[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Hank Nussbacher hank at efes.iucc.ac.il
Sat May 4 14:07:36 EDT 2019 

On 03/05/2019 19:26, Jimmy Hess wrote:
> On Fri, May 3, 2019 at 1:03 AM Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
>> "ARIN hereby allocates to you an IP address block and hereby grants you
>> sole permission to announce that address block to the Internet."
>> Simple enough?
> Not that simple, really.

Did you see the word revoke in any part of the sentence I listed above?  
I specifically avoided the aspect of "what happens if one violates the 
rule".

_Hank



>
> Effectively,   the "Choice to revoke"   suggested by the Proposal/etc would
> have a risk of forcing/accelerating fragmentation   from one internet
> into multiple  internets;
> the moment a RIR decides that a large enough enterprise or carrier
> "Has not done enough"
> to stop BGP hijacking causing a "revokation" from their registry.
>
> "the internet" itself is not ANY organization's trademark,  and it is
> not a specific thing;
> internet is a generic word referring to  any network of networks,
> whether that be a private
> association of 1000 networks or a million networks   --  the phrase "internet"
> is not a  trademark for a specific network.   There exists no
> authority generally with
> any exclusive legal right to permission nor prohibit anything
> regarding "the internet" --
> IANA, the IETF, the RIRS,  ICANN, etc,  have policies over how they
> administer _their_
> databases and systems generally,  but no legal authority over "the internet".
>
> In the US and many countries;  RIRs such as ARIN are very limited in the manner
> that they could regulate their members as well, even if they wish --
> for example,
> if ARIN crafted an agreement designed to prevent members offering products or
> services related to  a "competing internet",   then the RIRs would likely find
> themselves at risk of being in violation of various countries'
> Anti-Trust laws --
> particularly with the use of threats such as  "Revoking resources"
> (although being used for legitimate purposes by the registrant).
>
> ARIN's "permission" is not necessary and not sufficient to "announce" an
> address block to "the (generic) internet"  --- ARIN doesn't hold a
> patent over the IP or BGP
> protocol;  ARIN doesn't hold an intellectual property  granting an
> ARIN exclusive
> right to use or License the usage of ranges of IP numbers within the
> Source field
> of an IP packet,  nor  the Prefix field of a BGP announcement.
>
> Registrations made within ARIN's database are records within ARIN's systems
> only.    The registrations are
> based on notional,  speculative, or anticipated usage  within other
> internet(s),  but
> there is obviously no warranty that the other internet(s) will honor
> the registration
> and allow use of that IP number.
>
> Particularly if ARIN were to "Revoke" a resource being used for
> legitimate business
> purposes by a large enterprise --- some  internets   may be inclined
> to adopt a special
> local policy  effectively  Declining  ARIN's  resource revokation for
> that particular internet.
>
> And there is no network on which ARIN themself can guarantee that an
> ARIN Database
> registrant or network  Matches the actual user of that IP number on a
> particular network.
>
> For example:  If a competing internet  declines to recognize one of
> ARIN's resource
> revokations, then that internet or group of internets would likely
> also agree to decline
> to recognize a subsequent registration from that space to a different
> organization.
>
> There is no Patent, no Copyright,  nor any other government-granted monopoly
> that ANY Organization owns which says, for example that the numbers
> 0x40000000-0x4fffffff
> can only be used according to an ARIN license on a computer network, if you
> have devices that send something that looks like an IP packet.
>
> The permission to announce an address block comes from whatever the organization
> or organizations owning the networks on that particular "internet"
> have agreed to
> amongst themselves;  *that group of networks* might require
> registration in the RIR
> or other databases generally,   or they might have other agreements,
> OR a  different idea on how to co-ordinate  their  (generic)
> internet's  usage of
> IP numbers   that  varies from  the RFC series.
>
> The moment a RIR such as ARIN acts erratically and attempts to "Revoke"
> the assignment of a legitimate carrier;  the  "organizations owning
> the networks"
> --- will have a potential to alter their agreements between themselves to
> adjust their contracts to list some "Extra registrations"  -  Instead of merely
> relying upon the common IRRs or IRRs;
>
> Seeking to ignore such revokation, and have a significant enough fraction of
> worldwide networks shifting  to an alternate permutation of
> less-than-global connectivity..
>
> --
> -JH

More information about the ARIN-PPML mailing list