<div dir="ltr"><div>Now there is a constructive suggestion that I can easily support; create a system that monitors routing and actively notifies you when your routing doesn't conform to your published routing policy. There are and have been services that kind of do that, BGPmon, etc... But, they were more focused on detecting other people announcing your space, and they didn't check against IRR data, some of them have started to do RPKI though. </div><div><br></div><div>However, is ARIN or the other RIRs the place to do that? Maybe. But, even if ARIN is the place to do that, the path for that is the ACSP, not the PDP.</div><div><br></div><div>Thanks</div><div><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 3, 2019 at 12:58 PM Andrew Bagrin <<a href="mailto:abagrin@omninet.io">abagrin@omninet.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">If our engineers mistype an IP in the BGP advertisement, I would want a mechanism to notify me right away. Coming from ARIN would validate it's a real issue and not some random email that we all ignore. <div>I personally do not see lynch mob. Punishment should only come with reluctant to comply. </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 3, 2019 at 1:22 PM David Farmer <<a href="mailto:farmer@umn.edu" target="_blank">farmer@umn.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Simply getting involved in hijacking is not what is proposed. And, by the way, ARIN and the other RIRs already are involved, heard of RPKI, IRR, etc... You can't say the problem is being ignored. Are these responses truly effective? Maybe not. Do we need to do more? Probably. Is this the answer? Maybe, but it really scares me.</div><div><br></div><div>This proposal wants ARIN and the other RIRs to penalize hijacking. To do this someone has to judge the intent behind these events. From the other side of the Internet, it is difficult with any certainty to tell the difference between a typo and malicious activity in many of these events. </div><div><br></div><div>Have you ever been on a jury in a murder trial? I have. The difference between the various counts of murder and manslaughter basically comes down to determining the intent involved in the actions causing the death of another human being. If you are involved in the death of someone and even if there is no culpable negligence or intent on your part, such an event is important enough for society to scrutinize your actions.</div><div><br></div><div>So, I have some questions back to you; </div><div>Have you ever mistyped an IP address or an ASN? </div><div>Across the Internet, how many mistyped IP addresses and ASNs occur on a daily basis? </div><div><br></div><div>This proposal asks ARIN and the other RIRs to create a system to scrutinize the actions of network operators and also impose penalties for those actions. This is not something that should be taken lightly. It is possible anyone on this mailing list will have to have their actions judged by this system. The proponents of this proposal want you to think this proposal only affects hijackers. That is not the case, this proposal affects anyone who operates a router. It puts anyone who operates a router in jeopardy of losing their Internet resources, for possibly something as innocent as making a typo in their router config. </div><div><br></div><div>Do we really need and want to go there? I'm not saying no, but let's be really sure. And we have to make sure we get the system right, because any one of us may have to be judged by this system. When I look at this proposal, I don't see enough due process or safeguards involved that I feel comfortable subjecting myself to it. </div><div><br></div><div>To be honest, I see more of a lynch mob mentality then true justice in this proposal.</div><div><br></div><div>When evaluating this proposal, don't envision a hijacker being judged, envision yourself being judged by this system, because you just might be. </div><div><br></div><div>Thanks</div><div><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 3, 2019 at 9:05 AM Andrew Bagrin <<a href="mailto:abagrin@omninet.io" target="_blank">abagrin@omninet.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?<div><br></div><div>Are you doing hijacking and don't want interference?</div><div>Are you running a competitive service that you charge for?</div><div><br></div><div>Does anyone believe there is a valid reason to hijack and advertise IP space that you do not own? (when the owner of that space does not want you to advertise it)</div><div><br></div><div>Why would anyone be against ARIN having a process to help resolve these issues? Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 2, 2019 at 10:08 PM Marilson Mapa <<a href="mailto:marilson.mapa@gmail.com" target="_blank">marilson.mapa@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>The president of ARIN describes his institution as an RIR with appropriate and functional policies. This is what we can deduce from his speech whenever he describes the performance of his institution. This same attitude can be seen in RIPE.</div><div><br></div><div>"Violation can have consequence".</div><div><br></div><div>It seems that the expression "can have" should be understood as "almost never", after all how to explain the rot that permeates the global Internet? The complaints, the lawsuits, the fines are becoming more and more frequent.</div><div>I have today received as a member of BPF Cybersecurity the document **<i>UN 1st Committee Processes on Responsible State Behaviour in Cyberspace explainer**. </i>This 25-page document, addressed to ICANN, reports what they call disastrous behavior. It was drafted by Rubin International Law Firm and Notary of Israel for a Jewish religious institution. </div><div><br></div><div>Basically they are demanding:</div><div>"We require ICANN to terminate immediately the activities fostering Internet addiction, including the performance of relevant IANA functions, relevant gTLD activities, relevant Registry Operators' activities, relevant ICANN-accredited registrars' activities, including through RESP and amendments of registry and registrar agreements and to refrain from renewing the .info registry agreement with Afilias unless Afilias and its related companies terminate immediately activities fostering Internet addiction and the .info registry agreement is amended to prohibit Internet addiction activities."<br></div><div><br></div><div>It's just one of the thousands of complaints popping up around the globe. And ARIN does not move a finger... It's out of the scope...<br></div><div><br></div><div>Marilson</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qui, 2 de mai de 2019 às 17:01, John Curran <<a href="mailto:jcurran@arin.net" target="_blank">jcurran@arin.net</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> On May 2, 2019, at 2:12 PM, Carlos Friaças via ARIN-PPML <<a href="mailto:arin-ppml@arin.net" target="_blank">arin-ppml@arin.net</a>> wrote:<br>
> ...<br>
> It seems evident that a RIR can't revoke legacy space. Ever.<br>
<br>
Carlos -<br>
<br>
In the case of ARIN that would be incorrect, as ARIN has revoked legacy address space from parties that have violated registry policies.<br>
<br>
ARIN registry policies are applicable to all parties in the registry - those legacy holders under RSA do have specific terms and conditions (and a reduced fee schedule), but ARIN registry policies are applicable regardless and violation can have consequence.<br>
<br>
Thanks!<br>
/John <br>
<br>
John Curran<br>
President and CEO<br>
American Registry for Internet Numbers<br>
<br>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div></div></div></div></div></div></div></div></div></div></div>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_2763890888300529056gmail-m_-5580924594981047028m_-8618817056978280407gmail_signature">===============================================<br>David Farmer <a href="mailto:Email%3Afarmer@umn.edu" target="_blank">Email:farmer@umn.edu</a><br>Networking & Telecommunication Services<br>Office of Information Technology<br>University of Minnesota <br>2218 University Ave SE Phone: 612-626-0815<br>Minneapolis, MN 55414-3029 Cell: 612-812-9952<br>=============================================== </div></div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">===============================================<br>David Farmer <a href="mailto:Email%3Afarmer@umn.edu" target="_blank">Email:farmer@umn.edu</a><br>Networking & Telecommunication Services<br>Office of Information Technology<br>University of Minnesota <br>2218 University Ave SE Phone: 612-626-0815<br>Minneapolis, MN 55414-3029 Cell: 612-812-9952<br>=============================================== </div></div>