<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On May 4, 2019, at 15:02 , Marilson Mapa <<a href="mailto:marilson.mapa@gmail.com" class="">marilson.mapa@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">> I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br class="">> The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities. <br class=""></div><div class=""><br class=""></div><div class="">Owen, this is a position that will certainly be supported by all who have endured prop-266. With respect to items 3, 4 and 5 of your pronouncement, punitive rules could be imposed by ARIN in order to reduce illicit acts.</div></div></div></div></blockquote><div><br class=""></div>The devil is in the details… What punitive rules do you see ARIN being able to enact that would have</div><div>any real effect? How do you see those rules being enforced? Who would those rules be enforced on?</div><div><br class=""></div><div>Consider the typical situation:</div><div><br class=""></div><div>Organization A has an RSA with ARIN and is registered with resource X.</div><div>Organization C has an RSA with another RIR and is registered with resource Y.</div><div>Organization Q has no RSA with any RIR and advertises space X to Organization C.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Organization Q presented Organization C with a fraudulent LOA from Organization A.</div><div><br class=""></div><div>Please explain what punitive rules ARIN could enact in this case.</div><div>Please explain who ARIN would inflict what penalties on and how that would cause</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>organization Q to stop?</div><div>Please explain how ARIN becomes aware that Q’s LOA from A is forged?</div><div><br class=""></div><div>Please provide a detailed suggestion or at least enough of a blueprint that it can lead</div><div>to actionable policy.</div><div><br class=""></div><div>Owen</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class="">Marilson</div><div class=""><br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em sáb, 4 de mai de 2019 às 16:09, Owen DeLong <<a href="mailto:owen@delong.com" target="_blank" class="">owen@delong.com</a>> escreveu:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br class="">
<br class="">
> On May 3, 2019, at 10:13 , Carlos Friaças via ARIN-PPML <<a href="mailto:arin-ppml@arin.net" target="_blank" class="">arin-ppml@arin.net</a>> wrote:<br class="">
> <br class="">
> <br class="">
> <br class="">
> Hi,<br class="">
> <br class="">
> <br class="">
> On Fri, 3 May 2019, Andrew Bagrin wrote:<br class="">
> <br class="">
>> I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?<br class="">
<br class="">
I don’t accept the premise of the question. I think people are perfectly willing to see ARIN expand its involvement in<br class="">
resolving issues of hijacking to the extent that ARIN can have a meaningful impact on the situation. I think others<br class="">
in this discussion have a greatly inflated opinion of ARIN’s powers and capabilities in this regard.<br class="">
<br class="">
> <br class="">
> <proposer hat on><br class="">
> <br class="">
> This is uncharted territory. Some people fear the unknown.<br class="">
<br class="">
I think that is overly dismissive and an inaccurate assessment of most of the opposition to this proposal.<br class="">
<br class="">
Indeed, IMHO, this is actually well charted territory as similar discussions of ARIN’s ability to curtail routing<br class="">
problems have been held before in this and other fora with the consistent outcome that after a period of education,<br class="">
most in the discussion arrive at the same conclusion:<br class="">
<br class="">
1. Most of the resource hijackers are not those who have contracts with ARIN with one notable exception.<br class="">
2. Those with a contract with ARIN generally are those who have committed resource fraud in order to<br class="">
obtain said contract with ARIN and upon sufficient proof, ARIN already has policies and procedures<br class="">
in place to reclaim the resources.<br class="">
3. Stopping hijacking requires an action by those who run routers. ARIN does not run (many) routers.<br class="">
4. ARIN does not control the businesses who run routers.<br class="">
5. ARIN does not have the authority to dictate business practices to ISPs beyond those related to the<br class="">
maintenance of the ARIN registration database.<br class="">
6. The theory that ARIN allocates exclusive rights to use number resources on some amorphous<br class="">
concept known as “the global internet” is a novel idea, but not particularly proximal to reality.<br class="">
<br class="">
>> Why would anyone be against ARIN having a process to help resolve these issues? Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.<br class="">
> <br class="">
> I've learned a lot between proposal versions in RIPE, LACNIC and ARIN.<br class="">
<br class="">
I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br class="">
<br class="">
The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities.<br class="">
<br class="">
Owen<br class="">
<br class="">
_______________________________________________<br class="">
ARIN-PPML<br class="">
You are receiving this message because you are subscribed to<br class="">
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank" class="">ARIN-PPML@arin.net</a>).<br class="">
Unsubscribe or manage your mailing list subscription at:<br class="">
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank" class="">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br class="">
Please contact <a href="mailto:info@arin.net" target="_blank" class="">info@arin.net</a> if you experience any issues.<br class="">
</blockquote></div></div></div>
</div></blockquote></div><br class=""></body></html>