[arin-ppml] Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Mon Jul 22 11:17:53 EDT 2019 

Hi all,

 

I’ve been too busy to take care of all my emails  …

 

I think David and Scott captured very well my intent. The point was to clarify in the problem statement “why and when” this problem was generated.

 

Regards,

Jordi

@jordipalet

 

 

 

El 26/6/19 20:03, "ARIN-PPML en nombre de Scott Leibrand" <arin-ppml-bounces at arin.net en nombre de scottleibrand at gmail.com> escribió:

 

I agree with David, that a simple one-word change here would be best, and we should clarify the problem statement to refer to the "perverse reading" as "implicit", not "explicit".

 

I think the "actual" vs. "current" language is just a (fairly common) translation issue/misunderstanding: as I understand it, "actual" in the original proposer's native language best translates to "current" in English (and "real" translates to "actual").

 

-Scott

 

On Wed, Jun 26, 2019 at 4:35 PM David Farmer <farmer at umn.edu> wrote:

I agree with others, the problem statement needs to be simplified and clarified significantly. Furthermore, the only change in the policy text needed is to add "authroized" to the current text, as in "authorized third parties".  More provided inline;

 

On Tue, Jun 25, 2019 at 4:18 PM ARIN <info at arin.net> wrote:

On 20 June 2019, the ARIN Advisory Council (AC) accepted "ARIN-prop-275: 
Hijacking Authorization Not-intended" as a Draft Policy.

... 

Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended

Problem Statement:

When prop-254 (Clarification on IPv6 Sub-assignments), it was not 
related, neither intended, to modify the “exclusivity” criterion.

 

It is not clear to me what this paragraph is intended to mean.

 

Of course, it was not intended to provide an explicit authorization for 
incidental or transient uses of address space by third parties, which in 
fact it is a hijacking of addresses.

 

In no way is "explicit authorization" provided to do anything like hijacking a prefix by the statement called out.  At best, you could argue that "implicit authorization" is provided and that is a rather perverse interpretation of the text.

 

Explicit - stated clearly and in detail, leaving no room for confusion or doubt.

Implicit - implied though not plainly expressed.

 

However, I would argue that the whole statement implies authorization by the recipient for anything and the fix to any problems is to explicitly restrict the statement to "authorized third parties". Changing much more than that risks changing the meaning in subtle and unintended ways, and it was hard enough to agree on what we have now.

 

However, surprisingly, the resulting text (last paragraph of the NRPM 
section 2.5), after the ARIN AC editorial process, is doing that.

This policy proposal tries to fix this specific text in the NRPM section 
2.5 to avoid that misinterpretation.

 

Maybe replace the whole problem statement with;

 

ARIN-2018-4: Clarification on Temporary Sub-Assignments, could be perversely interrupted to imply the unauthorized use of a prefix "by third parties" is allowed, such as prefix hijacking. This is clearly not intended. The solution to this is to explicitly restrict the statement to "authorized third parties." 

 

Policy Statement:

Actual Text

 

This should be "Current Text", as the intent of any policy proposal is to change the "Actual Text", that is the intent is for the "New Text" to become the "Actual Text". 

 

Note that the incidental or transient use of address space by third 
parties shall not be considered a reassignment or a violation of the 
exclusive use criterion.

New Text

Note that the incidental or transient use of address space by third 
parties, within the network of the recipient organization, shall not be 
considered a reassignment or a violation of the exclusive use criterion

 

This text possibly solves prefix hijacking but probably creates new issues. However, if the original text implies prefix hijacking is permitted, it also implies unauthorized attachments to a network are permitted, and this proposed text wouldn't fix that problem.  

 

I think the "New Text" should be the following;

 

Note that the incidental or transient use of address space by authorized third parties shall not be considered a reassignment or a violation of the exclusive use criterion.

 

Timetable for Implementation: Immediate

Anything Else:

Situation in other regions: There is not equivalent explicit hijacking 
authorization in other RIRs.

 

Again I take exception to "explicit hijacking authorization", there is nothing in the entire NRPM that explicitly authorizes the hijacking of prefixes, let alone the current statement called out. I'd suggest striking this paragraph.

 

Thanks.

 

===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota   
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
=============================================== 

_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.

_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact info at arin.net if you experience any issues. 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190722/cc00c356/attachment.htm>

More information about the ARIN-PPML mailing list