[ISN] The Impending Internet Address Shortage

From: InfoSec News (alerts@private)
Date: Mon May 21 2007 - 22:35:13 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=199700668

By Thomas Claburn
InformationWeek
May 21, 2007 

The coming shortage of Internet Protocol addresses on Monday prompted 
the American Registry for Internet Numbers (ARIN) to call for a faster 
migration to the new Internet Protocol, IPv6.

The current version of the Internet Protocol, IPv4, allows for over 4 
billion (2^32) Internet addresses. Only 19% of the IPv4 address space 
remains. Somewhere around 2012-2013, the last Internet address bloc will 
be assigned and the Internet will be full, in a manner of speaking.

"We must prepare for IPv4's depletion, and ARIN's resolution to 
encourage that migration to IPv6 may be the impetus for more 
organizations to start the planning process," said John Curran, chairman 
of ARIN's Board of Trustees, in a statement.

IPv6 promises some 16 billion-billion possible addresses (2^128).

IP numbers are used to route traffic around the Internet. They're not 
the same thing as Internet domain names, which get mapped to IP numbers 
through the Domain Name System (DNS) because it's much easier to 
remember "Amazon.com" than "72.21.203.1."

"Unless action is taken now, a quiet technical crisis will occur, not 
unlike Y2K in its complications, but without a fixed date or high level 
public attention," wrote Stephen M. Ryan, a partner at McDermott Will & 
Emery LLP and ARIN general counsel, and Raymond A. Plzak, CEO and 
president of ARIN, in a forthcoming policy paper.

Ryan and Plzak foresee potential legal problems arising as address 
scarcity leads to a new black market in IP numbers.

IP numbers are not, like Internet domain names, seen as property by U.S. 
courts as a consequence of Gary Kremen's litigation to recover the 
Sex.com domain. In the course of that dispute, Kremen in 2001 was 
awarded the assets of an ISP that defendant Stephen Cohen had acquired, 
which included IP numbers.

Kremen then engaged in litigation with ARIN to obtain his IP numbers 
without signing the ARIN registration service agreement. In essence, he 
claimed ownership rights in the IP numbers rather than the more limited 
set of rights governed by ARIN's contract. The U.S. District Court in 
San Jose, Calif. rejected Kremen's claim last year, upholding ARIN's 
regulatory power over IP numbers.

But a number of companies, organizations, and individuals hold IP 
numbers that predate ARIN's arrival on the scene in 1997. Holders of IP 
address blocs awarded during the Internet's early days may be sitting on 
a gold mine. Because they're not bound by an ARIN contract, they're 
theoretically free to sell their IP numbers. They haven't done so 
because, among other things, there's no money in it at the moment. But 
if the IPv6 migration continues to lag and IP addresses become scarce, 
holders of legacy IP address blocs could find it profitable to sell 
their numbers.

"The characteristics of such a market are yet to form," said Ryan and 
Plzak in their paper, Legal and Policy Aspects of Internet Number 
Resources. "It could, for example, result in delivering 'windfall' 
profits to those who early on obtained legacy address blocs. Corporate 
assets will instantly be more valuable if they have such blocs as 
'assets.'"

Karl Auerbach, former member of the board of directors of ICANN, former 
Cisco researcher, CTO of InterWorking Labs, and an attorney, happens to 
be someone who obtained a legacy IP bloc back when Professor Jon Postel 
ran the Internet.

"I've had people who want to acquire my spaces, some for some pretty 
hefty amounts," Auerbach said in an e-mail, noting than the legal status 
of IP numbers remains muddy. "Those deals fell through due to 
uncertainty about whether routing ISPs would honor the deal and accept 
routing announcements. Without the cooperation of the ISPs, an attempt 
to transfer space can be futile."

Auerbach said he has loaned IP address numbers to friends on a 
short-term basis. "But that kind of thing is from the spirit of the 
Internet of the '70s and '80s but certainly not the commercialized Net 
of today," he explained. "But don't 'cha think that in many ways the old 
ways are a nice residual from a more halcyon and more cooperative era?"

As for making a legitimate market for IP address space, Auerbach 
supports the idea. He also agrees that IPv6 transition won't be easy.

One controversial method for dealing with the IP address shortage has 
been the increasing use of Network Address Translation (NAT), which 
effectively creates a private network within a given IP address.

"The issue of NATs has been under appreciated -- they are awful things 
that cause great trouble," Auerbach said. "But we've learned to live 
with 'em and new protocols are even being designed in anticipation of 
NATs. So perhaps the Net of the future might evolve as an IPv4 public 
mesh connecting private spaces behind NATs. For that we have enough IPv4 
space for decades. That scenario runs into trouble when those private 
spaces try to directly interconnect. But, like Scarlett O'Hara, most of 
us will think about that tomorrow."


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 21 2007 - 22:42:39 PDT