Nice work Ron

Fri Jan 22 09:26:10 UTC 2021

No, this is not correct. LACNIC policies, state:

1.14 Principles for Proper Administration and Stewardship
The fundamental principle is to distribute unique Internet numbering resources according to the technical and operational needs of the networks currently using, or that will use, these numbering resources, allowing the sustainable growth of the Internet.

The numbering resources under the stewardship of LACNIC must be distributed among organizations legally constituted within its service region [COBERTURA] and mainly *serving networks and services operating in this region. External clients connected directly to main infrastructure located in the region are allowed.

*“Mainly” is understood to mean more than 50%.

(https://www.lacnic.net/681/2/lacnic/)

The 50% was not there before, so I submitted a "recent" policy proposal that reached consensus, so added that to make sure that we have a "clear" line of what is "mainly". Note that in LACNIC the policies are in Spanish, so the English translation, may not be "perfect".

So clearly, a resource holder needs to "have" the majority (>50%) of the services operating in the region. I think the English version is not sufficiently clear on that, but the Spanish one is accurate.

Also, the only reason why, as I explained to Ron when he contacted me about this case, it takes so long to recover resources, is because claiming for a resource is a really terrible situation. If a RIR makes a mistake, maybe there is no way back, so the RIR needs to ensure that all is very well investigated and the resource-holder has sufficient chances to clarify the situation.

The same policy proposal (https://politicas.lacnic.net/politicas/detail/id/LAC-2019-9/language/en) also did lots of changes across the entire policy manual, and the most important ones are related to section 7 (resource revocation and return):

https://www.lacnic.net/687/2/lacnic/7-resource-revocation-and-return

(look at the Spanish version, English seems not updated)

This proposal is not fully implemented yet, because it requires "automated" checking's for the policies, which will take some time to get fully implemented, and may not be possible to automate it 100%. So, for example ensuring that the IP addresses are actually (>50%) operating in the region, will be automatically detected.

If an organization get resources, say "we have a contract in a DC in Belize" to host them, and even they probe that to LANIC, but after obtaining the resources, they cancel the DC contract and use the resources outside the region, LACNIC didn't have a way to automatically verify it. Now with this policy, once fully implemented, they will have it and they will get alerts so they can manually do a verification, and if needed contact with the resource holder.

Of course, in case of non-compliance, section 7.1 of the policy, gives several chances, across 3 months, so the resource holder can either probe that there is compliance, or if they did a "mistake" they still have the opportunity to correct it.

In certain cases (such as fraud in documents), the RSA has precedence, and it can mean "no opportunity" to correct the situation, but still, the process may take 3 months, to give opportunity to the resource holder to probe it.

Regards,
Jordi
@jordipalet

El 22/1/21 9:32, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de mohta at necom830.hpcl.titech.ac.jp> escribió:

    Eric Kuhnke wrote:

    > Based on my cursory knowledge of offshore corporate registrations in
    > Belize, Panama and the Cayman Islands, identifying those locations which
    > are only mailboxes versus actual business office addresses should not be
    > overly complicated or difficult.

    A problem, however, is that, these days, one can perform
    real business at remote locations without actual business
    offices there.

    Moreover, as page 28 of:

    	https://www.lacnic.net/innovaportal/file/1016/3/lacnic-fasciculo-infraestructura-internet-en.pdf

    says:

    	REQUIREMENTS FOR OBTAINING AN IP ADDRESS BLOCK AND AN ASN

    	The organization must be legally incorporated in the LACNIC
    	service region.

    incorporation is enough and physical presence is *NOT* required
    by LACNIC.

    Though there may be other reasons, the article explains:

    	https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

    	that are supposed to be given only to entities with a
    	physical presence in the region

    						Masataka Ohta

    PS

    I'm, anyway, glad that Ron now understand that "stealing" of IP
    addresses through AFRINIC for money is a crime of fraud.

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.