[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
Owen DeLong
owen at delong.com
Mon May 6 02:45:21 EDT 2019
> On May 4, 2019, at 19:08 , Jimmy Hess <mysidia at gmail.com> wrote:
>
> On Sat, May 4, 2019 at 8:10 AM Töma Gavrichenkov <ximaera at gmail.com> wrote:
>> On Sat, May 4, 2019, 4:28 AM Marilson Mapa <marilson.mapa at gmail.com> wrote:
>>
>> Let's be honest here. RPKI, BGPSec and BGP roles could help resolving the issue of hijacking.
>> This initiative would tame it a bit at best, but must not be seen as anything close to a silver bullet.
>
> If ARIN can determine what router owners may or may not do, then in another
> year, a proposal something like this could be added on top of the "No
> Hijacking" rule,
> so no problem, right? :
>
> "
> 2.0 Using Number Resources with insecure versions of BGP is a Policy Violation
>
> Propagating a BGP announcement containing IP number resources with
> an insecure version of BGP is unacceptable behavior.
>
> An insecure BGP operation is understood to be the acceptance or
> announcement of any route received using BGP or other exterior routing protocol
> without the numbers and paths related to each route having been confirmed on
> the receiving side using BGPsec or comparable system according to RFCxxxx with
> authenticity of every announcement verified against an ARIN-Approved RPKI.
>
> “
Well, this might pose one small problem… ARIN doesn’t approve (or disprove)
any other RIR’s RPKI, nor does it have any authority or basis for doing so.
As such, you’ve basically said that anyone operating routers in North America
cannot accept BGP announcements of any prefix not registered in the ARIN
database.
Some of us prefer the global internet rather than dividing it up into 5 regional internets.
YMMV.
Owen
More information about the ARIN-PPML
mailing list