<div dir="ltr"><div dir="ltr"><p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span lang="PT-BR">Hi Keith,</span></p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">After all an exempt comment. No disparagement without
ulterior motives and respectful. You are a rare bird. INCITS must have been
successful in recognizing efforts and professional dedication. <span lang="PT-BR">But we're not perfect, right?</span></p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>you will find that ARIN has a very narrow scope
and no legal power to enforce anything outside of its narrow scope. Any policy
needs to take that narrow scope into account.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Tell me Keith, who wrote this scope? Was this scope imposed
by some supreme authority or was it written by members of the community itself?</p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0.0001pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>The License will terminate automatically upon
any breach by you of the terms of this Policy.</p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>A failure by JCC to enforce any of its rights
under this Policy is not a waiver of those rights or any other rights JCC has
under this Policy.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">This scope was written by you on the JCC. Tell me, is it pro
forma or is it for real?</p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>I recommend reading this blog.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">I read Keith and there is a speech that continues to
resonate in my head: “The main reason that ARIN does not report... does not
report... does not report…</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">And: “ARIN takes route hijacking very seriously, and does
work, where possible, to address these issues.” This is not the stance shown by
the ARIN advisors on the list.</p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>ARIN’s current practice… …includes the
flexibility, investigation, and communication…</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">If the ARIN’s current practice includes the flexibility, investigation,
and communication about BGP Hijacking, why is the development of such a policy
out of scope as well as the legal right to carry it out?</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">“JCC delivers on time and within budget. JCC brings to
projects, not only knowledge and experience, but also software tools and a
robust development and testing environment.”</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">“Successful projects begin with an architecture based on a
thorough understanding of the component parts and how they interact.”</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Who honored the above principles received the INCITS Award.
What prize would you give to ARIN? GoldenPoo?</p><p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Marilson</p></div><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter, 7 de mai de 2019 às 10:52, Keith W. Hare <<a href="mailto:Keith@jcc.com" target="_blank">Keith@jcc.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_5035578517288081237gmail-m_-8360275329377201213WordSection1">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Marilson,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I have not yet seen a complete clear consistent definition of BGP/Route hijacking. Such a definition is a prerequisite to defining a meaningful policy.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">If you read through ARIN’s Documents:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Bylaws (<a href="https://www.arin.net/about/corporate/bylaws/" target="_blank">https://www.arin.net/about/corporate/bylaws/</a>)<u></u><u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Articles of Incorporation (<a href="https://www.arin.net/about/corporate/documents/incorporation/" target="_blank">https://www.arin.net/about/corporate/documents/incorporation/</a>)<u></u><u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Policy Development Process (<a href="https://www.arin.net/participate/policy/pdp/" target="_blank">https://www.arin.net/participate/policy/pdp/</a>)
<u></u><u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Number Resource Policy Manual (<a href="https://www.arin.net/participate/policy/nrpm/" target="_blank">https://www.arin.net/participate/policy/nrpm/</a>)
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">you will find that ARIN has a very narrow scope and no legal power to enforce anything outside of its narrow scope. Any policy needs to take that narrow scope
into account.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">So, within ARIN, a policy proposal needs to:<u></u><u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Clearly define what the proposal is attempting to address<u></u><u></u></span></p>
<p class="gmail-m_5035578517288081237gmail-m_-8360275329377201213MsoListParagraph"><u></u><span style="font-size:11pt;font-family:Symbol;color:rgb(31,73,125)"><span>·<span style="font:7pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Fit into ARIN’s narrow scope<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Yesterday, John Curran provided a link to a blog describing ARIN’s current practices with regard to handling reports of potential route hijacking:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><a href="https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/" target="_blank">https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I recommend reading this blog.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">To me, ARIN’s current practice is a good way of responding to BGP/Route hijacking reports. It includes the flexibility, investigation, and communication necessary
to identify and correct issues. The current practice works by using communication and persuasion. It has the advantage that the details are not codified in policy and so can adjust depending on the actual details and intent discovered during the investigation.<u></u><u></u></span></p>
<p class="MsoNormal"><a name="m_5035578517288081237_m_-8360275329377201213__MailEndCompose"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></a></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Keith<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> ARIN-PPML [mailto:<a href="mailto:arin-ppml-bounces@arin.net" target="_blank">arin-ppml-bounces@arin.net</a>]
<b>On Behalf Of </b>Marilson Mapa<br>
<b>Sent:</b> Monday, May 6, 2019 11:41 PM<br>
<b>To:</b> Owen DeLong <<a href="mailto:owen@delong.com" target="_blank">owen@delong.com</a>><br>
<b>Cc:</b> <a href="mailto:arin-ppml@arin.net" target="_blank">arin-ppml@arin.net</a><br>
<b>Subject:</b> Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">They say that there are more than 80,000 autonomous systems with about one million prefixes. The coexistence of this universe without the BGP seems impossible with equal operability. But the BGP has at its origin a critical design flaw.
Whoever designed it or was ill-intentioned, or assumed that the world would have no borders, would have no economic geopolitical problems, and ISP managers would be a caste of people with unquestionable reputation. The vulnerability in BGP design allows any
of these thousands of ISPs to hijack network traffic.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:10pt;line-height:115%"><span lang="PT-BR" style="font-family:Arial,sans-serif">But Hijack is not a result of system vulnerability. It is the result of the actions of malicious individuals or organizations and the
result of the precariousness of a policy and its customary ill will (or bad intention?) In implementation.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:10pt;line-height:115%"><span lang="PT-BR" style="font-family:Arial,sans-serif">Mr. Owen, I'd like to be able to answer your questions, but I'm not an IT professional and my role is not to tell you how to solve such
problems. My role is to charge solution and ethical behavior because I am your victim.</span><u></u><u></u></p>
<p class="MsoNormal">Yesterday was "out of scope", today "there are no legal powers", tomorrow... only the devil knows.<br>
Mr. Ash's swamp is not on prop-266, it's on this corrupt internet that treats the population as beef cattle.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Why so such resistance? Hmm?...<br>
<br>
Marilson<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">Em seg, 6 de mai de 2019 às 03:42, Owen DeLong <<a href="mailto:owen@delong.com" target="_blank">owen@delong.com</a>> escreveu:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">On May 4, 2019, at 15:02 , Marilson Mapa <<a href="mailto:marilson.mapa@gmail.com" target="_blank">marilson.mapa@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">> I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br>
> The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Owen, this is a position that will certainly be supported by all who have endured prop-266. With respect to items 3, 4 and 5 of your pronouncement, punitive rules could be imposed by ARIN in order to reduce illicit acts.<u></u><u></u></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">The devil is in the details… What punitive rules do you see ARIN being able to enact that would have<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">any real effect? How do you see those rules being enforced? Who would those rules be enforced on?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Consider the typical situation:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Organization A has an RSA with ARIN and is registered with resource X.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Organization C has an RSA with another RIR and is registered with resource Y.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Organization Q has no RSA with any RIR and advertises space X to Organization C.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Organization Q presented Organization C with a fraudulent LOA from Organization A.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Please explain what punitive rules ARIN could enact in this case.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Please explain who ARIN would inflict what penalties on and how that would cause<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">organization Q to stop?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Please explain how ARIN becomes aware that Q’s LOA from A is forged?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Please provide a detailed suggestion or at least enough of a blueprint that it can lead<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">to actionable policy.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Owen<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Marilson<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Em sáb, 4 de mai de 2019 às 16:09, Owen DeLong <<a href="mailto:owen@delong.com" target="_blank">owen@delong.com</a>> escreveu:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal"><br>
<br>
> On May 3, 2019, at 10:13 , Carlos Friaças via ARIN-PPML <<a href="mailto:arin-ppml@arin.net" target="_blank">arin-ppml@arin.net</a>> wrote:<br>
> <br>
> <br>
> <br>
> Hi,<br>
> <br>
> <br>
> On Fri, 3 May 2019, Andrew Bagrin wrote:<br>
> <br>
>> I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?<br>
<br>
I don’t accept the premise of the question. I think people are perfectly willing to see ARIN expand its involvement in<br>
resolving issues of hijacking to the extent that ARIN can have a meaningful impact on the situation. I think others<br>
in this discussion have a greatly inflated opinion of ARIN’s powers and capabilities in this regard.<br>
<br>
> <br>
> <proposer hat on><br>
> <br>
> This is uncharted territory. Some people fear the unknown.<br>
<br>
I think that is overly dismissive and an inaccurate assessment of most of the opposition to this proposal.<br>
<br>
Indeed, IMHO, this is actually well charted territory as similar discussions of ARIN’s ability to curtail routing<br>
problems have been held before in this and other fora with the consistent outcome that after a period of education,<br>
most in the discussion arrive at the same conclusion:<br>
<br>
1. Most of the resource hijackers are not those who have contracts with ARIN with one notable exception.<br>
2. Those with a contract with ARIN generally are those who have committed resource fraud in order to<br>
obtain said contract with ARIN and upon sufficient proof, ARIN already has policies and procedures<br>
in place to reclaim the resources.<br>
3. Stopping hijacking requires an action by those who run routers. ARIN does not run (many) routers.<br>
4. ARIN does not control the businesses who run routers.<br>
5. ARIN does not have the authority to dictate business practices to ISPs beyond those related to the<br>
maintenance of the ARIN registration database.<br>
6. The theory that ARIN allocates exclusive rights to use number resources on some amorphous<br>
concept known as “the global internet” is a novel idea, but not particularly proximal to reality.<br>
<br>
>> Why would anyone be against ARIN having a process to help resolve these issues? Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine
the process. We will all learn from this.<br>
> <br>
> I've learned a lot between proposal versions in RIPE, LACNIC and ARIN.<br>
<br>
I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br>
<br>
The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities.<br>
<br>
Owen<br>
<br>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<u></u><u></u></p>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote></div></div>
</div>