[arin-ppml] Board Rejects "ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation” Due to Scope
jcurran at arin.net
Sat Jul 13 19:04:36 EDT 2019
On 13 Jul 2019, at 2:23 PM, JORDI PALET MARTINEZ <jordi.palet at consulintel.es<mailto:jordi.palet at consulintel.es>> wrote:
Resources, are provided to the members for their own use or the use (authorized) of their customers. It doesn’t make sense at all to have unique registration if there is not such exclusivity.
That’s correct, but that right of exclusive use is with respect to ARIN’s registry. We don’t provide any rights with regard to routing of IP address blocks, since it is up to each ISP to determine what routing it originates and accepts.
One more consideration, that may be different in the US/Canada law (or other countries covered by ARIN, and that’s why it makes sense to make it explicit). In Spain, there is a clear rule, even if is not in explicitly stated in the bylaws, of any membership organization: Members can’t act against other members in the scope of the membership rights.
Is that the same in US/Canada ? Or should we add an explicit text, if not already in the bylaws, in the RSA or policies, to state that?
This way, non-accidental violation of other members rights (regarding to unique and exclusive registration and use of the resources) will be clearly declared as prohibited conduct.
Jordi - We’ve actually covered this same question previously – the rights provided by ARIN are only with respect to ARIN’s registry and services.
No one is prohibited by law (or by agreement with ARIN) from configuring any IP address block in their routes or announcing any IP address block to other ISPs – it is the business practices of ISPs that generally frown on parties announcing routes for address blocks not theirs and absent the permission of the proper address holder, but that’s not a matter of law and doing so doesn’t violate ARIN’s RSA.
I definitively think we should have that consultation. Authors of prop-266 never wanted to create routing rules. The goal has always been to make sure that the unique resources use right are recognized and defended.
The rights that one receives upon issuance are indeed recognized and are vigorously defended, but those rights are only with respect to ARIN’s registry and services.
I will also be fine if ARIN community decides as part of that, not to take actions, just to declare that there has been a violation, so the victims can use that outside ARIN in a legal claim. I think this will be very useful in courts. Now, there is nothing that courts can “look at”, because RSA and policies, don’t have a clear wording.
There’s no legal infringement at present (at least with respect to ARIN and its agreements) so there is no legal recourse to be sought. If someone attempts to inappropriately obtain/hijack an address block in the ARIN registry, that is something contrary to our agreements and we will pursue remedies.
ARIN is a Internet number registry – we administer the registry on behalf of the community; we don’t control or administer the Internet routing system.
I think we all agree on that, but as said before, only registration of resources without a clear declaration that they are meant for the exclusive use of the resource-holder or its authorized parties, is not congruent.
It is quite congruent, once you realize that ARIN cannot provide rights to that which it does not control, so “exclusive use” granted is solely with respect to the ARIN registry.
If the ARIN members wish to change the RSA so that parties using the ARIN Registry also commit to only announcing routing for their own address blocks (and those address blocks for which they has obtained permission), then it would be possible to provide ARIN address holders the particular assurance that you seek - i.e. that no other ARIN registrant will announce routes into the public Internet for your assigned address blocks. Such an assurance cannot presently be made, since ARIN has no control over the public Internet and no terms in our customer agreements regarding the routing that they can/cannot do.
President and CEO
American Registry for Internet Numbers
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML