[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Joe Provo ppml at rsuc.gweep.net
Wed May 1 16:17:45 EDT 2019

He Carlos,

On Wed, May 01, 2019 at 08:52:58PM +0100, Carlos Fria?as wrote:
> On Wed, 1 May 2019, Joe Provo wrote:
> (...)
> >> By way of analogy, ARIN paints the lines on the roads and strongly encourages
> >> everyone to stay in their own lane and to try to drive at all times on the
> > [snip]
> >
> > Nope; ARIN is a registry. More appropriate analogies would be a
> > registry of deed or title that manage policy regarding subdividing
> > the same. When there's a conflict regarding such registrations in
> > the Real World (in our region), you go to law enforcement and courts.
> > Shockingly, that's what's encouraged in our cases.
> Hi,
> I have some trouble with the "registry of deed or title" analogy, because 
> those (as i understand it) don't have a distribution function, nor are 
> membership-based.

"Distribution function" is indeed merely agreeing that the data 
recorded in the registry is accurate. There's no dibursement of
anything. When we bought our house and land, the registry of 
deeds was similar only involved in verifying that the transfer 
from the previous holders to us was a valid contract within the
scope of its operations (the state in which we live). When a 
neighbor was doing a construction project and we had to go block
their heavy equipment, the registrar of deeds sure didn't come
and settle the dispute. We went down, got the county map and 
they agreed. if they hadn't, law enforcement and courts would 
have been the next step.

This, like all Internet analogies, is poor; my thrust is that rfg's
is worse. To parallel ARIN with a transportation agency's "line 
drawing" and officials embued with law enforcement is wildly off 

> > This proposal conflates the PDP work by the community on the NRPM
> > with ARIN's legal work on [L]RSA. IMO, the proper approach would
> > be to file through ACSP, since it specifically exists to take
> > "suggestion[s] regarding an existing or potential ARIN service
> > or practice" (https://account.arin.net/public/acsp). Very simply,
> > suggesting the ARIN BoT update the RSA with very specific language
> > regarding hijacking and calling out specific actions or remedies.
> I'm not sure i got all of it :-)
> Do you think that will work regarding already signed RSAs...?

I invite you to review the RSA FQA (
https://www.arin.net/about/corporate/agreements/rsa_faq/ ) where
this is specifically addressed under the question "The RSA has 
limited ARIN's authority to modify the agreement without prior 
consent, as described in section 1(d)(the same authority was in 
an unnumbered paragraph previously).  What is the change about?"
> > That at least express the desired norms in contract, despite the
> > reality that most perps will not be under that contract.
> You are saying a new rule is bad because will not catch all or the 
> majority of cases...? 

No, I'm saying this is pointles as the ARIN NRPM (as driven 
through the PDP) is not the place to speak to ARIN legal 
agreements ([L]RSA) or business practices.  But that is now 
up to the BoT to decide WRT this being "in scope" for the PDP.



Posted from my personal account - see X-Disclaimer header.
Joe Provo / Gweep / Earthling 

More information about the ARIN-PPML mailing list