[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Nicolas Antoniello nantoniello at gmail.com
Thu May 2 12:26:32 EDT 2019 

The missing link in your assertion is that for the former you have police
(and other bodies) to enforce them... and for BGP you have only good will :)


El jue., 2 de may. de 2019 a la(s) 10:37, Fernando Frediani (
fhfrediani at gmail.com) escribió:

> The same way the existence of laws stating certain practices are wrong and
> forbidden doesn't stop people from committing crimes.
>
> Fernando
> On 02/05/2019 12:33, Nicolas Antoniello wrote:
>
> Jordi,
>
> As I´ve mentioned @ LACNIC discussions regarding this policy: the
> existence of a statement in ARIN policy manual saying that something like
> this is "bad" is not going to make anyone go to do it in another place. And
> so, it's not going to prevent any BGP bad practice (not the ones made on
> purpose neither the accidental ones).
>
> Regards,
> Nicolas
>
>
>
> El jue., 2 de may. de 2019 a la(s) 09:03, JORDI PALET MARTINEZ via
> ARIN-PPML (arin-ppml at arin.net) escribió:
>
>>
>>
>> El 2/5/19 15:50, "hostmaster at uneedus.com" <hostmaster at uneedus.com>
>> escribió:
>>
>>
>>
>>     On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
>>
>>     > Hi Albert,
>>     >
>>     > El 2/5/19 15:02, "arin-ppml-bounces at arin.net en nombre de
>> hostmaster at uneedus.com" <arin-ppml-bounces at arin.net en nombre de
>> hostmaster at uneedus.com> escribió:
>>     >
>>     >    On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
>>     >
>>     >    >2. CONDITIONS OF SERVICE
>>     >    >
>>     >    >(1) The exclusive right to be the registrant of the Included
>> Number
>>     >    >Resources within the ARIN database;
>>     >    >(2) The right to use the Included Number Resources within the
>> ARIN
>>     >    >database;
>>     >
>>     >
>>     >    This above kinda sums up the issue.  My understanding is this
>> language
>>     >    comes from the RSA.
>>     >
>>     >    While the document grants the right to be the registrant and use
>> the
>>     >    "Included Number Resources", other language stating that you
>> cannot use
>>     >    someone elses number resources without the permission of the
>> registrant of
>>     >    those OTHER resources is missing from the RSA.  That is what
>> needs fixing.
>>     >
>>     >    Of course, it is not easy to amend the RSA.  Therefore it is
>> being
>>     >    advanced to add the BGP hijacking language to the NRPM, which
>> each ARIN
>>     >    RSA signer has also agreed to follow.
>>     >
>>     >    If the language is added to the NRPM and the hijacker is an ARIN
>> RSA
>>     >    signer, enforcement could be up to and including the revoke of
>> all ARIN
>>     >    resources.  However, all the worldwide resources are NOT
>> assigned to ARIN,
>>     >    therefore nothing can really be done by ARIN in these cases
>> where the
>>     >    hijacker is NOT an ARIN member.
>>     >
>>     >    As a result, the Advisory Committee declared it totally out of
>> scope, even
>>     >    though it does appear in scope if the hijacking is being done by
>> an ARIN
>>     >    RSA signer.
>>     >
>>     >    Unless this conflict can be solved, it is out of scope, at least
>> when it
>>     >    would be applied to non ARIN RSA signers.  However, I think it
>> is in scope
>>     >    when hijacking of ARIN assigned resources occur by an ARIN RSA
>> signer.
>>     >
>>     > When a policy proposal is sent to a specific RIR, I understand that
>> if finally, that results, thru the PDP, in a policy, will be only in scope
>> of the members of that RIR.
>>     >
>>     > That's why, we have two ways of doing it:
>>     > 1) A global policy, which requires same text reach consensus in all
>> the 5 RIRs (and it may be more difficult and slower to achieve), or
>>     > 2) An equivalent policy in each of the 5 RIRs, which is the path we
>> decided for this specific policy proposal.
>>     >
>>     > So, I don't see a "conflict" in that aspect, just part of the
>> process, and as you say, a proposal can't be declared out-of-scope because
>> "it will only apply" to this or that region.
>>     >
>>     > When I've observed similar problems in the policy manuals of
>> different regions, I always tried to follow the same path, and most of the
>> time, it works, because even having different "cultures", we all work in
>> the same Internet.
>>     >
>>     > Regards,
>>     > Jordi
>>     >
>>     The only potential issue is that the policy adopted in each region
>> must
>>     apply to ALL BGP Hijacking, not just the region involved.  Otherwise
>> the
>>     bad actors will simply choose to hijack numbers in a different region
>> to
>>     avoid the policy.
>>
>> And that's probably a good thing. If one region doesn't adopt this
>> policy, versus others adopting it, then hijackers will try to operate under
>> that region, and I guess that means the "quality" of service of the regions
>> that don't adopt it decreases, and that may turn the community into a
>> different view of it.
>>
>>     Also, I assume we are mostly discussing hijacking of IPv4 resources,
>> much
>>     of which are clearly related to their short supply.  I am unaware of
>> any
>>     real effort currently being made to hijack IPv6 resources.
>>
>> The proposal covers "any" resource hijacking (IPv4, IPv6 and ASN). The
>> fact that IPv6 is not being hijacked know, doesn't means that we can't
>> prevent it to be covered by a policy proposal.
>>
>>     Albert Erdmann
>>     Network Administrator
>>     Paradise On Line Inc.
>>
>>
>>
>>
>> **********************************************
>> IPv4 is over
>> Are you ready for the new Internet ?
>> http://www.theipv6company.com
>> The IPv6 Company
>>
>> This electronic message contains information which may be privileged or
>> confidential. The information is intended to be for the exclusive use of
>> the individual(s) named above and further non-explicilty authorized
>> disclosure, copying, distribution or use of the contents of this
>> information, even if partially, including attached files, is strictly
>> prohibited and will be considered a criminal offense. If you are not the
>> intended recipient be aware that any disclosure, copying, distribution or
>> use of the contents of this information, even if partially, including
>> attached files, is strictly prohibited, will be considered a criminal
>> offense, so you must reply to the original sender to inform about this
>> communication and delete it.
>>
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/af50e2f4/attachment.htm>

More information about the ARIN-PPML mailing list