[arin-ppml] Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Jimmy Hess mysidia at gmail.com
Sun Apr 28 15:13:42 EDT 2019 

On Sun, Apr 28, 2019 at 11:22 AM Marilson Mapa <marilson.mapa at gmail.com> wrote:
>
> Jordi, you're being naive by not considering the true reasons of the members of the AC.

The members of the AC doing their job  rejecting propositions which
cannot be valid policies
under the PDP.

https://www.arin.net/participate/policy/pdp/
> 3.1. Policies, not Processes, Fees, or Services
...
>ARIN’s general business processes, fees,
> and services are not within the purview of the Policy Development Process

-----
ARIN-prop-266's  language

(1) Describes "procedures that ARIN staff will use to implement the policies"
      Which a number policy cannot contain,      For example,
      a number policy cannot contain procedures such as these:
        a> ARIN will select a pool of worldwide experts....

        b> Accidental cases or those that can’t be clearly classified
as intentional, will receive a warning....

        c> [ARIN] It must therefore rely on external parties, both to
report hijacks
        c> and determine whether they are deliberate.
        d>As soon as the involved parties are identified, they will be
notified....
        e> The experts will only consider those cases which persist....

 f>        The entirety of "5.0 the expert's pool" and "6.0 procedure"
        > A call will be made, every two years, to the global
community including the requirements

         >The procedure must incorporate, at least, the following steps:....

(2)
       Describes general business processes, such as:
        > The ARIN will provide a public web-based form ....

(3)   Describes services,  which are outside the purview of number
policy, such as:
       > The tool will have a section in case of sensible information....



(2) References items which are not guidelines to be followed in number
resource management.
For example:
     >  A hijack is understood to be the announcement of routes
through BGP to third parties

     Operation of BGP protocol is not within the scope of number resource
    policies.  Number resource management policies do not determine internet
    standards, and do not decide which standards a pair of co-operating
    network operators choose to use when agreeing to interconnect
their networks.

    Interconnecting providers MAY agree to use registered numbers in some
    contexts, but not others,  for example,  they may agree that a provider
    uses certain private AS numbers  or certain IPv4 "Squat space"; however,
    at the same time,  they might agree the private AS number should be
    substituted or removed in certain contexts or propagations.

    A set of peering networks may choose not to use BGP,  or they may modify the
    standard arbitrarily;   interconnection contracts/agreements and routing
    policies are private,  and ARIN is neither a contracting party in these
    agreements,  nor a party with a legitimate interest in these agreements.

    The routing tables, FIB, RIB, and other contents of memory on a
router are the
    private proprietary property of the organization whom
administrates that router -- the
    use of assigned numbers in BGP routing data when communicating
with other routers
    and permission to promulgate announcements, etc,  and their
agreement to follow
    IETF standards and BCP regarding the origination and propagation of routes,
    Is only due to contents of the private interconnection agreements between
    co-operating network operators.


    It is within these interconnection agreements that rules should be
established
by co-operating providers within the contracts  to require conditions
that prevent
BGP Hijacking  and state that  willfully facilitating or failing to
prevent Hijacking
should be a breach of co-operating providers' Peering Terms of Service.





https://www.arin.net/participate/policy/pdp/
> 3.1. Policies, not Processes, Fees, or Services
>
> Internet number resource policies developed through the PDP describe the
> policies and guidelines to be followed in number resource management,
> not the procedures that ARIN staff will use to implement the policies.
> ARIN staff develops appropriate procedures to implement policies after
> they are adopted.
>
> Internet number resource policies are also distinctly separate from ARIN
> general business practices. ARIN’s general business processes, fees,
> and services are not within the purview of the Policy Development Process
>







> Marilson
--
-JH

More information about the ARIN-PPML mailing list