[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Carlos Friaças cfriacas at fccn.pt
Fri May 3 17:28:34 EDT 2019



Hi,


On Fri, 3 May 2019, Jimmy Hess wrote:

> On Fri, May 3, 2019 at 1:03 AM Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
>> "ARIN hereby allocates to you an IP address block and hereby grants you
>> sole permission to announce that address block to the Internet."
>> Simple enough?
> Not that simple, really.
>
> Effectively,   the "Choice to revoke"   suggested by the Proposal/etc would
> have a risk of forcing/accelerating fragmentation   from one internet
> into multiple  internets;
> the moment a RIR decides that a large enough enterprise or carrier
> "Has not done enough"
> to stop BGP hijacking causing a "revokation" from their registry.

Sorry, but that is not part of the proposal. An upstream can't be 
made responsible by someone else's actions. The upstream is not generating 
the hijacks, only who is doing that can be the subject of a report...


> "the internet" itself is not ANY organization's trademark,  and it is
> not a specific thing;

Well, this is not really about "the internet". If someone injects hijacks 
over an internet exchange, that shouldn't be acceptable -- and it 
generally isn't at internet exchanges.



> internet is a generic word referring to  any network of networks,
> whether that be a private
> association of 1000 networks or a million networks   --  the phrase "internet"
> is not a  trademark for a specific network.   There exists no
> authority generally with
> any exclusive legal right to permission nor prohibit anything
> regarding "the internet" --
> IANA, the IETF, the RIRS,  ICANN, etc,  have policies over how they
> administer _their_
> databases and systems generally,  but no legal authority over "the internet".

That's simply a way of saying: nothing can be done by anyone, when really 
that isn't true.



> In the US and many countries;  RIRs such as ARIN are very limited in the manner
> that they could regulate their members as well, even if they wish --
> for example,
> if ARIN crafted an agreement designed to prevent members offering products or
> services related to  a "competing internet",   then the RIRs would likely find
> themselves at risk of being in violation of various countries'
> Anti-Trust laws --
> particularly with the use of threats such as  "Revoking resources"
> (although being used for legitimate purposes by the registrant).

Probably too much legalese and speculation.



> ARIN's "permission" is not necessary and not sufficient to "announce" an
> address block to "the (generic) internet"  --- ARIN doesn't hold a
> patent over the IP or BGP
> protocol;  ARIN doesn't hold an intellectual property  granting an
> ARIN exclusive
> right to use or License the usage of ranges of IP numbers within the
> Source field
> of an IP packet,  nor  the Prefix field of a BGP announcement.

Yes, but if it happens to revoke a prefix (for any reason), most people 
(globally) will acknowledge it and in general will act accordingly 
(routing-wise).



> Registrations made within ARIN's database are records within ARIN's systems
> only.    The registrations are
> based on notional,  speculative, or anticipated usage  within other
> internet(s),  but
> there is obviously no warranty that the other internet(s) will honor
> the registration
> and allow use of that IP number.

That's perfectly fine if those parties in alternative Internets don't 
really need anything from ARIN. If they happen to need something from 
ARIN (or the other RIRs), then they better abide by the current community 
rules.



> Particularly if ARIN were to "Revoke" a resource being used for
> legitimate business
> purposes by a large enterprise --- some  internets   may be inclined
> to adopt a special
> local policy  effectively  Declining  ARIN's  resource revokation for
> that particular internet.

Sure. But what about if they leaked it to "the internet" thus disrupting 
communications between two other parties...? They wouldn't be liable?


> And there is no network on which ARIN themself can guarantee that an
> ARIN Database
> registrant or network  Matches the actual user of that IP number on a
> particular network.
>
> For example:  If a competing internet  declines to recognize one of
> ARIN's resource
> revokations, then that internet or group of internets would likely
> also agree to decline
> to recognize a subsequent registration from that space to a different
> organization.

"Competing internet" i think is something we are not trying to address...



> There is no Patent, no Copyright,  nor any other government-granted monopoly
> that ANY Organization owns which says, for example that the numbers
> 0x40000000-0x4fffffff
> can only be used according to an ARIN license on a computer network, if you
> have devices that send something that looks like an IP packet.

Fine, so anyone can try to intercept anyone's communications? And attack 
other networks trying to deflect attribution for such attacks?
It doesn't really sound pretty.



> The permission to announce an address block comes from whatever the organization
> or organizations owning the networks on that particular "internet"
> have agreed to
> amongst themselves;  *that group of networks* might require
> registration in the RIR
> or other databases generally,   or they might have other agreements,
> OR a  different idea on how to co-ordinate  their  (generic)
> internet's  usage of
> IP numbers   that  varies from  the RFC series.

Fine, different internet, different rules. The proposal is not about 
alternative internets.



> The moment a RIR such as ARIN acts erratically and attempts to "Revoke"
> the assignment of a legitimate carrier;  the  "organizations owning
> the networks"

If they work well in "alternative internets", i don't see how they will be 
able to accuse ARIN of disrupting anything.........



> --- will have a potential to alter their agreements between themselves to
> adjust their contracts to list some "Extra registrations"  -  Instead of merely
> relying upon the common IRRs or IRRs;

Unauthenticated IRRs are significantly part of the problem.
Everyone needs to know where a prefix is supposed to be originated.



> Seeking to ignore such revokation, and have a significant enough fraction of
> worldwide networks shifting  to an alternate permutation of
> less-than-global connectivity..

You do know that already happens in a number of more closed 
countries/economies, right?


Regards,
Carlos




>
> --
> -JH
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>



More information about the ARIN-PPML mailing list