[arin-ppml] Board Rejects "ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation” Due to Scope

John Curran jcurran at arin.net
Fri Jul 12 12:56:30 EDT 2019 

On 12 Jul 2019, at 12:00 PM, David Farmer <farmer at umn.edu<mailto:farmer at umn.edu>> wrote:
...
To that end, looking at Route Hijacking more generically, what is it? It is announcing a route for IP addresses registered to someone else or using an ASN registered to someone else to announce routes, without the permission of the registrant. Or more simply, it is one of many ways of disrupting or interfering with a third party's use of services provided to them by ARIN. Where the service provided by ARIN, in this case, is the unique registration of IP addresses and ASNs, which is effectively the primary mission of and service provided by ARIN and the other RIRs.

David -

The problem with that reasoning is that the registrants "use of ARIN’s registration services" generally continues just fine…  i.e. they can receive additional resources, update their number resources entries, etc.  Thus, ARIN would likely face challenges in attempting to assert violation of the Prohibited Conduct clause on such a basis.
If the community really wishes that those participating in the ARIN registry commit to specific routing behavior, then such an obligation should be made quite explicit in the RSA.

For example –  "Address Holder agrees to only announce routing for its own address blocks, or those address blocks for which it has obtained permission of the registrant as listed in the Internet Number Registry System.”

It is unclear if such an obligation should exist, and I would advise the community to very carefully consider the implications that would result.

(If there were a consultation that showed significant support, then the Board of Trustees could consider recommending such an RSA change – note that the latest version of the RSA provides that ARIN may only modify the RSA in response to a specific change in the law, or after ratification by Member vote… i.e. adding such an obligation would require recommendation of the Board followed by an affirmative ballot of the ARIN Membership.)

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190712/be7745f5/attachment.htm>

More information about the ARIN-PPML mailing list