<div dir="ltr"><div dir="ltr"><p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Owen, I almost cried with the paradise you described.</p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0.0001pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>people of good will and good character</p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>like a small town where everyone could leave
their doors unlocked</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">In the 20th century? Steve Jobs described a very different
environment. I was there and I was already an adult, and this paradise only
existed in the hippy communities sprinkled with marijuana.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Besides, I did not mention the creation of the Internet.
Read again: “But the BGP has at its origin a critical design flaw.”</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">I mentioned the creation of BGP that replaced EGP, with
policy-based routing, a routing based on a set of non-technical rules, defined
by Autonomous Systems, to BGP4 designed to withstand the problems caused by the
great growth of the Internet.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">I have a file with 1.3 GB of criminal attitudes from ISPs,
Registrars and ICANN, protecting and hiding spammers and scammers. Scammers who
were often the providers themselves. Since 2014 I have sent spam and scam
reports to these institutions. There were hundreds of ISPs, and everyone,
without exception, protected and concealed their customers. So keep these old
wives’ tale for your grandchildren.</p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>perhaps you would have a legitimate accusation </p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">One? I have 1.3 GB. You insist on disqualifying me for not
having the technical competence to discuss these problems. Not being the
professional that you are, is a reason for pride. If not, let's see: I am an
architect and urban planner. I have been trained to provide comfort, security
and well-being to people in their homes, workplaces, amusements and in multiple
activities inside and outside the buildings. While your profession is marked by
providing irritation and malaise to billions of people.))</p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0.0001pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>I’m telling you that I don’t have good answers
to those questions and that I believe the RIRs to be the wrong tool for the
job.</p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0.0001pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>You are again mistaken.</p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0cm 0cm 10pt 36pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif"><span style="font-family:Wingdings">Ø<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span>Yesterday was “out of scope” and today I believe
it is still out of scope.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">It is outside the scope of the Registrars, it is outside the
scope of the RIRs, it is outside the scope of ICANN ... It is out of the scope
of all. Should we appeal to Pope Francis? <span lang="PT-BR">Maybe to the Queen of England...</span></p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">This situation you created is very comfortable, is not it?
When no one is responsible we have no one's land. Not the paradise you created
in the 20th century. But your old wild far west of the 18th and 19th centuries.
The insistence on not demanding ethical behavior from the community and respect
for their AUPs and ToSs takes them to the police pages of the newspapers. The
Economist coined the acronym BAADD for tech giants as a threat to democracy. I
coined the acronym GGM21C - the Great Global Mafia of the 21st Century. The
billionaires fines are being applied and the community insists on doing
nothing.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">I repeat: Mr. Ash's swamp is not on prop-266, it's on this
corrupt internet that treats the population as beef cattle.</p>
<p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%;font-size:12pt;font-family:Calibri,sans-serif">Marilson</p></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter, 7 de mai de 2019 às 15:43, Owen DeLong <<a href="mailto:owen@delong.com">owen@delong.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;"><br><div><br><blockquote type="cite"><div>On May 6, 2019, at 8:40 PM, Marilson Mapa <<a href="mailto:marilson.mapa@gmail.com" target="_blank">marilson.mapa@gmail.com</a>> wrote:</div><br class="gmail-m_-5527048640209070244Apple-interchange-newline"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">They say that there are more than 80,000 autonomous systems with about one million prefixes. The coexistence of this universe without the BGP seems impossible with equal operability. But the BGP has at its origin a critical design flaw. Whoever designed it or was ill-intentioned, or assumed that the world would have no borders, would have no economic geopolitical problems, and ISP managers would be a caste of people with unquestionable reputation. The vulnerability in BGP design allows any of these thousands of ISPs to hijack network traffic.</div><div dir="ltr"><br><p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%"><span lang="PT-BR"><font face="arial, helvetica, sans-serif">But Hijack is not a result of system vulnerability. It is the result of the actions of malicious individuals or organizations and the result of the precariousness of a policy and its customary ill will (or bad intention?) In implementation.</font></span></p></div></div></div></div></div></div></div></blockquote>You are quite mistaken in some of your beliefs here.</div><div><br></div><div>The design of BGP occurred in an era when the assumption that all participants in the internet were people of good will and good character was completely valid and perfectly acceptable. It was a time when we were all able to run telnet and rsh servers on our hosts without significant fear of exploitation. A time when the internet was a community that, while geographically diverse, was much more like a small town where everyone could leave their doors unlocked and if you needed medicine in the middle of the night, there was no problem walking into the local pharmacy and leaving the money on the counter with a note explaining your situation.</div><div><br></div><div>In such an environment, it’s perfectly understandable that people did not design protocols for security because it simply didn’t occur to us that this would be an issue. The web browser hadn’t been invented, let alone the concept of e-commerce. There was little to be gained from redirecting people’s packets full of email and ftp data.</div><div><br></div><div>In essence, you are accusing malice and/or incompetence against engineers who were operating in a vastly different environment with very different design criteria from what exists today. If we were starting from scratch building the internet routing system today, knowing then what we know now, perhaps you would have a legitimate accusation.</div><div><br><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p class="MsoNormal" style="margin:0cm 0cm 10pt;line-height:115%"><span lang="PT-BR"><font face="arial, helvetica, sans-serif">Mr. Owen, I'd like to be able to answer your questions, but I'm not an IT professional and my role is not to tell you how to solve such problems. My role is to charge solution and ethical behavior because I am your victim.</font></span></p></div></div></div></div></div></div></div></blockquote><div><br></div>Then please listen to those who have greater knowledge and understand that you must approach the parties capable of solving the problem if you actually want to see the problem solved.</div><div><br></div><div>The current approach being undertaken is sort of like going to Hershey’s and complaining about the flavor of M&Ms.</div><div><div><br></div><div>You claim you are unable to answer my questions because you are not an IT professional, yet my questions were not of a technical nature.</div><div><br></div><div>My questions were of a political and policy nature. Either you can answer them with policy ideas, or, you should at least recognize that these questions need to be answered if we are to formulate a policy idea which has any chance of producing effect from the RIRs. I am an IT professional and I’m also pretty well versed in the RIR system and policies. I’m telling you that I don’t have good answers to those questions and that I believe the RIRs to be the wrong tool for the job. If you wish to tell me that I am wrong about that, then the obligation falls to you to provide some contrary evidence and some idea which can be implemented or at least some answers to those questions.<br><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"></div></div></div></div></div></blockquote></div><div><br></div></div><div><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Yesterday was "out of scope", today "there are no legal powers", tomorrow... only the devil knows.<br></div></div></div></div></div></div></div></blockquote><div><br></div>You are again mistaken.</div><div><br></div><div>Yesterday was “out of scope” and today I believe it is still out of scope. ARIN also lacks any legal authority to manage other people’s routers or do anything more than suggest how they do so. These are not mutually exclusive and there is no time sequence to them. These are simply the facts of the situation as it exists today, existed yesterday, and will continue to exist until something changes. If you want to change the legal powers of the RIRs, then I suggest you approach the legislators who are able to do so. I personally think this would be a bad idea, but if you are determined to use the RIRs as a vehicle to solve this problem, then that is a prerequisite.</div><div><br></div><div><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Mr. Ash's swamp is not on prop-266, it's on this corrupt internet that treats the population as beef cattle.</div><div dir="ltr">Why so such resistance? Hmm?…</div></div></div></div></div></div></div></blockquote><div><br></div>I am not resistant to the idea of solving the hijacking problem. I am attempting to point out that you cannot solve it through the RIRs because you are attempting to use a fly swatter to drive a nail. It’s simply not the correct tool and it simply won’t get the job done.</div><div><br></div><div>Owen</div><div><br></div><div><br></div><div><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br>Marilson<br></div><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em seg, 6 de mai de 2019 às 03:42, Owen DeLong <<a href="mailto:owen@delong.com" target="_blank">owen@delong.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br><div><br><blockquote type="cite"><div>On May 4, 2019, at 15:02 , Marilson Mapa <<a href="mailto:marilson.mapa@gmail.com" target="_blank">marilson.mapa@gmail.com</a>> wrote:</div><br class="gmail-m_-5527048640209070244gmail-m_-7415369741103831333Apple-interchange-newline"><div><div dir="ltr"><div dir="ltr"><div>> I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br>> The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities. <br></div><div><br></div><div>Owen, this is a position that will certainly be supported by all who have endured prop-266. With respect to items 3, 4 and 5 of your pronouncement, punitive rules could be imposed by ARIN in order to reduce illicit acts.</div></div></div></div></blockquote><div><br></div>The devil is in the details… What punitive rules do you see ARIN being able to enact that would have</div><div>any real effect? How do you see those rules being enforced? Who would those rules be enforced on?</div><div><br></div><div>Consider the typical situation:</div><div><br></div><div>Organization A has an RSA with ARIN and is registered with resource X.</div><div>Organization C has an RSA with another RIR and is registered with resource Y.</div><div>Organization Q has no RSA with any RIR and advertises space X to Organization C.</div><div><span class="gmail-m_-5527048640209070244gmail-m_-7415369741103831333Apple-tab-span" style="white-space:pre-wrap"> </span>Organization Q presented Organization C with a fraudulent LOA from Organization A.</div><div><br></div><div>Please explain what punitive rules ARIN could enact in this case.</div><div>Please explain who ARIN would inflict what penalties on and how that would cause</div><div><span class="gmail-m_-5527048640209070244gmail-m_-7415369741103831333Apple-tab-span" style="white-space:pre-wrap"> </span>organization Q to stop?</div><div>Please explain how ARIN becomes aware that Q’s LOA from A is forged?</div><div><br></div><div>Please provide a detailed suggestion or at least enough of a blueprint that it can lead</div><div>to actionable policy.</div><div><br></div><div>Owen</div><div><br><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div><br></div><div>Marilson</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em sáb, 4 de mai de 2019 às 16:09, Owen DeLong <<a href="mailto:owen@delong.com" target="_blank">owen@delong.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
> On May 3, 2019, at 10:13 , Carlos Friaças via ARIN-PPML <<a href="mailto:arin-ppml@arin.net" target="_blank">arin-ppml@arin.net</a>> wrote:<br>
> <br>
> <br>
> <br>
> Hi,<br>
> <br>
> <br>
> On Fri, 3 May 2019, Andrew Bagrin wrote:<br>
> <br>
>> I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?<br>
<br>
I don’t accept the premise of the question. I think people are perfectly willing to see ARIN expand its involvement in<br>
resolving issues of hijacking to the extent that ARIN can have a meaningful impact on the situation. I think others<br>
in this discussion have a greatly inflated opinion of ARIN’s powers and capabilities in this regard.<br>
<br>
> <br>
> <proposer hat on><br>
> <br>
> This is uncharted territory. Some people fear the unknown.<br>
<br>
I think that is overly dismissive and an inaccurate assessment of most of the opposition to this proposal.<br>
<br>
Indeed, IMHO, this is actually well charted territory as similar discussions of ARIN’s ability to curtail routing<br>
problems have been held before in this and other fora with the consistent outcome that after a period of education,<br>
most in the discussion arrive at the same conclusion:<br>
<br>
1. Most of the resource hijackers are not those who have contracts with ARIN with one notable exception.<br>
2. Those with a contract with ARIN generally are those who have committed resource fraud in order to<br>
obtain said contract with ARIN and upon sufficient proof, ARIN already has policies and procedures<br>
in place to reclaim the resources.<br>
3. Stopping hijacking requires an action by those who run routers. ARIN does not run (many) routers.<br>
4. ARIN does not control the businesses who run routers.<br>
5. ARIN does not have the authority to dictate business practices to ISPs beyond those related to the<br>
maintenance of the ARIN registration database.<br>
6. The theory that ARIN allocates exclusive rights to use number resources on some amorphous<br>
concept known as “the global internet” is a novel idea, but not particularly proximal to reality.<br>
<br>
>> Why would anyone be against ARIN having a process to help resolve these issues? Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.<br>
> <br>
> I've learned a lot between proposal versions in RIPE, LACNIC and ARIN.<br>
<br>
I have no opposition to doing something if we can get a proposal that offers something that ARIN can do.<br>
<br>
The first step must be to identify what ARIN can do and accept what is beyond ARIN’s mandate and capabilities.<br>
<br>
Owen<br>
<br>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div></div></div>
</div></blockquote></div><br></div></blockquote></div></div></div></div></div></div>
</div></blockquote></div><br></div></blockquote></div></div>