DoD IP Space

John Curran jcurran at arin.net
Sun Apr 25 15:21:43 UTC 2021


Sronan -

For avoidance of doubt (and to save folks some digging), I will observe that the number resources associated with the U.S. DoD handle I referenced do not include DoD’s legacy IPv4 number resource holdings.    However, there are indeed are registration agreements with the US DoD that pertain to the DoD’s legacy IPv4 number resource holdings, and this may be readily confirmed by reviewing the CBO assessment report for the “NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2020” (which in its early form envisioned potential monetization of select DoD IPv4 number resources) -

From the CBO assessment  <https://www.govinfo.gov/content/pkg/CRPT-116hrpt120/html/CRPT-116hrpt120-pt2.htm>

To estimate the potential receipts from the sale of IP
addresses, CBO examined the security risks and market factors
that would affect the number of addresses and the price for
those addresses that could be sold within the ten-year budget
window. CBO expects that DoD would not be prepared to sell any
addresses before 2022 for several reasons. First, over the next
two years DoD plans to study the cybersecurity requirements and
procedures that will support the department's transition of
IPv4 addresses to the next generation of IPv6 addresses.
Second, the agency would then have to update its internal
network operations in order to mitigate the security risks of
transferring DoD IP addresses to nonfederal entities.\5\ Third,
DoD would have to amend its existing agreement with the
American Registry for Internet Numbers (ARIN), which requires
DoD to release unneeded IP addresses to ARIN for
redistribution.

ARIN has no particular view on the merits/issues of US DoD disposition of its rights to IPv4 blocks (and this provision was omitted from the NDAA in its final form), but we did indicate to the DoD that ARIN polices for IPv4 address blocks have indeed changed, and that their agreement with ARIN does not preclude disposition of rights to IPv4 address blocks now that the ARIN community has established transfer policies allowing same.

(ARIN applies the community-developed policies to all number resources in the ARIN registry, and this includes blocks issued by predecessor operators of the registry.)

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


On 25 Apr 2021, at 9:13 AM, John Curran <jcurran at arin.net<mailto:jcurran at arin.net>> wrote:

Sronan -

I’d suggest asking rather than making assertions when it comes to ARIN, as this will avoid propagating existing misinformation in the community.

Many US government agencies, including the US Department of Defense, have signed registration services agreements with ARIN.

From https://account.arin.net/public/member-list -

United States Department of Defense (DoD)

USDDD<https://search.arin.net/rdap?query=USDDD&searchFilter=entity>

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 25 Apr 2021, at 8:54 AM, sronan at ronan-online.com<mailto:sronan at ronan-online.com> wrote:

Except these DoD blocks don’t fall under ARIM justification, as they predate ARIN. It is very likely that the DoD has never and will never sign any sort of ARIN agreement.

Sent from my iPhone

On Apr 25, 2021, at 3:40 AM, Mel Beckman <mel at beckman.org<mailto:mel at beckman.org>> wrote:

Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as you can test for yourself. Your expectation that the DOD will “generally comply with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary standards”, you seem to forget that in the U.S., the government is accountable to the People. Where a private company may not have to explain its purposes, the government most certainly does in the private sector. With these IP spaces being thrust into the civilian realm, yes, they owe the citizenry an explanation of their actions, just as they would if they had started mounting missile launchers on highway overpasses. It’s a direct militarization of a civilian utility.

Keep in mind that the U.S. Government — under all administrations — has shown that it will abuse every technical advantage it can, as long as it can do so in secret. Perhaps you’ve forgotten James Clapper, the former director of national intelligence, who falsely testified to Congress that the government does “not wittingly” collect the telephone records of millions of Americans. And he was just the tip of the iceberg. Before Clapper under Obama there was the Bush administration’s Stellar Wind" warrantless surveillance program. The list of government abuse of civilian resources is colossal .

Fighting against that isn’t political. It’s patriotic.

-mel

On Apr 25, 2021, at 12:02 AM, Mark Foster <blakjak at blakjak.net<mailto:blakjak at blakjak.net>> wrote:


On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you slice it. The lack of transparency with a civilian resource is troubling at a minimum. I’m going to bogon this space as a defensive measure, until its real — and detailed — purpose can be known. The secret places of our government have proven themselves untrustworthy in the protection of citizens’ data and networks. They tend to think they know “what’s good for” us.

-mel


Why does anyone on the Internet need to publish to your arbitrary standards, what they intend to do with their IP address ranges?

Failure to advertise the IP address space to the Internet (until now, perhaps) doesn't make the address space any less legitimate, and though I'd expect the DoD to generally comply with all of the expected norms around BGP arrangements and published whois details, at the end of the day, they can nominate who should originate it from their AS and as long as we can see who owns it.... it's just not our business.

Any organisation who's used DoD space in a way that's likely to conflict with, well, the DoD, gambled and lost.

Mark.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210425/26873cae/attachment.html>


More information about the NANOG mailing list