[arin-ppml] prop266 - re-framing the discussion

Thu May 2 17:11:12 EDT 2019

Do you have any reason to believe that ARIN getting involved in real-time
notification of BGP hijacking, with or without firmly worded language and
with or without an implied threat, will be any more effective than current
methods of shutting down hijacks once they've started?  My impression is
that nearly all hijacks are quickly filtered by transit providers once
they're contacted by the legitimate holder of the addresses.

IMO "punishment" of those responsible for allowing hijacking seems like
something best solved through the legal system, not via extrajudicial
penalties and fines imposed by an industry association.  But if we do
decide we want ARIN to create acceptable standards of conduct with regard
to routing, and fine resource holders who violate it, under threat of
resource revocation if those fines aren't paid, there will need to be a
*lot* of work done to set up such a system so that it doesn't risk ARIN
picking a legal fight it's going to lose, and putting the entire registry
at risk.

-Scott

On Thu, May 2, 2019 at 1:29 PM Andrew Bagrin <abagrin at omninet.io> wrote:

> If the hijacking entity is not and ARIN customer, ARIN likely has a
> relationship with adjacent ASN's that propagate the hijacked BGP routes and
> can at the very least notify them that they are propagating routes that
> have been reported as being hijacked.
> They can further repeat the statement with a firm voice, and add "or else"
> at the end.
>
> Add penalties and fines could be a way to reduce prolonged propagation of
> hijacked routes.
>
>
>
> On Thu, May 2, 2019 at 10:18 AM Adam Thompson <athompson at merlin.mb.ca>
> wrote:
>
>> Instead of focusing on whether the current proposal is or isn’t in scope,
>> I suggest we re-cast the discussion as follows:
>>
>>
>>
>>    1. So far, we have unanimous community agreement that BGP hijacking
>>    is bad.
>>    2. So far, we have broad agreement that “something ought to be done”
>>    about BGP hijacking, although detailed opinions vary significantly.
>>    3. So what (else) *can* ARIN do about it?  (Caveat: the answer “
>>    *nothing*” is unacceptable to a significant proportion of PPML
>>    participants.)
>>
>>
>>
>> My suggested direction to the AC and/or the board would therefore be:
>> *Find* something ARIN can do to help combat the problem (more
>> effectively).  If this requires expanding the scope of ARIN’s operations or
>> policies, bring that back to the membership (possibly via PPML?) with the
>> accompanying financial & legal analysis, as usual.
>>
>>
>>
>> Now the question becomes: what is the most appropriate mechanism, within
>> ARIN’s existing policies, to bring a request like that to the AC and/or
>> Board?  It seems clear to me that the petition already underway here is not
>> meeting, and will not meet, the needs of the community very well.
>>
>>
>>
>> -Adam
>>
>>
>>
>> *Adam Thompson*
>> Consultant, Infrastructure Services
>> *[image: merlin-email-logo]*
>> 100 - 135 Innovation Drive
>> Winnipeg, MB, R3T 6A8
>> (204) 977-6824 or 1-800-430-6404 (MB only)
>> athompson at merlin.mb.ca
>> www.merlin.mb.ca
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/35095aa4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2381 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/35095aa4/attachment.png>