[arin-ppml] Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Mike Arbrouet mike at brainiacsquad.com
Mon Apr 29 12:52:56 EDT 2019 

Can anyone (policy expert) help me out with some ambiguities regarding the selection procedures of the Expert's Pool? These clarifications are important for me to be able to make a decision on supporting/rejecting the [arin-ppml] Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation.


I understand ARIN will manage the expert's pool, which entity will make the final decision on the selection of an expert? Will it be ARIN or ARIN members?


What specific talents, body of knowledge, experiences  will someone need to be selected as an unbiased/credible expert?

Mike Arbrouet, CISSP


________________________________
From: ARIN-PPML <arin-ppml-bounces at arin.net> on behalf of Marilson Mapa <marilson.mapa at gmail.com>
Sent: Monday, April 29, 2019 10:39:23 AM
To: Jimmy Hess
Cc: ARIN-PPML List
Subject: Re: [arin-ppml] Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Jimmy Hess, that explains absolutely nothing. ARIN has a PDA that replaced the previous one on 01-14-2013. And apparently shaped to exempt the entire community from any responsibility. The management of Internet number resources in the ARIN region excludes any liability for unlawful acts by partners or customers. Rules of an entity created by the entity itself are far from credible. Being ratified by ICANN does not support, does not bless, only incorporates accomplices. Using it as an excuse not to take responsibility in the wrongful acts of your partners and customers is bad faith.
Make new PDA, be decent and fulfill your duties as citizens that are far above any own code of conduct. Or adopt a third way and be "neutral" as Mr. Albert Erdmann.
Marilson

Em dom, 28 de abr de 2019 às 16:13, Jimmy Hess <mysidia at gmail.com<mailto:mysidia at gmail.com>> escreveu:
On Sun, Apr 28, 2019 at 11:22 AM Marilson Mapa <marilson.mapa at gmail.com<mailto:marilson.mapa at gmail.com>> wrote:
>
> Jordi, you're being naive by not considering the true reasons of the members of the AC.

The members of the AC doing their job  rejecting propositions which
cannot be valid policies
under the PDP.

https://www.arin.net/participate/policy/pdp/
> 3.1. Policies, not Processes, Fees, or Services
...
>ARIN’s general business processes, fees,
> and services are not within the purview of the Policy Development Process

-----
ARIN-prop-266's  language

(1) Describes "procedures that ARIN staff will use to implement the policies"
      Which a number policy cannot contain,      For example,
      a number policy cannot contain procedures such as these:
        a> ARIN will select a pool of worldwide experts....

        b> Accidental cases or those that can’t be clearly classified
as intentional, will receive a warning....

        c> [ARIN] It must therefore rely on external parties, both to
report hijacks
        c> and determine whether they are deliberate.
        d>As soon as the involved parties are identified, they will be
notified....
        e> The experts will only consider those cases which persist....

 f>        The entirety of "5.0 the expert's pool" and "6.0 procedure"
        > A call will be made, every two years, to the global
community including the requirements

         >The procedure must incorporate, at least, the following steps:....

(2)
       Describes general business processes, such as:
        > The ARIN will provide a public web-based form ....

(3)   Describes services,  which are outside the purview of number
policy, such as:
       > The tool will have a section in case of sensible information....



(2) References items which are not guidelines to be followed in number
resource management.
For example:
     >  A hijack is understood to be the announcement of routes
through BGP to third parties

     Operation of BGP protocol is not within the scope of number resource
    policies.  Number resource management policies do not determine internet
    standards, and do not decide which standards a pair of co-operating
    network operators choose to use when agreeing to interconnect
their networks.

    Interconnecting providers MAY agree to use registered numbers in some
    contexts, but not others,  for example,  they may agree that a provider
    uses certain private AS numbers  or certain IPv4 "Squat space"; however,
    at the same time,  they might agree the private AS number should be
    substituted or removed in certain contexts or propagations.

    A set of peering networks may choose not to use BGP,  or they may modify the
    standard arbitrarily;   interconnection contracts/agreements and routing
    policies are private,  and ARIN is neither a contracting party in these
    agreements,  nor a party with a legitimate interest in these agreements.

    The routing tables, FIB, RIB, and other contents of memory on a
router are the
    private proprietary property of the organization whom
administrates that router -- the
    use of assigned numbers in BGP routing data when communicating
with other routers
    and permission to promulgate announcements, etc,  and their
agreement to follow
    IETF standards and BCP regarding the origination and propagation of routes,
    Is only due to contents of the private interconnection agreements between
    co-operating network operators.


    It is within these interconnection agreements that rules should be
established
by co-operating providers within the contracts  to require conditions
that prevent
BGP Hijacking  and state that  willfully facilitating or failing to
prevent Hijacking
should be a breach of co-operating providers' Peering Terms of Service.





https://www.arin.net/participate/policy/pdp/
> 3.1. Policies, not Processes, Fees, or Services
>
> Internet number resource policies developed through the PDP describe the
> policies and guidelines to be followed in number resource management,
> not the procedures that ARIN staff will use to implement the policies.
> ARIN staff develops appropriate procedures to implement policies after
> they are adopted.
>
> Internet number resource policies are also distinctly separate from ARIN
> general business practices. ARIN’s general business processes, fees,
> and services are not within the purview of the Policy Development Process
>







> Marilson
--
-JH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190429/2b9adfde/attachment.htm>

More information about the ARIN-PPML mailing list