[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
hostmaster at uneedus.com
hostmaster at uneedus.com
Thu May 2 09:48:20 EDT 2019
On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
> Hi Albert,
>
> El 2/5/19 15:02, "arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com" <arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com> escribió:
>
> On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
>
> >2. CONDITIONS OF SERVICE
> >
> >(1) The exclusive right to be the registrant of the Included Number
> >Resources within the ARIN database;
> >(2) The right to use the Included Number Resources within the ARIN
> >database;
>
>
> This above kinda sums up the issue. My understanding is this language
> comes from the RSA.
>
> While the document grants the right to be the registrant and use the
> "Included Number Resources", other language stating that you cannot use
> someone elses number resources without the permission of the registrant of
> those OTHER resources is missing from the RSA. That is what needs fixing.
>
> Of course, it is not easy to amend the RSA. Therefore it is being
> advanced to add the BGP hijacking language to the NRPM, which each ARIN
> RSA signer has also agreed to follow.
>
> If the language is added to the NRPM and the hijacker is an ARIN RSA
> signer, enforcement could be up to and including the revoke of all ARIN
> resources. However, all the worldwide resources are NOT assigned to ARIN,
> therefore nothing can really be done by ARIN in these cases where the
> hijacker is NOT an ARIN member.
>
> As a result, the Advisory Committee declared it totally out of scope, even
> though it does appear in scope if the hijacking is being done by an ARIN
> RSA signer.
>
> Unless this conflict can be solved, it is out of scope, at least when it
> would be applied to non ARIN RSA signers. However, I think it is in scope
> when hijacking of ARIN assigned resources occur by an ARIN RSA signer.
>
> When a policy proposal is sent to a specific RIR, I understand that if finally, that results, thru the PDP, in a policy, will be only in scope of the members of that RIR.
>
> That's why, we have two ways of doing it:
> 1) A global policy, which requires same text reach consensus in all the 5 RIRs (and it may be more difficult and slower to achieve), or
> 2) An equivalent policy in each of the 5 RIRs, which is the path we decided for this specific policy proposal.
>
> So, I don't see a "conflict" in that aspect, just part of the process, and as you say, a proposal can't be declared out-of-scope because "it will only apply" to this or that region.
>
> When I've observed similar problems in the policy manuals of different regions, I always tried to follow the same path, and most of the time, it works, because even having different "cultures", we all work in the same Internet.
>
> Regards,
> Jordi
>
The only potential issue is that the policy adopted in each region must
apply to ALL BGP Hijacking, not just the region involved. Otherwise the
bad actors will simply choose to hijack numbers in a different region to
avoid the policy.
Also, I assume we are mostly discussing hijacking of IPv4 resources, much
of which are clearly related to their short supply. I am unaware of any
real effort currently being made to hijack IPv6 resources.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
More information about the ARIN-PPML
mailing list