Colleagues Can I suggest another approach. Instead of having a multitude of policies for IPv4 (Allocation and Assignment, Transfer, Waiting List, etc), why don't we just write a new IPv4 policy? Take the relevant and necessary bits from all other policies and add in new bits and constraints. While we do this all allocations of IPv4 from the RIPE NCC should be immediately suspended. Then we have all the rules about IPv4 in one place. Lets face it, the NCC is never going to have huge amounts of IPv4 addresses to freely hand out again. But we also know IPv6 is not going to become the dominant variant for some time yet. So let's consolidate our position on IPv4. I would suggest that the free pool of IPv4 that the RIPE NCC has from time to time should only be used to allow new startups to enter the business. Transfers on these new startup blocks should not be allowed, ever. If the new startup business is merged or acquired by a company that already hold address space then the new startup block must be returned to the RIPE NCC. If all their addresses are in use a time period can be allowed for the merged company to buy more addresses and renumber before returning the new startup block. If the merging or acquiring company holds no address space then the new company can be allowed to keep the new startup block, but the no transfer rules still apply. This should apply to all blocks allocated in the last 1 (or 2?) years. Once you are in the business, if you need more addresses you go to the market (unfortunate but that is the reality of monetising IP addresses). All efforts should be made to prevent anyone bypassing the new rules. An amnesty should be declared to allow those who have cheated the system for profit in the last couple of years to return those addresses they are currently hoarding. I am interested in the comment by Chris Woodfield about the Micfo fraud https://www.wsj.com/articles/executive-pleads-guilty-in-internet-address-fra... This raises a number of thoughts in my mind. If there are any lawyers or LEA representatives following this thread I would love to hear your views on this. Firstly, if any of these organisations that have set up multiple LIRs to obtain IP addresses for profit are based or headquartered in the USA, can the US Department of Justice bring a similar case against them as the did against Micfo for defrauding the RIPE NCC in a similar way Micfo did with ARIN? Could a similar case be brought against organisations in any part of the RIPE region by the appropriate legal authorities? Obtaining IP addresses in this way for profit prevents new companies starting up in competition with those hoarding the addresses. Certainly in the EU and the UK there are anti competitive laws. Have these laws been broken? Can the appropriate legal authorities take action against these organisations? Maybe here it would be a test case to set a new legal precedence as the Micfo case was in the USA. This is a self regulating industry. That puts constraints on what the industry can do to protect itself and show itself to regulators that it operates in a fair and openly competitive way. I am certainly in favour of pushing boundaries here and taking strong action against organisations that are behaving in a way that damages the image and operation of the industry as a whole. People often say that the RIPE NCC is not the internet police. Maybe we need to call in the real police if laws have been broken... cheers denis co-chair DB-WG On Wed, 8 Dec 2021 at 16:14, Martin Stanislav <ms@uakom.sk> wrote:
On Wed, Dec 08, 2021 at 02:40:24PM +0000, Jim Reid wrote:
On 8 Dec 2021, at 14:12, Rick Bakker <rick@bakker-it.eu> wrote:
(e.g. just look at "Network Space Provider <no.> LTD" in the British company register). All are/were held by a single UBO.
BTW if these firms had a single ultimate beneficial owner, it would have been trivial to obscure that fact. Just register each company with different but bogus identities. CH does not check this information. Which by implication would make it hard for the NCC to check.
NCC is already spending resouces on "Know Your Customer" (KYC) efforts wrt due diligence for the quality of registration data and the sanctions.
I'm by no means trying to say this is an easy or exhilarating endeavour, or that it's possible to reuse such efforts early enough to save any v4 resources for the new entrants.
Martin
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/address-policy-wg