[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Marilson Mapa marilson.mapa at gmail.com
Thu May 2 13:37:02 EDT 2019


Jordi, with your permission I would like to try to summarize this situation
to what really matters. IMHO.

All players in this community want and defend a free Internet correctly.
Wonderful! But they hesitate to assume the responsibilities that this
freedom obviously demands. We are all non-imputable no matter the size of
the evils caused. Against this background it is necessary to ask:

Free internet for who and for what?
You will allow politicians regulate your activities pressured by the clamor
of society?
I would add another question:
Why most ISPs teamabuses refuse to prevent reported customers from
continuing to commit illicit acts that have been properly documented?

Marilson


Em qui, 2 de mai de 2019 às 04:56, JORDI PALET MARTINEZ via ARIN-PPML <
arin-ppml at arin.net> escreveu:

> Hi Owen,
>
> I think that the comparison with a property is not good, so I'm top
> posting to make it simple.
>
> ARIN is providing a registration service for unique and exclusive rights
> for resources, following a membership organization model.
>
> Let's take another similar "association membership model". Please, note
> that I'm not a lawyer and my reading from US laws may be different as what
> we have in Spain.
>
> Let's suppose it is a sports club and you can request that at some time in
> the week, the tennis court is allocated to member A, at another time to B,
> and another time to X. Member X decides to ignore that allocation and uses
> the court. Even more, X is doing from time to time the same with the
> allocation to member B, and many others. This is clearly against the rules
> *and* repeatedly against the rights of other association members.
>
> The association clearly can tell X, we don't want you to be anymore a
> member. You've done this not just by mistake, it was a repetitive action in
> violation of our rules and not respecting other members rights.
>
> You can find other examples, such a shared property. You have a right to
> use a property for a week, and if another member is usurping that right for
> other members "time", they don't follow the rules.
>
> One more example, in Spain there have been many cases of pick-pockets that
> the public transport authority (and confirmed by courts if they complain),
> has denied using the public transport, just because they have been caught
> once and again.
>
> A more extreme example. You can have a property, let's say your home, and
> there are some common areas (for example a garden, a small summer swimming
> pool, etc.). You are a member of the neigbourhood, that of course has rules
> about how the garden and swiming pool can be used. If you act against those
> rules, or act against the rights of other neighbours, you can get cancelled
> your rights to use those common areas. Even more, in an extreme case, a
> judge will even tell you (this is not a theory, there have been many
> cases), you can't anymore use your home: find another one, and you can rent
> this to someone else, because you demonstrated that you don't know how to
> follow the rules.
>
> In all those cases, the membership organization has the right to state
> (according to the bylaws), what are the rules. If the rules are accepted by
> the members, they must be followed and respected.
>
> I think it is obvious that the RIRs provide the unique and exclusive
> rights to members. I thinkk it is obvious *even* if we don't have such
> explicit rule, that a member can't act against those unique and exclusive
> rights granted to other members.
>
> Our policies are there, some times, to state in an explicit way, what it
> may be considered obvious. This is what our policy proposal is tryint to do.
>
> A resource hijack, is violating other member rights, and is also violating
> the rules about how the resources should be *correctly* registered, even if
> this hijack is violating the rules only during a few minutes or hours, it
> is still violating the rules.
>
> There is some wording in the RSA that talks about some relevant aspects to
> this discussion (coping only some of the text):
> 2. CONDITIONS OF SERVICE
> (1) The exclusive right to be the registrant of the Included Number
> Resources within the ARIN database;
> (2) The right to use the Included Number Resources within the ARIN
> database;
>
> However, I'm mising a more clear "unique and exlusive right to use" in 2.
>
> Also:
> (d) Prohibited Conduct By Holder. In using any of the Services, Holder
> shall not: (i) disrupt or interfere with the security or use of any of the
> Services; (ii) violate any applicable laws, statutes, rules, or
> regulations; or (iii) assist any third party in engaging in any activity
> prohibited by any Service Terms.
>
> Policies can increase that wording and make it more obvious and facilitate
> both the organization and the members to take actions if those are not
> accidental and if they become repetitive.
>
> I believe bylaws are not clear on this, but it may be because it is
> clearly illegal to act against the membership rights of other members, so
> you don't need to re-state it in bylaws, but making it clear in policies it
> is definitively a good thing.
>
> Policies are easier to adapt to the community needs, by means of the PDP,
> which may change with the time, evolution of protocols, etc. While the
> bylaws and RSA aren't so easy to modify, but they clearly state that the
> policies are part of the rules to be followed by members.
>
> Regards,
> Jordi
>
>
>
> El 2/5/19 8:59, "ARIN-PPML en nombre de Owen DeLong" <
> arin-ppml-bounces at arin.net en nombre de owen at delong.com> escribió:
>
>
>
>     > On May 1, 2019, at 18:08 , Fernando Frediani <fhfrediani at gmail.com>
> wrote:
>     >
>     > On 01/05/2019 17:17, Joe Provo wrote:
>     >>
>     >> "Distribution function" is indeed merely agreeing that the data
>     >> recorded in the registry is accurate. There's no dibursement of
>     >> anything. When we bought our house and land, the registry of
>     >> deeds was similar only involved in verifying that the transfer
>     >> from the previous holders to us was a valid contract within the
>     >> scope of its operations (the state in which we live). When a
>     >> neighbor was doing a construction project and we had to go block
>     >> their heavy equipment, the registrar of deeds sure didn't come
>     >> and settle the dispute. We went down, got the county map and
>     >> they agreed. if they hadn't, law enforcement and courts would
>     >> have been the next step.
>     >>
>     >> This, like all Internet analogies, is poor; my thrust is that rfg's
>     >> is worse. To parallel ARIN with a transportation agency's "line
>     >> drawing" and officials embued with law enforcement is wildly off
>     >> track.
>     > That's not that same thing unfortunately. Your house and land belong
> to you until you sell it, the resources the RIR assign to people **never**
> belong to them, they are not a property. Instead they remain under their
> responsibility and they may unassigned if misused or for other reasons.
>
>     The following is strictly my opinion. It may well deviate from the
> legal theories under which the RIRs currently operate.
>
>     The county can revoke your deed if you don’t pay your property taxes.
>
>     ARIN can revoke your registration if you don’t pay your ARIN fees.
>
>     The county can revoke your deed if they find that it was recorded
> under fraudulent pretense.
>
>     ARIN can revoke your resources if they find  your registration was
> obtained under fraudulent pretense.
>
>     The only difference is in what is being registered/recorded by the
> different registries. The property registry in the various counties
> registers property.
>
>     ARIN registers numbers to guarantee uniqueness among cooperating
> parties.
>
>     As has been repeatedly stated in this debate, ARIN has no control or
> authority over non-cooperating parties that have not signed a contract with
> ARIN.
>
>     An entity which has no contract with the RIRs really can use any
> integers they want in any way they want to the extent that others are
> willing to accept that use.
>
>     If someone wants to claim 10.0.0.0/8 as a public address and route it
> on the internet, the RIRs cannot do anything to stop them unless it
> violates an RIR contract that said entity is a party to.
>
>     If they can find enough ISPs willing to route that on their behalf,
> then de facto, that address range will be theirs and it really doesn’t
> matter what the RIRs have to say about it.
>
>     The internet works because the vast majority of networks choose to
> cooperate with the RIR system and work within the system to preserve
> uniqueness.
>
>     There’s no law that prevents this from becoming balkanized and
> disintegrating into competing non-unique uses of address space. I hope that
> doesn’t happen and fortunately, there’s enough financial interest in the
> process to make sure the majority of ISPs continue to not want it as well.
>
>     Nonetheless, it is important to understand just how fragile this
> ecosystem actually is and just how limited the power of the RIRs actually
> is.
>
>     Owen
>
>     _______________________________________________
>     ARIN-PPML
>     You are receiving this message because you are subscribed to
>     the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>     Unsubscribe or manage your mailing list subscription at:
>     https://lists.arin.net/mailman/listinfo/arin-ppml
>     Please contact info at arin.net if you experience any issues.
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
>
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/21f5b3b9/attachment.htm>


More information about the ARIN-PPML mailing list