Internet2 Network Security SIG

[Eldon Koyle <>]

I have no interest in going down this road, however it appears that no RSA is required for legacy allocations.  From https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/inter-rir-transfers under "transfers from another RIR":

If the receiving party does not have a contractual relationship with the RIPE NCC, then this party will need to establish a contractual relationship with the RIPE NCC or with a sponsoring LIR prior to the evaluation of the transfer request. This is not required if otherwise stipulated under the relevant RIPE Policies (for example, if legacy resources are transferred to a party that decides not to have a contractual relationship with either the RIPE NCC or a sponsoring LIR for these resources). 

--

Eldon

--

Eldon Koyle

---

From: <> on behalf of Steven Wallace <>
Sent: Tuesday, April 16, 2019 3:46:41 AM
To:
Subject: Re: [Security-WG] LESA (was:Re: [External] Re: ARIN, RPKI, and legal barriers....)

 

I believe to transfer a resource (currently IPv6 blocks) from ARIN to another RIR (e.g., RIPE) requires an RSA (which is required for the IPv6 in the first place). I assume if the policy changes to permit IPv4 inter-RIR transfers, it will require an RSA.

Sent from my iPad

On Apr 16, 2019, at 2:19 AM, Eldon Koyle <> wrote:

I know that this is a highly polarizing topic, and maybe I should not have brought it up.

Here is a very good description of various viewpoints: https://openscholarship.wustl.edu/cgi/viewcontent.cgi?article=6257&context=law_lawreview

According to NSF and the courts, these allocations are a "thing of value".

My main objection is this: if legacy IP address allocations are "a thing of value", then signing an LRSA is somewhat like signing over the title to my car to be afforded the privilege of registering it with the DMV. 

Alternatively, we could try to transfer our allocation to RIPE (if we have a presence in their jurisdiction), and get more favorable terms.  Currently, I just don't see the value of signing away any rights we may or may not have for what we would get in return.

If courts do decide at some point in the future that IP allocations are not property (which they have not), it is still dubious whether ARIN would have any claim over our allocation.

--

Eldon

---

From: <> on behalf of David Farmer <>
Sent: Monday, April 15, 2019 4:27 PM
To:
Subject: [Security-WG] LESA (was:Re: [External] Re: ARIN, RPKI, and legal barriers....)

 

On Mon, Apr 15, 2019 at 4:36 PM Eldon Koyle <> wrote:

Just one problem with Internet2 requiring RPKI:  We are unable/unwilling to sign an LRSA for our legacy resources with ARIN because of the "No property rights" clause.  I don't have any problems paying the fees or abiding by the rules... signing away our rights without getting much of anything in return is not going to fly with management (or myself, for that matter).  I suspect we are not the only university in this situation.  No (L)RSA means no RPKI.

--

Eldon

What rights do you think you are signing away? I would like to understand your reasoning. 

The following is something I prepared for someone who asked me if they should sign an LRSA. However, I note I'm not a lawyer and you should talk to one before signing any contract;

My recommendation is; if the only documentation for the allocation or assignment for legacy IPv4 or ASN resources you have exists the ARIN database (Whois), then you probably want to contractually bind ARIN to keep those resources in their database and allocated or assigned to you. Meaning if you don't have, or can't find, the original documentation (letters or emails) making the assignments to you.

Effectively this is what the LRSA does, it is a contract with ARIN that recognizes that you are the legitimate resources holder for those resources, with commitments from ARIN regarding those resources.

This is what some people don't like about the contract;

7. NO PROPERTY RIGHTS

Holder acknowledges and agrees that: (a) the Included Number Resources are not property (real, personal, or

intellectual) of Holder; (b) Holder does not and will not have or acquire any property rights in or to Included Number

Resources by virtue of this Agreement; (c) Holder will not attempt, directly or indirectly, to obtain or assert any

patent, trademark, service mark or copyright in any number resources in the United States or any other country; and

(d) Holder will transfer or receive Included Number Resources in accordance with the Policies.

But in the contract ARIN grants the following rights;

2. CONDITIONS OF SERVICE

...

(b) Provision of Services and Rights. Subject to Holder’s on-going compliance with its obligations under the

Service Terms, including, without limitation, the payment of the fees (as set forth in Section 4), ARIN shall (i)

provide the Services to Holder in accordance with the Service Terms and (ii) grant to Holder the following

specified rights:

(1) The exclusive right to be the registrant of the Included Number Resources within the ARIN database;

(2) The right to use the Included Number Resources within the ARIN database; and

(3) The right to transfer the registration of the Included Number Resources pursuant to the Policies.

Holder acknowledges that other registrants with ARIN have rights that intersect or otherwise impact Holder’s

rights and/or use of the Included Number Resources, including, but not limited to, other registrants benefiting

from visibility into the public portions of registrations of the Included Number Resources as further described in

the Policies.

By the contract, you are granted certain exclusive rights to use your numbers. However, others have certain non-exclusive rights to use your numbers too; others have the right to use your numbers to address traffic to you, they have the right to expect your numbers to be registered in the database accurately, and they have the right to expect you to follow the policies for our region.

This is different than property (real, personal, or intellectual); property is a thing that you have or can have exclusive control over, meaning you can exclude others use of it. However, for Internet number resources, if the others don't have rights to use your resources in certain ways, and further, if you don't have rights to use their resources in certain ways, and if we all aren't bound to follow the same policies, the Internet just doesn't work. So basically, Internet number resources aren't property, at least, real, personal, or intellectual property.

In my opinion, the people that are objecting to #7 above, don't want to be bound by the same policies as everyone else, they think they have some property right that means they don't have to follow the policies established by the Internet community in our region. This kind of thinking risks breaking the Internet.

So, I can't come up with good reasons not to sign the LRSA and there are several compelling reasons to sign it, especially if you can't find the original documentation for your assignments or allocations.  

Thanks

--

===============================================
David Farmer              
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota  
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================