Re: [sig-policy] prop-050-v002: IPv4 address transfers

  • To: Geoff Huston <gih at apnic dot net>
  • Subject: Re: [sig-policy] prop-050-v002: IPv4 address transfers
  • From: Tom Vest <tvest at eyeconomics dot com>
  • Date: Tue, 19 Aug 2008 11:59:20 -0400
  • Cc: Philip Smith <pfs at cisco dot com>, sig-policy at apnic dot net, Toshiyuki Hosaka <hosaka at nic dot ad dot jp>
  • Delivered-to: sig-policy at mailman dot apnic dot net
  • In-reply-to: <47977CBE.1000302 at apnic dot net>
  • List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy>
  • List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
  • List-post: <mailto:sig-policy@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=unsubscribe>
  • References: <47959381.1000602@nic.ad.jp> <479689BA.8050303@cisco.com> <47968EF2.9090300@nic.ad.jp> <47977CBE.1000302@apnic.net>
    • 
      On Jan 23, 2008, at 12:43 PM, Geoff Huston wrote:
      
      
      Toshiyuki Hosaka wrote:
      
      Hi Philip,
      
      Thanks for your comment.
      
      Philip Smith wrote:
      
      Hi Toshi,
      
      
      I certainly believe that this policy proposal needs to be implemented if
      APNIC is to remain in its position of registering the use of IPv4
      address resources. As we all know, IPv4 address space is already
      
      "bought" and "sold" commercially, so this is a first step at actually
      
      Are you reffering to the case of company merger of acquisition, or
      actual address trading?
      
      
      legitimising these transfers. Transfers without records of these
      transfers makes it harder for ISPs to trust prefix announcements.
      
      
      Do you think if this policy was implemented those who traded
      unlegitimately would confess and register that transfer to DB?
      Similarly, will those who trade the address space really declare that
      under this policy?
      
      I do not know. If you (or proposal author) have any thought on the
      incentive to register it to DB from source/recipient point of view,
      
      I would appreciate it, in order to understand this proposal's effectiveness.
      
      
      
      The incentive to register the transfer exists for both the source of the
       transfer and the recipient.
      
      
      Hi Geoff,
      
      
      One might observe that this is true for ANY and EVERY transferable good, unique or otherwise, that might be subject to abuse or unauthorized use at any time. However, I don't know of any case where those self-interests alone are enough to sustain the actual practice of consistent, complete, and timely registration. Self-interest certainly doesn't sustain this practice in the case of automobiles (an analogy used in another posting) -- police enforcement, transparent signaling (i.e., various outwardly visible identifiers), and the risk of legal consequences do that. And self interests didn't sustain consistent, complete, and timely registration of re-RIR legacy resources either.
      
      
      No doubt some people will conclude that their interests are advanced by registration, just as others will conclude that bilateral, transaction-specific information sharing better serves their private interests. Given the fact that the viability of the public registration database could hinge on the answer, do we have any reason for assuming ex ante why (or which) one set of incentives will dominate the other?
      
      
      For the recipient, unless the transfer is registered by the registry the
      recipient has no way of demonstrating to anyone that the address space
      is now controlled by them. The registry details point to the previous
      party, the source of the transfer.
      
      
      
      Since the old registry details, where they exist at all, demonstrate uniqueness -- albeit just not the correct unique association with the current owner, what motivation does the new recipient have to correct the record? If the previous address resource holder was not afflicted by uniqueness-related concerns, is there some reason to assume that new recipients interests favoring full, accurate, and timely registration will always be greater than their countervailing interests, as well as the normal human tendency to procrastinate and/ or avoid "bureaucratic" obligations whenever possible?
      
      
      This means that it would be
      challenging to prove to a potential upstream or peer that the address
      space that is announced is really theirs to announce, and to potential
      customers that the addresses that are being used are legitimate
      addresses.
      
      
      
      I think it would be interesting to assay the contents of current routing tables based on the duration since each entry's most recent whois update. It's an empirical question, but I'm willing to bet up front that a large quantity of address space continues to be routed with no obvious, recent, *public* affirmation of current ownership.
      
      
      If the address space was listed in any spam black list the
      
      lack of any change of registry details would make the task of convincing
      the BL maintainers that the status of the address has changed with the
      transfer would also be harder.
      
      
      
      What share of address space currently routed is on somebody's spam list? Doesn't the continued presence of address space on such lists suggest that, for some operators, it doesn't matter -- or at least is not operationally relevant enough to inspire whatever action required to get off such lists? Anyway, one might imagine that spammers and other willful miscreants will be buying and selling address space too, so spam lists are unlikely to be going away.
      
      
      The recipient also has a strong motive to
      
      prevent the source from attempting to transfer the address a second time
      to a third party.
      
      
      
      That might incentivize the recipient to seek some change in the registration data at the time of acquisition, but that change need not be one that results in accurate or useful whois.
      
      
      If the registry details continue to point to the
      
      source as the current holder of the address then the source can attempt
      further transactions on the same address space, and noone is any wiser
      that the transfer is fraudulent. And if the recipient ever wanted to
      
      transfer the address at a later date, then without the registry details
      referring to them as the current address holder then subsequent
      transfers would be challenging.
      
      
      
      Assuming semi-permanent, real estate-like IPv4 market, that might incentivize the recipient to introduce some accurate information into the registration data at the point when a sale is contemplated, but that incentive could still result in a whois that is only reliable for aspiring near-tern address dealer, and s.
      
      
      So as far as I can see the recipient has
      a strong motive to have the transfer registered.
      
      From the source's point of view a recognised transfer is of higher
      
      value than an unrecognised transfer. Potential address purchasers can be
      sought openly and the value of the transfer can be realized more
      effectively - i.e. the source has the ability to realize the full
      current value of the transfer in an open situation.
      
      
      
      Does this positive effect depend on accurate registration and transaction data, or is it produced by any change in registration that signals that the source is a potential address dealer with at least one satisfied (but possible unknown) customer? If this signaling is so beneficial to IPv4 address dealers, is there anything to deter them from manufacturing artificial transactions to enhance their standing, like some eBay sellers do now?
      
      
      Many of my concerns about the transfer proposals are related to their likely impact on the registration database, so I'd be very grateful for help think through these questions.
      
      Thanks,
      
      Tom
      
      
      
      
      regards,
      
        Geoff
      
      
      * sig-policy: APNIC SIG on resource management policy *
      _______________________________________________
      sig-policy mailing list
      sig-policy at lists dot apnic dot net
      http://mailman.apnic.net/mailman/listinfo/sig-policy