El 26/4/19 20:25, "NANOG en nombre de Matt Harris" <[email protected] en
nombre de [email protected]> escribió:
On Fri, Apr 26, 2019 at 12:49 PM William Herrin <[email protected]> wrote:
I personally support the petition. I think the out of scope reasoning is
flawed. By enforcing minimum assignment sizes, ARIN has long acted as a
gatekeeper to the routing system, controlling who can and can not participate.
For better or worse, that puts the proposal in scope.
I personally think it's for worse. I oppose the proposal itself. I'd just as
soon ARIN not act as a gatekeeper to BGP and certain don't want to see it
expand that role.
A couple of things spring to mind here now that I've given this a few more
minutes' thought. I agree with your reasoning as to why it makes sense for
this to be considered in scope for ARIN.
As far as expanding roles goes... Over the past few decades, we've all watched
as the internet became less and less "wild wild west" and more and more
controlled (sometimes centrally, sometimes in a more or less decentralized way)
by various organizations and entities. In various and sundry ways, bad actors
could get away with plenty of things in 1990 that they cannot so easily today.
It may be the case that this problem will be "solved" in some way by someone,
but that "someone" may end up being a less engaged community or a less
democratic organization than ARIN is. Ultimately, ARIN does a better job than
some other internet governance bodies of promoting stakeholder and community
interaction and some degree of democracy. We have to consider the question: if
some organization is going to expand into this role, is it better that ARIN be
the organization to do so instead of one which may be ultimately less
democratic and more problematic?
Exactly, one of our thoughts (as co-authors) is: if we do nothing, some other
governmental bodies will take care of it, even courts, taking irrational
judgments.
One major problem with the proposal, having given it a couple of minutes
thought, that I can see as of now would be enforcement being dependent on
knowing whom the perpetrator is. If I decide to announce to some other
networks some IP space owned by Carlos, but I prepend Bill's ASN to my
announcement, how does Carlos know that I'm the bad actor and not Bill? Having
good communication between network operators to determine where the issue
actually lies is critical. Unfortunately, that doesn't always happen. When we
talk about leveraging ARIN's authority or potentially applying penalties of any
sort to bad behavior, we have to be able to be certain whom the bad actor is so
that the penalties are not inappropriately applied to an uninvolved or innocent
third party.
The proposal is “guarantor”, or at least that’s our intent. Is not ARIN taking
the decision, is the community by means of experts. We have improved it in the
v2 that will be posted in a matter of days in RIPE, but we can’t improve it in
ARIN because simply discussing it is not allowed by the AC decision.
One thing to clarify, is that the policy is basically saying something that is
written in all the RIRs documents: “if you get resources from us, you have the
exclusive right to use them or your authorized customers”.
Now if another ARIN member is misusing your resources (not by an operational
mistake, but repeatedly), ARIN is not going to do anything about it?
In any membership association, members are bound to the rules (policies in the
case of RIRs), and members can’t act against the rights of OTHER members. If
you don’t follow the rules, you can get a warning, or even lose your
membership. If you go to courts because you lost your membership, courts will
confirm “you have not followed the rules, so the association has the right to
get you out”.
Is not a problem or ARIN becoming the “routing police”. This has been
completely misunderstood by the AC. Is about ARIN making sure that the rights
of the members are respected by other members.
And again, it must be clear that it is intentional, not a mistake, not fat
fingers.
Without clear rules, other members can do whatever they want with resources
allocated to another member.
Additionally, a question of scope does arise with regard to which resources
ARIN would be able to enforce any such policy with regard to. Indeed, the
proposal as written currently calls for a "pool of worldwide experts" despite
being a proposal submitted to an RIR which is explicitly not worldwide in
scope. For example, if a network with an ASN assigned by ARIN is "hijacking"
address space that is allocated by APNIC (or any other RIR) to an entity
outside of ARIN's region, would this be an issue for ARIN to consider? What if
ARIN-registered address space is being "hijacked" by an entity with a RIPE ASN
and which is not located within ARIN territory? I suspect that for this
proposal to have any meaningful enforcement mechanisms, it would require
inter-RIR cooperation on enforcement, and that's a very large can of worms.
Not one that is impossible to overcome, but likely one which will require
several years of scrutiny, discussion, and negotiation prior to any real world
implementation.
This has been clarified in v2 that I mention before, to be publish in RIPE. The
idea is that the claim is done in the region where the hijacker is a member
(assuming that we get the policy going thru all the regions).
Note that we are submitting the same policy proposal adapted to each of the 5
RIRs.
Ultimately, I don't think I can support a proposal this vague, either. For
something like this I think we need a lot more objective language and a lot
more specifics and details. We must make policies easy to comply with, and at
all costs avoid vagueness which may allow for anything less than completely
fair and objective enforcement - regardless of how simple the concept may seem
to us on the outset.
Right, we have a more complete v2 with many procedural details, which we can’t
even discuss in ARIN, and obviously the idea of the PDP is to allow the policy
proposals to be discussed until we reach a text that we can agree.
So please, if you want to get this discussion going on in the right place
subscribe to ARIN PPML (https://lists.arin.net/mailman/listinfo/arin-ppml) and
respond to the attached email, just to support the discussion (no need to agree
at all now with the text).
Thanks!
Jordi
Take care,
Matt
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
--- Begin Message ---
Hi all,
The AC should have already accepted “ARIN-prop-266: BGP Hijacking is an ARIN
Policy Violation” as a Draft Policy.
The authors petition to move the proposal text forward for discussion on the
list and at the next Public Policy Meeting. Please support moving this proposal
forward now by posting statements in support of the petition to this list.
Proposal text:
https://www.arin.net/participate/policy/proposals/2019/ARIN_prop_266_v2/
Regards,
Carlos (FCT | FCCN) & Jordi (The IPv6 Company)
(proposal co-authors)
El 25/4/19 20:19, "ARIN-PPML en nombre de ARIN" <[email protected] en
nombre de [email protected]> escribió:
> In accordance with the Policy Development Process (PDP), the Advisory
Council met on 10 April 2019.
>
> The AC has rejected the following Proposal due to scope:
>
> * ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
>
> Per ARIN's PDP:
>
> "Policy Proposals that are determined by the AC to be out of scope (e.g.
for not addressing a clearly defined existing or expected problem, or that
propose solutions involving other than number resource policy in the region)
are rejected."
>
> Anyone dissatisfied with this decision may initiate a petition. The
deadline to begin a petition will be five business days after the AC's draft
meeting minutes are published.
The draft minutes of the 10 April AC minutes have been published at:
https://www.arin.net/about/welcome/ac/meetings/2019_0410/
The petition deadline for the rejection of ARIN-prop-266 is 30 April
2019, five days from today.
For more information on petitions, see:
https://www.arin.net/participate/policy/pdp/#part-three-pdp-petition-process
Regards,
Sean Hopkins
Policy Analyst
American Registry for Internet Numbers (ARIN)
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
--- End Message ---
