Keyboard Shortcuts
Thread View
j
: Next unread messagek
: Previous unread messagej a
: Jump to all threadsj l
: Jump to MailingList overview

Hi Owen,
That concept has been floated multiple times and is as ill-conceived now as ever. Owen
Times are changing. What was once conceived of as an orderly transition from IPv4 to IPv6 has bogged down and the current situation is one where APNIC has run out of available IPv4 addresses while the Internet is still 99.7% IPv4 traffic.
Asian operators have little choice now but to enter the IPv4 transfer market. Since there is no existing policy mechanism for the transfer of ARIN addresses to APNIC, Asian operators will logically look for an alternate source. Legacy addresses which are not under any agreement with any RIR can be legally bought and sold. And there is no restriction on these addresses being routed from any region on the planet.
If the RIRs fail to adopt policies which will facilitate interregional transfers, and there is no law precluding these transactions of legacy space, then these transactions will occur.
The author of the article I sent points out that the current situation drives the need for a private registry for legacy addresses.
If a private registry is anathema to you, please consider pushing policies in the ARIN region which would facilitate global transfers and reduce the need for a private registry. Because if the RIRs refuse to recognize rational business transactions, these transactions will be driven either to a private registry, or worse, driven "off the books" entirely.
Regards,
Mike Burns
----- Original Message ----- From: Owen DeLong To: Mike Burns Sent: Thursday, August 18, 2011 2:53 PM Subject: Re: [sig-policy] Article of possible interest to the community
That concept has been floated multiple times and is as ill-conceived now as ever.
Owen
On Aug 18, 2011, at 8:00 AM, Mike Burns wrote:
Hi Owen,
I came across a response to Mr. Vixie's article and thought it might be of interest to the APNIC community, particularly as it mentions pending IPv4 legacy address sales to Asian customers.
http://techliberation.com/2011/08/15/trading-ipv4-addresses-starts-making-in...
The concept elucidated is a private registry for legacy addresses which would have no restrictions on interregional sales, thus allowing the legal transfer of legacy IPv4 address into Asia.
Regards,
Mike Burns
----- Original Message ----- From: Owen DeLong To: sig-policy@apnic.net SIG List Sent: Thursday, August 11, 2011 8:31 AM Subject: [sig-policy] Article of possible interest to the community
I came across this ACM article and thought it might be of interest to the APNIC community as well...
http://queue.acm.org/detail.cfm?id=2008216
Owen
--------------------------------------------------------------------------
* sig-policy: APNIC SIG on resource management policy * _______________________________________________ sig-policy mailing list sig-policy@lists.apnic.net http://mailman.apnic.net/mailman/listinfo/sig-policy

Mike,
Times are changing. What was once conceived of as an orderly transition from IPv4 to IPv6 has bogged down and the current situation is one where APNIC has run out of available IPv4 addresses while the Internet is still 99.7% IPv4 traffic.
The nice thing about history is that it allows you to see exactly what mistakes people will keep repeating.
As evidenced by Paul's ACM article (which is amusing on many levels), I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants. In the telco world in the 80s-90s, this was done with efforts to skew regulation and FUD. I see parallels with the burgeoning IPv4 market(s) and I'm sure it'll get worse before it gets better since incumbents tend to want to protect their monopolies. As in the telco world, I imagine it'll take a few court cases for things to settle out. Unfortunately, that takes time so there's likely to be a bit of chaos before stability returns.
If a private registry is anathema to you, please consider pushing policies in the ARIN region which would facilitate global transfers and reduce the need for a private registry. Because if the RIRs refuse to recognize rational business transactions, these transactions will be driven either to a private registry, or worse, driven "off the books" entirely.
Since I figure address users don't really care about addressing religion, what really matters is which "whois" databases the ISPs are going to query to ensure the addresses presented to them have the appropriate pedigree. As IPv4 address space becomes more scarce, accuracy of those databases is paramount (and sadly lacking now). My impression in talking with the Denuo/Addrex/Depository folks is that they track down the full chain of ownership before getting involved in any transactions. As a result, I suspect they'll have an advantage in not having to deal with the inherited crap the RIRs have to deal with and their database will likely be more accurate than the RIR databases. Haven't looked at the other "alternative" address markets (e.g., http://www.tradeipv4.com/) to see what they're doing, but would be surprised if they weren't doing something similar. Whether the alternative folks will be able to convince ISPs to use their "whois" databases will be interesting to watch.
However, there is, of course, a wildcard here in the form of BGPSEC+RPKI and ICANN policies relating to who will be considered part of the address allocation tree (I'd consider this part of the regulatory approach at discouraging new entrants)...
Regards, -drc

On Aug 18, 2011, at 5:13 PM, David Conrad wrote:
The nice thing about history is that it allows you to see exactly what mistakes people will keep repeating.
As evidenced by Paul's ACM article (which is amusing on many levels), I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants.
David -
If the above statement is a reference to ARIN, then it is factually incorrect. ARIN's position on evolving the Internet registry system is on record in our 2 March 2011 letter to Rod Beckstrom of ICANN http://www.icann.org/en/correspondence/curran-to-beckstrom-02mar11-en.pdf, where I note:
"Despite ARIN’s appropriate rejection of the Depository request, I would ask that ICANN carefully review the Depository correspondence and consider the issues it raises with respect to the evolution of the Internet number registry system. While ARIN and the other Regional Internet Registries are obligated to follow the framework agreed to in ICP-2 and related guidelines such as the IETF’s RFC 2050, the structure of the Internet number registry system is substantially unchanged since inception. This stability in design is certainly a valued feature given the instrumental role of the Internet number registry system in reliable Internet operations, but may not be the optimum structure in light of the many changes taking place in the Internet today (including IPv4 depletion & IPv6 transition, internationalization of Internet multi-stakeholder oversight, and ongoing developments in cyber security.) ARIN would welcome an opportunity to participate in any and all discussions regarding how to best evolve the Internet number registry system, and would consider ICANN instrumental in leading such discussions in forums globally as appropriate."
I understand that others may not actually research their statements with respect to Internet governance matters, but please don't give credence to those remarks by not verifying your facts first.
It is possible that discussion of introducing competition to the Internet Registry System could lead to profound changes (e.g. multiple competing global registries, or central registries in each region with multiple competing "registrars" , or a central registry system and multiple globally operating "registrars") or perhaps it might result in no change at all. It is not possible to know the output of a global discussion of these matters beforehand, but by definition the Internet community is entitled to discussion of any and all structures for this global system.
ARIN does not believe that any changes to the structure of the Internet registry system should happen without first having corresponding global discussion, as the changes are disruptive by their very nature and their introduction has global impact. If you have a example where ARIN is somehow discouraging discussion of changes to the Internet registry system, then please bring it directly to my attention, as we quite willing to evolve as long as there is global multi-stakeholder discussion of the changes first, with a result that reflects the public interest in this area.
Thank you, /John
John Curran President and CEO ARIN

John,
I find it really quite amusing that you should think that particular comment was related in any way to ARIN's "appropriate rejection" ('appropriate' is, I suspect, in the eye of the beholder) of Depository's request to access ARIN's bulk whois data. In actuality, I was referencing Paul's entertaining article (which Owen so kindly provided) and, looking forward, BGPSEC+RPKI/ICANN policy. As I mentioned in the note you responded to, I figure new entrants will actually be better off not having to deal with the inherited crap that's in the existing RIR databases.
I also find it interesting to ponder whether your response corroborates my view that we've entered the phase where "incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants". I'm sure others reading your response (and ARIN's reaction to Depository's request) will make up their own minds if they care.
As to whether changes should occur "without first having corresponding global discussion", I wonder if King Canute's advisors posed similar objections as the tide came in. While I might agree that such discussions would be desirable:
a) This issue has been in front of us for some time now and as far as I'm aware, those "global" discussions have not to date occurred or even started. b) Where those discussions should occur is an interesting question given a slight bias inherent in the existing structures (e.g., two ICANN board members being appointed by the RIRs, the ASO being entirely composed by the RIRs, etc.) c) The cynical might view ARIN's demands that there be "global" discussions (with pre-conditions no less) before any changes occur as a not-so-subtle delaying/derailing tactic. d) The tide is already lapping at your ankles.
You really might want to re-read Mike's response to Owen in this thread.
Regards, -drc
On Aug 18, 2011, at 2:58 PM, John Curran wrote:
On Aug 18, 2011, at 5:13 PM, David Conrad wrote:
The nice thing about history is that it allows you to see exactly what mistakes people will keep repeating.
As evidenced by Paul's ACM article (which is amusing on many levels), I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants.
David -
If the above statement is a reference to ARIN, then it is factually incorrect. ARIN's position on evolving the Internet registry system is on record in our 2 March 2011 letter to Rod Beckstrom of ICANN http://www.icann.org/en/correspondence/curran-to-beckstrom-02mar11-en.pdf, where I note:
"Despite ARIN’s appropriate rejection of the Depository request, I would ask that ICANN carefully review the Depository correspondence and consider the issues it raises with respect to the evolution of the Internet number registry system. While ARIN and the other Regional Internet Registries are obligated to follow the framework agreed to in ICP-2 and related guidelines such as the IETF’s RFC 2050, the structure of the Internet number registry system is substantially unchanged since inception. This stability in design is certainly a valued feature given the instrumental role of the Internet number registry system in reliable Internet operations, but may not be the optimum structure in light of the many changes taking place in the Internet today (including IPv4 depletion & IPv6 transition, internationalization of Internet multi-stakeholder oversight, and ongoing developments in cyber security.) ARIN would welcome an opportunity to participate in any and all discussions regarding how to best evolve the Internet number registry system, and would consider ICANN instrumental in leading such discussions in forums globally as appropriate."
I understand that others may not actually research their statements with respect to Internet governance matters, but please don't give credence to those remarks by not verifying your facts first.
It is possible that discussion of introducing competition to the Internet Registry System could lead to profound changes (e.g. multiple competing global registries, or central registries in each region with multiple competing "registrars" , or a central registry system and multiple globally operating "registrars") or perhaps it might result in no change at all. It is not possible to know the output of a global discussion of these matters beforehand, but by definition the Internet community is entitled to discussion of any and all structures for this global system.
ARIN does not believe that any changes to the structure of the Internet registry system should happen without first having corresponding global discussion, as the changes are disruptive by their very nature and their introduction has global impact. If you have a example where ARIN is somehow discouraging discussion of changes to the Internet registry system, then please bring it directly to my attention, as we quite willing to evolve as long as there is global multi-stakeholder discussion of the changes first, with a result that reflects the public interest in this area.
Thank you, /John
John Curran President and CEO ARIN

David -
With respect to registry services, you referenced the incumbents as discouraging change, and that easily could be construed as a reference to ARIN. As such, I am obligated to respond. If you were not referencing ARIN, then there is no issue.
With respect to forum, I am certain that ICANN, or IGF, or any number of other of forums are available in which to hold such discussions. Feel free to choose one and start discussing the various options and their merits.
/John
p.s. The folks on the APNIC Policy SIG List have actual APNIC policy development to attend to, so if this was a reference to ARIN's position on registry evolution then please take it to PPML. Thanks.
On Aug 18, 2011, at 10:21 PM, David Conrad wrote:
John,
I find it really quite amusing that you should think that particular comment was related in any way to ARIN's "appropriate rejection" ('appropriate' is, I suspect, in the eye of the beholder) of Depository's request to access ARIN's bulk whois data. In actuality, I was referencing Paul's entertaining article (which Owen so kindly provided) and, looking forward, BGPSEC+RPKI/ICANN policy. As I mentioned in the note you responded to, I figure new entrants will actually be better off not having to deal with the inherited crap that's in the existing RIR databases.
I also find it interesting to ponder whether your response corroborates my view that we've entered the phase where "incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants". I'm sure others reading your response (and ARIN's reaction to Depository's request) will make up their own minds if they care.
As to whether changes should occur "without first having corresponding global discussion", I wonder if King Canute's advisors posed similar objections as the tide came in. While I might agree that such discussions would be desirable:
a) This issue has been in front of us for some time now and as far as I'm aware, those "global" discussions have not to date occurred or even started. b) Where those discussions should occur is an interesting question given a slight bias inherent in the existing structures (e.g., two ICANN board members being appointed by the RIRs, the ASO being entirely composed by the RIRs, etc.) c) The cynical might view ARIN's demands that there be "global" discussions (with pre-conditions no less) before any changes occur as a not-so-subtle delaying/derailing tactic. d) The tide is already lapping at your ankles.
You really might want to re-read Mike's response to Owen in this thread.
Regards, -drc
On Aug 18, 2011, at 2:58 PM, John Curran wrote:
On Aug 18, 2011, at 5:13 PM, David Conrad wrote:
The nice thing about history is that it allows you to see exactly what mistakes people will keep repeating.
As evidenced by Paul's ACM article (which is amusing on many levels), I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants.
David -
If the above statement is a reference to ARIN, then it is factually incorrect. ARIN's position on evolving the Internet registry system is on record in our 2 March 2011 letter to Rod Beckstrom of ICANN http://www.icann.org/en/correspondence/curran-to-beckstrom-02mar11-en.pdf, where I note:
"Despite ARIN’s appropriate rejection of the Depository request, I would ask that ICANN carefully review the Depository correspondence and consider the issues it raises with respect to the evolution of the Internet number registry system. While ARIN and the other Regional Internet Registries are obligated to follow the framework agreed to in ICP-2 and related guidelines such as the IETF’s RFC 2050, the structure of the Internet number registry system is substantially unchanged since inception. This stability in design is certainly a valued feature given the instrumental role of the Internet number registry system in reliable Internet operations, but may not be the optimum structure in light of the many changes taking place in the Internet today (including IPv4 depletion & IPv6 transition, internationalization of Internet multi-stakeholder oversight, and ongoing developments in cyber security.) ARIN would welcome an opportunity to participate in any and all discussions regarding how to best evolve the Internet number registry system, and would consider ICANN instrumental in leading such discussions in forums globally as appropriate."
I understand that others may not actually research their statements with respect to Internet governance matters, but please don't give credence to those remarks by not verifying your facts first.
It is possible that discussion of introducing competition to the Internet Registry System could lead to profound changes (e.g. multiple competing global registries, or central registries in each region with multiple competing "registrars" , or a central registry system and multiple globally operating "registrars") or perhaps it might result in no change at all. It is not possible to know the output of a global discussion of these matters beforehand, but by definition the Internet community is entitled to discussion of any and all structures for this global system.
ARIN does not believe that any changes to the structure of the Internet registry system should happen without first having corresponding global discussion, as the changes are disruptive by their very nature and their introduction has global impact. If you have a example where ARIN is somehow discouraging discussion of changes to the Internet registry system, then please bring it directly to my attention, as we quite willing to evolve as long as there is global multi-stakeholder discussion of the changes first, with a result that reflects the public interest in this area.
Thank you, /John
John Curran President and CEO ARIN

john
p.s. The folks on the APNIC Policy SIG List have actual APNIC policy development to attend to, so if this was a reference to ARIN's position on registry evolution then please take it to PPML. Thanks.
the apnic community deeply appreciates the efforts of the arin ceo to help us moderate the traffic on our mailing list.
the dog that barks often has the bone.
randy

On Aug 18, 2011, at 8:56 PM, Randy Bush wrote:
john
p.s. The folks on the APNIC Policy SIG List have actual APNIC policy development to attend to, so if this was a reference to ARIN's position on registry evolution then please take it to PPML. Thanks.
the apnic community deeply appreciates the efforts of the arin ceo to help us moderate the traffic on our mailing list.
the dog that barks often has the bone.
randy
I was unaware you had been appointed spokesperson for the APNIC community, Randy.
Owen

John,
On Aug 18, 2011, at 4:53 PM, John Curran wrote:
With respect to registry services, you referenced the incumbents as discouraging change, and that easily could be construed as a reference to ARIN.
I claimed "I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants" and that I saw parallels with how PTT monopolies behaved in the past. I'll let others interpret my statement (and your responses) as they like.
With respect to forum, I am certain that ICANN, or IGF, or any number of other of forums are available in which to hold such discussions. Feel free to choose one and start discussing the various options and their merits.
Sorry, John. I no longer get paid to get involved in politics at that level (thank all the gods!). And besides, life is _way_ too short to waste time arguing about whether the tide is coming in. I'd have thought the folks who claim to be "[a]pplying the principles of stewardship" would take more of a leadership role, but perhaps they're too busy writing lawyer-to-lawyer letters.
p.s. The folks on the APNIC Policy SIG List have actual APNIC policy development to attend to, so if this was a reference to ARIN's position on registry evolution then please take it to PPML. Thanks.
Hmm. An ARIN AC member promotes an ACM Queue article written by the (then) ARIN Board chairman (now treasurer) on the APNIC Policy Sig list. I comment on a message from a participant on that list that referenced the implication of transfer policies discussed in that article on AP-region participants since APNIC's free pool has exhausted. You, as ARIN CEO, bring up ARIN actions against new entrants and then direct me to "take it PPML". Seriously?
I figure there really are actual APNIC-specific policy issues here, particularly given the exhaustion of APNIC's free pool and ARIN's stance on returned legacy space (as I understand it). Since APNIC now only allocates a single /22 for new entrants, this is a non-trivial matter for folks facing significant growth in the region that is (I believe) facing the fastest Internet growth. I am quite interested in understanding what folks in the AP region are going to be doing regarding the use of non-traditional address registries because I have an extremely strong suspicion 1024 addresses aren't going be enough to last until IPv6 can be an alternative.
But thanks for your instructions. I'll take them under due consideration.
Regards, -drc

Hi David
On 19/08/2011, at 4:34 PM, David Conrad wrote:
On Aug 18, 2011, at 4:53 PM, John Curran wrote:
With respect to registry services, you referenced the incumbents as discouraging change, and that easily could be construed as a reference to ARIN.
I claimed "I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants" and that I saw parallels with how PTT monopolies behaved in the past. I'll let others interpret my statement (and your responses) as they like.
I for one read this as referring to the RIRs - it's hard to see what else it could refer to.
I think the parallels you draw are entirely wrong. The RIRs are bottom-up policy organisations in their very nature. Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge. The PTT monopolies on the other hand were as far from bottom-up as it is possible to be. They were the worst examples of a top-down, command economy, with all the problems that brings.
What the RIRs suffer from is a lack of diversity among participating stakeholders. I would love to describe them as truly multi-stakeholder, but the reality is that numbering, unlike domain names, is one step removed from most people and so far fewer people are directly impacted enough to engage in policy development.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination. We should instead be looking at what faults the current narrow engagement leads to and showing some leadership in addressing them through the bottom-up policy process, while simultaneously working to broaden engagement so that the RIRs become truly multi-stakeholder.
best Jay

On Aug 21, 2011, at 3:25 AM, Jay Daley wrote:
Hi David
On 19/08/2011, at 4:34 PM, David Conrad wrote:
On Aug 18, 2011, at 4:53 PM, John Curran wrote:
With respect to registry services, you referenced the incumbents as discouraging change, and that easily could be construed as a reference to ARIN.
I claimed "I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants" and that I saw parallels with how PTT monopolies behaved in the past. I'll let others interpret my statement (and your responses) as they like.
I for one read this as referring to the RIRs - it's hard to see what else it could refer to.
I think the parallels you draw are entirely wrong. The RIRs are bottom-up policy organisations in their very nature. Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge. The PTT monopolies on the other hand were as far from bottom-up as it is possible to be. They were the worst examples of a top-down, command economy, with all the problems that brings.
What the RIRs suffer from is a lack of diversity among participating stakeholders. I would love to describe them as truly multi-stakeholder, but the reality is that numbering, unlike domain names, is one step removed from most people and so far fewer people are directly impacted enough to engage in policy development.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination. We should instead be looking at what faults the current narrow engagement leads to and showing some leadership in addressing them through the bottom-up policy process, while simultaneously working to broaden engagement so that the RIRs become truly multi-stakeholder.
+1 -- Well said, Jay!!
Owen

I claimed "I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants" and that I saw parallels with how PTT monopolies behaved in the past.
I for one read this as referring to the RIRs - it's hard to see what else it could refer to.
it could be interpreted at&t, comcast, dtag, verizon, ...
The RIRs are bottom-up policy organisations in their very nature. Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge.
while i am less sanguine, i have been saying for years that having restrictive allocation policies based on routing table growth are, in fact, the incumbents restricting entry into the market because it would cost them money.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination.
this might be a feature not a bug
randy

On 22/08/2011, at 3:48 AM, Randy Bush wrote:
I claimed "I believe we're now in the phase where the incumbent monopolies and their supporters attempt to actively discourage use of new disruptive entrants" and that I saw parallels with how PTT monopolies behaved in the past.
I for one read this as referring to the RIRs - it's hard to see what else it could refer to.
it could be interpreted at&t, comcast, dtag, verizon, ...
The RIRs are bottom-up policy organisations in their very nature. Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge.
while i am less sanguine, i have been saying for years that having restrictive allocation policies based on routing table growth are, in fact, the incumbents restricting entry into the market because it would cost them money.
Ah, I now understand both your comments above. From my perspective, the sway that the incumbents have over RIR policy is much less than would be necessary if that were true - there are too few compared to the overall number of LIRs who engage in policy discussion. How would you feel about a slightly different statement - that because there are very few people outside of the LIR community engaged in policy discussion (or very few "consumer" LIRs if you wish), the LIR community overall acts like a single incumbent?
Jay

Jay,
On Aug 21, 2011, at 12:25 AM, Jay Daley wrote:
I think the parallels you draw are entirely wrong. The RIRs are bottom-up policy organisations in their very nature.
I suspect if you look back in history, you'll find that the folks who argued most strenuously against competitive telcos were the folks who argued that competitive services would/could not represent all sectors of society, and that the only way truly universal service could be provided was through monopolies. They would say "the network would suffer" or that "markets could not be trusted" and the only way to ensure "fair and equitable" service was to have a single provider that was forced to abide by bottom-up rulings of "public utility commissions" (or equivalent). As those monopolies were threatened, they lobbied for restrictions against potential new entrants and blocked access by those entrants to resources the entrants needed to do business.
While no analogy is prefect, as I said, I see a number of parallels. YMMV.
Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge.
I don't actually care who is to blame for any faults (after all, some of the blame could probably be laid at my feet :-)). What matters is what happens in the future. APNIC's free pool is exhausted. The AP region is (I think) growing the fastest amongst all the regions. Pretend that you are an ISP wishing to respond to that growth. There are now multiple organizations that are offering IPv4 address space on (lets call it) the grey market. Would you refuse to consider making use of that option, assuming that the grey market companies provide documentation describing the chain of custody of addresses on that market? If you do, do you think your evil competitors would have the same qualms? Assuming not, which whois database are you going to query when a new prefix shows up at your door? Will you break your customers access to some subset of the Internet by refusing to query a particular database? Will your evil competitors?
The core thesis in Paul's ACM Queue article (as I understand it), that alternative address registries are like alternative DNS root providers and hence bad, is a strawman. It is trivially obvious that multiple address "roots" would lead to madness. That's not what's happening. What is springing up (driven by market demand) are:
- market places where allocated-but-unused address space can be sold to those who are willing to pay for it (e.g., Addrex, tradeipv4.com) - "address registrars" who sell the service of updating registration data associated with existing allocations (e.g., depository.net).
The issue I see is that the existing system is (or has been) structurally unable to evolve to meet the changing environment driven by the exhaustion of the free pool(s). Look at the fiascos associated with attempts to create global policies recently. Do you think this is going to get better as other regions' free pools exhaust?
What we have now is a single addressing root partitioned into 5 arbitrary mutually-agreed geographical monopolies (can you say "cabal"?), each of which have their own policies and processes that are attempting to perform those two services (along with the service of allocating the rapidly dwindling free pool). We've already past the point where the folks involved in "bottom-up" policy making are arguing "region X's policy is wrong, so we're going to actively block it in region Y". Do you think that is going to get better over time? Do you think businesses just trying to provide Internet services have any interest in putting up with that sort of BS if they have an alternative where they just pay their money and get the resources they need?
What the RIRs suffer from is a lack of diversity among participating stakeholders.
While true, this is largely irrelevant since it isn't going to change. Like the telephony world, the vast majority of people are neither interested nor do they care about the machinations involved in establishing the underlying technology's resource management policies. They only care when things break and they need someone to blame.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination.
The point is that no one is prescribing commercial competition, it is happening on its own. Now. Driven by economic reality. Sticking one's head in the sand or saying "we can't do anything until there is global consensus" or worse, attempting to block it is simply encouraging a negative outcome.
We should instead be looking at what faults the current narrow engagement leads to and showing some leadership in addressing them through the bottom-up policy process, while simultaneously working to broaden engagement so that the RIRs become truly multi-stakeholder.
How long should we wait?
Regards, -drc

Hi David
On 22/08/2011, at 6:35 AM, David Conrad wrote:
I suspect if you look back in history, you'll find that the folks who argued most strenuously against competitive telcos were the folks who argued that competitive services would/could not represent all sectors of society, and that the only way truly universal service could be provided was through monopolies. They would say "the network would suffer" or that "markets could not be trusted" and the only way to ensure "fair and equitable" service was to have a single provider that was forced to abide by bottom-up rulings of "public utility commissions" (or equivalent). As those monopolies were threatened, they lobbied for restrictions against potential new entrants and blocked access by those entrants to resources the entrants needed to do business.
I'm sure that's true, but the fact that both systems were justified in the same way does not make their natures comparable. Bottom-up is qualitatively different from top-down, no matter how much the intended outcomes sound similar.
I don't actually care who is to blame for any faults (after all, some of the blame could probably be laid at my feet :-)). What matters is what happens in the future. APNIC's free pool is exhausted. The AP region is (I think) growing the fastest amongst all the regions. Pretend that you are an ISP wishing to respond to that growth. There are now multiple organizations that are offering IPv4 address space on (lets call it) the grey market. Would you refuse to consider making use of that option, assuming that the grey market companies provide documentation describing the chain of custody of addresses on that market? If you do, do you think your evil competitors would have the same qualms? Assuming not, which whois database are you going to query when a new prefix shows up at your door? Will you break your customers access to some subset of the Internet by refusing to query a particular database? Will your evil competitors?
The core thesis in Paul's ACM Queue article (as I understand it), that alternative address registries are like alternative DNS root providers and hence bad, is a strawman. It is trivially obvious that multiple address "roots" would lead to madness. That's not what's happening. What is springing up (driven by market demand) are:
- market places where allocated-but-unused address space can be sold to those who are willing to pay for it (e.g., Addrex, tradeipv4.com)
- "address registrars" who sell the service of updating registration data associated with existing allocations (e.g., depository.net).
The issue I see is that the existing system is (or has been) structurally unable to evolve to meet the changing environment driven by the exhaustion of the free pool(s).
I agree entirely. I would also add the tackling of criminal activity as another area that where the existing system is structurally failing at present.
Look at the fiascos associated with attempts to create global policies recently. Do you think this is going to get better as other regions' free pools exhaust?
What we have now is a single addressing root partitioned into 5 arbitrary mutually-agreed geographical monopolies (can you say "cabal"?), each of which have their own policies and processes that are attempting to perform those two services (along with the service of allocating the rapidly dwindling free pool). We've already past the point where the folks involved in "bottom-up" policy making are arguing "region X's policy is wrong, so we're going to actively block it in region Y". Do you think that is going to get better over time? Do you think businesses just trying to provide Internet services have any interest in putting up with that sort of BS if they have an alternative where they just pay their money and get the resources they need?
I'm surprised you think there would be any less BS in any alternate system.
What the RIRs suffer from is a lack of diversity among participating stakeholders.
While true, this is largely irrelevant since it isn't going to change. Like the telephony world, the vast majority of people are neither interested nor do they care about the machinations involved in establishing the underlying technology's resource management policies. They only care when things break and they need someone to blame.
I disagree. I think this is a matter of leadership. If the broader engagement does not come of its own accord, for the very good reasons you state above, then it needs to be actively sought out from a broader community. It wasn't that many years ago that domain names were in a similar position - there were a few "ordinary users" who were engaged but the majority came from the industry, and over the years that proportion has changed significantly. A big reason for that shift is the leadership shown by the domain name industry in engaging as widely as possible.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination.
The point is that no one is prescribing commercial competition, it is happening on its own. Now. Driven by economic reality. Sticking one's head in the sand or saying "we can't do anything until there is global consensus" or worse, attempting to block it is simply encouraging a negative outcome.
We should instead be looking at what faults the current narrow engagement leads to and showing some leadership in addressing them through the bottom-up policy process, while simultaneously working to broaden engagement so that the RIRs become truly multi-stakeholder.
How long should we wait?
I agree that sticking heads in the sand is a failure mode and sitting back and waiting for a policy consensus given the current range of participant's interests may well also be one. I also agree that time is fast running out.
However, and this is a big however, I would strongly argue that the way forward is reform of RIR participation to broaden it out, which will enable policy solutions to finally emerge, rather than abandoning the bottom-up policy process.
If this were the domain name industry, with all its competing interests getting involved, then we would see a much more radical policy for IPv4 such as:
- all pre-RIR allocations given X years to sign up to RIRs or they would lose their allocations; enforced by exclusion from RPKI - a new pricing structure that increases exponentially as the size of the allocation increases - 'use it or lose it' with strict enforcement - much more detailed WHOIS requirements with strict enforcement
See a pattern?
cheers Jay

Jay,
On Aug 21, 2011, at 10:57 AM, Jay Daley wrote:
Bottom-up is qualitatively different from top-down, no matter how much the intended outcomes sound similar.
I'd argue the end result behavior is what matters, not how you get there.
While true, this is largely irrelevant since it isn't going to change.
I disagree. I think this is a matter of leadership.
What exactly would you have the RIRs in general or APNIC in particular do?
I would strongly argue that the way forward is reform of RIR participation to broaden it out, which will enable policy solutions to finally emerge, rather than abandoning the bottom-up policy process.
In theory, this would be nice. In practice, commercial competition is happening now. How long is this broadening (even assuming it is possible) going to take? How long will reforming the system take after this?
If this were the domain name industry, with all its competing interests getting involved, then we would see a much more radical policy for IPv4 such as:
If more competing interests are involved (which I presume would be a result of 'broader participation'), I would think address policy making would become even more glacial than it is now and 'radical' would be the exact opposite of the consensus-based outcome. However:
- all pre-RIR allocations given X years to sign up to RIRs or they would lose their allocations; enforced by exclusion from RPKI
Requires centralized control. How's that going to happen? And besides, the RPKI folk will tell you that use of RPKI is entirely voluntary so this threat is meaningless (if you believe them).
- a new pricing structure that increases exponentially as the size of the allocation increases
Why do you assume this (or something similar) won't occur, regardless of RIR involvement?
- 'use it or lose it' with strict enforcement
Requires centralized control. How's that going to happen? And define "use".
- much more detailed WHOIS requirements with strict enforcement
Requires centralized control. How's that going to happen? Hasn't happened in the DNS world after more than a decade and numerous attempts. Why do you assume things will be different in the addressing world?
See a pattern?
Well, yes, but probably not the one you intended :-). With the exception of pricing fluctuations, all of the radical policies you suggest seem to require some form of centralized control. What is occurring is actually the opposite: an increase in decentralization, at least in the functions associated with reuse of allocated address space and maintenance of registration data. I'd argue this decentralization is occurring because of the existing RIR system's inability to adjust in a timely fashion to an environment radically different than the one in which the original rules were defined and that this decentralization will only increase, particularly as IPv4 becomes more scarce. You appear to be arguing that a broadening of participation will fix that. I'm ... skeptical.
Regards, -drc

Hi David
On 22/08/2011, at 11:46 AM, David Conrad wrote:
What exactly would you have the RIRs in general or APNIC in particular do?
Step up to actively increase participation, both from outside the LIR community and within. Some examples (many of which I'm sure are being done, but just nowhere near enough to achieve enough effect):
- articles published in wider circles (i.e. general business magazines, key blogs, etc) - research commissioned from independent thinkers and then published - a much more active presence at ICANN meetings with workshops on the key issues - travelling workshops
See a pattern?
Well, yes, but probably not the one you intended :-). With the exception of pricing fluctuations, all of the radical policies you suggest seem to require some form of centralized control.
I don't want to get hung up on the radical policies I proposed, they were there to illustrate the point that different approaches within a policy framework are possible. You had some interesting questions in there that I'll quickly answer by saying the RPKI should not be voluntary and RIRs (or companion organisations to maintain a registry/regulator split) should become addressing police officers using the RPKI sanction to keep people in line.
Yes centralised control is one way of putting it, though the words imply a small number of people at the centre making decisions when my focus was on the centre enforcing the consensus decisions of a broad community. Stronger rules with stricter enforcement are increasingly necessary for the administration of key Internet resources, though we need to be careful about how that is done.
On the pricing change, I would be curious to know how you think that might emerge by itself?
What is occurring is actually the opposite: an increase in decentralization, at least in the functions associated with reuse of allocated address space and maintenance of registration data. I'd argue this decentralization is occurring because of the existing RIR system's inability to adjust in a timely fashion to an environment radically different than the one in which the original rules were defined and that this decentralization will only increase, particularly as IPv4 becomes more scarce.
I agree entirely.
You appear to be arguing that a broadening of participation will fix that. I'm ... skeptical.
The people I see who most would like to get involved in numbering policy but can't for reasons of resources or accessibility are LE, regulators, governments etc. Add those to the mix and yes the landscape will change.
warm regards Jay

Jay,
On Aug 21, 2011, at 3:29 PM, Jay Daley wrote:
Step up to actively increase participation, both from outside the LIR community and within.
Worth a try, I suppose (if the community is willing to pay for it). My impression is that the RIRs have been actively trying to do this sort of thing for years with limited success. I would be surprised if more thrust on this vector appreciably changes anything, but I've (often) been wrong before.
the RPKI should not be voluntary and RIRs (or companion organisations to maintain a registry/regulator split) should become addressing police officers using the RPKI sanction to keep people in line.
Given discussions I've seen in other venues, I suspect this is going to be ... challenging.
On the pricing change, I would be curious to know how you think that might emerge by itself?
Well, there is http://www.tradeipv4.com/ and the Microsoft purchase of the Nortel blocks for $11/address via addrex.net set an early benchmark. I imagine that as ISPs in the AP region draw down there existing reserves, a robust market will develop. Since there is limited supply and demand is increasing, the price for addresses will likely climb fairly rapidly.
The people I see who most would like to get involved in numbering policy but can't for reasons of resources or accessibility are LE, regulators, governments etc. Add those to the mix and yes the landscape will change.
Could you clarify the 'reasons of resources or accessibility'?
Thanks, -drc

On 22/08/2011, at 4:20 PM, David Conrad wrote:
the RPKI should not be voluntary and RIRs (or companion organisations to maintain a registry/regulator split) should become addressing police officers using the RPKI sanction to keep people in line.
Given discussions I've seen in other venues, I suspect this is going to be ... challenging.
Sure, with the current makeup of RIR policy participants it will never get anywhere.
The people I see who most would like to get involved in numbering policy but can't for reasons of resources or accessibility are LE, regulators, governments etc. Add those to the mix and yes the landscape will change.
Could you clarify the 'reasons of resources or accessibility'?
This is not an easy area to get involved in as the discussions are complex, use extensive jargon, have long histories and there is an absence of easy ways to pick all this up. With those accessibility constraints, it takes a lot of time/effort for a new participant to get up to speed sufficiently to be able to engage properly. That's the resource constraints.
I think that allowing this to remain a barrier is bad for RIR policy development and a special effort should be made to help people overcome these constraints (again I'm sure some effort is being made, but not enough to have the impact needed).
Jay

Hi Jay,
Speaking only for myself.
On 22/08/2011, at 11:29 AM, Jay Daley wrote:
I don't want to get hung up on the radical policies I proposed, they were there to illustrate the point that different approaches within a policy framework are possible. You had some interesting questions in there that I'll quickly answer by saying the RPKI should not be voluntary and RIRs (or companion organisations to maintain a registry/regulator split) should become addressing police officers using the RPKI sanction to keep people in line.
I've been following this thread quietly and since you've mention RPKI I thought I would chime in with a personal perspective as it's a topic I find interesting.
RPKI is the base requirement for a routing security framework. It is simply stating that the holder of the private key is the holder of the address space, with the underlying layer being that the address space is unique and can be verified as such. This allows one to build a layer of routing security with that basic crypto-graphical slice of information. The resulting security framework (evolving as BGPSEC) is optional - it has to be. Some people will implement and engage faster than others. However BGPSEC is optional and the prose in the existing IETF drafts says not having it is ok, it's just insecure. Additionally the real power for RPKI is in the hands of the relying party (those who do the validation and apply it to routing). The relying parties may/will apply their own local policies, which could be orthogonal, to what is seen in the RPKI. This implies that the RPKI is quite toothless as a sanction. Consider it as an instrument closer in function to the title deed for your house.
The other aspect of your suggestion is that attempting to turn the RPKI into the truncheon for the "addressing police", with the RPKI being linked to the routing system as it is, effectively turns the RIRs into the routing police for those that choose to use RPKI/BGPSEC. This is something I personally would be loath to see. Firstly because this is not the RIR mandate and secondly, in a litigious society the pool of money the RIRs would need to fend off offended businesses would drain Apple's stockpile. I dare say that the vast amount of operators out there would also rather not see a RIR given such reaching controls.
The only thing RPKI currently suggests which supports the centralised control arguments is that it is built on X.509 certificates that requires a strong hierarchical model for the certificate issuance. Although the observation is that certificate issuance itself can still be hierarchical in almost any distribution mechanism (direct, registry/registrar, broker, wholesaler, etc) provided provenance can be maintained.
To be honest, I see the only sane approach is to make RPKI an optional service (for those who wish to use it warts and all) unencumbered with conditions and implications apart from being able to prove your right to use addresses.
Cheers Terry

Hi Terry
On 22/08/2011, at 5:27 PM, Terry Manderson wrote:
RPKI is the base requirement for a routing security framework. It is simply stating that the holder of the private key is the holder of the address space, with the underlying layer being that the address space is unique and can be verified as such. This allows one to build a layer of routing security with that basic crypto-graphical slice of information. The resulting security framework (evolving as BGPSEC) is optional - it has to be. Some people will implement and engage faster than others. However BGPSEC is optional and the prose in the existing IETF drafts says not having it is ok, it's just insecure. Additionally the real power for RPKI is in the hands of the relying party (those who do the validation and apply it to routing). The relying parties may/will apply their own local policies, which could be orthogonal, to what is seen in the RPKI. This implies that the RPKI is quite toothless as a sanction. Consider it as an instrument closer in function to the title deed for your house.
I understand this intent but I see that as the product of much the same set of participants as the RIR policy process and so RPKI and the policy around it are all of the same nature.
The other aspect of your suggestion is that attempting to turn the RPKI into the truncheon for the "addressing police", with the RPKI being linked to the routing system as it is, effectively turns the RIRs into the routing police for those that choose to use RPKI/BGPSEC. This is something I personally would be loath to see. Firstly because this is not the RIR mandate and secondly, in a litigious society the pool of money the RIRs would need to fend off offended businesses would drain Apple's stockpile.
Ultimately an RIR is allocating resources that provide access and with that comes responsibility for the policies under which those resources are allocated. It took a long time for the domain name registries and policy bodies to recognise and act on that responsibility to create dispute resolution and other rules, but in the end they did and it is inevitable that the RIRs must do so too if they are to survive.
The key word here is responsibility. It is an intrinsic attribute of resource allocation and cannot be avoided or ignored or the system fails. Every outsider I know that has looked in on the RIR policy process in the last couple of years has seen this responsibility gap clearly and was astonished by it.
I dare say that the vast amount of operators out there would also rather not see a RIR given such reaching controls.
In .nz we are also acutely concerned to prevent too much power being vested with one entity and the need for appropriate checks and balances. Consequently the ccTLD role is split across two entities - the registry that operates the DNS and registration systems, which it does according to the policy set by the other entity, the regulator, who manages an open and consultative policy process. As the guardian of the policy it is the regulator that takes action If someone breaches the policy by instructing the registry on what action to take.
Both of these companies are private sector and as the registry receives all the income, it pays the regulator a fee so that it can operate. A clean separation of duties.
cheers Jay

Hi Jay,
On 22/08/2011, at 6:45 PM, Jay Daley wrote:
I understand this intent but I see that as the product of much the same set of participants as the RIR policy process and so RPKI and the policy around it are all of the same nature.
That is not surprising, the people who are cognisant of security concerns regarding the routing protocol are the ones who understand the routing system and also how to apply a layer of infrastructure security to it. Idealistically one would say that in the creation of the RPKI the technical concerns were the initial driver, not the political concerns. (noting that 'keeping people in line with RPKI' is a political concern from my PoV.)
It may be arguable that the latter now holds more importance and could well signal a structural change to the former - but if the sentiment seen from stakeholders in another region are anything to go by the application in effort will be for a more relaxed, less controlled incarnation.
Although there are some parallels between RPKI and DNSSEC. Is the domain industry mandating DNSSEC to keep people in line? ;)
Ultimately an RIR is allocating resources that provide access and with that comes responsibility for the policies under which those resources are allocated.
I think what you are trying to assert is that the RIRs have more of a role in routing than they actually do. Granted it is a fuzzy line, but the system has always attempted to state that RIRs cannot guarantee the routability of any address block. As it is already, there are prefixes that are simply not satisfactory and operators pop up on mailing lists from time to time lamenting their allocated address block they cannot return/replace due to filtering by organisations all over the world outside of their control or the RIR's control.
It's an imperfect system, I fear that more centralisation and control will make it even more so. Any implementation of RPKI, or indeed anything else including the trading market that others suggest and have faith in, will need to work perfectly well in a decentralised manner.
The key word here is responsibility. It is an intrinsic attribute of resource allocation and cannot be avoided or ignored or the system fails. Every outsider I know that has looked in on the RIR policy process in the last couple of years has seen this responsibility gap clearly and was astonished by it.
Can you specifically call out this responsibility gap?
I dare say that the vast amount of operators out there would also rather not see a RIR given such reaching controls.
In .nz we are also acutely concerned to prevent too much power being vested with one entity and the need for appropriate checks and balances. Consequently the ccTLD role is split across two entities - the registry that operates the DNS and registration systems, which it does according to the policy set by the other entity, the regulator, who manages an open and consultative policy process. As the guardian of the policy it is the regulator that takes action If someone breaches the policy by instructing the registry on what action to take.
It's true that in the APNIC region the one organisation is both the ultimate approval point for policy (the APNIC EC approves the polices before implementation) and the operator of the registry. The question that I have is if there was a separation of policy and operation, would that make the mooted trading market easier to migrate too? or for the RIR system to have a softer ride over speed bumps and potholes?
It may well.. I just don't have an unblemished crystal ball.. nor a mental model that fits the scenario at this stage, and as much as Tom in past has argued the banking/monetary structure to me I still don't buy that either.
Cheers Terry

Dear colleagues,
While I'm happy to see the discussion about the role of the RIRs, their plans for world domination and how we can either prevent or encourage it that this article has provoked, can I ask us to hold off a little on this topic for now.
We have significant proposals on the table which we need to consider next week in Busan and I'd like to see us focus on those. If there's a desire to look at the bigger picture then let's continue this discussion on the list after the meeting and bring concrete proposals to the meeting in Delhi.
Regards andy

Hi David,
On Aug 21, 2011, at 2:35 PM, David Conrad wrote:
Jay,
On Aug 21, 2011, at 12:25 AM, Jay Daley wrote:
I think the parallels you draw are entirely wrong. The RIRs are bottom-up policy organisations in their very nature.
I suspect if you look back in history, you'll find that the folks who argued most strenuously against competitive telcos were the folks who argued that competitive services would/could not represent all sectors of society, and that the only way truly universal service could be provided was through monopolies. They would say "the network would suffer" or that "markets could not be trusted" and the only way to ensure "fair and equitable" service was to have a single provider that was forced to abide by bottom-up rulings of "public utility commissions" (or equivalent). As those monopolies were threatened, they lobbied for restrictions against potential new entrants and blocked access by those entrants to resources the entrants needed to do business.
While no analogy is prefect, as I said, I see a number of parallels. YMMV.
Whatever faults they have in their policies come largely because that process inherently reflects the foibles of the participating stakeholders, not from the arrogance of those in charge.
I don't actually care who is to blame for any faults (after all, some of the blame could probably be laid at my feet :-)). What matters is what happens in the future. APNIC's free pool is exhausted. The AP region is (I think) growing the fastest amongst all the regions. Pretend that you are an ISP wishing to respond to that growth. There are now multiple organizations that are offering IPv4 address space on (lets call it) the grey market. Would you refuse to consider making use of that option, assuming that the grey market companies provide documentation describing the chain of custody of addresses on that market? If you do, do you think your evil competitors would have the same qualms? Assuming not, which whois database are you going to query when a new prefix shows up at your door? Will you break your customers access to some subset of the Internet by refusing to query a particular database? Will your evil competitors?
The core thesis in Paul's ACM Queue article (as I understand it), that alternative address registries are like alternative DNS root providers and hence bad, is a strawman. It is trivially obvious that multiple address "roots" would lead to madness. That's not what's happening.
Hi David,
Given your significant role in establishing the RIR system, coupled with your now quite jaundiced view of how the RIR system has turned out, I feel obliged to ask:
Was it "trivially obvious" to you back in the early 1990s that your successors in the RIR community would later go on to adopt "mad" policies, e.g., a reluctance to embrace an unguided, one-way trip to competitive devolution that is quite likely to affect every Internet user everywhere, forevermore -- albeit to what effect, with what benefits, and at what cost all remaining, at best, highly debatable? At what point did the inevitability of the current insanity become apparent to you, and what steps were taken to educate other stakeholders and/or to otherwise prevent the madness that we have now descended into?
My point is that focusing on what might seem "trivially obvious" today is, in fact, just another strawman.
And lest anyone think that the current "madness" must be a byproduct of centralization, command and control, heavy-handed regulation, etc., here's a few more "analogies" to disabuse you:
1. Back in the 18th-19th centuries, many of the now-wealthiest countries had substantially decentralized and only-loosely standardized monetary systems -- meaning no consistently enforced bank establishment criteria, no official reporting/disclosure or monitoring, banks printed their own banknotes, and no bank, merchant, or individual was compelled to accept anyone else's money (i.e., "money routing" was never guaranteed -- except in so-called "company towns"). These systems tended to be extremely volatile and collapse-prone until they accidentally developed a thin mechanism for rudimentary coordination and limited reputation information sharing, which piggy-backed on top of a more mundane, purely voluntary banknote "clearing house" service. However, by the beginning of the 20th century all of these quasi "free banking" systems had disappeared, and none has been established in the intervening century-plus. In some cases, the collapses were precipitated by the failure of the information sharing function, as individual member banks came to realize that the proximate impediment to their "freedom" to grow their customer portfolios (potentially without limit) was not insolvency per se, but rather the punitive (aka precautionary) actions that other banks would take if their excessively leveraged positions came to light. In other cases, the collapse followed the introduction of competition in clearing house services at the insistence of member banks that were envious of the profits and/or dissatisfied with the fees of incumbent clearing house service providers (which were themselves for-profit commercial banks).
2. In the years after the 20th c. Depression, the nationally-segregated monetary systems that replaced the old "free banking" regimes converged on a set of (still relative thin) reputation information sharing practices involving consistent bank establishment criteria, minimum reserve cash-to-lending activity ratios, and mandatory periodic reporting/disclosure requirements, all coordinated by central banks that funded their operations by monopolizing activities like interbank check clearing and banknote production. Once again banks gradually came to recognize that the proximate check on their unrestricted "freedom of expansion" was information leakage to competitors. Over time they started shifting more and more of their commercial activities to areas that were not subject to mandatory reporting requirements, until today the overwhelming majority of bank-like financial business is either conducted by registered banks as off-the-books transactions, or by completely off-the-books "shadow banks." Banks have not had any idea of which among them was truly solvent/insolvent for a long time now; they just didn't realize that until 2008 or so.
If you're administering a banking/monetary system, or contemplating someone else's bank, it's trivially obvious that operating beyond some leverage ratio (x) would lead to madness. However, if the structure of the industry makes it possible for every banker to exercise very broad discretion over how they define and disclose their own leverage ratios, then all you can do is trust in the discretion of (all of the) other bankers.
If you're operating a bank, you too know all of the above -- but you probably find it very hard to believe that your own leverage ratio is really at or below (x). Meanwhile, you know 101 ways to assure that your publicly observable leverage ratio never deviates from some mandatory and/or generally respectable range. Under normal conditions, and assuming every other bank is being more forthright than you, you should be perfectly safe...
There are an awful lot of independent banks, but it doesn't seem to take all that many to bring the whole system down (or alternately, there doesn't seem to be all that many that are interested enough in keeping the system up).
Bottom line: It seems to be that matters that are "trivially obvious" tend to be pretty unreliable predictors of how distributed systems evolve over time.
Of course, as you say, ymmv.
Regards,
TV
What is springing up (driven by market demand) are:
- market places where allocated-but-unused address space can be sold to those who are willing to pay for it (e.g., Addrex, tradeipv4.com)
- "address registrars" who sell the service of updating registration data associated with existing allocations (e.g., depository.net).
The issue I see is that the existing system is (or has been) structurally unable to evolve to meet the changing environment driven by the exhaustion of the free pool(s). Look at the fiascos associated with attempts to create global policies recently. Do you think this is going to get better as other regions' free pools exhaust?
What we have now is a single addressing root partitioned into 5 arbitrary mutually-agreed geographical monopolies (can you say "cabal"?), each of which have their own policies and processes that are attempting to perform those two services (along with the service of allocating the rapidly dwindling free pool). We've already past the point where the folks involved in "bottom-up" policy making are arguing "region X's policy is wrong, so we're going to actively block it in region Y". Do you think that is going to get better over time? Do you think businesses just trying to provide Internet services have any interest in putting up with that sort of BS if they have an alternative where they just pay their money and get the resources they need?
I
What the RIRs suffer from is a lack of diversity among participating stakeholders.
While true, this is largely irrelevant since it isn't going to change. Like the telephony world, the vast majority of people are neither interested nor do they care about the machinations involved in establishing the underlying technology's resource management policies. They only care when things break and they need someone to blame.
Prescribing commercial competition as a medicine to tackle the RIR faults is missing this point and likely to harm the numbering space by eliminating the bottom-up policy determination.
The point is that no one is prescribing commercial competition, it is happening on its own. Now. Driven by economic reality. Sticking one's head in the sand or saying "we can't do anything until there is global consensus" or worse, attempting to block it is simply encouraging a negative outcome.
We should instead be looking at what faults the current narrow engagement leads to and showing some leadership in addressing them through the bottom-up policy process, while simultaneously working to broaden engagement so that the RIRs become truly multi-stakeholder.
How long should we wait?
Regards, -drc
sig-policy: APNIC SIG on resource management policy *
sig-policy mailing list sig-policy@lists.apnic.net http://mailman.apnic.net/mailman/listinfo/sig-policy

On 8/18/11 8:58 PM, "John Curran" jcurran@arin.net wrote:
ARIN does not believe that any changes to the structure of the Internet registry system should happen without first having corresponding global discussion, as the changes are disruptive by their very nature and their introduction has global impact. If you have a example where ARIN is somehow discouraging discussion of changes to the Internet registry system, then please bring it directly to my attention, as we quite willing to evolve as long as there is global multi-stakeholder discussion of the changes first, with a result that reflects the public interest in this area.
:%/ARIN/ARIN staff/g
Best,
-M<

On Jan 11, 2012, at 7:11 AM, Hannigan, Martin wrote:
On 8/18/11 8:58 PM, "John Curran" jcurran@arin.net wrote:
ARIN does not believe that any changes to the structure of the Internet registry system should happen without first having corresponding global discussion, as the changes are disruptive by their very nature and their introduction has global impact. If you have a example where ARIN is somehow discouraging discussion of changes to the Internet registry system, then please bring it directly to my attention, as we quite willing to evolve as long as there is global multi-stakeholder discussion of the changes first, with a result that reflects the public interest in this area.
:%/ARIN/ARIN staff/g
Martin -
'ARIN' is correct as originally shown. To be clear, ARIN's views on these matters are set in consultation with ARIN's Board of Trustees, which is the body elected by the membership responsible for setting ARIN's mission and direction. If you'd like more information on the ARIN Board of Trustees or election process, please refer to the ARIN web site here: https://www.arin.net/about_us/bot.html
FYI, /John
John Curran President and CEO ARIN
Activity Summary
- 4280 days inactive
- 4280 days old
- sig-policy@lists.apnic.net
- 10 participants
- 24 comments