[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Thu May 2 09:39:36 EDT 2019

Hi Albert, 

El 2/5/19 15:02, "arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com" <arin-ppml-bounces at arin.net en nombre de hostmaster at uneedus.com> escribió:

    On Thu, 2 May 2019, JORDI PALET MARTINEZ via ARIN-PPML wrote:
    >(1) The exclusive right to be the registrant of the Included Number 
    >Resources within the ARIN database;
    >(2) The right to use the Included Number Resources within the ARIN 
    This above kinda sums up the issue.  My understanding is this language 
    comes from the RSA.
    While the document grants the right to be the registrant and use the 
    "Included Number Resources", other language stating that you cannot use 
    someone elses number resources without the permission of the registrant of 
    those OTHER resources is missing from the RSA.  That is what needs fixing.
    Of course, it is not easy to amend the RSA.  Therefore it is being 
    advanced to add the BGP hijacking language to the NRPM, which each ARIN 
    RSA signer has also agreed to follow.
    If the language is added to the NRPM and the hijacker is an ARIN RSA 
    signer, enforcement could be up to and including the revoke of all ARIN 
    resources.  However, all the worldwide resources are NOT assigned to ARIN, 
    therefore nothing can really be done by ARIN in these cases where the 
    hijacker is NOT an ARIN member.
    As a result, the Advisory Committee declared it totally out of scope, even 
    though it does appear in scope if the hijacking is being done by an ARIN 
    RSA signer.
    Unless this conflict can be solved, it is out of scope, at least when it 
    would be applied to non ARIN RSA signers.  However, I think it is in scope 
    when hijacking of ARIN assigned resources occur by an ARIN RSA signer.

When a policy proposal is sent to a specific RIR, I understand that if finally, that results, thru the PDP, in a policy, will be only in scope of the members of that RIR.

That's why, we have two ways of doing it:
1) A global policy, which requires same text reach consensus in all the 5 RIRs (and it may be more difficult and slower to achieve), or
2) An equivalent policy in each of the 5 RIRs, which is the path we decided for this specific policy proposal.

So, I don't see a "conflict" in that aspect, just part of the process, and as you say, a proposal can't be declared out-of-scope because "it will only apply" to this or that region.

When I've observed similar problems in the policy manuals of different regions, I always tried to follow the same path, and most of the time, it works, because even having different "cultures", we all work in the same Internet.

    Albert Erdmann
    Network Administrator
    Paradise On Line Inc.
    You are receiving this message because you are subscribed to
    the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
    Unsubscribe or manage your mailing list subscription at:
    Please contact info at arin.net if you experience any issues.

IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

More information about the ARIN-PPML mailing list