[ncc-services-wg] Admin: request for "Company Registration documents"

On Oct 14, 2005, at 1:13 PM, Randy Bush wrote:

>> I was arguing that as the LIRs are the ones that (in the majority of
>> the cases) submit the data to the RIPE DB, and more often are also
>> listed instead of their customers (DSL blocks), and they have a
>> documented relationship with the NCC, proving the identity of the LIR
>> will help (partly) securing the trail to the owner of and allocated
>> addressblock. In asking for the papers this does help the NCC to
>> establish that trail. Which I believe is a good thing.
>
> what is the identity of an lir?  try looking at, for example, the
> issues being raised in http://www.identity20.com/media/OSCON2005/
>
> randy

Hi Randy,

Thanks for this reference. Identity is a tool or pragmatic feature  
like a database key field, that makes inter-temporal associations  
(e.g., "recognition") and cross-referencing ("resemblance") possible.  
Recognition over time makes thinks like trust and reputation possible  
-- which in turn makes makes trust-based judgments (e.g., association  
vs. avoidance) easier, which in turn reduces opex (infinite  
safeguards, 200% advance deposits, full replacement value insurance,  
etc.). It's not 100% effective even in the mundane world -- nor would  
we want it to be (think panopticon). However it seems pretty easy to  
say that it "works better" -- to this particular end -- if there is a  
reasonably high correlation between thing-x and signaling feature (x).

The OSCOM guy talks about all of the associations, experiences, and  
historical contingencies associated with him as if they could serve  
as a full and final description description of his identity. But it  
seems to me that *he* is the key field -- the physical guy in the  
middle of all of the swirl. There's nothing to hang all of those  
experiences/observations on if you take him out. And it's hard for me  
to imagine how a theory like his would have ever seemed plausible if  
we lived in a place like the Internet, where it's possible to jump  
out of one's own skin (key field) and into the skin (key field) of  
another existing "identity" -- or to make a completely new one up.

This doesn't mean that that experiential/observational identity  
features have no place in the Internet, nor does it mean that we've  
already got the best Internet identity key field (i.e., whois and the  
other less visible parts of the RIR databases) possible. I just have  
a hard time understanding how one would be of any use at all without  
the other. Maybe all you really care about is long-term stable  
behavioral/historical identities, and you're prepared to shun the  
news ones and erratic ones as peers, customers, etc., until they  
stabilize and become familiar? But that leaves the little guys in the  
semi-permanent outs, and it gives the big guys permanent license --  
because they can always spawn and then drop new peripheral identities  
when they want to do bad things. Relying exclusively on historical/ 
behavioral identities provides no assurance at all against false  
negatives (failing to recognize a bad guy) like this. Or so it seems  
to me.

Viewed this way, aggregating and decomposing key fields and  
associated records doesn't seem like such an intractable dilemma. The  
identity of an LIR depends on what you want to know about it -- maybe  
in this context what we want to know is what ASNs it legitimately  
controls, what these are authorized to originate and announce, and  
how to get in touch with them when necessary. Others may want to know  
about explicitly observational things (frequency of flapping, bad  
traffic, timely bill payment, etc.) Still others might find it useful  
to recognize other features of the LIR to serve other purposes (e.g.,  
for regulatory compliance, taxation, etc.). But to cohere all of  
these things have to have something else to hang off of -- for the  
LIR presumably, this is some conventional official institutional  
records.

Wrote an article about this for ARIN, coming out any day. Apologies  
in advance for the usual obscurities/ambiguities, but this really is  
a place were ops can take a lesson from philosophy...

Tom