[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Nicolas Antoniello nantoniello at gmail.com
Thu May 2 11:33:58 EDT 2019


Jordi,

As I´ve mentioned @ LACNIC discussions regarding this policy: the existence
of a statement in ARIN policy manual saying that something like this is
"bad" is not going to make anyone go to do it in another place. And so,
it's not going to prevent any BGP bad practice (not the ones made on
purpose neither the accidental ones).

Regards,
Nicolas



El jue., 2 de may. de 2019 a la(s) 09:03, JORDI PALET MARTINEZ via
ARIN-PPML (arin-ppml at arin.net) escribió:

>
>
> El 2/5/19 15:50, "hostmaster at uneedus.com" <hostmaster at uneedus.com>
> escribió:
>
>
>
>     On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
>
>     > Hi Albert,
>     >
>     > El 2/5/19 15:02, "arin-ppml-bounces at arin.net en nombre de
> hostmaster at uneedus.com" <arin-ppml-bounces at arin.net en nombre de
> hostmaster at uneedus.com> escribió:
>     >
>     >    On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
>     >
>     >    >2. CONDITIONS OF SERVICE
>     >    >
>     >    >(1) The exclusive right to be the registrant of the Included
> Number
>     >    >Resources within the ARIN database;
>     >    >(2) The right to use the Included Number Resources within the
> ARIN
>     >    >database;
>     >
>     >
>     >    This above kinda sums up the issue.  My understanding is this
> language
>     >    comes from the RSA.
>     >
>     >    While the document grants the right to be the registrant and use
> the
>     >    "Included Number Resources", other language stating that you
> cannot use
>     >    someone elses number resources without the permission of the
> registrant of
>     >    those OTHER resources is missing from the RSA.  That is what
> needs fixing.
>     >
>     >    Of course, it is not easy to amend the RSA.  Therefore it is being
>     >    advanced to add the BGP hijacking language to the NRPM, which
> each ARIN
>     >    RSA signer has also agreed to follow.
>     >
>     >    If the language is added to the NRPM and the hijacker is an ARIN
> RSA
>     >    signer, enforcement could be up to and including the revoke of
> all ARIN
>     >    resources.  However, all the worldwide resources are NOT assigned
> to ARIN,
>     >    therefore nothing can really be done by ARIN in these cases where
> the
>     >    hijacker is NOT an ARIN member.
>     >
>     >    As a result, the Advisory Committee declared it totally out of
> scope, even
>     >    though it does appear in scope if the hijacking is being done by
> an ARIN
>     >    RSA signer.
>     >
>     >    Unless this conflict can be solved, it is out of scope, at least
> when it
>     >    would be applied to non ARIN RSA signers.  However, I think it is
> in scope
>     >    when hijacking of ARIN assigned resources occur by an ARIN RSA
> signer.
>     >
>     > When a policy proposal is sent to a specific RIR, I understand that
> if finally, that results, thru the PDP, in a policy, will be only in scope
> of the members of that RIR.
>     >
>     > That's why, we have two ways of doing it:
>     > 1) A global policy, which requires same text reach consensus in all
> the 5 RIRs (and it may be more difficult and slower to achieve), or
>     > 2) An equivalent policy in each of the 5 RIRs, which is the path we
> decided for this specific policy proposal.
>     >
>     > So, I don't see a "conflict" in that aspect, just part of the
> process, and as you say, a proposal can't be declared out-of-scope because
> "it will only apply" to this or that region.
>     >
>     > When I've observed similar problems in the policy manuals of
> different regions, I always tried to follow the same path, and most of the
> time, it works, because even having different "cultures", we all work in
> the same Internet.
>     >
>     > Regards,
>     > Jordi
>     >
>     The only potential issue is that the policy adopted in each region
> must
>     apply to ALL BGP Hijacking, not just the region involved.  Otherwise
> the
>     bad actors will simply choose to hijack numbers in a different region
> to
>     avoid the policy.
>
> And that's probably a good thing. If one region doesn't adopt this policy,
> versus others adopting it, then hijackers will try to operate under that
> region, and I guess that means the "quality" of service of the regions that
> don't adopt it decreases, and that may turn the community into a different
> view of it.
>
>     Also, I assume we are mostly discussing hijacking of IPv4 resources,
> much
>     of which are clearly related to their short supply.  I am unaware of
> any
>     real effort currently being made to hijack IPv6 resources.
>
> The proposal covers "any" resource hijacking (IPv4, IPv6 and ASN). The
> fact that IPv6 is not being hijacked know, doesn't means that we can't
> prevent it to be covered by a policy proposal.
>
>     Albert Erdmann
>     Network Administrator
>     Paradise On Line Inc.
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
>
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/2c7e46ab/attachment.htm>


More information about the ARIN-PPML mailing list