ARIN Fraud Reporting Form ... (Resource listings yes, resource routing no)

Ronald F. Guilmette rfg at tristatelogic.com
Sat Oct 2 05:26:32 UTC 2010


John,

Let me thank you yet again for devoting your personal time (on a Friday
night no less) to responding to me concerns.  I may not always agree with
you, but I appreciate the effort, and the consideration.


In message <4DB05053-FCD4-4459-B226-991435E90C65 at arin.net>, 
John Curran <jcurran at arin.net> wrote:

>We will shortly be providing a "list of number resources with no valid POC"
>for those who desire it (per the current bulk Whois policy.)

But I think you understand that I was suggesting something that's readily
accessible, even to the Great Unwashed Masses, within the individual
WHOIS records... not exclusive to just your ordained bulk whois clientel.

You did get that, right?

>> If you can put an annotation into a whois records for a POC,
>> saying explicity that you can't get ahold of this person, then it would
>> seem to me to be a rather trivial matter of programming to transplant
>> a very similar sort of annotation into each and every IP block or AS
>> record that has that same specific POC record as one of its associated
>> POC records, either Admin, or Technical, or whatever.
>
>Also a nice idea, and one that I've taken as a formal suggestion for
>improvement.

Thank you.

>Your understanding of our fraud process is correct, and presently the only
>form of "hijacking" which we have the ability to correct...

Well, now, as Ronald Regan used to say ``There you go again!''

I've tried to be clear.  I'll try again.

Many many many people have told me, off-list, and even before this conver-
sation, that you folks can't change the routing table, and that even if
you could, most probably would never want you to exercise that authority.
So I do fully understand where the weight of public opinion falls along that
particular axis.  Believe me, I do.

But please do try to understand me. I was not asking you to ``correct''
any hijacking incident.  You can't.  So let's just agree on that, and
also agree that that is not what we are even talking about.

What I said was ``annotate'' and/or ``announce'' and/or ``make _some_
sort of public statement or comment''.  This, I think, would not be
straying so substantially outside of your charter than anybody would
ever beat you up over it, especially if you folks exercised the kind
of caution and careful investigation which I believe you are more than
capable of, and if you thence only made public ``This is really fishy
looking'' type comments when your internal investigations have shown that
yes, indeed, this one really looks, smells, and tastes pretty darn awful.
(And frankly, I think this would apply to all four of the cases I have
written about here recently.)

So have I been unambiguously clear now?  I neither want nor expect you
to ``correct'' anything.  That sort of thing, I would agree, is not
your job.  But I don't think that fact implies that either you personally,
or ARIN as an organization have any kind of formal responsibility to
behave as blind deaf mutes with no opinions whatsoever, at any time, about
anything.

Some people would tell you that its a free country, and that you have
a right to an opinion.  I guess what I'm saying is that when it comes to
ARIN, and allegations of hijacking of number resources that you have
been chartered to administer, you have not merely a right, but actually
a _responsibility_ to an opinion.  And you should formulate it, and state
it, publically, when the need arises, which is to say whenever you receive
a credible allegation of the misappropriation of number resources that
lie within your portfolio.

>> I think you can see where I'm going with this.  You have, I think, tried to
>> demur (is that the right word?) on ARIN's behalf, from _either_ investigating
>> or, subsequently, from issuing any kind of ``determination'' as regards to
>> whether a given block is being routed by the party or parties who ought to
>> be routing it, or by some uninvited interloper.
>
>Incorrect.  We determine whether an entry for an address block in WHOIS has
>been changed contrary to community-adopted policy.  This means carefully
>reviewing the information supplied on the associated change requests and
>various corresponding public records.  *None of it related to whether a
>given party should be routing a given address block*

Right. You may perhaps not have realized it, but I do believe that you
actually just _agreed_ completely with what I said just above.  At present,
you decline to even look at things that don't involve the fiddling of WHOIS
records.  Somebody could be murdered in the next room, and you would decline
to investigate that too, because the community hasn't explicitly chartered
you to do that.

I understand your position, and I think I may even understand what motivates
it... like maybe years and years of having your own constituency beat you
about the head and neck whenever you try to do even the smallest, kindest,
and most generous and well-meaning things if they... the herd of cats...
haven't explicity approved of you doing it, themselves, in writing, and
in triplicate.

But to say I understand your position, and to say that I can even under-
stand what I believe motivates it, is not to say that I agree with it.

I don't in this case.  I think you are perhaps not in quite such a tightly
fitting straight-jacket... created for you by your primary constiuency,
the ISPs... as you make out, and that you do actually have some freedom
to Do The Right Thing, especially in cases like these blatant hijacking
incidents.  But I also believe that you have made a private personal and
concious decision not to touch any of this with a ten foot pole, because
years of surviving in the kind of highly politically contentious job you
have has taught you to never stick your neck out, even a little bit, even
for an unambiguously good cause, unless what you plan to do or say (or
what you plan to eat for lunch, or when you plan to breath) has already
been approved, in triplicate, by the whole of the ARIN membership.  I'm
quite sure that that is the only practical and viable way to survive,
long term, in a highly political job like your's.  However I am equally
sure that it is unhealthy for any human being to live in a straight-jacket
for years at time, with no let-up.

So despite you protestations to the contrary, I will say again that I
think you have not only a right, but a responsibility to express an opinion
on matters critically affecting the number resources that you are tasked to
shepard... matters such as blatant hijacking of those resources by crooks...
and that the same goes for ARIN, as an organization, and that furthermore,
you do a disservice to the community, to your office, and yes, even to
yourself as an intelligent, concious, living, growing human being when you
hold your tongue on important matters simply because you have not been
officially and formally bidden to speak.

And you _don't_ always do that, consistantly and always, anyway.

In fact right now, within this very exchange you and I have been having,
you have expressed yourself in ways that, I feel sure, were not explicitly
or specifically sanctioned by your board or your membership, yes?  But you
have shown yourself to be fully fit and able to express these opinions of
your's anyway, as part of your reasonable exercise of your executive
discretion, in your pursuit of what you believe to be the community's
best interests.  That is correct, isn't it?  That's why you are here,
arguing with me on a Friday evening, when we both should probably be
doing something else.  You are expressing your opinion, about certain
matters relating to your job, and you are doing so in ways that you feel
are supportive of the community which you serve... not with every sylable
you utter having to have been be pre-approved... not with your corporate
counsel looking over your shoulder at every keystroke.  You're a bright
guy, and a leader among men.  You have an opinion, and you are expressing
it, for the good of the community.  Marvlous!  I say Bravo!

Just please explain to me how you taking a public position here, tonite,
in this conversation with me... a position which you take and speak about
and defend as part of your executive discretion, as the leader of ARIN,
in what you hope will be its best interests and those of the community...
is really all that different from what _I_ have requested you to do?
i.e. take a position... a public position...  on matters affecting your job
and the resources you oversee, in the best interests of the community.

I think you get my drift, because it isn't really all that subtle a point
I am making.  I don't think that you can have it both ways.  I don't think
that you can express your opinions, forcefully and eloquently, here with
me, on a Friday night... as I believe you are free to do, within the
limits of your executive discretion... but then go in to work on Monday
morning and claim that you have been obliged to check all of your opinions
at the door on the way in, and that both your and your organization are
likewise obliged by protocol to remain utterly mute until cocktail hour,
when you are off the clock and on your own time, even when it comes to
matters as serious as raw blatant theft and hijacking... acts which deface
and besmirch the very community you are sworn to protect. (Well, ok.  Please
_do_ allow me just a tiny bit of literary license, alright?  They have
Richard III on the IFC channel just now, and Shakespere in my general
vicinity always makes my prose rather prolix.)

Sigh.  I feel sure that I haven't convinced you to bite off even just this
tiny additional bit of authority/responsibility and stake it out as part
of the turf that goes quite naturally with your executive discretion...
discretion which you must be afforded, like it or not, by your constituency,
in order for you to do your job.  I'm sure that you have thought too long
and too hard about your job, and what it takes to survive in it, long term,
to be beguiled at this point by even the most evocative of retorical
flourishes.  But I will count myself as having been successful if I have
at least caused you to think a bit more... not about what freedom you have
to ``do'', but about what freedom I believe you have to speak, and to speak
and express opinions in ways that benefit the community far more than your
silence would (or does).

>>``Look folks, we've looked at this, and in our opinion, what's going on
>> here just doesn't look kosher.''
>
>The good news is that if you're referring to investigation of errant entries
>in WHOIS, we currently do expend effort to investigate and correct.  In order
>for ARIN to investigate and annotate address blocks according to their state
in the routing tables, it would take a very clear mandate from the community.

So you have said.  So you have repeated.  I am still not buying that you
are nearly as handcuffed as you say you are, because if nothing else, you
would have found it impossible to type this e-mail that I am responding
to if you had actually been wearing the kinds of handcuffs you claim,
i.e. ones which prevent you from even just expressing opinions on important
and relevant matters.

>You can suggest such a policy if you feel strongly about this; the process to
>to so is shown here: https://www.arin.net/policy/pdp_appendix_b.html

Thank you.  I may perhaps do so.  But I am not at all heartened to believe
that doing so would be likely to have any effect, given that you have
not evinced even the slightest hint, during this exchange of any actual
desire to have your portfolio enhanced in this specific way.  (And I
think that your vote would, quite rightly, outweigh any others when it
comes to such questions, i.e. those affecting the scope of your authority
and responsibility.)

In short, I leave discouraged, but unbowed.

At least I know who _not_ to expend time reporting certain very naughty
things to now, and I guess that is a small step forward, as it will save
me some time which I can better spend actually chasing more of these
hijacking weasles to ground.


Regards,
rfg




More information about the NANOG mailing list