[ncc-services-wg] Admin: request for "Company Registration documents"
Tom Vest tvest at pch.net
Fri Oct 14 22:17:38 CEST 2005
On Oct 14, 2005, at 1:13 PM, Randy Bush wrote: >> I was arguing that as the LIRs are the ones that (in the majority of >> the cases) submit the data to the RIPE DB, and more often are also >> listed instead of their customers (DSL blocks), and they have a >> documented relationship with the NCC, proving the identity of the LIR >> will help (partly) securing the trail to the owner of and allocated >> addressblock. In asking for the papers this does help the NCC to >> establish that trail. Which I believe is a good thing. > > what is the identity of an lir? try looking at, for example, the > issues being raised in http://www.identity20.com/media/OSCON2005/ > > randy Hi Randy, Thanks for this reference. Identity is a tool or pragmatic feature like a database key field, that makes inter-temporal associations (e.g., "recognition") and cross-referencing ("resemblance") possible. Recognition over time makes thinks like trust and reputation possible -- which in turn makes makes trust-based judgments (e.g., association vs. avoidance) easier, which in turn reduces opex (infinite safeguards, 200% advance deposits, full replacement value insurance, etc.). It's not 100% effective even in the mundane world -- nor would we want it to be (think panopticon). However it seems pretty easy to say that it "works better" -- to this particular end -- if there is a reasonably high correlation between thing-x and signaling feature (x). The OSCOM guy talks about all of the associations, experiences, and historical contingencies associated with him as if they could serve as a full and final description description of his identity. But it seems to me that *he* is the key field -- the physical guy in the middle of all of the swirl. There's nothing to hang all of those experiences/observations on if you take him out. And it's hard for me to imagine how a theory like his would have ever seemed plausible if we lived in a place like the Internet, where it's possible to jump out of one's own skin (key field) and into the skin (key field) of another existing "identity" -- or to make a completely new one up. This doesn't mean that that experiential/observational identity features have no place in the Internet, nor does it mean that we've already got the best Internet identity key field (i.e., whois and the other less visible parts of the RIR databases) possible. I just have a hard time understanding how one would be of any use at all without the other. Maybe all you really care about is long-term stable behavioral/historical identities, and you're prepared to shun the news ones and erratic ones as peers, customers, etc., until they stabilize and become familiar? But that leaves the little guys in the semi-permanent outs, and it gives the big guys permanent license -- because they can always spawn and then drop new peripheral identities when they want to do bad things. Relying exclusively on historical/ behavioral identities provides no assurance at all against false negatives (failing to recognize a bad guy) like this. Or so it seems to me. Viewed this way, aggregating and decomposing key fields and associated records doesn't seem like such an intractable dilemma. The identity of an LIR depends on what you want to know about it -- maybe in this context what we want to know is what ASNs it legitimately controls, what these are authorized to originate and announce, and how to get in touch with them when necessary. Others may want to know about explicitly observational things (frequency of flapping, bad traffic, timely bill payment, etc.) Still others might find it useful to recognize other features of the LIR to serve other purposes (e.g., for regulatory compliance, taxation, etc.). But to cohere all of these things have to have something else to hang off of -- for the LIR presumably, this is some conventional official institutional records. Wrote an article about this for ARIN, coming out any day. Apologies in advance for the usual obscurities/ambiguities, but this really is a place were ops can take a lesson from philosophy... Tom