Re: Nice work Ron

[JORDI PALET MARTINEZ via NANOG <nanog () nanog org>]

No, this is not correct. LACNIC policies, state:

1.14 Principles for Proper Administration and Stewardship
The fundamental principle is to distribute unique Internet numbering resources according to the technical and 
operational needs of the networks currently using, or that will use, these numbering resources, allowing the 
sustainable growth of the Internet.

The numbering resources under the stewardship of LACNIC must be distributed among organizations legally constituted 
within its service region [COBERTURA] and mainly *serving networks and services operating in this region. External 
clients connected directly to main infrastructure located in the region are allowed.

*“Mainly” is understood to mean more than 50%.

(https://www.lacnic.net/681/2/lacnic/)

The 50% was not there before, so I submitted a "recent" policy proposal that reached consensus, so added that to make 
sure that we have a "clear" line of what is "mainly". Note that in LACNIC the policies are in Spanish, so the English 
translation, may not be "perfect".

So clearly, a resource holder needs to "have" the majority (>50%) of the services operating in the region. I think the 
English version is not sufficiently clear on that, but the Spanish one is accurate.

Also, the only reason why, as I explained to Ron when he contacted me about this case, it takes so long to recover 
resources, is because claiming for a resource is a really terrible situation. If a RIR makes a mistake, maybe there is 
no way back, so the RIR needs to ensure that all is very well investigated and the resource-holder has sufficient 
chances to clarify the situation.

The same policy proposal (https://politicas.lacnic.net/politicas/detail/id/LAC-2019-9/language/en) also did lots of 
changes across the entire policy manual, and the most important ones are related to section 7 (resource revocation and 
return):

https://www.lacnic.net/687/2/lacnic/7-resource-revocation-and-return

(look at the Spanish version, English seems not updated)

This proposal is not fully implemented yet, because it requires "automated" checking's for the policies, which will 
take some time to get fully implemented, and may not be possible to automate it 100%. So, for example ensuring that the 
IP addresses are actually (>50%) operating in the region, will be automatically detected.

If an organization get resources, say "we have a contract in a DC in Belize" to host them, and even they probe that to 
LANIC, but after obtaining the resources, they cancel the DC contract and use the resources outside the region, LACNIC 
didn't have a way to automatically verify it. Now with this policy, once fully implemented, they will have it and they 
will get alerts so they can manually do a verification, and if needed contact with the resource holder.

Of course, in case of non-compliance, section 7.1 of the policy, gives several chances, across 3 months, so the 
resource holder can either probe that there is compliance, or if they did a "mistake" they still have the opportunity 
to correct it.

In certain cases (such as fraud in documents), the RSA has precedence, and it can mean "no opportunity" to correct the 
situation, but still, the process may take 3 months, to give opportunity to the resource holder to probe it.
 
 
Regards,
Jordi
@jordipalet
 
 

El 22/1/21 9:32, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es () nanog org en nombre 
de mohta () necom830 hpcl titech ac jp> escribió:

    Eric Kuhnke wrote:

    > Based on my cursory knowledge of offshore corporate registrations in
    > Belize, Panama and the Cayman Islands, identifying those locations which
    > are only mailboxes versus actual business office addresses should not be
    > overly complicated or difficult.

    A problem, however, is that, these days, one can perform
    real business at remote locations without actual business
    offices there.

    Moreover, as page 28 of:

        https://www.lacnic.net/innovaportal/file/1016/3/lacnic-fasciculo-infraestructura-internet-en.pdf

    says:

        REQUIREMENTS FOR OBTAINING AN IP ADDRESS BLOCK AND AN ASN

        The organization must be legally incorporated in the LACNIC
        service region.

    incorporation is enough and physical presence is *NOT* required
    by LACNIC.

    Though there may be other reasons, the article explains:

        https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

        that are supposed to be given only to entities with a
        physical presence in the region

                                                Masataka Ohta

    PS

    I'm, anyway, glad that Ron now understand that "stealing" of IP
    addresses through AFRINIC for money is a crime of fraud.





**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be 
for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, 
distribution or use of the contents of this information, even if partially, including attached files, is strictly 
prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any 
disclosure, copying, distribution or use of the contents of this information, even if partially, including attached 
files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to 
inform about this communication and delete it.