22 Feb
2020
22 Feb
'20
3:45 p.m.
Quan Zhou via 44Net <44net(a)mailman.ampr.org> wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's
happening on the AMPR/ARDC.
Thank you for your rant.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing
a prefix was assigned to me. In that case, the claimed reason is that the prefix
wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is
NOT legitimate, also denied possibility there could a bug in the portal caused this. I
have also complied with his demands on even more information including all conversations
between me and Brian regarding that the assignment. Eventually he continued to ask for
even more personal information without justification, threatening that not complying may
cause "close of account".
## Questions
1. Has all previous assignment by WB6CYT been overruled? Or am I singled out?
Previous assignments by Brian (WB6CYT) have not generally been overruled.
Brian took very seriously his duty to both make space available to real
amateur radio operations and to deny space to opportunists trying to poach
the space for commercial, personal, spam/malware or other purposes.
Many people requested assignments, and most of them received
assignments. Those assignments are and were recorded in the ARDC
portal, which was initially programmed by Chris (G1FEF), and operated and
evolved by both Brian and Chris. The data in it was supplied by
Brian, by net44 users who register to receive allocations, and by the
volunteer regional coordinators who make allocations.
Any collection of detailed allocations too complicated to fit in one
person's memory or on the back of an envelope needs a definitive register
that provides the collective memory of all the past decisions. The portal
was and remains that definitive register.
If your allocation is not in that register, then we'd need to figure out
why it isn't. The ARDC Board has access to some of Brian's stored
email, as well as backup dumps of the Portal databases, so we can do
some searching among those if needed. So far, your rant did not mention
the particular IP address allocations involved, so we have had little
information to start from.
Most allocations are made via country-based and region-based volunteer
coordinators, who all have portal accounts with permission to make
sub-allocations in their region; Brian did not have to adjudicate most
of these.
Apparently your allocation is from the China subnet, and apparently
Brian was still handling those allocations. My guess is that he did not
have a volunteer coordinator for China who both had sufficient
experience and that Brian trusted to do the job well.
2. What are the current rules on allocation now? A
snapshot of the latest version of ToS is at:
https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-se… -- It
does not requires personal information beyond ASN addresses.
The current rules on allocation have not changed. However, Brian is
no longer with us to make decisions based on years of expertise. So
anyone who would take over that job will make a number of mistakes as
they gain similar expertise. Some of those mistakes will be in
allocating addresses to requesters who don't deserve them. Some of
the mistakes will be in denying addresses to requesters who do deserve
them, or in demanding more scrutiny than is warranted when requests
are made.
An allocation of 768 IP addresses, such as yours, which has considerable
monetary value if used commercially, will naturally get more scrutiny
than a typical request for a /29 that only has 8 addresses and can't be
routed via BGP.
The Chinese agency that licenses amateur radio operators, the State
Radio Regulation of China (http://www.srrc.org.cn) does not appear to
provide an English-language portal for looking up amateur radio
licenses. This currently makes it a more manual process to verify the
license status of Chinese hams. See:
https://en.wikipedia.org/wiki/Amateur_radio_licensing_in_China
(I hope some 44net users from Asia will improve that Wikipedia page,
which is still mostly a stub page.)
3. What is G1FEF's role in the allocation, which
are the rights that ARDC holds has been delegated to this guy along.
G1FEF has been informally trying to continue providing service to
amateurs while the ARDC board and other volunteers scramble to pick up
the work that Brian was doing during his lifetime.
ARDC and G1FEF have been negotiating a contract that would specify just
what rights and powers ARDC would delegate to G1FEF, and which ARDC
would retain for exercise by its board (and eventually by a hired staff,
which we have been trying to hire the first person of). The first draft
contract was full of legalese that one side or the other didn't like,
and it also raised some more complex issues such as international
privacy practices, so we are re-drafting, consulting lawyers, and
continuing to negotiate.
4. The holding-the-ID-in-a-photo-of-you practice is
pretty common when dealing with financial institutions and websites frequently deals with
fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why
this is necessary to do it again?
People who get legacy 44.x.y.z IP addresses from 44net don't have to get
addresses from an LIR or RIR, so LIR/RIR practices don't provide any
safeguard for 44net addresses.
Our previous policy, created and enforced by Brian, was not to demand
such identity documents of everyone. But Brian did reserve the right to
ask more questions and collect more information when he encountered a
situation that he thought was questionable, and to use his own judgment
in deciding whether to make an allocation. And he sometimes consulted
with the board about how to resolve such situations.
5. Is Chris Smith, G1FEF capable of handling sensitive
personal data? He's handling data as natural person, or an legal entity that ARDC
approves?
At the moment, as a natural person; he's a volunteer. One of the issues
being negotiated in the draft contract, and with lawyers, is to what
extent ARDC will collect sensitive personal data, how it would safeguard
that data that it does collect, and to what extent ARDC will be subject
to privacy controls such as the European GDPR. These issues have been
handled informally up to the time that Brian died.
The current situation is that when Chris requests identification photos
or documents, he examines them and then deletes them after approval.
6. If there's another change, do anyone with a
allocation has to go through the same process again?
Since we haven't defined any changes yet, we also haven't decided that
issue.
I see that we already have a problem with
transparency, now we got bureaucracy? Also it's not my problem that the assignment
wasn't added to the portal.
It is fortunate that small, informal organizations still have room to
operate in today's world, and can provide positive benefits to society.
ARDC under Brian's leadership was such an organization; the board helped
him around the edges, but he was our leader, and he also did most of the
work. Now we have no leader experienced in exactly what Brian did. As
organizations grow and become more formal, the world expects a degree of
impartiality, predictability, and adherence to rules that reduces the
flexibility of the informal processes.
Quan, you are simultaneously asking that you be given the benefit of an
informal process that provided you with the allocation you claim, and
yet also asking that we provide predictable rules and adhere to them,
rather than continuing informally. There is clearly a tension between
these extremes. The ARDC board (all volunteers) and the technical
volunteers such as Chris and the regional coordinators are trying to
chart a middle course. Thank you for your help in pointing out some
of the implications of the choices we are trying to make.
It DOES seem to be your problem that the assignment wasn't added to the
portal. If your assignment was in the portal, then your allocation
would not be getting the scrutiny it is currently getting. As the
wiki says in the "Requesting a block" page:
https://wiki.ampr.org/wiki/Requesting_a_block
"You must request an amprnet block direct from the Portal. First you
must create your account at the Portal. Once you do, you must
login..."
https://wiki.ampr.org/wiki/Announcing_your_allocation_directly
"Apply for your AMPRNet allocation via the Portal. Check the Direct
box to indicate that your connection will be using a direct
announcement of the subnet (via the BGP protocol).
"Upon verification and approval, the AMPRNet administrator will
provide authorization to your ISP allowing them to announce your
allocation."
If only one of your three /24 allocations is in the portal, then how did
Brian, the very meticulous AMPRNet administrator end up providing you
with a Letter of Authorization for the others?
Best Regards,
Quan
Best regards back to you,
John Gilmore, W0GNU
ARDC board member
22 Feb
22 Feb
11:08 p.m.
John,
Some time back the concept of authenticating hams using the P12
certificates such as the ARRL's Logbook of the World was discussed on
this list. I'm bringing that up again in light of this recent issue,
and also in case you weren't around when that was discussed on this
list.
In my mind, it kind would kind of alleviate the manual scrutiny part,
as it would be the certificate issuer's responsibility. (The ARRL
typically mails a post card with a code to the license address) It
might help filter out some of the bogus requests.
Steve, KB9MWR
The Chinese agency that licenses amateur radio operators, the State
Radio Regulation of China (http://www.srrc.org.cn) does not appear to
provide an English-language portal for looking up amateur radio
licenses. This currently makes it a more manual process to verify the
license status of Chinese hams. See:
23 Feb
23 Feb
12:03 a.m.
Ja, I second with this!
Just FYI that the process is a bit different overseas, you send a mail
with scanned documents from your local post office to the AARL mailbox,
wait a few weeks and voila.
see: https://lotw.arrl.org/lotw-help/authentication/
it looks like they also accepts emails now.
Quan, BH1XQV
On 2/23/20 12:08 PM, Steve L via 44Net wrote:
John,
Some time back the concept of authenticating hams using the P12
certificates such as the ARRL's Logbook of the World was discussed on
this list. I'm bringing that up again in light of this recent issue,
and also in case you weren't around when that was discussed on this
list.
In my mind, it kind would kind of alleviate the manual scrutiny part,
as it would be the certificate issuer's responsibility. (The ARRL
typically mails a post card with a code to the license address) It
might help filter out some of the bogus requests.
Steve, KB9MWR
The Chinese agency that licenses amateur radio
operators, the State
Radio Regulation of China (http://www.srrc.org.cn) does not appear to
provide an English-language portal for looking up amateur radio
licenses. This currently makes it a more manual process to verify the
license status of Chinese hams. See:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
3:33 p.m.
On 23/02/20 16:03, Quan Zhou via 44Net wrote:
Ja, I second with this!
Just FYI that the process is a bit different overseas, you send a mail
with scanned documents from your local post office to the AARL
mailbox, wait a few weeks and voila.
see: https://lotw.arrl.org/lotw-help/authentication/
it looks like they also accepts emails now.
Yeah, the snail mail requirement of the past was a major barrier for me,
but email is doable. I'll have to consider it, since it's becoming more
likely that I'll be using LoTW for everything except logging. :)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
5:34 p.m.
On Sun, Feb 23, 2020 at 2:36 PM Tony Langdon via 44Net
<44net(a)mailman.ampr.org> wrote:
Yeah, the snail mail requirement of the past was a
major barrier for me,
but email is doable. I'll have to consider it, since it's becoming more
likely that I'll be using LoTW for everything except logging. :)
Glad I am not the only one who hasn't ever used it for its intended purpose :-)
Anyway I was thinking for sake of the coordinators peace of mind, if
the portal/request showed the requesters status as "verified"
(indicating their P12 certificate has been uploaded) , this might be
helpful.
2:58 a.m.
In the swedish part of AMPRNet, which has an agreement with ARDC to
announce its allocated adress space via the points of presence of the
Swedish University Netwok (www.sunet.se), we are working on implementing
the edugain framework, used by research and education organisations and
many public authorities all over the world, for authentication. Edugain
is based on Identity Federations
(https://wiki.geant.org/display/eduGAIN/Identity+Federations+and+eduGAIN).
We have an agreement with SSA, the Swedish national ham organisation to
use the official database for an Identity Provider authenticating hams.
Once we have this operational we will be able not only to authenticate
hams, but also be able to negotiate access to great services like
Eduroam (https://www.eduroam.org/) <https://www.eduroam.org/>, have a
model for single sign on (SSO) to all services complying with this
standard, etc.
Any ohers that are working on this?
One good method might not have to exclude another though.
Bjorn, sa0bxi
On 2020-02-23 07:08, Steve L via 44Net wrote:
John,
Some time back the concept of authenticating hams using the P12
certificates such as the ARRL's Logbook of the World was discussed on
this list. I'm bringing that up again in light of this recent issue,
and also in case you weren't around when that was discussed on this
list.
In my mind, it kind would kind of alleviate the manual scrutiny part,
as it would be the certificate issuer's responsibility. (The ARRL
typically mails a post card with a code to the license address) It
might help filter out some of the bogus requests.
Steve, KB9MWR
22 Feb
22 Feb
11:55 p.m.
Thank you for you kind explanation. I'll add some of my own for the
situation I'm facing.
On 2/23/20 4:45 AM, John Gilmore via 44Net wrote:
Previous assignments by Brian (WB6CYT) have not
generally been overruled.
Brian took very seriously his duty to both make space available to real
amateur radio operations and to deny space to opportunists trying to poach
the space for commercial, personal, spam/malware or other purposes.
Many people requested assignments, and most of them received
assignments. Those assignments are and were recorded in the ARDC
portal, which was initially programmed by Chris (G1FEF), and operated and
evolved by both Brian and Chris. The data in it was supplied by
Brian, by net44 users who register to receive allocations, and by the
volunteer regional coordinators who make allocations.
Any collection of detailed allocations too complicated to fit in one
person's memory or on the back of an envelope needs a definitive register
that provides the collective memory of all the past decisions. The portal
was and remains that definitive register.
If your allocation is not in that register, then we'd need to figure out
why it isn't. The ARDC Board has access to some of Brian's stored
email, as well as backup dumps of the Portal databases, so we can do
some searching among those if needed. So far, your rant did not mention
the particular IP address allocations involved, so we have had little
information to start from.
Maybe I can provide some insights on this.
At the time the allocation I've requested on portal was under 44.190/16,
because a) I wanted to use the prefixes for anycast, and it's not really
country bound; b) The portal says "The owner of the network you have
selected has chosen not to allow allocation requests. " even on today.
Brian asked me why I'm not requesting from the CN list, it explained and
eventually received the 44.159.66.0/23.
An allocation of 768 IP addresses, such as yours,
which has considerable
monetary value if used commercially, will naturally get more scrutiny
than a typical request for a /29 that only has 8 addresses and can't be
routed via BGP.
I can understand this, and again, I promise I will follow the ToS.
But please also understand that, the 44net assignments has leaser's
personal name all over it. It'd be very unwise to use it for commercial
purpose. It is very clear to me that those addresses are tightly tied to
my call-sign, which is also publicly linked to my name, and address.
This holds me personally liable for anything happened in the requested
prefixes.
Even though, I got rejected by several providers when trying to setup
the BGP for 44/8 prefixes. Vultr is the only one accepts my leased
prefix, and Packet did so only after that prefixes are registered on
RADb by Vultr. Smaller providers won't even take a look at LOA or RADb.
I think that everyone in the field for long enough agrees that the
internet, and routing world is rather bizarre and messy, actually it
took me great amount of courage to apply for the addresses in the first
place.
The Chinese agency that licenses amateur radio operators, the State
Radio Regulation of China (http://www.srrc.org.cn) does not appear to
provide an English-language portal for looking up amateur radio
licenses. This currently makes it a more manual process to verify the
license status of Chinese hams. See:
https://en.wikipedia.org/wiki/Amateur_radio_licensing_in_China
(I hope some 44net users from Asia will improve that Wikipedia page,
which is still mostly a stub page.)
I looked into that page, and yes, it's
lame. I will improve it asap.
At the moment, as a natural person; he's a
volunteer. One of the issues
being negotiated in the draft contract, and with lawyers, is to what
extent ARDC will collect sensitive personal data, how it would safeguard
that data that it does collect, and to what extent ARDC will be subject
to privacy controls such as the European GDPR. These issues have been
handled informally up to the time that Brian died.
The current situation is that when Chris requests identification photos
or documents, he examines them and then deletes them after approval.
My day job is an operations engineer at an incubator, and frequently
deal with compliance & abuse issues. Starting from last year, my blood
pressure gets to the rooftop every time a pm or a programmer wants to
store some photo ID, Passport, etc. in the cloud. I usually turn down
the request, and/or direct them at our legal department. The
verification process they wanted, eventually goes to some eligible
third-party that costs some serious $$$.
The example I just gave maybe applies to China only, but at least can
tell that even as an LLC., there's still too much risk to handle the PII
by ourselves.
It is fortunate that small, informal organizations
still have room to
operate in today's world, and can provide positive benefits to society.
ARDC under Brian's leadership was such an organization; the board helped
him around the edges, but he was our leader, and he also did most of the
work. Now we have no leader experienced in exactly what Brian did. As
organizations grow and become more formal, the world expects a degree of
impartiality, predictability, and adherence to rules that reduces the
flexibility of the informal processes.
Yes, I understand this, it's the part
where I appreciate in the "free
world". But today it's even harder, and the trend is likely to be even
harder to survive in the future.
Quan, you are simultaneously asking that you be given the benefit of an
informal process that provided you with the allocation you claim, and
yet also asking that we provide predictable rules and adhere to them,
rather than continuing informally. There is clearly a tension between
these extremes. The ARDC board (all volunteers) and the technical
volunteers such as Chris and the regional coordinators are trying to
chart a middle course. Thank you for your help in pointing out some
of the implications of the choices we are trying to make.
Sorry I did not realize this. Informal is good. But to my credit, the
process as G1FEF asked me to comply is as formal as applying a credit
card from my bank.
Also, as a foreign national and paypal account owner, every year, they
to the KYC again, but they just want three things, proof of address,
passport photo, and an ITIN number.
I think that he might thinks that I'm a fraudster or something worse.
It DOES seem to be your problem that the assignment wasn't added to the
portal. If your assignment was in the portal, then your allocation
would not be getting the scrutiny it is currently getting. As the
wiki says in the "Requesting a block" page:
https://wiki.ampr.org/wiki/Requesting_a_block
"You must request an amprnet block direct from the Portal. First you
must create your account at the Portal. Once you do, you must
login..."
https://wiki.ampr.org/wiki/Announcing_your_allocation_directly
"Apply for your AMPRNet allocation via the Portal. Check the Direct
box to indicate that your connection will be using a direct
announcement of the subnet (via the BGP protocol).
"Upon verification and approval, the AMPRNet administrator will
provide authorization to your ISP allowing them to announce your
allocation."
If only one of your three /24 allocations is in the portal, then how did
Brian, the very meticulous AMPRNet administrator end up providing you
with a Letter of Authorization for the others?
I believe it is best to put the /23
in the portal, fix the problem.
Anyway, it wasn't my fault that the address wasn't in portal.
Best Regards,
Quan
Best regards back to you,
John Gilmore, W0GNU
ARDC board member
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1733
days inactive
1734
days old
6 comments
5 participants
participants (5)
-
Bjorn Pehrson -
John Gilmore -
Quan Zhou -
Steve L -
Tony Langdon