Colleagues
During the discussion in the DB-WG session this morning there was a
question about sub-allocations. It was asked if it could be possible
to identify when resources have been sub-allocated. Hans Petter said
it would be possible to give some indication of this. Well, sorry, but
NO. Thanks to 2023-04 it is no longer possible to identify
sub-allocations. I believe most people were so focused on making
assignments optional, no one gave any thought to the consequences of
making the simple technical change of adding the status value
'aggregated-by-lir'. As I pointed out in an email some months ago,
this has broken the database in many ways.
An LIR with an allocation can now simply split that allocation in half
and create two objects with status 'aggregated-by-lir'. The boundary
between the two aggregations does not even need to match the
boundaries of any more specific ranges. There are NO rules about using
this status. Absolutely nothing else more specific to these
aggregations needs to be documented in the RIPE Database, in any
public domain or notified to the RIPE NCC. The LIR may make a
sub-allocation of, say, a /24 below one of these aggregations. Or
maybe below both of them, crossing the boundary. You will never know
what they have done. That sub-allocation holder may sub-allocate
again. They can even sub-allocate the whole sub-allocation. Because
you do not need to create objects in the database, there is no reason
why the whole range cannot be sub-allocated. There are no rules!!! The
same block can be sub-allocated 100 times in a long chain of
downstream customers. There are no rules!!! Even if there were rules,
they would not be enforceable as no one can 'see' what is being done
with these addresses. Finally the whole block could be assigned to an
End User.
This has serious consequences to rights enforcers and law enforcement
trying to find that End User. They will never be found. As things
stand, because none of the details of this chain of downstream
customers is public information, court orders will be needed to
identify each layer. In practice this means 100 sequential court
orders, each one identifying the next link in the chain. This could
zig zag across multiple countries, multiple legal jurisdictions, in
multiple languages.The LIR does not know who the End User is. They
only know who they sub-allocated to. Only the last link in the
sub-allocation chain knows who the End User is.
This situation was created by 2023-04 and a lack of attention to
detail. We cannot allow this situation to continue. I would suggest we
create/amend a policy so that when an LIR is served a court order to
identify the (End) User of an IP address, the obligation is on the LIR
to internally follow any such chain of sub-allocations, whether it is
1 or 100, to identify the End User.
cheers
denis
========================================================
DISCLAIMER
Everything I said above is my personal, professional opinion. It is
what I believe to be honest and true to the best of my knowledge. No
one in this industry pays me anything. I have nothing to gain or lose
by any decision. I push for what I believe is for the good of the
Internet, in some small way. Nothing I say is ever intended to be
offensive or a personal attack. Even if I strongly disagree with you
or question your motives. Politicians question each other's motives
all the time. RIPE discussion is often as much about politics and self
interest as it is technical. I have a style of writing that some may
not be familiar with, others sometimes use it against me. I also have
OCD. It makes me see the world slightly differently to others. It
drives my mind's obsessive need for detail. I can not change the way I
express my detailed opinions. People may choose how to interpret them.
========================================================
