[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
hank at efes.iucc.ac.il
Sat May 4 14:20:03 EDT 2019
On 03/05/2019 20:10, John Curran wrote:
> On 3 May 2019, at 2:02 AM, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
>> On 02/05/2019 21:06, John Curran wrote:
>>> It is certainly possible to change the rights provided with address block issuance to include routing responsibilities, but that’s a rather significant change compared to ARIN’s present scope of operations.
>> So issuing an address block via ARIN is issued in a vacuum with no implied routing responsibilities? I also don't understand why it would be a significant change to add such responsibility.
>> "ARIN hereby allocates to you an IP address block and hereby grants you sole permission to announce that address block to the Internet.”
> Hank -
> Yes, ARIN could add a statement to that effect to the registration services agreement – note that the granting of rights to the address block in the registry is already present, so it’s really the addition of the grant of "sole permission to announce that address block to the Internet” that would be added.
> The problem with such a statement is that it is either: 1) meaningless, or 2) creates obligations on recipients that are not clearly stated.
> The reason why is that ISPs have the ability to configure their routers as they see fit, including deciding what routes they announce and what routes they accept. If the community wants to infringe on this freedom, then we need to be very clear on that point.
> ARIN “granting permission” for an ISP to announce a particular address block doesn’t have any meaning (they already can announce anything they wish) unless it also implies that ARIN doesn’t grant one permission to announce other not-assigned address blocks _and_ that you agree that your unauthorized announcement would be some form of breach of the agreement.
> In effect:. “Address Holder agrees to only route to the Internet its own address blocks, or those address blocks for which it has obtained permission of the registrant as listed in the Internet Number Registry System.”
I could live with that statement. :-)
Now how to proceed and achieve consensus is a totally different story.
On a side note that sentence that you wrote, if written 20 years ago,
would have easily been placed as part of the ARIN policy. It was always
implied yet never spelled out since BGP hijacks were not a weekly
"thing", 20 years ago. Now that hijacks are a weekly, if not a daily
thing, the Internet standard purists see that sentence as the Thanos of
the Internet. Sad.
> Does the reformulation help clarify why the addition of that responsibility might be seen by some as rather significant? If you actually intend it to be a meaningful change, then it should include the corresponding obligation in clear and uncertain terms.
> It’s possible that such a change is reasonable if the community wishes, but absent a clear and unified expression of support, ARIN could not consider adding such obligations to registry customers.
> John Curran
> President and CEO
> American Registry for Internet Numbers
More information about the ARIN-PPML