[arin-ppml] Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended

Scott Leibrand scottleibrand at gmail.com
Wed Jun 26 20:02:33 EDT 2019 

I agree with David, that a simple one-word change here would be best, and
we should clarify the problem statement to refer to the "perverse reading"
as "implicit", not "explicit".

I think the "actual" vs. "current" language is just a (fairly common)
translation issue/misunderstanding: as I understand it, "actual" in the
original proposer's native language best translates to "current" in English
(and "real" translates to "actual").

-Scott

On Wed, Jun 26, 2019 at 4:35 PM David Farmer <farmer at umn.edu> wrote:

> I agree with others, the problem statement needs to be simplified and
> clarified significantly. Furthermore, the only change in the policy text
> needed is to add "authroized" to the current text, as in "authorized third
> parties".  More provided inline;
>
> On Tue, Jun 25, 2019 at 4:18 PM ARIN <info at arin.net> wrote:
>
>> On 20 June 2019, the ARIN Advisory Council (AC) accepted "ARIN-prop-275:
>> Hijacking Authorization Not-intended" as a Draft Policy.
>>
> ...
>
>> Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended
>>
>> Problem Statement:
>>
>> When prop-254 (Clarification on IPv6 Sub-assignments), it was not
>> related, neither intended, to modify the “exclusivity” criterion.
>>
>
> It is not clear to me what this paragraph is intended to mean.
>
>
>> Of course, it was not intended to provide an explicit authorization for
>> incidental or transient uses of address space by third parties, which in
>> fact it is a hijacking of addresses.
>>
>
> In no way is "explicit authorization" provided to do anything like
> hijacking a prefix by the statement called out.  At best, you could argue
> that "implicit authorization" is provided and that is a rather perverse
> interpretation of the text.
>
> Explicit - stated clearly and in detail, leaving no room for confusion or
> doubt.
> Implicit - implied though not plainly expressed.
>
> However, I would argue that the whole statement implies authorization by
> the recipient for anything and the fix to any problems is to explicitly
> restrict the statement to "authorized third parties". Changing much more
> than that risks changing the meaning in subtle and unintended ways, and it
> was hard enough to agree on what we have now.
>
> However, surprisingly, the resulting text (last paragraph of the NRPM
>> section 2.5), after the ARIN AC editorial process, is doing that.
>>
>> This policy proposal tries to fix this specific text in the NRPM section
>> 2.5 to avoid that misinterpretation.
>>
>
> Maybe replace the whole problem statement with;
>
> ARIN-2018-4: Clarification on Temporary Sub-Assignments, could be
> perversely interrupted to imply the unauthorized use of a prefix "by third
> parties" is allowed, such as prefix hijacking. This is clearly not
> intended. The solution to this is to explicitly restrict the statement to
> "authorized third parties."
>
> Policy Statement:
>>
>> Actual Text
>>
>
> This should be "Current Text", as the intent of any policy proposal is to
> change the "Actual Text", that is the intent is for the "New Text" to
> become the "Actual Text".
>
>
>> Note that the incidental or transient use of address space by third
>> parties shall not be considered a reassignment or a violation of the
>> exclusive use criterion.
>>
>> New Text
>>
>> Note that the incidental or transient use of address space by third
>> parties, within the network of the recipient organization, shall not be
>> considered a reassignment or a violation of the exclusive use criterion
>>
>
> This text possibly solves prefix hijacking but probably creates new
> issues. However, if the original text implies prefix hijacking is
> permitted, it also implies unauthorized attachments to a network are
> permitted, and this proposed text wouldn't fix that problem.
>
> I think the "New Text" should be the following;
>
> Note that the incidental or transient use of address space by authorized
> third parties shall not be considered a reassignment or a violation of the
> exclusive use criterion.
>
>
>> Timetable for Implementation: Immediate
>>
>> Anything Else:
>>
>> Situation in other regions: There is not equivalent explicit hijacking
>> authorization in other RIRs.
>>
>
> Again I take exception to "explicit hijacking authorization", there is
> nothing in the entire NRPM that explicitly authorizes the hijacking of
> prefixes, let alone the current statement called out. I'd suggest striking
> this paragraph.
>
> Thanks.
>
> ===============================================
> David Farmer               Email:farmer at umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190626/b585eb08/attachment.htm>

More information about the ARIN-PPML mailing list