[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Sun May 5 20:34:48 EDT 2019

>> Michel Py  wrote:
>> And now this comes, which is going to scare the bleep out of everyone who
>> has to deal with these issues in the real world.

> Ronald F. Guilmette wrote :
> You say that like it's a bad thing.

It is, because you scare the wrong guys. Instead of scaring the bad guys, you are scaring a bunch of folk who do unsavory things because they have no alternative.
As a result, instead of spending their energy and their resources doing something that could work (RPKI), they are going to spend their energy and their resources making sure that they are not caught doing something unsavory, such as disabling traceroute, and creating shell corporations to shield their assets, and things like that.

This is all stick and no carrot. What are people going to do ? Make sure that they are far enough from the stick.
You can't kill all of them and let God sort it out. Result : the opposite of the intent.

Let's not forget the core reason we are in this squatting mess :
Because the attempts to transform what was Class E (240.0.0.0/4) into private address space have been torpedoed.
We have a block of 268 million IP addresses that would have been perfect for that, and that sits unused right now.
There were torpedoed because it was perceived as an attempt to slow down IPv6 deployment.
Result : IPv4 is still there, and now we have a mess. Had Class E become an extension of RFC1918, we would not have it because large folk who needed a bigger private space than 10/8 would have been quite happy with 240/4 (16 consecutive Class A). Another failed policy that produced the opposite effect of the intent.

Read my parallel with prohibition again : If IP resources were alcohol, then prop-266 would be asking ARIN to pass a constitutional amendment that prohibits drinking wine and ignores moonshine.
As we have seen lately, it appears that some people are not aware of moonshine. If there is demand, there will be supply, no matter how dirty it is.
Be careful for what you wish. Don't create a problem bigger than the one you are dealing with.

> If univeral RPKI deployment is really The Solution, as many appear to claim, then maybe it's time that
> some folks had the bleep scared out of them in order to make it actually happen. I mean universally.

See above. Would not scare any bad guy and would make everyone else raise shields.

> and why we don't already have universal RPKI deployment

The ARIN region is very behind compared to RIPE or LACNIC.
https://rpki-monitor.antd.nist.gov/
There have been extensive discussions recently about why. Parse the archives.
We still are below 5%. I am one of the early adopters (I got my space validated when we were below 2%).

You want to know why ? Nobody really cares. I have to somehow justify what my employer pays me for, and being at the bleeding edge of what 1% of ARIN-issued space holders do may not be the best use of my time. The critical mass has not been reached, I would not be in trouble if I stayed in the same boat as 98% of ARIN members.
If you want it adopted, reduce the red tape, don't create more.

Michel.