Re: Important New Requirement for IPv4 Requests [re "impacting revenue"]

[Owen DeLong <owen () delong com>]

On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote:

> I'm not sure if anyone agrees with me, but these responses seem like  
> a big cop out to me.
>
> A) If ARIN is so concerned about the potential depletion of v4  
> resources, they should be taking a more proactive roll in proposing  
> potential solutions and start conversation rather then saying that  
> the users should come up with a proposal which they then get a big  
> vote one.
Well... ARIN is structured with a bottom-up community driven policy  
process. That has
served us well for many years, and, I think that changing it would be  
a mistake.  However,
in this case, that means that the following people are specifically  
excluded from proposing
policy:

        The BoT (other than via the emergency process)
        ARIN Staff

Policy proposals must come from the community. Either at large, or,  
from the ARIN AC
which is an elected subgroup of the community tasked with developing  
good policy for
ARIN. The AC itself depends largely on community input for what kind  
of policy the
community wants us to develop, and, at the end of the day, community  
consensus is
required in order for a proposal to become policy.


> B) Again, while it might be the IETF's "job", shouldn't the group  
> trusted with the management of the IP space at least have a public  
> opinion about these solutions are designed. Ensuring that they are  
> designed is such a way to guarantee maximum adoption of v6 and thus  
> reducing the potential for depletion of v4 space.
The IETF specifically does not accept organizational input and  
requires instead that
individuals participate. This is one of the great strengths, and, also  
one of the great
weaknesses of the IETF. However, it means that even if ARIN could  
develop a public
opinion (which would have to come from the ARIN community by some  
process which
we don't really have as yet), this opinion wouldn't mean much in the  
IETF's eyes.

> C) Are ARIN's books open for public inspection? If so, it might be  
> interesting for the group to see where all our money is going, since  
> it's obviously not going to outreach and solution planning. Perhaps  
> it is being spent in a reasonable manner, and the fees are where  
> they need to be to sustain the organizations reasonable operations,  
> but perhaps not.
I will leave this to the BoT to answer, but, I know that the treasurer  
presents a report
at every members meeting which provides at least some high level  
details. I believe
that as a non-profit corporation, a great deal of openness is required  
for accountability
to ARIN members.

> Mr Curran, given the response you've seen from the group, and in  
> particular the argument that most CEO's or Officers of firms will  
> simply sign off on what they IT staff tells them (as they have  
> little to no understanding of the situation), can you explain what  
> exactly you are hoping to achieve by heaping on yet an additional  
> requirement to the already over burdensome process of receiving an  
> IPv4 allocation?
I can't say what Mr. Curran expects, but, here's how I see it:

1.	If an officer of the organization signs off, then, that means that  
both the
        organization and the officer personally can be held accountable for any
	fraud that is later uncovered. If the officer is an idiot, perhaps  
he'll just
	sign, but, most officers I have experience with don't do that. They  
usually
        engage in some level of verification before signing such a statement.

2.      Organizations which are submitting fraudulent requests may be less
        willing to do that when someone has to make a signed attestation under
	penalty of perjury. Especially when that person has fiduciary  
liability to
        the organization as an officer.

3.	There are lots of things people will do if they don't think there  
are potential
        consequences. A signed attestation by a corporate officer dramatically
        reduces the apparent lack of consequences to a fraudulent application.

Sure, there will always be criminals and criminals may not be bothered
by this signed attestation process. However, having it does give the  
ARIN
legal team a better shot at them as well.

I am not a lawyer and these are just my own opinions.

Owen

Attachment: smime.p7s
Description: