[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

[Jimmy Hess]

On Mon, May 6, 2019 at 10:41 PM Marilson Mapa <marilson.mapa at gmail.com> wrote:
[snip]
> Yesterday was "out of scope", today "there are no legal powers", tomorrow... only the devil knows.
> Mr. Ash's swamp is not on prop-266, it's on this corrupt internet that treats the population as beef cattle.
> Why so such resistance? Hmm?...
> Marilson

Actually,  both issues are still existing.   The proposal is out of
scope of PDP.
Perhaps (not necessarily)  language could be removed from the proposal to
bring it more in scope --- but it is likely to remain clearly
objectively and utterly
out of scope without near completely rewritten proposal.

Even then, there is still the thing about Operational Matters being
out of authority
of the NRPM;   even if ARIN can involve themselves in some operational
matters --
the Registry policy is not about operations,  and the PDP does not allow for
operational procedures and operational rules to be given as registry policies.

Moving on to also discuss other issues does not mean that this issue is deemed
cured or insignificant ---  even if we consider hypothetical situations where
this other problem is considered in isolation,  and the scope or other issue(s)
were ignored or momentarily glossed over within the context of that
discussion only.

Finally,  the thing about ARIN not having authority over routers or
router operators,
ARIN is a Number Registry: not a  trade group or business association of
individuals and companies who run routers.   The indirect operational effects of
some registry policies  should not be confused into suggesting that the ARIN
community is a competent authority for deciding or arbitrating all the
operational policies and technical matters related to BGP Hijacking
and routers on the internet.

It may be that a need or use for some association exists to regulate router
operators, but that is not within ARIN's Mission,  nor the purpose of an IP
registry ---  that may be a matter that warrants further organization of
concerned operators.

And the RSA not providing the concept of a  "Policy violation" --
regarding resource
revocation; when the RSA say it can only be done because an applicant committed
fraud.    "BGP Hijacking,  Squatting, etc,"   are not typically
involving fraud, necessarily, against ARIN.


[snip]
>
> But the BGP has at its origin a critical design flaw. Whoever designed it or was ill-intentioned, or
>
> assumed that the world would have no borders, would have no economic geopolitical problems,
>
> and ISP managers would be a caste of people with unquestionable reputation.

[snip]

Actually: The hijacking vulnerability is not a _design flaw_ in BGP4.
Like IPv4; it was
well-suited for all needs that existed at the time of creation, and
held together remarkably
well during its useful life.   BGP4 was more than versatile enough,
considering despite
how greatly and unexpectedly the internet changed, and,  have mostly only the
issue of BGP Hijacking --- that is usually limited in scope or quickly
mitigated in most cases.

The non-functional requirements of the community of internet router
operators have simply
changed since the time that the BGP protocol was designed and
proposed,  because of
growth and changes in the characteristics of the network
interconnections being made,
and the increased concerns and demands from users for greater
protections from the protocol.

Sometimes a protocol simply needs to be redesigned, either because
extra requirements accreted
over time, and a system bacame laden with extensions, or the system
became more complicated
than it has to be,  or,  because the user requirements change and are
no longer met, and the
useful life of BGP4  might just simply be over, because the
environment and basic requirements
have changed so much ---  that built in anti-forgery measures and
resource authorization are
now a necessity:  that is just the normal course of progress,  not
design flaw, however.


--
-JH