<div dir="ltr">I agree with David, that a simple one-word change here would be best, and we should clarify the problem statement to refer to the "perverse reading" as "implicit", not "explicit".<div><br></div><div>I think the "actual" vs. "current" language is just a (fairly common) translation issue/misunderstanding: as I understand it, "actual" in the original proposer's native language best translates to "current" in English (and "real" translates to "actual").</div><div><br></div><div>-Scott</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 26, 2019 at 4:35 PM David Farmer <<a href="mailto:farmer@umn.edu">farmer@umn.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I agree with others, the problem statement needs to be simplified and clarified significantly. Furthermore, the only change in the policy text needed is to add "authroized" to the current text, as in "authorized third parties". More provided inline;</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 25, 2019 at 4:18 PM ARIN <<a href="mailto:info@arin.net" target="_blank">info@arin.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 20 June 2019, the ARIN Advisory Council (AC) accepted "ARIN-prop-275: <br>
Hijacking Authorization Not-intended" as a Draft Policy.<br></blockquote><div>... </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Draft Policy ARIN-2019-15: Hijacking Authorization Not-intended<br>
<br>
Problem Statement:<br>
<br>
When prop-254 (Clarification on IPv6 Sub-assignments), it was not <br>
related, neither intended, to modify the “exclusivity” criterion.<br></blockquote><div><br></div><div>It is not clear to me what this paragraph is intended to mean.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Of course, it was not intended to provide an explicit authorization for <br>
incidental or transient uses of address space by third parties, which in <br>
fact it is a hijacking of addresses.<br></blockquote><div><br></div><div>In no way is "explicit authorization" provided to do anything like hijacking a prefix by the statement called out. At best, you could argue that "implicit authorization" is provided and that is a rather perverse interpretation of the text.</div><div><br></div><div>Explicit - stated clearly and in detail, leaving no room for confusion or doubt.</div><div><span style="font-family:Roboto,arial,sans-serif">Implicit - implied though not plainly expressed.</span><br></div><div><br></div><div>However, I would argue that the whole statement implies authorization by the recipient for anything and the fix to any problems is to explicitly restrict the statement to "authorized third parties". Changing much more than that risks changing the meaning in subtle and unintended ways, and it was hard enough to agree on what we have now.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
However, surprisingly, the resulting text (last paragraph of the NRPM <br>
section 2.5), after the ARIN AC editorial process, is doing that.<br>
<br>
This policy proposal tries to fix this specific text in the NRPM section <br>
2.5 to avoid that misinterpretation.<br></blockquote><div><br></div><div><div>Maybe replace the whole problem statement with;</div><div><br></div><div>ARIN-2018-4: Clarification on Temporary Sub-Assignments, could be perversely interrupted to imply the unauthorized use of a prefix "by third parties" is allowed, such as prefix hijacking. This is clearly not intended. The solution to this is to explicitly restrict the statement to "authorized third parties." </div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Policy Statement:<br>
<br>
Actual Text<br></blockquote><div><br></div><div>This should be "Current Text", as the intent of any policy proposal is to change the "Actual Text", that is the intent is for the "New Text" to become the "Actual Text". </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Note that the incidental or transient use of address space by third <br>
parties shall not be considered a reassignment or a violation of the <br>
exclusive use criterion.<br>
<br>
New Text<br>
<br>
Note that the incidental or transient use of address space by third <br>
parties, within the network of the recipient organization, shall not be <br>
considered a reassignment or a violation of the exclusive use criterion<br></blockquote><div><br></div><div>This text possibly solves prefix hijacking but probably creates new issues. However, if the original text implies prefix hijacking is permitted, it also implies unauthorized attachments to a network are permitted, and this proposed text wouldn't fix that problem. </div><div><br></div><div>I think the "New Text" should be the following;</div><div><br></div><div>Note that the incidental or transient use of address space by authorized third parties shall not be considered a reassignment or a violation of the exclusive use criterion.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Timetable for Implementation: Immediate<br>
<br>
Anything Else:<br>
<br>
Situation in other regions: There is not equivalent explicit hijacking <br>
authorization in other RIRs.<br></blockquote><div><br></div><div>Again I take exception to "explicit hijacking authorization", there is nothing in the entire NRPM that explicitly authorizes the hijacking of prefixes, let alone the current statement called out. I'd suggest striking this paragraph.</div><div><br></div><div>Thanks.</div><div><br></div></div><div dir="ltr" class="gmail-m_-8455230733949488799gmail_signature">===============================================<br>David Farmer <a href="mailto:Email%3Afarmer@umn.edu" target="_blank">Email:farmer@umn.edu</a><br>Networking & Telecommunication Services<br>Office of Information Technology<br>University of Minnesota <br>2218 University Ave SE Phone: 612-626-0815<br>Minneapolis, MN 55414-3029 Cell: 612-812-9952<br>=============================================== </div></div>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div>