[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

[John Curran]

On May 3, 2019, at 4:48 PM, Carlos Friaças <cfriacas at fccn.pt> wrote:
> On Fri, 3 May 2019, John Curran wrote:
> (...)
>> Hank -
>> Yes, ARIN could add a statement to that effect to the registration services agreement ? note that the granting of rights to the address block in the registry is already present, so it?s really the addition of the grant of  "sole permission to announce that address block to the Internet? that would be added.
> 
> But the data in the registry exists so that anyone can know who is the owner of a prefix, right?

Correct.

> The holdership allows the holder to announce to a single external party or to all the networks in the world (i.e. commonly, "the internet").

No, that is not correct.  Being issued resources doesn’t convey any automatic rights with regard to routing:  the network already had the freedom to configure their routers any way they wanted.   RIRs are a source of unique prefixes, and ISPs generally find it easier to announce space they are issued, but what they actually announce and what their peers accept is a business matter.

> This needs to be explicit?
> It isn't implicit that the registry data exists because the holder may want to actually use (at some point) the numbering resource?

They may use it entirely internally, and that’s a valid use as well.

>> The problem with such a statement is that it is either: 1) meaningless, or 2) creates obligations on recipients that are not clearly stated.
> 
> I fail to see "obligations on recipients". The only obligation needed is NOT announcing other parties' numbering resources.

ISPs who receive address space already have the freedom to announce any route they want; whether their peers listen depends on each peer.

You want ISPs to commit to not doing something - that is the definition of an obligation.

>> The reason why is that ISPs have the ability to configure their routers as they see fit, including deciding what routes they announce and what routes they accept.
> ...
>> If the community wants to infringe on this freedom, then we need to be very
> As a numbering resource holder (i.e. the org i work for) i certainly don't want to grant "the freedom" to originate OUR numbering resources to anyone! :-))))

You have no control over other people’s routers, whether those are in a lab, corporate network, or public Internet.   You never had that authority nor did any RIR simply due to operation of the registry.

We can create an constraint on ISPs with respect to their public Internet routing announcements, but it will require getting ISPs to collectively agree that should be a necessary obligation for participation in the registry.  

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers