Registration fraud (was Re: RPKI)

Masataka Ohta mohta at necom830.hpcl.titech.ac.jp
Wed Sep 18 20:25:05 UTC 2019


Martijn Schmidt via NANOG wrote:

> Given that there is (or should be) an unbroken chain of contracts and
> payments from IANA to RIR (to NIR) to LIR and beyond for all
> non-legacy resources, I'd say they are in a pretty good position to
> take care of the due diligence work to validate an organisation's
> ownership as well as its associated resources and subsequently
> publish the result through a cryptographic signature. If one of the
> RIRs or NIRs is not doing that job properly then we should (at first
> privately) call them out on it and push them to improve.

I'm afraid that improvement is very hard, given the reality of fraud
involving intra-national real estate registration as is exemplified by:

https://www.hg.org/legal-articles/legal-options-available-to-victims-of-real-estate-fraud-in-ontario-7376
Real estate fraud in Ontario generally includes "mortgage fraud" (e.g.
fraudsters acquire a mortgage fraudulently through false information or
identification and run away with the money, leaving the true home owners
with a significant liability) and "title fraud" (e.g. fraudsters use
stolen identity or forged documents to transfer a registered owner's
title to him or herself without the owner's knowledge).

How can a real estate or IP address registrar detect "forged documents
to transfer a registered owner's title to him or herself without the
owner's knowledge", especially when the transfer is international?

Also, though I think existing code is applicable to fraud involving
IP addresses, its practical applicability for international cases
is questionable.

						Masataka Ohta



More information about the NANOG mailing list