ARIN, was Re: 72/8 friendly reminder

Owen DeLong owen at
Fri Mar 25 04:52:58 UTC 2005

--On Thursday, March 24, 2005 16:32 -0500 Edward Lewis 
<Ed.Lewis at> wrote:

> At 12:53 -0800 3/24/05, Owen DeLong wrote:
>> NO.  Operational specifications and routing are the domain of the IETF
>> and _NOT_ ARIN.  ARIN is responsible for the stewardship of assigned
>> numbers within the ARIN region.  This includes IP addresses, Autonomous
>> System Numbers, and, DNS delegations for reverses on IP addresses.
>> While ARIN should consider routing issues and the operational impact
>> of ARIN stewardship policies, and, ARIN also has an educational role
>> in helping the community to understand BCP including operational
>> BCP as it relates to IP Addresses, ASNs, and DNS, ARIN has no role
>> in dictating or driving operational practices.
> My question is not related to specification development but operational
> requirements of ARIN itself providing a service based on specifications.
> E.g., picking something a bit more concrete that secure routing, should
> ARIN deploy DNSSEC support, once it is published (again), in 6 months?
> 12 months? 10 years?  This will tell the staff what level of staffing is
> needed to accomplish the work.  The policy discussion will let membership
> know whether it is willing to pay for this. (Open to the public or not,
> the membership determines what it pays.)
When DNSSEC is released again (whenver that may be), if ARIN constituency
wants ARIN to support it, at least one such person will make a policy
proposal.  In the policy proposal, there will be a proposed or intended
timeframe for implementation.  This is a requirement of the policy process.
If ARIN staff does not feel it can meet that timeframe, that will be part
of the discussion in the Staff Impact slide that is presented with each
proposal at the ARIN meeting(s) where the proposal is discussed.

> Discretionary funding for supporting research within the IETF should
> exist too, to cover participation in development of specifications at an
> appropriate level of effort.
ARIN has, so far, expressed a desire not to do this.  Indeed, ARIN has
specifically encouraged ARIN members to participate individually in IETF,
but, feels that ARIN as a body has no role to play there.

> Let's say DNSSEC is ready for deployment.  Does the impetus come from the
> ARIN staff or from the membership?  (Maybe it comes from outside, but
> does it need to be made into a policy before the staff implements it?)
Neither.  It comes from the ARIN constituency, which is the entire
community of IP consumers within the ARIN region.  The imeptus would come
from a policy proposal.  Anyone who has an interest can submit a policy
proposal to ARIN.

>> I'm not sure ARIN has a change or innovation role.  It is not unlikely
>> that responsible stewardship includes a minimum of change and a
>> preservation of stability and consistency.
> ARIN has two definite roles when it comes to innovation.  1) Don't get in
> the way of innovation by the community and 2) provide expert advice when
> it comes to the development of specifications related to RIR functions.
> And ARIN ought to be wary of trends in the improvement of its internal
> operations.
Agreed.  However, this is different from the impression I received
from the earlier comments that seemed to suggest that ARIN had a role
as an innovator.  Finally, as to 1, to a certain extent, ARIN does
have a partial responsibility to stand in the way of some innovation
if in ARIN's view said innovation might be harmful to existing services.

> An example of role number 1 is providing DNS services over IPv6
> transport.  An example of role number 2 is contributing to the discussion
> of the IRIS definitions for address registries.  In neither case is ARIN
> leading the charge, but is playing a part in innovation.
I don't believe ARIN had any delay between ARIN beginning to issue IPv6
allocations and ARIN providing DNS/v6 services.  Until such time as ARIN
had policy and responsibility for issuing IPv6 addresses, ARIN had no
reason whatsoever to provide any DNS/v6 services.

> To come back to secure routing, the reason ARIN would be involved is that
> ARIN would be asked to publish information on who is allocated number
> resources.  Although this is done in WhoIs now, there is a need to do
> this via whatever format is required by "secure routing." I'm sure the
> specification of secure routing will describe how to operate the
> protocol, but not address the server capacity nor topology needed.
Again, if that feature is desired by anyone in ARIN constituency, then,
a relevant policy proposal will be put forth, and, the issue will be
debated and addressed according to community consensus.  I do not see
this as dysfunctional.

> Perhaps policies aren't the vehicle, but then how does the operational
> community get ARIN to supply services?

Policies _ARE_ the vehicle, and, I guess I don't understand what it is
you think is dysfunctional about the policy process, since from what
I can see, it addresses exactly the issues you describe above.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list