[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Thu May 2 11:40:50 EDT 2019 

Hi Nicolás,

 

 

El 2/5/19 17:34, "Nicolas Antoniello" <nantoniello at gmail.com> escribió:

 

Jordi,

 

As I´ve mentioned @ LACNIC discussions regarding this policy: the existence of a statement in ARIN policy manual saying that something like this is "bad" is not going to make anyone go to do it in another place. And so, it's not going to prevent any BGP bad practice (not the ones made on purpose neither the accidental ones).

 

And as expressed by several folks in the discussion regarding those policy proposals, in different mailing lists, having an explicit statement allows to take actions in a much easier way, either by the RIR or by scaling it to courts if the RIR decides not acting against a “bad faith-acting member”.

 

Regards,

Nicolas

 

 

 

El jue., 2 de may. de 2019 a la(s) 09:03, JORDI PALET MARTINEZ via ARIN-PPML (arin-ppml at arin.net) escribió:



El 2/5/19 15:50, "hostmaster at uneedus.com" <hostmaster at uneedus.com> escribió:



    On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:

    > Hi Albert,
    >
    > El 2/5/19 15:02, "arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com" <arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com> escribió:
    >
    >    On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
    >
    >    >2. CONDITIONS OF SERVICE
    >    >
    >    >(1) The exclusive right to be the registrant of the Included Number
    >    >Resources within the ARIN database;
    >    >(2) The right to use the Included Number Resources within the ARIN
    >    >database;
    >
    >
    >    This above kinda sums up the issue.  My understanding is this language
    >    comes from the RSA.
    >
    >    While the document grants the right to be the registrant and use the
    >    "Included Number Resources", other language stating that you cannot use
    >    someone elses number resources without the permission of the registrant of
    >    those OTHER resources is missing from the RSA.  That is what needs fixing.
    >
    >    Of course, it is not easy to amend the RSA.  Therefore it is being
    >    advanced to add the BGP hijacking language to the NRPM, which each ARIN
    >    RSA signer has also agreed to follow.
    >
    >    If the language is added to the NRPM and the hijacker is an ARIN RSA
    >    signer, enforcement could be up to and including the revoke of all ARIN
    >    resources.  However, all the worldwide resources are NOT assigned to ARIN,
    >    therefore nothing can really be done by ARIN in these cases where the
    >    hijacker is NOT an ARIN member.
    >
    >    As a result, the Advisory Committee declared it totally out of scope, even
    >    though it does appear in scope if the hijacking is being done by an ARIN
    >    RSA signer.
    >
    >    Unless this conflict can be solved, it is out of scope, at least when it
    >    would be applied to non ARIN RSA signers.  However, I think it is in scope
    >    when hijacking of ARIN assigned resources occur by an ARIN RSA signer.
    >
    > When a policy proposal is sent to a specific RIR, I understand that if finally, that results, thru the PDP, in a policy, will be only in scope of the members of that RIR.
    >
    > That's why, we have two ways of doing it:
    > 1) A global policy, which requires same text reach consensus in all the 5 RIRs (and it may be more difficult and slower to achieve), or
    > 2) An equivalent policy in each of the 5 RIRs, which is the path we decided for this specific policy proposal.
    >
    > So, I don't see a "conflict" in that aspect, just part of the process, and as you say, a proposal can't be declared out-of-scope because "it will only apply" to this or that region.
    >
    > When I've observed similar problems in the policy manuals of different regions, I always tried to follow the same path, and most of the time, it works, because even having different "cultures", we all work in the same Internet.
    >
    > Regards,
    > Jordi
    >
    The only potential issue is that the policy adopted in each region must 
    apply to ALL BGP Hijacking, not just the region involved.  Otherwise the 
    bad actors will simply choose to hijack numbers in a different region to 
    avoid the policy.

And that's probably a good thing. If one region doesn't adopt this policy, versus others adopting it, then hijackers will try to operate under that region, and I guess that means the "quality" of service of the regions that don't adopt it decreases, and that may turn the community into a different view of it.

    Also, I assume we are mostly discussing hijacking of IPv4 resources, much 
    of which are clearly related to their short supply.  I am unaware of any 
    real effort currently being made to hijack IPv6 resources.

The proposal covers "any" resource hijacking (IPv4, IPv6 and ASN). The fact that IPv6 is not being hijacked know, doesn't means that we can't prevent it to be covered by a policy proposal.

    Albert Erdmann
    Network Administrator
    Paradise On Line Inc.




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.



_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/4dc270cc/attachment.htm>

More information about the ARIN-PPML mailing list