Re: [sig-policy] prop-050-v002: IPv4 address transfers
On Jan 23, 2008, at 12:43 PM, Geoff Huston wrote:
Toshiyuki Hosaka wrote:
Hi Philip,
Thanks for your comment.
Philip Smith wrote:
Hi Toshi,
I certainly believe that this policy proposal needs to be
implemented if
APNIC is to remain in its position of registering the use of IPv4
address resources. As we all know, IPv4 address space is already
"bought" and "sold" commercially, so this is a first step at
actually
Are you reffering to the case of company merger of acquisition, or
actual address trading?
legitimising these transfers. Transfers without records of these
transfers makes it harder for ISPs to trust prefix announcements.
Do you think if this policy was implemented those who traded
unlegitimately would confess and register that transfer to DB?
Similarly, will those who trade the address space really declare that
under this policy?
I do not know. If you (or proposal author) have any thought on the
incentive to register it to DB from source/recipient point of view,
I would appreciate it, in order to understand this proposal's
effectiveness.
The incentive to register the transfer exists for both the source of
the
transfer and the recipient.
Hi Geoff,
One might observe that this is true for ANY and EVERY transferable
good, unique or otherwise, that might be subject to abuse or
unauthorized use at any time. However, I don't know of any case where
those self-interests alone are enough to sustain the actual practice
of consistent, complete, and timely registration. Self-interest
certainly doesn't sustain this practice in the case of automobiles (an
analogy used in another posting) -- police enforcement, transparent
signaling (i.e., various outwardly visible identifiers), and the risk
of legal consequences do that. And self interests didn't sustain
consistent, complete, and timely registration of re-RIR legacy
resources either.
No doubt some people will conclude that their interests are advanced
by registration, just as others will conclude that bilateral,
transaction-specific information sharing better serves their private
interests. Given the fact that the viability of the public
registration database could hinge on the answer, do we have any
reason for assuming ex ante why (or which) one set of incentives will
dominate the other?
For the recipient, unless the transfer is registered by the registry
the
recipient has no way of demonstrating to anyone that the address space
is now controlled by them. The registry details point to the previous
party, the source of the transfer.
Since the old registry details, where they exist at all, demonstrate
uniqueness -- albeit just not the correct unique association with the
current owner, what motivation does the new recipient have to correct
the record? If the previous address resource holder was not afflicted
by uniqueness-related concerns, is there some reason to assume that
new recipients interests favoring full, accurate, and timely
registration will always be greater than their countervailing
interests, as well as the normal human tendency to procrastinate and/
or avoid "bureaucratic" obligations whenever possible?
This means that it would be
challenging to prove to a potential upstream or peer that the address
space that is announced is really theirs to announce, and to potential
customers that the addresses that are being used are legitimate
addresses.
I think it would be interesting to assay the contents of current
routing tables based on the duration since each entry's most recent
whois update. It's an empirical question, but I'm willing to bet up
front that a large quantity of address space continues to be routed
with no obvious, recent, *public* affirmation of current ownership.
If the address space was listed in any spam black list the
lack of any change of registry details would make the task of
convincing
the BL maintainers that the status of the address has changed with the
transfer would also be harder.
What share of address space currently routed is on somebody's spam
list? Doesn't the continued presence of address space on such lists
suggest that, for some operators, it doesn't matter -- or at least is
not operationally relevant enough to inspire whatever action required
to get off such lists? Anyway, one might imagine that spammers and
other willful miscreants will be buying and selling address space too,
so spam lists are unlikely to be going away.
The recipient also has a strong motive to
prevent the source from attempting to transfer the address a second
time
to a third party.
That might incentivize the recipient to seek some change in the
registration data at the time of acquisition, but that change need not
be one that results in accurate or useful whois.
If the registry details continue to point to the
source as the current holder of the address then the source can
attempt
further transactions on the same address space, and noone is any wiser
that the transfer is fraudulent. And if the recipient ever wanted to
transfer the address at a later date, then without the registry
details
referring to them as the current address holder then subsequent
transfers would be challenging.
Assuming semi-permanent, real estate-like IPv4 market, that might
incentivize the recipient to introduce some accurate information into
the registration data at the point when a sale is contemplated, but
that incentive could still result in a whois that is only reliable for
aspiring near-tern address dealer, and s.
So as far as I can see the recipient has
a strong motive to have the transfer registered.
From the source's point of view a recognised transfer is of higher
value than an unrecognised transfer. Potential address purchasers
can be
sought openly and the value of the transfer can be realized more
effectively - i.e. the source has the ability to realize the full
current value of the transfer in an open situation.
Does this positive effect depend on accurate registration and
transaction data, or is it produced by any change in registration that
signals that the source is a potential address dealer with at least
one satisfied (but possible unknown) customer? If this signaling is so
beneficial to IPv4 address dealers, is there anything to deter them
from manufacturing artificial transactions to enhance their standing,
like some eBay sellers do now?
Many of my concerns about the transfer proposals are related to their
likely impact on the registration database, so I'd be very grateful
for help think through these questions.
Thanks,
Tom
regards,
Geoff
* sig-policy: APNIC SIG on resource management
policy *
_______________________________________________
sig-policy mailing list
sig-policy at lists dot apnic dot net
http://mailman.apnic.net/mailman/listinfo/sig-policy