe that RIPE NCC provides RPKI services for Legacy without Contract resource holders.
The policy: https://www.ripe.net/publications/docs/ripe-639 The details: https://www.ripe.net/manage-ips-and-asns/legacy-resources/ripe-ncc-services-... Once you’re set, you can go through a wizard that will give you access to a subset of the RIPE NCC Portal that will only let you manage Hosted or Delegated RPKI and nothing else. https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/resource-c... -Alex
Owen
On Sep 15, 2022, at 15:55 , Rubens Kuhl <rubensk@gmail.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders. As you mentioned, that would probably have a price tag attached to it to cover the costs for such operations, but a contract could stay away from ownership issues and not either say the blocks are yours or that the blocks could be taken from you. Pay for the services, get RPKI; don't pay them, RPKI ROAs expire.
I have a feeling that the recurring cost would be higher than using the scale that the RIR system has in providing those services, and that doing RIR-shopping (like what was already suggested here, moving the resources to RIPE) is simpler and more cost effective. But this would at least expose the real costs without making the RIR-allocated resource holders subsidize legacy resource holders, which is the good thing I see in the direction ARIN is going.
Rubens
On Fri, Sep 16, 2022 at 5:18 AM Tom Krenn via NANOG <nanog@nanog.org> wrote:
Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working.
We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.)
Tom Krenn Network Architect Enterprise Architecture - Information Technology
-----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of John Curran Sent: Thursday, September 15, 2022 3:35 PM To: John Gilmore <gnu@toad.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
John -
Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.
For more than two decades legacy resource holders have been provided the opportunity to normalize their relations with ARIN by entry into an LRSA - thus receiving the same services on the same terms and conditions as all others in the region (and also with a favorable fee cap applied to their total annual registry fees.) While many folks have taken advantage of that offer over the years, it’s quite possible that all of those interested have already considered the matter and hence going forward we are returning to the refrain of the entire community in seeking the lowest fees applied equitably to all in the region.
As we’ve recently added more advanced services that may be of interest to many in the community (RPKI and authenticated IRR) and also have just made a favorable simplification to the RSA in section 7 (an area that has been problematic for some organizations in the past), it is important that ARIN not subset availability of the legacy fee cap without significant notice, as there many be a few folks out there who were unaware of LRSA with fee cap availability and/or haven’t recently taken a look at the various tradeoffs.
In any case, legacy resource holders who don’t care for these advanced services (whose development and maintenance is paid for by the ARIN community) can simply continue to maintain their legacy resources in the ARIN registry. They do not have to do anything, as ARIN is continuing to provide basic registration services to the thousands of non-contracted legacy resource holders (including online updates to your resources, reverse DNS services, etc.) without fee or contract.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
On 15 Sep 2022, at 3:41 PM, John Gilmore <gnu@toad.com> wrote:
John Curran wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
Randy Bush <randy@psg.com> wrote:
consult a competent lawyer before signing an LRSA
Amen to that. ARIN's stance on legacy resources has traditionally been that ARIN would prefer to charge you annually for them, and then "recover" them (take them away from you) if you ever stop paying, or if they ever decide that you are not using them wisely. If you once agree to an ARIN contract, your resources lose their "legacy" status and you become just another sharecropper subject to ARIN's future benevolence or lack thereof.
The change recently announced by John Curran will make the situation very slightly worse, by making ARIN's annual fees for legacy resources changeable at their option, instead of being capped by contract. ARIN management could have changed their offer to be better, if they wanted to attract legacy users, but they made an explicit choice to do the opposite.
By contrast, RIPE has developed a much more welcoming stance on legacy resources, including:
* retaining the legacy status of resources after a transfer or sale * allowing resources to be registered without paying annual fees to RIPE (merely paying a one-time transaction fee), so that later non-payment of annual fees can't be used as an excuse to steal the resources. * agreeing that RIPE members will keep all their legacy resources even if they later cease to be RIPE members
You are within the RIPE service area if your network touches Europe, northern Asia, or Greenland. This can be as simple as having a rented or donated server located in Europe, or as complicated as running a worldwide service provider. If you have a presence there, you can transfer your worldwide resources out from under ARIN policies and put them under RIPE's jurisdiction instead.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
Other RIRs may have other good or bad policies about legacy resource holders. As Randy proposed, consult a lawyer competent in legacy domain registration issues before making any changes.
John
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy, and RIPE pursues it with vigor. And getting the above treatment may require firmly asserting to RIPE that you want it, rather than accepting the defaults. But their motives are more benevolent than ARIN's toward legacy resource holders; RIPE honestly seems to want to gather in legacy resource holders, either as RIPE members or not, without reducing any of the holders' rights or abilities. I commend them for that.
I have to say that my experience transferring to RIPE-NCC was quite pleasant and involved quite minimal bureaucratic hassle. I did have to select “Legacy without contract” on one form and reassert that in reply to one email, but that was about the extent of it. YMMV. Owen
I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not. Transferring to RIPE-NCC as Legacy without Contract will afford you full respect for your rights in your resources in perpetuity (or at least as long as RIPE-NCC lasts) without requiring a contract and without having to pay fees. If you need to establish presence in Europe to satisfy RIPE’s requirements, a cheap virtual machine can be leased for a month or two to get through the process and is never verified or validated thereafter. I was an early signatory to the LRSA thinking I was doing the right thing. After the ARIN board changed end users from fee-per-ORG to fee-per-resource in order to get around the fee cap and bifurcated my org into two orgs (allowing them to charge even more), I came to regret that decision. Since transferring my legacy resources to RIPE-NCC, I have been considerably happier. Owen
On Sep 13, 2022, at 18:24 , Randy Bush <randy@psg.com> wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
consult a competent lawyer before signing an LRSA
randy
* nanog@nanog.org (Owen DeLong via NANOG) [Sun 18 Sep 2022, 19:53 CEST]:
I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not.
Would you say that in hindsight you would have advocated differently when ARIN decided not to allow transfer of IPv6 resources to other RIRs? -- Niels.
I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not.
For the uninitiated, this is the crux of the disagreements. (Before I begin, this is not a personal shot at Owen or anybody else.) Allocations made before the RIR systems were created have no contracts or covenants attached. Allocations made from the RIRs do. The 'rights' claimed by legacy holders are therefore unenumerated ; their argument is essentially 'nothing says I don't have these rights, so I say I do'. This leads to the current situation, where the legacy holders don't really want any case law or contractual agreements to enumerate what rights they may (or may not) have, because if that happens, they would be prevented from asserting some new right in the future. We all I think acknowledge that technology often races out in front of the law, this situation is no different. Many people have legitimate concerns about policies at different RIRs, and this isn't a shot at those either. But fundamentally, this has meant there has been a 2 tier system since the inception of the RIRs that legacy holders don't have to follow the same rules as the rest of us. On Sun, Sep 18, 2022 at 1:52 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not.
Transferring to RIPE-NCC as Legacy without Contract will afford you full respect for your rights in your resources in perpetuity (or at least as long as RIPE-NCC lasts) without requiring a contract and without having to pay fees.
If you need to establish presence in Europe to satisfy RIPE’s requirements, a cheap virtual machine can be leased for a month or two to get through the process and is never verified or validated thereafter.
I was an early signatory to the LRSA thinking I was doing the right thing. After the ARIN board changed end users from fee-per-ORG to fee-per-resource in order to get around the fee cap and bifurcated my org into two orgs (allowing them to charge even more), I came to regret that decision. Since transferring my legacy resources to RIPE-NCC, I have been considerably happier.
Owen
On Sep 13, 2022, at 18:24 , Randy Bush <randy@psg.com> wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
consult a competent lawyer before signing an LRSA
randy
Tom - That’s one way of characterizing the situation, but there’s also a deeper aspect that may not be readily apparent – The nature of the Internet number registry system is inherently different than that a normal customer / vendor relationship, in that the entire concept underlying the system is that it would be the industry engaged in a form of self-regulation (rather than folks simply receiving a service paid for and defined by the US Government, or procuring some off-the-shelf commercial service); i.e., the users of the Internet number registry system were intended to be the stakeholders that governed each of the regional Internet registries, with each RIR acting a steward of the Internet number resources in its region. At ARIN’s inception, legacy resource holders were provided the same services as before w/o any requirement to pay a fee or enter into a contract – that’s a very reasonable transition approach. Alas, there was no consideration given to further evolution of services/rights for legacy resource holders, as the assumption was that those desiring some form of evolution of their RIR services would become stakeholders and discuss it with the rest of the community via participation in governance of their regional Internet number registry. The concept of number resources that were part of – but somehow external to the governance of the Internet number registry in perpetuity – actually runs contrary to the very concept of self-regulating community-based stewardship, and hence a significant part of disconnect behind the disagreements that we see here. FYI, /John John Curran President and CEO American Registry for Internet Numbers On 19 Sep 2022, at 10:16 AM, Tom Beecher <beecher@beecher.cc<mailto:beecher@beecher.cc>> wrote: I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not. For the uninitiated, this is the crux of the disagreements. (Before I begin, this is not a personal shot at Owen or anybody else.) Allocations made before the RIR systems were created have no contracts or covenants attached. Allocations made from the RIRs do. The 'rights' claimed by legacy holders are therefore unenumerated ; their argument is essentially 'nothing says I don't have these rights, so I say I do'. This leads to the current situation, where the legacy holders don't really want any case law or contractual agreements to enumerate what rights they may (or may not) have, because if that happens, they would be prevented from asserting some new right in the future. We all I think acknowledge that technology often races out in front of the law, this situation is no different. Many people have legitimate concerns about policies at different RIRs, and this isn't a shot at those either. But fundamentally, this has meant there has been a 2 tier system since the inception of the RIRs that legacy holders don't have to follow the same rules as the rest of us. On Sun, Sep 18, 2022 at 1:52 PM Owen DeLong via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations to RIPE-NCC, whether they have signed the LRSA or not. Transferring to RIPE-NCC as Legacy without Contract will afford you full respect for your rights in your resources in perpetuity (or at least as long as RIPE-NCC lasts) without requiring a contract and without having to pay fees. If you need to establish presence in Europe to satisfy RIPE’s requirements, a cheap virtual machine can be leased for a month or two to get through the process and is never verified or validated thereafter. I was an early signatory to the LRSA thinking I was doing the right thing. After the ARIN board changed end users from fee-per-ORG to fee-per-resource in order to get around the fee cap and bifurcated my org into two orgs (allowing them to charge even more), I came to regret that decision. Since transferring my legacy resources to RIPE-NCC, I have been considerably happier. Owen
On Sep 13, 2022, at 18:24 , Randy Bush <randy@psg.com<mailto:randy@psg.com>> wrote:
We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
consult a competent lawyer before signing an LRSA
randy
On Mon, Sep 19, 2022 at 7:16 AM Tom Beecher <beecher@beecher.cc> wrote:
Allocations made before the RIR systems were created have no contracts or covenants attached. Allocations made from the RIRs do.
The 'rights' claimed by legacy holders are therefore unenumerated ; their argument is essentially 'nothing says I don't have these rights, so I say I do'.
Not because I "say" I do but because legal precedent has said that folks in roughly comparable situations in the past did. Nothing exactly the same or there wouldn't be any ambiguity but similar enough for me to think I have rights.
This leads to the current situation, where the legacy holders don't really want any case law or contractual agreements to enumerate what rights they may (or may not) have, because if that happens, they would be prevented from asserting some new right in the future. We all I think acknowledge that technology often races out in front of the law, this situation is no different.
I'd be happy to have case law or a contract that clarifies the situation, wherever that might end up. I won't force the matter unless ARIN puts me in a position where it's either go to court or knuckle under. Despite the war of words, ARIN has shown no signs of doing so. As for a contract, if ARIN offered an acceptable contract or was willing to negotiate toward an acceptable contract, I would as happily clarify my rights that way. To my perspective (and I've said this many times in the past) it is ARIN who would prefer not to have the matter clarified as it would certainly be clarified that ARIN has less power over the legacy registrations than their RSA contract requests and elements of that clarification could spill over into the contracted resources. The RSA contract ARIN offers registrants boils down to this: so long as you pay us, you can use IP addresses the way we say you can. The way we say you can is subject to change at any time according to the change process which we can replace at any time at the pleasure of our board of trustees who are chosen through a process that they can change at any time. There's not even anything in the contract that ARIN's application of policy can be restricted to the policies in effect at the time the issuance of the number resources or that those policies won't change in a manner which results in the revocation of those resources when used as represented to ARIN that they would be. ARIN's NRPM contract is devoid of any -meaningful- protections for the registrant; all rights are reserved to ARIN. I hope you understand why I would choose ambiguous rights over no rights at all. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
This is where things keep getting held up on the legal side. At least in my experience. It would be great if something could be expanded upon in the RSA to clarify some rights. Has ARIN ever worked with the IANA, NSF, OSTP, DOJ, etc to clarify things? I recall this letter https://www.arin.net/vault/resources/legacy/ARIN-Rudolph-NSF-18OCT2012.pdf where an argument is made. But so far there has been no statement by OSTP or DoC/NTIA that would help legacy holders navigate this. Just ARIN's opinion (above). Again fees are not an issue, but the vague language stating any policy may change at any time is a big show stopper. " The RSA contract ARIN offers registrants boils down to this: so long as you pay us, you can use IP addresses the way we say you can. The way we say you can is subject to change at any time according to the change process which we can replace at any time at the pleasure of our board of trustees who are chosen through a process that they can change at any time. There's not even anything in the contract that ARIN's application of policy can be restricted to the policies in effect at the time the issuance of the number resources or that those policies won't change in a manner which results in the revocation of those resources when used as represented to ARIN that they would be. ARIN's NRPM contract is devoid of any -meaningful- protections for the registrant; all rights are reserved to ARIN. I hope you understand why I would choose ambiguous rights over no rights at all." That said I do plan to have my org apply for membership since we do have IPv6 resources under RSA. I'm just not sure one more voice asking for clarity is going to have any real impact. Tom Krenn Network Architect Enterprise Architecture - Information Technology -----Original Message----- From: NANOG <nanog-bounces+tom.krenn=hennepin.us@nanog.org> On Behalf Of William Herrin Sent: Monday, September 19, 2022 10:53 AM To: Tom Beecher <beecher@beecher.cc> Cc: John Curran <jcurran@arin.net>; North American Network Operators' Group <nanog@nanog.org> Subject: [External] Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments. On Mon, Sep 19, 2022 at 7:16 AM Tom Beecher <beecher@beecher.cc> wrote:
Allocations made before the RIR systems were created have no contracts or covenants attached. Allocations made from the RIRs do.
The 'rights' claimed by legacy holders are therefore unenumerated ; their argument is essentially 'nothing says I don't have these rights, so I say I do'.
Not because I "say" I do but because legal precedent has said that folks in roughly comparable situations in the past did. Nothing exactly the same or there wouldn't be any ambiguity but similar enough for me to think I have rights.
This leads to the current situation, where the legacy holders don't really want any case law or contractual agreements to enumerate what rights they may (or may not) have, because if that happens, they would be prevented from asserting some new right in the future. We all I think acknowledge that technology often races out in front of the law, this situation is no different.
I'd be happy to have case law or a contract that clarifies the situation, wherever that might end up. I won't force the matter unless ARIN puts me in a position where it's either go to court or knuckle under. Despite the war of words, ARIN has shown no signs of doing so. As for a contract, if ARIN offered an acceptable contract or was willing to negotiate toward an acceptable contract, I would as happily clarify my rights that way. To my perspective (and I've said this many times in the past) it is ARIN who would prefer not to have the matter clarified as it would certainly be clarified that ARIN has less power over the legacy registrations than their RSA contract requests and elements of that clarification could spill over into the contracted resources. The RSA contract ARIN offers registrants boils down to this: so long as you pay us, you can use IP addresses the way we say you can. The way we say you can is subject to change at any time according to the change process which we can replace at any time at the pleasure of our board of trustees who are chosen through a process that they can change at any time. There's not even anything in the contract that ARIN's application of policy can be restricted to the policies in effect at the time the issuance of the number resources or that those policies won't change in a manner which results in the revocation of those resources when used as represented to ARIN that they would be. ARIN's NRPM contract is devoid of any -meaningful- protections for the registrant; all rights are reserved to ARIN. I hope you understand why I would choose ambiguous rights over no rights at all. Regards, Bill Herrin -- For hire. https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbill.herri... Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
Bill- The RSA contract ARIN offers registrants boils down to this: so long
as you pay us, you can use IP addresses the way we say you can. The way we say you can is subject to change at any time according to the change process which we can replace at any time at the pleasure of our board of trustees who are chosen through a process that they can change at any time.
A bit of an exaggeration there. The RSA says that you are bound by all current and future policies that come from the Policy Development Process. The PDP is open to everyone except ARIN Trustees or Staff. So by definition, ARIN could not unilaterally decide to change a policy on how addresses were used.
There's not even anything in the contract that ARIN's application of policy can be restricted to the policies in effect at the time the issuance of the number resources or that those policies won't change in a manner which results in the revocation of those resources when used as represented to ARIN that they would be. ARIN's NRPM contract is devoid of any -meaningful- protections for the registrant; all rights are reserved to ARIN.
Which are the same terms everyone else with a post-ARIN allocation has to follow. Reinforcing the 2 tier system that legacy holders don't have to follow the same rules as the rest of us.
I hope you understand why I would choose ambiguous rights over no rights at all.
To a point I do. But I have yet to hear an argument from a legacy allocation holder that didn't boil to "I want to have the flexibility to do things with this space that I wouldn't have if I had gotten it assigned post RIR. I don't know what those things might be, and I don't care if others don't get to do those things too." On Mon, Sep 19, 2022 at 11:53 AM William Herrin <bill@herrin.us> wrote:
On Mon, Sep 19, 2022 at 7:16 AM Tom Beecher <beecher@beecher.cc> wrote:
Allocations made before the RIR systems were created have no contracts or covenants attached. Allocations made from the RIRs do.
The 'rights' claimed by legacy holders are therefore unenumerated ; their argument is essentially 'nothing says I don't have these rights, so I say I do'.
Not because I "say" I do but because legal precedent has said that folks in roughly comparable situations in the past did. Nothing exactly the same or there wouldn't be any ambiguity but similar enough for me to think I have rights.
This leads to the current situation, where the legacy holders don't really want any case law or contractual agreements to enumerate what rights they may (or may not) have, because if that happens, they would be prevented from asserting some new right in the future. We all I think acknowledge that technology often races out in front of the law, this situation is no different.
I'd be happy to have case law or a contract that clarifies the situation, wherever that might end up. I won't force the matter unless ARIN puts me in a position where it's either go to court or knuckle under. Despite the war of words, ARIN has shown no signs of doing so. As for a contract, if ARIN offered an acceptable contract or was willing to negotiate toward an acceptable contract, I would as happily clarify my rights that way. To my perspective (and I've said this many times in the past) it is ARIN who would prefer not to have the matter clarified as it would certainly be clarified that ARIN has less power over the legacy registrations than their RSA contract requests and elements of that clarification could spill over into the contracted resources.
The RSA contract ARIN offers registrants boils down to this: so long as you pay us, you can use IP addresses the way we say you can. The way we say you can is subject to change at any time according to the change process which we can replace at any time at the pleasure of our board of trustees who are chosen through a process that they can change at any time. There's not even anything in the contract that ARIN's application of policy can be restricted to the policies in effect at the time the issuance of the number resources or that those policies won't change in a manner which results in the revocation of those resources when used as represented to ARIN that they would be. ARIN's NRPM contract is devoid of any -meaningful- protections for the registrant; all rights are reserved to ARIN.
I hope you understand why I would choose ambiguous rights over no rights at all.
Regards, Bill Herrin
-- For hire. https://bill.herrin.us/resume/
On Mon, Sep 19, 2022 at 9:21 AM Tom Beecher <beecher@beecher.cc> wrote:
A bit of an exaggeration there. The RSA says that you are bound by all current and future policies that come from the Policy Development Process. The PDP is open to everyone except ARIN Trustees or Staff. So by definition, ARIN could not unilaterally decide to change a policy on how addresses were used.
The board of trustees can change the policy development process in arbitrary ways at any time. They have done so more than once since ARIN's inception. Moreover, in the current process the board has unilateral authority to reject or adjust proposals which come out of the process before adoption. And lest you forget, the current process starts with the advisory council who can originate and exercise complete control over the text of policy proposals. So structurally, ARIN and its officials can indeed unilaterally decide to change a policy on how addresses are used. They don't currently. But nothing in the law or the contract prevents it.
To a point I do. But I have yet to hear an argument from a legacy allocation holder that didn't boil to "I want to have the flexibility to do things with this space that I wouldn't have if I had gotten it assigned post RIR. I don't know what those things might be, and I don't care if others don't get to do those things too."
For what it's worth, in pursuing equalization I'd rather see the contractees' rights liberalized than my own rights restricted. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On 19 Sep 2022, at 12:29 PM, William Herrin <bill@herrin.us<mailto:bill@herrin.us>> wrote: On Mon, Sep 19, 2022 at 9:21 AM Tom Beecher <beecher@beecher.cc<mailto:beecher@beecher.cc>> wrote: A bit of an exaggeration there. The RSA says that you are bound by all current and future policies that come from the Policy Development Process. The PDP is open to everyone except ARIN Trustees or Staff. So by definition, ARIN could not unilaterally decide to change a policy on how addresses were used. The board of trustees can change the policy development process in arbitrary ways at any time. Presently correct. The ARIN Policy Development Process is an adopted document of the ARIN Board, and while the practice has been to consult with the community before making changes (such as the consultation open presently - https://www.arin.net/announcements/20220906-consultopen/) nothing presently would prevent the Board from changing the PDP absent such a community consultation... The same could have been said for ARIN's RSA at one point, but given the high stability the Board opted to change that so require a membership vote to change the terms and conditions for existing RSA holders (outside of changes necessary to conform with changes to prevailing law.). It’s quite possible that we’ll get to that same level of stability with the PDP at some point, but presently the member-elected Board is the one that holds the authority over the policy development process. (I’ll note, as an aside, that making changes to the PDP also subject to member ratification really doesn’t change the status quo for legacy resource holders if opt not to become members…) They have done so more than once since ARIN's inception. The ARIN PDP has indeed been changed multiple times, but I’d disagree with the characterization that you suggest (that such changes were “arbitrary”) given that the community was informed in advance each time with the reasoning behind the changes and an opportunity to provide feedback. Moreover, in the current process the board has unilateral authority to reject or adjust proposals which come out of the process before adoption. Not quite correct - the ARIN Board presently has the ability to adopt, reject or remand” policies that come out of the process - it cannot “adjust” such policies (although to the same effect, it has authority under the present PDP to initiate emergency policy or suspend existing policy for similar reason.) As there is presently a consultation open, feel free to provide feedback on how you’d like the PDP to operate, powers of the Board therein, and change process for PDP - the consultation is open to all, as noted earlier. And lest you forget, the current process starts with the advisory council who can originate and exercise complete control over the text of policy proposals. That is correct, but then again, the ARIN AC has to ultimately end up with policies that are fair, technically sound, and supported by the community before they can recommend them to the ARIN Board for adoption. So structurally, ARIN and its officials can indeed unilaterally decide to change a policy on how addresses are used. They don't currently. But nothing in the law or the contract prevents it. See above - ARIN’s Board is actually more tightly constrained when it comes to its ability to arbitrarily set policy then you suggest, but again the current PDP is presently up under community consultation if you’d like it to operate differently. To a point I do. But I have yet to hear an argument from a legacy allocation holder that didn't boil to "I want to have the flexibility to do things with this space that I wouldn't have if I had gotten it assigned post RIR. I don't know what those things might be, and I don't care if others don't get to do those things too." For what it's worth, in pursuing equalization I'd rather see the contractees' rights liberalized than my own rights restricted. That’s already occurred several times, as the merging of the LRSA and RSA into a single agreement resulted in clearer and more liberal language that was sought by LRSA customers becoming standard for all customers. FYI, /John John Curran President and CEO American Registry for Internet Numbers
On Sep 19, 2022, at 09:50, John Curran <jcurran@arin.net> wrote:
On 19 Sep 2022, at 12:29 PM, William Herrin <bill@herrin.us> wrote:
On Mon, Sep 19, 2022 at 9:21 AM Tom Beecher <beecher@beecher.cc> wrote: A bit of an exaggeration there. The RSA says that you are bound by all current and future policies that come from the Policy Development Process. The PDP is open to everyone except ARIN Trustees or Staff. So by definition, ARIN could not unilaterally decide to change a policy on how addresses were used.
Read carefully. You describe the current PDP, but Bill is correct that the board has the power to unilaterally change the PDP any way they wish at any time.
The board of trustees can change the policy development process in arbitrary ways at any time.
Presently correct. The ARIN Policy Development Process is an adopted document of the ARIN Board, and while the practice has been to consult with the community before making changes (such as the consultation open presently - https://www.arin.net/announcements/20220906-consultopen/) nothing presently would prevent the Board from changing the PDP absent such a community consultation...
The same could have been said for ARIN's RSA at one point, but given the high stability the Board opted to change that so require a membership vote to change the terms and conditions for existing RSA holders (outside of changes necessary to conform with changes to prevailing law.). It’s quite possible that we’ll get to that same level of stability with the PDP at some point, but presently the member-elected Board is the one that holds the authority over the policy development process.
Some existing RSA holders (at least some LRSA holders have RSAs that can’t be amended unilaterally and require the consent of the signatory as well as ARIN.
(I’ll note, as an aside, that making changes to the PDP also subject to member ratification really doesn’t change the status quo for legacy resource holders if opt not to become members…)
It actually does in that many legacy holders are also members. Also in that it is significantly less likely that the membership at large would support a modification that arbitrarily or capriciously attacks legacy holders than that the board would try to do so as a forcing function towards membership.
They have done so more than once since ARIN's inception.
The ARIN PDP has indeed been changed multiple times, but I’d disagree with the characterization that you suggest (that such changes were “arbitrary”) given that the community was informed in advance each time with the reasoning behind the changes and an opportunity to provide feedback.
Yes, but there is nothing at present to guarantee that happens in the future.
Moreover, in the current process the board has unilateral authority to reject or adjust proposals which come out of the process before adoption.
Not quite correct - the ARIN Board presently has the ability to adopt, reject or remand” policies that come out of the process - it cannot “adjust” such policies (although to the same effect, it has authority under the present PDP to initiate emergency policy or suspend existing policy for similar reason.)
It can. It had. They can merely present the policy changes they want through their own emergency PDP and voila. Admittedly there’s a limit to how long the change lasts (unless they also modify the PDP), but there’s nothing to present that other than the next board election.
As there is presently a consultation open, feel free to provide feedback on how you’d like the PDP to operate, powers of the Board therein, and change process for PDP - the consultation is open to all, as noted earlier.
And lest you forget, the current process starts with the advisory council who can originate and exercise complete control over the text of policy proposals.
That is correct, but then again, the ARIN AC has to ultimately end up with policies that are fair, technically sound, and supported by the community before they can recommend them to the ARIN Board for adoption.
True, but they are also the arbiters of whether or not a policy meets those tests.
So structurally, ARIN and its officials can indeed unilaterally decide to change a policy on how addresses are used. They don't currently. But nothing in the law or the contract prevents it.
See above - ARIN’s Board is actually more tightly constrained when it comes to its ability to arbitrarily set policy then you suggest, but again the current PDP is presently up under community consultation if you’d like it to operate differently.
There’s lip service to that effect, but a determined board would not actually be constrained by that language because of the built in workarounds available to them (changing the PDP to remove the safeguards and the emergency PDP for example).
To a point I do. But I have yet to hear an argument from a legacy allocation holder that didn't boil to "I want to have the flexibility to do things with this space that I wouldn't have if I had gotten it assigned post RIR. I don't know what those things might be, and I don't care if others don't get to do those things too."
For what it's worth, in pursuing equalization I'd rather see the contractees' rights liberalized than my own rights restricted.
That’s already occurred several times, as the merging of the LRSA and RSA into a single agreement resulted in clearer and more liberal language that was sought by LRSA customers becoming standard for all customers.
This is true, but the most important changes still aren’t in line with the ARIN board’s unwillingness to provide any way out to a subscriber who no longer wishes to play, but still wants to keep their rights to the registration. Owen
FYI, /John
John Curran President and CEO American Registry for Internet Numbers
participants (18)
-
Aaron Wendel
-
Adam Thompson
-
Alex Band
-
babydr DBA James W. Laferriere
-
bzs@theworld.com
-
Gary E. Miller
-
Jay Hennigan
-
John Curran
-
John Gilmore
-
Niels Bakker
-
niels=nanog@bakker.net
-
Owen DeLong
-
Randy Bush
-
Rubens Kuhl
-
Steve Noble
-
Tom Beecher
-
Tom Krenn
-
William Herrin