[sig-policy] Prop-115 returned to author for further consideration

    • To: "sig-policy at lists dot apnic dot net" <sig-policy at lists dot apnic dot net>
    • Subject: [sig-policy] Prop-115 returned to author for further consideration
    • From: Masato Yamanishi <myamanis at gmail dot com>
    • Date: Sun, 13 Sep 2015 00:15:17 +0900
    • Delivered-to: sig-policy at mailman dot apnic dot net
    • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=GkPQgq6Ke/OMwMtw31myqpM6crxtooTer5LV0xraGqM=; b=vvkqtOX5XT+YsjfcB3I1cSaipSVjiY3KtLGo3+4WV/VoPlAkC4dEaHYsxh7pBQgDr9 U4sSdYJNR+xdu0bJPqM/R8cM4w0cch7rVsfBnOV0YjpMhlJ9oGJz+InzhyLwhw7XpdwY IBY2jrEAT2bNzNRkkmSf+xRhrOxmGwUXwLmnBdf0/XIgVci5xHTpkzHK/qsD6gcRZVIx sXNa1GZhdUB6O8/LfRyXDU6GMQfGmDMrNRwoFMDUlFhvGcabj7SXbXnGxodTcFdaspXx uhg+DXQWwvwAfuSqK24mt7h5VHV8szzn5x4+rUVSbe5DwU/X7nbhrD0+idEA8nnFMe30 a93g==
    • List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy/>
    • List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
    • List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
    • List-post: <mailto:sig-policy@lists.apnic.net>
    • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
      • Dear colleagues

        Version 3 of prop-115: Registration of detailed assignment information
        in whois DB, did not reach consensus at the APNIC 40 Open
        Policy Meeting.

        The Policy SIG Chair requested the Secretariat conduct further research
        into the problem statement and returned the proposal to the authors for
        further consideration.

        Proposal details
        ----------------

        This proposal seeks to require LIRs to register accurate filtering
        information, such as IPv4 port-range information and IPv6 assignment
        prefix size.

        Proposal details, including the full text of the proposal, history, and
        links to the APNIC 40 meeting archive, are available at:

                 http://www.apnic.net/policy/proposals/prop-115

        Regards

        Masato and Sumon



        ------------------------------------------------------------------------
        prop-115-v003: Registration of detailed assignment information in
                       whois DB
        ------------------------------------------------------------------------

        Proposer:       Ruri Hiromi
                        hiromi at inetcore dot com

                        Tomohiro Fujisaki
                        fujisaki at syce dot net


        1. Problem statement
        --------------------

            Recently, there are some cases need to get IP address assignment
            information in more detail to specify user IP address.

            Without this information, operators cannot filter out specific
            address range, and it might lead to 'over-filter' (i.e. filtering
            whole ISP's address range).

            For example:

            1) 'Port' range information in IPv4

               ISPs are using 'CGN' or other kinds of IPv4 address sharing
               technology with assignment of IP address and specified port
               range to their users.

               In this case, port information is necessary to specify one user.

               ex) 192.0.2.24/32 1-256 is for HomeA
               192.0.2.24/32 257-511 is for HomeB

               or 192.0.2.0/24 1-65536 is shared address of ISP-X
               minimum size is /32

            2) address assignment size information in IPv6

               The IPv6 address assignment size may be different from ISP and
               its service estimation. Address assignment prefix size will be
               necessary.

               ex) 2001:db8:1::0/56 is for HomeA
               2001:db8:1:1::0/48 is for HomeB

               or 2001:db8:1::/36's minimum size is /56


        2. Objective of policy change
        -----------------------------

            Lots of operators look a record when harmful behavior coming to
            their network to identify its IP address confirming it can be
            filtered or not.

            The goal is providing more specific information to support these
            actions.


        3. Situation in other regions
        -----------------------------

            No same regulation/discussion can be seen in other regions.


        4. Proposed policy solution
        ---------------------------

            Provide accurate filtering information generated from whois DB.

            For IPv4, propose to add 'port range' information to IP address
            entry.

            For IPv6, propose to provide 'assignment prefix size' information
            for specific IPv6 address.


        5. Advantages / Disadvantages
        -----------------------------

        Advantages:

         - operators can set filtering by IP address based on correct assignment
           information base.

         - users who share same address space can be avoid to be including bulk
           filtering.

        Disadvantages:

         - registration rule will move to more strict manner.

         - strict watch and control in registration of database records.

         - additional record or option will be considered.

         - privilege for withdrawing detailed information will be set for these
           records.


        6. Impact on APNIC
        ------------------

            This might be beyond the scope of using whois DB and appropriate
            changes in policy document or guidance to whois DB will be needed.

            Some kind of modification cost in whois DB might be needed to set
            access privilege to the detailed information.

            Some kind of modification cost in whois DB might be needed in
            Help message/Warning/Alert when whois DB has non-privileged access.

            Some kind of promotion cost might be needed in announcing.

            Need cooperation and support from members(ISPs).

        7. Other Consideration
        ----------------------

            For the security reason, this detailed records may be able to see
            only by operators.(some kind of user control/privilege setting is
            needed)

            For hosting services, /32 in IPv4 and /128 in IPv6 registration
            should be discussed based on its operability and possibility. But a
            harmful activities to filter by IP addresses are coming from hosting
            services as well. Here it seemed to be some demands.

            Some ISP use IRR DB to notice their filter policy towards BGP
            community with "remarks" filed in aut-num record. Need more
            discussion among APNIC members on using whois DB versus IRR DB.

            Start a pilot project for research its demands and effectiveness
            in APNIC region. APNIC is a worthy body to lead this pilot project.

            There are some opinions that it is not suitable to handle those
            issues at the Internet Registries (IRs), but we think it should be
            registered in the IRs database since that is part of assignment
            information.

        References
        ----------

            TBD