[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

[Andrew Bagrin]

If our engineers mistype an IP in the BGP advertisement, I would want a
mechanism to notify me right away. Coming from ARIN would validate it's a
real issue and not some random email that we all ignore.
I personally do not see lynch mob.  Punishment should only come with
reluctant to comply.

On Fri, May 3, 2019 at 1:22 PM David Farmer <farmer at umn.edu> wrote:

> Simply getting involved in hijacking is not what is proposed. And, by the
> way, ARIN and the other RIRs already are involved, heard of RPKI, IRR,
> etc...  You can't say the problem is being ignored.  Are these responses
> truly effective? Maybe not. Do we need to do more? Probably. Is this the
> answer? Maybe, but it really scares me.
>
> This proposal wants ARIN and the other RIRs to penalize hijacking.  To do
> this someone has to judge the intent behind these events. From the other
> side of the Internet, it is difficult with any certainty to tell the
> difference between a typo and malicious activity in many of these events.
>
> Have you ever been on a jury in a murder trial? I have. The difference
> between the various counts of murder and manslaughter basically comes down
> to determining the intent involved in the actions causing the death of
> another human being. If you are involved in the death of someone and even
> if there is no culpable negligence or intent on your part, such an event is
> important enough for society to scrutinize your actions.
>
> So, I have some questions back to you;
> Have you ever mistyped an IP address or an ASN?
> Across the Internet, how many mistyped IP addresses and ASNs occur on a
> daily basis?
>
> This proposal asks ARIN and the other RIRs to create a system to
> scrutinize the actions of network operators and also impose penalties for
> those actions. This is not something that should be taken lightly. It is
> possible anyone on this mailing list will have to have their actions judged
> by this system. The proponents of this proposal want you to think this
> proposal only affects hijackers. That is not the case, this proposal
> affects anyone who operates a router. It puts anyone who operates a router
> in jeopardy of losing their Internet resources, for possibly something as
> innocent as making a typo in their router config.
>
> Do we really need and want to go there? I'm not saying no, but let's be
> really sure. And we have to make sure we get the system right, because any
> one of us may have to be judged by this system. When I look at this
> proposal, I don't see enough due process or safeguards involved that I feel
> comfortable subjecting myself to it.
>
> To be honest, I see more of a lynch mob mentality then true justice in
> this proposal.
>
> When evaluating this proposal, don't envision a hijacker being judged,
> envision yourself being judged by this system, because you just might be.
>
>
> Thanks
>
> On Fri, May 3, 2019 at 9:05 AM Andrew Bagrin <abagrin at omninet.io> wrote:
>
>> I'm curious why do people not want to let ARIN try to start getting
>> involved to help resolve the issue of hijacking?
>>
>> Are you doing hijacking and don't want interference?
>> Are you running a competitive service that you charge for?
>>
>> Does anyone believe there is a valid reason to hijack and advertise IP
>> space that you do not own? (when the owner of that space does not want you
>> to advertise it)
>>
>> Why would anyone be against ARIN having a process to help resolve these
>> issues?  Sure we can question how effective it will be, but anything will
>> be more effective than nothing, and by actually doing, failing and
>> learning, ARIN will only improve and refine the process. We will all learn
>> from this.
>>
>>
>>
>> On Thu, May 2, 2019 at 10:08 PM Marilson Mapa <marilson.mapa at gmail.com>
>> wrote:
>>
>>> The president of ARIN describes his institution as an RIR with
>>> appropriate and functional policies. This is what we can deduce from his
>>> speech whenever he describes the performance of his institution. This same
>>> attitude can be seen in RIPE.
>>>
>>> "Violation can have consequence".
>>>
>>> It seems that the expression "can have" should be understood as "almost
>>> never", after all how to explain the rot that permeates the global
>>> Internet? The complaints, the lawsuits, the fines are becoming more and
>>> more frequent.
>>> I have today received as a member of BPF Cybersecurity the document ***UN
>>> 1st Committee Processes on Responsible State Behaviour in Cyberspace
>>> explainer**. *This 25-page document, addressed to ICANN, reports what
>>> they call disastrous behavior. It was drafted by Rubin International Law
>>> Firm and Notary of Israel for a Jewish religious institution.
>>>
>>> Basically they are demanding:
>>> "We require ICANN to terminate immediately the activities fostering
>>> Internet addiction, including the performance of relevant IANA functions,
>>> relevant gTLD activities, relevant Registry Operators' activities, relevant
>>> ICANN-accredited registrars' activities, including through RESP and
>>> amendments of registry and registrar agreements and to refrain from
>>> renewing the .info registry agreement with Afilias unless Afilias and its
>>> related companies terminate immediately activities fostering Internet
>>> addiction and the .info registry agreement is amended to prohibit Internet
>>> addiction activities."
>>>
>>> It's just one of the thousands of complaints popping up around the
>>> globe. And ARIN does not move a finger... It's out of the scope...
>>>
>>> Marilson
>>>
>>>
>>> Em qui, 2 de mai de 2019 às 17:01, John Curran <jcurran at arin.net>
>>> escreveu:
>>>
>>>> > On May 2, 2019, at 2:12 PM, Carlos Friaças via ARIN-PPML <
>>>> arin-ppml at arin.net> wrote:
>>>> > ...
>>>> > It seems evident that a RIR can't revoke legacy space. Ever.
>>>>
>>>> Carlos -
>>>>
>>>> In the case of ARIN that would be incorrect, as ARIN has revoked legacy
>>>> address space from parties that have violated registry policies.
>>>>
>>>> ARIN registry policies are applicable to all parties in the registry -
>>>> those legacy holders under RSA do have specific terms and conditions (and a
>>>> reduced fee schedule), but ARIN registry policies are applicable regardless
>>>> and violation can have consequence.
>>>>
>>>> Thanks!
>>>> /John
>>>>
>>>> John Curran
>>>> President and CEO
>>>> American Registry for Internet Numbers
>>>>
>>>> _______________________________________________
>>>> ARIN-PPML
>>>> You are receiving this message because you are subscribed to
>>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>>> Unsubscribe or manage your mailing list subscription at:
>>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>>> Please contact info at arin.net if you experience any issues.
>>>>
>>> _______________________________________________
>>> ARIN-PPML
>>> You are receiving this message because you are subscribed to
>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>> Unsubscribe or manage your mailing list subscription at:
>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>> Please contact info at arin.net if you experience any issues.
>>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>
>
> --
> ===============================================
> David Farmer               Email:farmer at umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190503/43c25c8c/attachment.htm>