[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Thu May 2 09:57:47 EDT 2019 

Hi Joe,

El 2/5/19 15:11, "Joe Provo" <ppml at rsuc.gweep.net> escribió:

    
    [see Disclaimer]
    
    On Thu, May 02, 2019 at 12:30:38PM +0200, JORDI PALET MARTINEZ via ARIN-PPML wrote:
    [snip]
    > So, you???re saying that if an ARIN member is *acting* against
    > the exclusive rights of use resources allocated to other members,
    > not by accident, and repeatedly, is just *fine* and ARIN should not
    > even remind the member that he is acting against the rules?
    
    No one says that, and your assertion that people are "with us 
    on this specific formulation of this proposal or obviously support 
    all forms of abuse" is both offensively polarizing and wildly 

I'm not native English speaker, so my wording may be not appropriate, but I don't think is difficult to interpret what I'm trying to say. It is a way of formulating a sentence with a generic assertion, and asking if "in general" you will agree or not that ARIN should act when members damage other members rights.

    incorrect. Existing process doesn't say that. Again, it is IMO 
    outside the scope of policy, and handling such is covered under 
    item 4 of the first paragraph of 
    https://www.arin.net/reference/tools/fraud_report/
    
    "This reporting process is to be used to notify the American 
     Registry for Internet Numbers, Ltd. (ARIN) of suspected Internet 
     number resource abuse [...] or (4) hijacking of number resources 
     in ARIN's database."

My reading on that is that it is only related to the "hijacking" of the database account or a similar way to alter the information, so it can be used by others. We have a similar text in RIPE as well.
    
    It seems that underlying the proposal is some form of unstated
    dissatisfaction with that process, or the public reporting of 
    results available on
    https://www.arin.net/reference/tools/fraud_report/results/
    
    Perhaps there's something specific you can cite? Or that you'd 
    be wanting to see more detail for some of the issues? Or that 
    the actions don't go far enough?

I see the reports in that public reporting is not showing the details, so it is impossible to understand those cases. Most of them are marked as "out-of-scope". Having more information may help, clearly.
    
    [snip]
    > Our goal is to have this in the 5 RIRs. If some of the regions 
    > decide not to go for it, they will have less credibility than 
    > those that go for it.
    
    Since you aren't taking this through the Global Policy process,
    you have chosen to work within the vagaries of different regional 
    processes, which exist as a natural consequence of Global Policy 
    ICP-2. I know you're specifically frustrated with these regional 
    variances, but I'd caution you to reflect upon the the floor 
    discussion from APNIC47 and overall reception for APNIC-prop-126 
    before indicating that regions who operate differently are 
    somehow "less credible".

I'm not sure to understand what is the relation here with APNIC-prop-126. I've explained in a previous email why I don't think a global policy makes sense here.
    
    Flatly, I see this as an assertion that ICP-2 doesn't apply 
    in your situation because it happens to be inconvenient to
    work through the bottom-up process appropriate for each region. 

No, it is just a matter of being practical. Global Policies take longer, it is achievable if we go for very "simple" aspects that everybody can agree and where it is easier to find a text that match everyone, such as the change for the IPv6 /23 to /12, etc.

Also, if one region fails to reach consensus, you have *nothing*. In this proposal case, if one region adopt this proposal, is better than "nothing".
    
    Again, the scope matter for this proposal is now with the board
    but IMO *all* of this is outside the PDP as it is ARIN business
    operations.  
    
    Cheers,
    
    Joe
    
    -- 
    Posted from my personal account - see X-Disclaimer header.
    Joe Provo / Gweep / Earthling 
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

More information about the ARIN-PPML mailing list