[arin-ppml] Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Owen DeLong owen at delong.com
Fri Apr 26 19:53:15 EDT 2019



> On Apr 26, 2019, at 15:46 , William Herrin <bill at herrin.us> wrote:
> 
> On Fri, Apr 26, 2019 at 1:32 PM Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
> While ARIN has a history of minimum allocation sizes in part dictated by community concerns over routing table growth, that is no longer the case. The current minimums reflect ARIN’s DNS and RPKI based limitations. 
> 
> RPKI is all about Internet routing. Though for its legal convenience rather than any consideration for ISPs, ARIN imposes limits on folks' participation in RPKI as well.

Nope… RPKI has nothing direct to do with policing internet routing.

RPKI (from an RIR perspective) is about providing a cryptographically signed assurance that the legitimate holder of a resource has asserted that said resource can be originated from a particular ASN.

Sure, the indirect intent of this is to allow the end-user to use it as part of their routing decisions, but it’s data input into that process, not policing of it.

> RDNS delegation on off-byte boundaries is a long solved problem. If ARIN's community decided we wanted IPv4 /32 assignments to be allowed, RDNS would not stand in the way.

Yes, but it’s not one solved in ARIN software as things currently stand and not one ARIN currently feels warrants the required investment to solve.

There’s also the sub /24 capability needing to be added to the entire registry management system, not just RDNS.

> Another thing to consider is that ARIN policies only apply to those entities receiving resources from ARIN and in some cases by extension to those they grant resources to through reallocation or reassignment. 
> 
> People hijacking prefixes, generally, are operating outside of those parameters to begin with, so it’s not really clear to me how such a policy provides any benefit in combatting the situation. 
> 
> Both of which are excellent things to bring up while discussing the proposal. Neither reasonably contributes to a conclusion that the proposal is out of scope. 

Nor did I say they were. I expressed my ideas why it is out of scope above. These were “even if it is considered in scope”…

> I see no way in which it provides anything but additional risk to the organization while failing to offer any actual benefit to the community. 
> 
> A conclusion I hope the community reaches after a full and fair consideration of the proposal on its merits.

A conclusion I believe the community will reach quite quickly even if the proposal is run through the process. Nonetheless, for the reasons stated previously, I still believe the proposal is out of scope.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190426/58a5fb51/attachment-0002.html>


More information about the ARIN-PPML mailing list