[arin-ppml] Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended

David Farmer farmer at umn.edu
Wed Jun 26 19:34:55 EDT 2019 

I agree with others, the problem statement needs to be simplified and
clarified significantly. Furthermore, the only change in the policy text
needed is to add "authroized" to the current text, as in "authorized third
parties".  More provided inline;

On Tue, Jun 25, 2019 at 4:18 PM ARIN <info at arin.net> wrote:

> On 20 June 2019, the ARIN Advisory Council (AC) accepted "ARIN-prop-275:
> Hijacking Authorization Not-intended" as a Draft Policy.
>
...

> Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended
>
> Problem Statement:
>
> When prop-254 (Clarification on IPv6 Sub-assignments), it was not
> related, neither intended, to modify the “exclusivity” criterion.
>

It is not clear to me what this paragraph is intended to mean.


> Of course, it was not intended to provide an explicit authorization for
> incidental or transient uses of address space by third parties, which in
> fact it is a hijacking of addresses.
>

In no way is "explicit authorization" provided to do anything like
hijacking a prefix by the statement called out.  At best, you could argue
that "implicit authorization" is provided and that is a rather perverse
interpretation of the text.

Explicit - stated clearly and in detail, leaving no room for confusion or
doubt.
Implicit - implied though not plainly expressed.

However, I would argue that the whole statement implies authorization by
the recipient for anything and the fix to any problems is to explicitly
restrict the statement to "authorized third parties". Changing much more
than that risks changing the meaning in subtle and unintended ways, and it
was hard enough to agree on what we have now.

However, surprisingly, the resulting text (last paragraph of the NRPM
> section 2.5), after the ARIN AC editorial process, is doing that.
>
> This policy proposal tries to fix this specific text in the NRPM section
> 2.5 to avoid that misinterpretation.
>

Maybe replace the whole problem statement with;

ARIN-2018-4: Clarification on Temporary Sub-Assignments, could be
perversely interrupted to imply the unauthorized use of a prefix "by third
parties" is allowed, such as prefix hijacking. This is clearly not
intended. The solution to this is to explicitly restrict the statement to
"authorized third parties."

Policy Statement:
>
> Actual Text
>

This should be "Current Text", as the intent of any policy proposal is to
change the "Actual Text", that is the intent is for the "New Text" to
become the "Actual Text".


> Note that the incidental or transient use of address space by third
> parties shall not be considered a reassignment or a violation of the
> exclusive use criterion.
>
> New Text
>
> Note that the incidental or transient use of address space by third
> parties, within the network of the recipient organization, shall not be
> considered a reassignment or a violation of the exclusive use criterion
>

This text possibly solves prefix hijacking but probably creates new issues.
However, if the original text implies prefix hijacking is permitted, it
also implies unauthorized attachments to a network are permitted, and this
proposed text wouldn't fix that problem.

I think the "New Text" should be the following;

Note that the incidental or transient use of address space by authorized
third parties shall not be considered a reassignment or a violation of the
exclusive use criterion.


> Timetable for Implementation: Immediate
>
> Anything Else:
>
> Situation in other regions: There is not equivalent explicit hijacking
> authorization in other RIRs.
>

Again I take exception to "explicit hijacking authorization", there is
nothing in the entire NRPM that explicitly authorizes the hijacking of
prefixes, let alone the current statement called out. I'd suggest striking
this paragraph.

Thanks.

===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190626/58e80516/attachment.htm>

More information about the ARIN-PPML mailing list