You're looking at an older or unpublished version: 1

Openness about Policy Violations

Summary of Proposal

The RIPE NCC is the membership organisation that manages the shared public resources of IP addresses and Autonomous System Numbers in its service region.  This proposal makes complaints about delegated resources more visible.  It also specifies a separate list that documents all reclaimed resources.

The goals are to provide more insight into the good stewardship of the RIPE NCC and to encourage assistance in stopping abuse of these shared public resources.

This proposal explicitly does not set or change any policies about assignment, allocation or revocation of these resources.

New policy text

[Following text will result in a new RIPE Policy Document “Policy Violation Reports”]

Abstract

The RIPE NCC is the membership organisation that manages the shared public resources of IP addresses and Autonomous System Numbers in its service region.  This policy makes complaints about delegated resources more visible.  It also specifies a separate list that documents all reclaimed resources.

 

1. Transparency on reported policy violations

The RIPE NCC accepts reports about Internet number resource registrations such as violation of RIPE Policies and RIPE NCC Procedures, provision of untruthful information to the RIPE NCC, bankruptcy, liquidation or insolvency of resource holders and incorrect contact information in the RIPE Database.

The existence of all such reports shall be made public. The submitter of the report will choose whether or not the contents of the report and the submitter's own identity is to be made public.

The published list of reports shall at least include:

  • Date submitted;
  • The resources the report is about;
  • A reference to the report content, if the submitter indicated that it can be made public;
  • The identity of the submitter, if the submitter indicated that it can be made public;
  • The current state.

 

The RIPE NCC will handle all such reports and update the state accordingly.

The possible states are:

  • 'new': Submitted but not being investigated yet
  • 'under-investigation': The RIPE NCC is investigating the report
  • 'closed,out-of-scope': The report is out of scope for the RIPE NCC reporting system
  • 'closed,resolved-by-holder': The resource holder has resolved any problems
  • 'closed,resources-returned': The report has led to resources being returned to the RIPE NCC
  • 'closed,no-violation': After investigation the RIPE NCC could not find any violation of policy

 

The list of reports will be published on the RIPE NCC website and in the form of a plain text file on ftp.ripe.net.  The format of the plain text file will be publicly published to facilitate automatic processing.

Reports made prior to the adoption of this policy are not to be published.

 

2. Transparency on reclaimed resources

The RIPE NCC already maintains a list of delegated resources, known as the 'stats' files or 'delegated' files.  In addition to these files the RIPE NCC will also maintain 'returned' files that lists:

  • The type of resource
  • The range of resources returned
  • The date the resources have been returned to the RIPE NCC
  • The date part or all of the resources have been re-allocated or re-assigned
  • The reason for the return

 

As the 'delegated' files show the resources that the RIPE NCC has delegated to others, so will the 'returned' files show the resources delegated or returned to the RIPE NCC.  The format of the 'returned' files will be publicly published to facilitate automatic processing.

 

The reason for resource being returned can be:

  • 'returned': Returned by the holder
  • 'contact-lost': The RIPE NCC could not contact the holder
  • 'policy-violation': Reclaimed because of a policy violation

 

The resource is marked as 'returned' when the holder voluntarily gives back resources to the RIPE NCC because they do not need those resources anymore or because a temporary assignment has ended.  Resources are marked as 'contact-lost' when the RIPE NCC cannot contact the holder of the resource, for example because the entity does not exist anymore, the contractual link with the holder, either directly or through a sponsoring LIR, is lost or the holder does not respond to inquiries or invoices.  The code 'policy-violation' is used for any kind of policy violation such as, but not limited to, contravening RIPE policies, incorrect registration in the RIPE Database, non-compliance with RIPE NCC audits, non-compliance with an arbiter ruling, falsified/incorrect information and fraudulent requests.

The content of the 'returned' file differs from the 'delegated' files in that it gives a historical overview and can therefore contain overlapping resource ranges.  For example: resources can be returned by the first holder, reallocated to a second holder and then be reclaimed again because of a policy violation by the second holder. Both the return events from the first and second holders are recorded in the 'returned' file. The re-allocation or re-assignment date field shows whether the resource has been reused after being returned to the RIPE NCC.

Rationale

a. Arguments supporting the proposal

Currently complaints about shared public resources are not visible, and neither are the results of those complaints.  This can give the impression that the RIPE NCC is not actively handling such complaints.  To show the good stewardship of the RIPE NCC and to encourage people to assist the RIPE NCC by submitting accurate complaints we think that openness is required.

 

b. Arguments opposing the proposal

It is possible that someone may submit false complaints in order to damage the good name of other organisations.  The proposers think that providing transparency will make such abuse of the reporting system less likely and if it should occur easier to identify.

 

The proposers think that providing the option to include the details of the abuse and identity of the reporter will make such abuse of the reporting system less likely, and if it should occur easier to detect.