[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

And so it ends...

On Feb 3, 2011, at 2:22 PM, John Curran wrote:

> To be clear, that's not ARIN "legally compelling an entity to cease using 
> a specific block of address space"  We've never claimed that authority,
> and I'm not aware of any entity that does claim such authority to compel
> organizations to make router and system configuration changes.  We do 
> claim authority to manage the database as part of our organizational 
> mission.

I recognize the technical difference, but I don't think it's material in this instance.  Although I'm not a lawyer, I see a few legal hazards in the position you've described.  Foremost: (a) there still is potential liability in contributing to a harm (or crime) even if you're not the firsthand actor, and (b) being "community-driven" and "following policy" is not a valid legal defense.  ARIN is a business league that maintains a database commonly relied upon for establishing "rights" to use addresses (or "ownership" depending on your view).  ARIN may not control the networks that leverage this data, but there is responsibility in publishing it.  If people act in a coordinated manner, directly as a result of data that ARIN publishes, then ARIN would be hard pressed to avoid liability.

Having said that, it should be clear that I view ARIN "reclaiming" legacy addresses that aren't under contract (i.e. LRSA) as fraud, perhaps even in the legal sense of the word.  It might also be considered theft by some.  But outright reclaiming from ongoing address holders isn't a big concern of mine, because I doubt ARIN will go far down that path (if it goes at all).  My real concern is that ARIN might refuse to recognize legacy transfers, fail to update the Whois database, issue RPKI inappropriately, and cause real damage to live networks.  This would be bad for the networks that implement ARIN Whois-based policy, of course.  It would also be bad for ARIN if it causes legal disputes (and costs).

On that note, I'm going to take my discussion of policy to the PPML list.  I'd be interested, however, in NANOG discussion of my comments on Whois, RPKI, etc.