<div dir="ltr">While I concur that this proposal is out of scope for the PDP. This matter concerns the terms and conditions of the RSA contract between ARIN, it's members, and other resource holders, the details of which are not within the scope of the PDP but are in the purview of the Board of Trustees. However, I still think the ARIN community should consider and discuss this matter and work with the Board and Staff to address it to the extent possible.<div><div><br></div><div>To that end, looking at Route Hijacking more generically, what is it? It is announcing a route for IP addresses registered to someone else or using an ASN registered to someone else to announce routes, without the permission of the registrant. Or more simply, it is one of many ways of disrupting or interfering with a third party's use of services provided to them by ARIN. Where the service provided by ARIN, in this case, is the unique registration of IP addresses and ASNs, which is effectively the primary mission of and service provided by ARIN and the other RIRs.</div><div><br></div><div>So, If Route Hijacking is thought of as interfering with or disrupting a service provided by ARIN, then the RSA seems to addresses the situation already, clause 2.(d), the "Prohibited Conduct", and in particular, sub-clause (i) "disrupt or interfere with the security or use of any of the Services". </div><div><br>Then such interference would then trigger clause 13(b), "Suspension of Services or Termination of Agreement for Cause by ARIN." From there, upon notice, and with an opportunity to cure and/or to dispute the situation in most cases, ARIN will per clause 13(e)(i), "immediately revoke the Included Number Resources and otherwise cease providing the Services."<br></div></div><div><br></div><div>ARIN already has publicized how it handles reports of Route Hijacking;</div><div><a href="https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/">https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/</a><br></div><div><br></div><div>I think the only thing that needs to be added or clarified beyond that is if those procedures don't resolve an issue, ARIN may pursue formal remedies available via the "Prohibited Conduct By Holder" of the RSA, section 2(d).</div><div><br></div><div>While ARIN can and should pursue termination of the RSA is the absolute worst cases of intentional Route Hijacking; nevertheless, most instances of Route Hijacking are accidental, and the termination of the RSA is not an appropriate or proportional response in these cases, or in other cases the perpetrator does not have an RSA with ARIN. Therefore this is not fundamentally going to fix or eliminate the problem.</div><div><br></div><div>Thanks.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 11, 2019 at 7:28 AM ARIN <<a href="mailto:info@arin.net" target="_blank">info@arin.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 20 June 2019, the Board of Trustees rejected "ARIN-prop-266: BGP <br>
Hijacking is an ARIN Policy Violation” due to scope, following the <br>
successful petition by the authors on 1 May 2019.<br>
<br>
Per ARIN’s Policy Development Process, discussion regarding <br>
ARIN-prop-266 is hereby closed.<br>
<br>
Board of Trustees Meeting Minutes are available at:<br>
<a href="https://www.arin.net/about/welcome/board/meetings/" rel="noreferrer" target="_blank">https://www.arin.net/about/welcome/board/meetings/</a><br>
<br>
Draft Policy and Policy Proposal texts are available at:<br>
<a href="https://www.arin.net/participate/policy/drafts/" rel="noreferrer" target="_blank">https://www.arin.net/participate/policy/drafts/</a><br>
<br>
The ARIN Policy Development Process (PDP) can be found at:<br>
<a href="https://www.arin.net/participate/policy/pdp/" rel="noreferrer" target="_blank">https://www.arin.net/participate/policy/pdp/</a><br>
<br>
Sean Hopkins<br>
Policy Analyst<br>
American Registry for Internet Numbers (ARIN)<br>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_-4963040325980311311gmail-m_-2591349901584789548gmail-m_7187659289289362812gmail-m_8768667600724022976gmail_signature">===============================================<br>David Farmer <a href="mailto:Email%3Afarmer@umn.edu" target="_blank">Email:farmer@umn.edu</a><br>Networking & Telecommunication Services<br>Office of Information Technology<br>University of Minnesota <br>2218 University Ave SE Phone: 612-626-0815<br>Minneapolis, MN 55414-3029 Cell: 612-812-9952<br>=============================================== </div>