On Jan 23, 2008, at 12:43 PM, Geoff Huston wrote:
Toshiyuki Hosaka wrote:Hi Philip, Thanks for your comment. Philip Smith wrote:Hi Toshi,I certainly believe that this policy proposal needs to be implemented ifAPNIC is to remain in its position of registering the use of IPv4 address resources. As we all know, IPv4 address space is already"bought" and "sold" commercially, so this is a first step at actuallyAre you reffering to the case of company merger of acquisition, or actual address trading?legitimising these transfers. Transfers without records of these transfers makes it harder for ISPs to trust prefix announcements.Do you think if this policy was implemented those who traded unlegitimately would confess and register that transfer to DB? Similarly, will those who trade the address space really declare that under this policy? I do not know. If you (or proposal author) have any thought on the incentive to register it to DB from source/recipient point of view,I would appreciate it, in order to understand this proposal's effectiveness.The incentive to register the transfer exists for both the source of thetransfer and the recipient.
Hi Geoff,One might observe that this is true for ANY and EVERY transferable good, unique or otherwise, that might be subject to abuse or unauthorized use at any time. However, I don't know of any case where those self-interests alone are enough to sustain the actual practice of consistent, complete, and timely registration. Self-interest certainly doesn't sustain this practice in the case of automobiles (an analogy used in another posting) -- police enforcement, transparent signaling (i.e., various outwardly visible identifiers), and the risk of legal consequences do that. And self interests didn't sustain consistent, complete, and timely registration of re-RIR legacy resources either.
No doubt some people will conclude that their interests are advanced by registration, just as others will conclude that bilateral, transaction-specific information sharing better serves their private interests. Given the fact that the viability of the public registration database could hinge on the answer, do we have any reason for assuming ex ante why (or which) one set of incentives will dominate the other?
For the recipient, unless the transfer is registered by the registry therecipient has no way of demonstrating to anyone that the address space is now controlled by them. The registry details point to the previous party, the source of the transfer.
Since the old registry details, where they exist at all, demonstrate uniqueness -- albeit just not the correct unique association with the current owner, what motivation does the new recipient have to correct the record? If the previous address resource holder was not afflicted by uniqueness-related concerns, is there some reason to assume that new recipients interests favoring full, accurate, and timely registration will always be greater than their countervailing interests, as well as the normal human tendency to procrastinate and/ or avoid "bureaucratic" obligations whenever possible?
This means that it would be challenging to prove to a potential upstream or peer that the address space that is announced is really theirs to announce, and to potential customers that the addresses that are being used are legitimate addresses.
I think it would be interesting to assay the contents of current routing tables based on the duration since each entry's most recent whois update. It's an empirical question, but I'm willing to bet up front that a large quantity of address space continues to be routed with no obvious, recent, *public* affirmation of current ownership.
If the address space was listed in any spam black list thelack of any change of registry details would make the task of convincingthe BL maintainers that the status of the address has changed with the transfer would also be harder.
What share of address space currently routed is on somebody's spam list? Doesn't the continued presence of address space on such lists suggest that, for some operators, it doesn't matter -- or at least is not operationally relevant enough to inspire whatever action required to get off such lists? Anyway, one might imagine that spammers and other willful miscreants will be buying and selling address space too, so spam lists are unlikely to be going away.
The recipient also has a strong motive toprevent the source from attempting to transfer the address a second timeto a third party.
That might incentivize the recipient to seek some change in the registration data at the time of acquisition, but that change need not be one that results in accurate or useful whois.
If the registry details continue to point to thesource as the current holder of the address then the source can attemptfurther transactions on the same address space, and noone is any wiser that the transfer is fraudulent. And if the recipient ever wanted totransfer the address at a later date, then without the registry detailsreferring to them as the current address holder then subsequent transfers would be challenging.
Assuming semi-permanent, real estate-like IPv4 market, that might incentivize the recipient to introduce some accurate information into the registration data at the point when a sale is contemplated, but that incentive could still result in a whois that is only reliable for aspiring near-tern address dealer, and s.
So as far as I can see the recipient has a strong motive to have the transfer registered. From the source's point of view a recognised transfer is of highervalue than an unrecognised transfer. Potential address purchasers can besought openly and the value of the transfer can be realized more effectively - i.e. the source has the ability to realize the full current value of the transfer in an open situation.
Does this positive effect depend on accurate registration and transaction data, or is it produced by any change in registration that signals that the source is a potential address dealer with at least one satisfied (but possible unknown) customer? If this signaling is so beneficial to IPv4 address dealers, is there anything to deter them from manufacturing artificial transactions to enhance their standing, like some eBay sellers do now?
Many of my concerns about the transfer proposals are related to their likely impact on the registration database, so I'd be very grateful for help think through these questions.
regards, Geoff* sig-policy: APNIC SIG on resource management policy *_______________________________________________ sig-policy mailing list sig-policy at lists dot apnic dot net http://mailman.apnic.net/mailman/listinfo/sig-policy