[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Carlos Friaças cfriacas at fccn.pt
Wed May 1 15:52:58 EDT 2019

On Wed, 1 May 2019, Joe Provo wrote:

>> By way of analogy, ARIN paints the lines on the roads and strongly encourages
>> everyone to stay in their own lane and to try to drive at all times on the
> [snip]
> Nope; ARIN is a registry. More appropriate analogies would be a
> registry of deed or title that manage policy regarding subdividing
> the same. When there's a conflict regarding such registrations in
> the Real World (in our region), you go to law enforcement and courts.
> Shockingly, that's what's encouraged in our cases.


I have some trouble with the "registry of deed or title" analogy, because 
those (as i understand it) don't have a distribution function, nor are 

>> Sorry to have to break the bad news to you all, but The Cowboy Era of the
>> Internet is over.  It's time to make a few simple rules and all agree to
>> live by them.  Because we're not all wild ass cowboys anymore.  We're
>> shopkeepers and farmers and bankers and dentists.
> [snip]
> To follow your previous line of argument, here you are actually
> wanting to *revert* from the current state of engagement actual
> law enforcement to private outsourcing. From this perticular
> never-cowboy, I see the formation of a lynch mob, temeritas in
> extremis.

Obviously this is not how i see it.
What i see is that country-based authorities don't have (almost) any 
window to act. However, the RIRs (jointly) have.

And even regarding legacy holders, while resources can't be revoked, the 
RIR could potentially stop providing services to "rogue" legacy holders -- 
i was involved in the RIPE proposal to allow services to legacy holders, 
some years ago. And of course, regarding IPv6, the RIRs (jointly) have 
"full authority".

>> If someone wants to explain to me how this very minimalist request is totally
>> unreasonable, I'm all ears.
> This proposal conflates the PDP work by the community on the NRPM
> with ARIN's legal work on [L]RSA. IMO, the proper approach would
> be to file through ACSP, since it specifically exists to take
> "suggestion[s] regarding an existing or potential ARIN service
> or practice" (https://account.arin.net/public/acsp). Very simply,
> suggesting the ARIN BoT update the RSA with very specific language
> regarding hijacking and calling out specific actions or remedies.

I'm not sure i got all of it :-)
Do you think that will work regarding already signed RSAs...?

> That at least express the desired norms in contract, despite the
> reality that most perps will not be under that contract.

You are saying a new rule is bad because will not catch all or the 
majority of cases...? I mostly worry about cases where hijacks are part of 
a well defined business model.

Can we perhaps agree that a "rogue RIR member" could be more harmful 
to the RIR system than a "rogue non-RIR member"...?


> Cheers!
> Joe
> -- 
> Posted from my personal account - see X-Disclaimer header.
> Joe Provo / Gweep / Earthling
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list