[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Owen DeLong owen at delong.com
Wed May 8 15:18:49 EDT 2019

> On May 7, 2019, at 7:46 PM, Marilson Mapa <marilson.mapa at gmail.com> wrote:
> Owen, I almost cried with the paradise you described.
> Ø  people of good will and good character
> Ø  like a small town where everyone could leave their doors unlocked
> In the 20th century? Steve Jobs described a very different environment. I was there and I was already an adult, and this paradise only existed in the hippy communities sprinkled with marijuana.
Actually, I visited such a place in 2005 as an adult.  The place was Naithon, Phuket, Thailand.

It is not a hippy community at all and I did not encounter any Marijuana there. I’m sure it was probably available (it was illegal there at the time, but many laws in Thailand have rather limited enforcement and for the most part as long as you’re not harming anyone or making a fool of yourself in public it’s live and let live), but I wasn’t looking for it. I didn’t encounter the aroma of anyone else imbibing.

> Besides, I did not mention the creation of the Internet. Read again: “But the BGP has at its origin a critical design flaw.”
BGP was created during a time in the internet before the WWW and before all of the problems it brought to the internet.

In fact, BGP version 4 (the still current version) existed during this early time in the internet. I was there. I was an adult. I was running routers. You, by your own admission, were not running routers at the time, so perhaps accept that I know somewhat more about this history than you do.

> I mentioned the creation of BGP that replaced EGP, with policy-based routing, a routing based on a set of non-technical rules, defined by Autonomous Systems, to BGP4 designed to withstand the problems caused by the great growth of the Internet.
Yes, I remember it well. BGP4’s major enhancement vs. prior versions was the introduction of CIDR to cope with the growth of the routing table. This was a problem encountered well before the frenzy of e-commerce, web sites, etc. Literally, people were still managing routers with Telnet. BARRnet was still propagating RIP announcements from their customers into BGP. The security model at the time on the internet was literally that of a small town where only good actors were expected to participate.

> I have a file with 1.3 GB of criminal attitudes from ISPs, Registrars and ICANN, protecting and hiding spammers and scammers. Scammers who were often the providers themselves. Since 2014 I have sent spam and scam reports to these institutions. There were hundreds of ISPs, and everyone, without exception, protected and concealed their customers. So keep these old wives’ tale for your grandchildren.

On the internet back then, a lot happened in 8 years… BGP4 was introduced with RFC-4271 in 2006. We must consider the environment of that time when we are going to judge those who designed and built BGP4, not the environment of 2014.

> Ø  perhaps you would have a legitimate accusation
> One? I have 1.3 GB. You insist on disqualifying me for not having the technical competence to discuss these problems. Not being the professional that you are, is a reason for pride. If not, let's see: I am an architect and urban planner. I have been trained to provide comfort, security and well-being to people in their homes, workplaces, amusements and in multiple activities inside and outside the buildings. While your profession is marked by providing irritation and malaise to billions of people.))
No, you have 1.3GB of accusations against bad actors on the internet 8+ years after BGP4 was created. I am talking about your accusations against the designers of BGP4.

> Ø  I’m telling you that I don’t have good answers to those questions and that I believe the RIRs to be the wrong tool for the job.
> Ø  You are again mistaken.
> Ø  Yesterday was “out of scope” and today I believe it is still out of scope.
> It is outside the scope of the Registrars, it is outside the scope of the RIRs, it is outside the scope of ICANN ... It is out of the scope of all. Should we appeal to Pope Francis? Maybe to the Queen of England…
It is in the scope of those who run routers… Find them in ISP fora and at the IETF.

It is in the scope of the legislators who choose to regulate these things… Find them in whatever governmental structures apply in your locale.

You say “registrars” and “RIRs” as if they are separate groups. The RIRs are the registrars/registries for numbers. If you’re talking about DNS registrars, then I’m not sure how they entered this thread as we’re talking about the hijacking of numbers and names do not enter the discussion.

Since ICANN’s only role in numbers is to maintain the central free pool and pass large blocks of numbers to the RIRs upon validated request, I’m not sure what role you think they could have in addressing numbers hijacking, but please do explicate.

I’m pretty sure this is out of scope for the Pope unless you want to pass laws governing the hijacking of numbers within the country known as the Vatican or set policies that Catholic Churches will not hijack other entity’s routes. (To the best of my knowledge, the Catholic Church for all it’s many foibles is not a significant source of BGP hijacking, someone please correct me if I’m wrong about that).

I suppose the Queen of England could serve as your advocate in parliament if you convince her, but I suspect you’re more likely to have greater success in approaching MPs directly. Given your writing style, I suspect you should start with the house of commons, but you’re certainly free to contact the lords if that is your preference.

> This situation you created is very comfortable, is not it? When no one is responsible we have no one's land. Not the paradise you created in the 20th century. But your old wild far west of the 18th and 19th centuries. The insistence on not demanding ethical behavior from the community and respect for their AUPs and ToSs takes them to the police pages of the newspapers. The Economist coined the acronym BAADD for tech giants as a threat to democracy. I coined the acronym GGM21C - the Great Global Mafia of the 21st Century. The billionaires fines are being applied and the community insists on doing nothing.
Actually, the situation I have described (not created) is not comfortable at all. If I can find a way that ARIN is responsible and can control the situation, then I can find a way that the problem can be solved relatively easily. Unfortunately, since I live in reality, I must describe the situation as it actually exists on the ground and not how we might imagine we wish it had been created.

I have never said that no-one is responsible. I have said that those who run routers are responsible. Those who propoagate illegitimate advertisements are responsible. Those who originate illegitimate advertisements are responsible. Those who accept illegitimate advertisements are partially responsible and fully responsible if they pass them along to others. The one thing that ALL of those people who are responsible have in common… THEY RUN ROUTERS.

> I repeat: Mr. Ash's swamp is not on prop-266, it's on this corrupt internet that treats the population as beef cattle.
I’m guessing this is some reference to Pokemon (based on brief Google search). Afraid I’m not familiar.

In any case, it’s hard for me to understand what you mean by “this corrupt internet” since there is not really any single cohesive entity that can be called “the internet”. What we refer to for convenience as “the internet” is the very large collection of thousands (maybe even millions) of independently owned and operated networks that happen to use the same protocol and through a variety of mechanisms make it possible for packets from any node on any one of them to reach virtually any other node on any of the networks in question.

Referring to “this corrupt internet” is kind of like referring to “this corrupt race” or “this corrupt society” or “this corrupt planet full of inhabitants”. It has no legitimate meaning.

In any group so large, one will have a variety of actors. Whether any individual actor is good or bad is a value judgment made by individuals, laws, governments, courts, or others.

Whether a society as a whole is corrupt is a much more difficult classification and is generally unlikely to be accurate in either direction due to the presence of both corrupt and non-corrupt individuals in any given group.


P.S. I don’t mind waiting two weeks for your reply… I’ll still be here.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190508/75269fe5/attachment-0002.html>

More information about the ARIN-PPML mailing list