[136646] in North American Network Operators' Group
Re: And so it ends...
daemon@ATHENA.MIT.EDU (Benson Schliesser)
Thu Feb 3 18:40:38 2011
From: Benson Schliesser <bensons@queuefull.net>
In-Reply-To: <58E6E7D6-00D9-42E9-BF45-41CD9D6A5BB9@corp.arin.net>
Date: Thu, 3 Feb 2011 17:38:32 -0600
To: John Curran <jcurran@arin.net>, Jay Ashworth <jra@baylink.com>,
NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 3, 2011, at 2:22 PM, John Curran wrote:
> To be clear, that's not ARIN "legally compelling an entity to cease =
using=20
> a specific block of address space" We've never claimed that =
authority,
> and I'm not aware of any entity that does claim such authority to =
compel
> organizations to make router and system configuration changes. We do=20=
> claim authority to manage the database as part of our organizational=20=
> mission.
I recognize the technical difference, but I don't think it's material in =
this instance. Although I'm not a lawyer, I see a few legal hazards in =
the position you've described. Foremost: (a) there still is potential =
liability in contributing to a harm (or crime) even if you're not the =
firsthand actor, and (b) being "community-driven" and "following policy" =
is not a valid legal defense. ARIN is a business league that maintains =
a database commonly relied upon for establishing "rights" to use =
addresses (or "ownership" depending on your view). ARIN may not control =
the networks that leverage this data, but there is responsibility in =
publishing it. If people act in a coordinated manner, directly as a =
result of data that ARIN publishes, then ARIN would be hard pressed to =
avoid liability.
Having said that, it should be clear that I view ARIN "reclaiming" =
legacy addresses that aren't under contract (i.e. LRSA) as fraud, =
perhaps even in the legal sense of the word. It might also be =
considered theft by some. But outright reclaiming from ongoing address =
holders isn't a big concern of mine, because I doubt ARIN will go far =
down that path (if it goes at all). My real concern is that ARIN might =
refuse to recognize legacy transfers, fail to update the Whois database, =
issue RPKI inappropriately, and cause real damage to live networks. =
This would be bad for the networks that implement ARIN Whois-based =
policy, of course. It would also be bad for ARIN if it causes legal =
disputes (and costs).
On that note, I'm going to take my discussion of policy to the PPML =
list. I'd be interested, however, in NANOG discussion of my comments on =
Whois, RPKI, etc.
Cheers,
-Benson
