Well, we keep replying and getting no closer really.
They keep saying what current RIPE policy is, and that according to current RIPE policy the current policy applies to old assignments as well.
However they continue to refuse to explain any legal mechanism by which our customer is subject to RIPE policies in the first place (current or old).
Even if the customer agreed to RIPE policy back in 2003 it is not clear that the policy they agreed at the time bound them to newer policies. i.e. that the 2003 policy allowed for unilateral changes to policy later.
I suspect that at the end of the day it will just be simple blackmail - my customer having to sign under the duress of a threat to disconnect their Internet.
We'll keep trying to get a straight answer out of them. They could at least have the courtesy to admit that it is just blackmail and not pretend that their policies apply by magic.
RIPE still squirming over PI
Subscribe to: Post Comments (Atom)
Companies bad at banking
I was discussing with a colleague the other day how so many companies are so bad with banking. In some ways we have been lucky, but to be fa...
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
Which policies? what in particular are the RIPE NCC asking your customer to do?ReplyDelete
Sorry, as per previous post and subject - signing a contract for PI space that was assigned back in 2003.ReplyDelete
They can't explain why they have to enter in to a contract other than it being "policy", which they cannot explain why the policy applies to them.
The particular irony here is that, I believe, RIPE want a contract so that it is clear that RIPE policies apply. Without a contract the policies have no legal force over the assignee. But they are saying they have to sign a new contract because it is policy that they have to - a policy that has currently no legal force over our customer.ReplyDelete
i.e. if they have the power to force a new contract to be signed then would not need a new contract to be signed!
I don't think RIPE have any legal force whatsoever. What they do is done by mutual cooperation and thats all. You and anybody else are free to not comply and even assign your own address space if you like. Indeed, if you can get people to accept your advertisements you can get your own address space onto the net and use it. It happens all the time, though usually by accident ;-)ReplyDelete
So when you have a co-operative society then all you have to force compliance is really blackmail and extortion and even then the application of this requires community cooperation.
What do you believe "legal" to represent in this case? under which law do you believe the customer has a right to these resources?ReplyDelete
Well, RIPE did assign then, under policies applicable in 2003. What right do they have to enforce no policies.ReplyDelete
As leighporter says, it is all co-operation. So pulling the rug out later is not really on.
It seems there is nothing stopping RIPE saying all PI space is now £1000 EU a year...
That can't be right.
So in some ways a contract is a good thing.
However, they need to accept and even be open about the fact they are only forcing a contract by blackmail - by threatening to remove route records on which the customer relies. If that is what they are doing, don't pretend otherwise.
If the original assignment was legally subject to RIPE policies in 2003, and those policies agreed by the customer allow RIPE to change policies and impose new policies at a later date - why don't they say so?ReplyDelete
If that is not the case, what gives them any right to change policies previously agreed? Apart from blackmail?
The RIPE NCC (who, I assume are the cause of your troubles here) implement the policy of the RIPE community (i.e, people like *you*), in the case of addressing, specifically the RIPE Address Policy Working Group (http://www.ripe.net/ripe/groups/wg/ap, a forum you are more than welcome to join ).ReplyDelete
The troublesome policy of which you speak I'm guessing is RIPE-452 (http://www.ripe.net/ripe/docs/ripe-452) which was proposed in 2007 (http://www.ripe.net/ripe/policies/proposals/2007-01) and accepted by the community in its final form, a year later in 2008. The objective of the policy is to ensure the RIPE NCC can "confirm that the End User exists, continues to exist and that they continue to fulfil their obligations to comply with the original assignment conditions".
The implementation of this policy into RIPE-452 has not been an easy one and additional resource was predicted to be added to the NCC Registration Services dept (where the hostmasters live) to deal with the increased administration associated with this. Also, in order to meet the goals of the policy (correctness) and to cover somewhat the additional administrative overhead created by the implementation of the policy, the RIPE NCC introduced nominal charging into the charging scheme from then onwards.
The "contract" of which you speak is between the end user (your customer) and the sponsoring registry (you), all the NCC want is to see that such a contract exists between the two of you, and that it affirms to the End User that their use of the space is goverened by the policies of the RIPE community (as implemented by the RIPE NCC).
Since the first phase of the implementation commenced in 2009 (http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/model-independent-assignment-request-and-maintenance-agreement-now-available) , the NCC have made attempts to contact all involved parties regarding a particular assignment. This may mean your customer had been aware for up to two years prior to today, even if you were not.
- If you don't like the policy, get involved in ap-wg and change it
- If you don't like the NCC's implementation of the policy, feel free to take this to the members-discuss list (http://lists.ripe.net/pipermail/members-discuss/) and take it from there.
Thanks for that, and I appreciate RIPE is a membership organisation and we are members. Our customers are not members.ReplyDelete
You too seem to miss the point - you quote a new policy which is there to try and ensure the assignee (our customer) is in fact bound by the policy. You even say it is to affirm the end user is governed by the RIPE policies!
That kind of admits that they are not currently bound by the RIPE policies.
Which kind of means the current policy cannot be used as a means to force them to do something such as enter in to a contract.
RIPE NCC are basically saying they have to because it is policy that they have to but fail to see that the policy they quote is not one they are bound by or were even in a position to influence in any way.
It is chicken and egg. If they were bound by the policies as RIPE NCC seem to think, then the policy to make them bound by the policies (using a contract) would not be needed!
So, all RIPE can do to force the issue is indeed blackmail them by threatening to take away what they gave them originally and in a way that was not even in the policy at the time they got the assignment. I.e. even if the customer actually agreed to the policy at the time (2003) did they agree to RIPE being able to unilaterally change it and apply it - I think not, but RIPE NCC cannot seem to confirm that either way.
So they are forced to enter in to a contract under duress, not because any law or contract or even a policy which they agreed to says so, but because RIPE NCC can pull their internet connection in effect (indirectly).
That is just wrong, IMHO.
And if the threat of disconnecting their internet is duress then the contract then do enter in to is not enforceable anyway so it is pointless.
>Our customers are not members.ReplyDelete
No, but unless they have ERX space (http://www.ripe.net/lir-services/resource-management/erx) which existed before the NCC was established, or have space from another Regional Internet Registry, their applications would have been enshrined in policy since at least 1992, when RIPE-65 was written (http://www.ripe.net/ripe/docs/ripe-065) .
>And if the threat of disconnecting their internet is duress
This is a system which the community sets policy for, anybody can get involved in this policymaking, including your customer (who should have been notified some time ago, this shouldn't be a sudden and urgent issue for them). If the contractual paperwork, (which, IMHO acts merely to clarify, not state) is not provided and the procedure not followed, then the NCC will de-register the resource and ask for it to be removed from the database (and ISPs like you will filter it).
This is still missing the point - anyone can make any policies they like for anything and say they apply.ReplyDelete
If the RIPE policies at the time they assigned this PI (which looks like 2003) in some way are enforceable - perhaps by some contract formed when the application was sent, then that means there is a contract and we don't need to force them to enter a new one.
If there was not something in place to force them to adhere to the policies, including allowing RIPE to change those in future (as they have done), then we do need contracts for PI, but also there is no enforcement of those old policies to force people to ever contracts.
RIPE NCC have been asked why the end user has to enter a contract now, and they keep stating it is policy and what the policy is, as if the policy somehow "applied" to the customer in some way.
I suspect that there would not be this discussion if RIPE NCC stopped trying to suggest that they are bound by these current policies which require the contract, and started to be honest that the reason is simple blackmail - that RIPE NCC will indirectly stop their internet working if they don't. That would at least be honest.
That is, unless, the current policy does somehow "apply", which if it is the case then no contract is in fact needed. I think the fact a contract is wanted proves one does not exist already meaning the policy does not in fact apply to the end user.
The far bigger picture here is how (and why) one changes from a simple non contractual co-operative environment to one that is based on contracts and agreements. That is a problem to manage as a transition, and may not even be the right thing. Of course, if you do start changing to a contractual arrangement one starts asking why a dutch company controls UK ISPs and not a UK company?! Or what ICANN control all domains. etc. etc.
All good fun!
I'm glad we have an EU company controlling EU ISPs, instead of it all still being run out of the USA.ReplyDelete
Shit, I must have missed by dose of the Daily Mail this week!
Revk, your last points are extremely valid and up-to-date:ReplyDelete
"That is a problem to manage as a transition, and may not even be the right thing."
Indeed, may not be the right thing, but the active policy community is pretty small with all that means.
The mere fact that it is an open community and an open process (a very good thing!) *does not* transfer the complete authority to it, to create any policy imaginable, for example. (If the AP-WG agreed to shut down the Internet tomorrow, I'm not sure the affected people who's not part of the AP-WG would agree it's such a good idea.)
"Of course, if you do start changing to a contractual arrangement one starts asking why a dutch company controls UK ISPs and not a UK company?!"
Very valid point. This gets even more messy with an deployed and enforced single-trust hierarchy/root RPKI (some time in a dystopian future):
Why does a dutch company, let alone the dutch legal system, control the entire European and Middle Eastern Internet infrastructure?
Mark my words in saying this is far from a done deal. :-)
As for your being bullied by the NCC, it seems to me like the Internet at large would be well served by an addressing infrastructure with a lot less enforcement capabilities to go rogue (ie, contrasting common sense legal systems).
More distribution is required.
Thanks, and it sounds like someone is seeing my points.ReplyDelete
In this individual case the customer has no choice but to comply, and yes it is bullying from RIPE NCC. I just wish they realised and acknowledged that this is what they are doing.
Found this while looking for "ripe-452 legal" on the big G. Since that now hit me, with IP addresses received in 1993, I'm curious how this story went; did your customer signed this "agreement" RIPE NCC wants to force one to sign?ReplyDelete
I kind of agree that asking for signing a policy under the thread of disconnection smells more like Mafia than Community; in my case I'm rather sure RIPE policies even as of 1993 don't apply as I never contacted RIPE. I've asked for legal proof that my ressources do fall under their policy making powers, now I'm waiting for the next reply. I actually pity the people that have to deal with it ...
I'll be interested to see how that pans out. The issue, of course, is that they hold that cards. No contract means they could stop publishing a route record for that IP even if you do still technically "own" it, and that makes your ownership useless. Very annoying.Delete
As said, I'm waiting for there reply to the question on the legally binding agreements, and then I most likely will seek legal counsel. It's not the basic idea of ripe-452 that pisses me of; I'm totally fine to agree on giving that space back if I don't have a use for it anymore. But the way me was approached, well, did not help actually. This allocation was done two years before RIPE NCC made the differentiation between PI and PA, and it was done not even by the RIPE NCC. Now, 20 years later, I'm "blackmailed" to sign a contract that will automatically update to all new policies and to pay 50 EUR/y for the routing entry. Hmm.Delete