Re: Why are paper LOAs still used?

[Sean Donelan <sean () donelan com>]

Also known as an cross-connect order form.

Why FAX a piece of paper?

Nobody cross-checks it, until after it goes wrong.

On Mon, 26 Feb 2024, Ren Provo wrote:
> Most important parts on the LOA are the explicit ASN, the name to be found
> in the cross-connect order portal and local contact data.  Contractors need
> that.
>
> Global networks rarely have a contact appropriate for provisioning in a
> public facing database.
>
> On Mon, Feb 26, 2024 at 14:50 Sean Donelan <sean () donelan com> wrote:
>       Authentication by letterhead?
>
>       Paper LOAs are unauthenticated documents, not worth the paper
>       they are
>       written on. Usually FAXed, which is even less authenticatable
>       (is that a
>       word?).
>
>       Prosecutors are capable of using digital documents. Do it all
>       the time
>       with echecks, credit cards, ecommerce orders and ACH payments. 
>       But LOAs
>       are typically civil disputes, not criminal, when someone
>       mistypes an IP
>       address.
>
>       They should verifiy the information in the paper LOA with a
>       registry
>       anyway.  Since LOAs have no intrinsic value, wouldn't be worth
>       the
>       prosecutors time.
>
>       Usually a salesperson or order entry clerk thinks its required
>       because
>       they've always required it.  But no one in the legal department
>       actually
>       knows what to do with a LOA or how to authenticate them.
>
>       Because carriers never authenticate LOAs.
>
>
>       On Mon, 26 Feb 2024, Matt Erculiani wrote:
>       > A paper LOA is a legally binding document, an IRR record is an
>       IRR record.
>       > Falsifying an LOA that is transmitted digitally is wire fraud
>       and can
>       > basically be handed right over to a DA for injunction and
>       prosecution.
>       >
>       > Falsifying IRR records on the other hand leaves more work for
>       the ISP's
>       > lawyers to walk a judge (and jury) through the entire purpose
>       and use of
>       > that system, as opposed to "here's a super important sheet of
>       paper that
>       > they lied on case closed". 
>       >
>       > -Matt
>       >
>       > On Mon, Feb 26, 2024 at 11:57 AM Seth Mattinen via NANOG
>       <nanog () nanog org>
>       > wrote:
>       >       Why do companies still insist on, or deploy new systems
>       that
>       >       rely on
>       >       paper LOA for IP and ASN resources? How can this be
>       considered
>       >       more
>       >       trustworthy than RIR based IRR records?
>       >
>       >       And I'm not even talking about old companies, I have a
>       situation
>       >       right
>       >       now where a VPS provider I'm using will no longer use
>       IRR and
>       >       only
>       >       accepts new paper LOAs. In the year 2024. I don't
>       understand how
>       >       anyone
>       >       can go backwards like that.
>       >
>       >       ~Seth
>       >
>       >
>       >
>       > --
>       > Matt Erculiani
>       >
>       >