This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jacob Slater
jacob at rezero.org
Tue Apr 2 06:31:31 CEST 2019
> > I agree, but to avoid throwing the baby out with the bathwater, I would > suggest to you that it would be best if you could suggest to the proposal's > author and sponsor some different language with respect to the procedure > for judging such matters... some different process that would address > your reasonable concerns about process... rather than just saying that > the whole proposal is unacceptable. > > In short, it appears that yur objection here is about implementation > details, and that you do not object to the over-arching concept, assuming > of course that the process of adjudicating such matters may be made > substantially more reliable and fool-proof. Perhaps. I've spoken with at least one of the authors and am still not entirely convinced the wording can be done such that it reasonably addresses the issues I've presented. I'll reserve judgement until version 2.0 is released for discussion. see last line So you do agree that there is a -possibility- that a threat exists and that > it might, in theory, and under some appropriate circumstances, be > diminished > or eliminated by the termination of the RIPE contract with certain well > proven and accurately identified "rogue" members, yes? > If a NCC member is actively and willfully, after having been notified and given ample opportunity to resolve the issue, engaged in widespread hijacking such that RIR/NIR members have complained about their ability to use their own resources, yes. That case has nothing at all to do with the theft OF IP ADDRESSES, and thus, > it is rather entirely irrelevant to this discussion. > The case does deal with the slippery slope argument in that it demonstrates at least one instance of modern law where removing content from an online service (at all) resulted in an opening for legal liability. While not an issue specific to policy discussion, I do believe it is worth consideration when determining potential breadth of the policy. Action should be well backed with evidence. see last line My apologies for not quoting the relevant section properly. I disagree, and apparently, so does Cloudflare. And they should know. > Cloudflare's blog post on the subject has comments on the matter. One of their staff members is known for stating "Is this the day the Internet dies?", a reference to the fact that they acknowledge they (at the time) were about to take content offline for what were non-required reasons. https://blog.cloudflare.com/why-we-terminated-daily-stormer/ That isn't to say that I think this is an inherently bad option. I just think it needs to be balanced such that it is clearly justified when action is taken. see last line The question is whether or not this proposal is a demonstrably bad way to > -try- to begin > to address the problem, at least in part. I remind you that right now > there > is essentially -zero- disincentive to the act of deliberate hijacking. > Getting depeered by transits, losing IX memberships, and having gear seized by authorities all seem like potential disincentives. Having a bunch of NCC-allocated IP space doesn't matter when you are unable to use it. Again, I am in agreement with you, but I do believe that this is a matter > of fine-tuning the procedural aspects of the propsal, rather than simply > opposing or abandoning it wholesale. > Agreed so far as being open to revisions. see last line Given the number of references I've made to rev 2.0, I'll likely hold additional comments until it is released, as they are quite possibly irrelevant. Jacob Slater On Mon, Apr 1, 2019 at 11:24 PM Ronald F. Guilmette <rfg at tristatelogic.com> wrote: > > In message < > CAFV686cUaBmPiQ1e6oWD2oVwNA4X6otVbFxsHd0BjosMDLeT+Q at mail.gmail.com>, > Jacob Slater <jacob at rezero.org> wrote: > > >In the case of IP addresses and ASNs, the "convicted individual" has been, > >under the current policy draft, convicted in the mind of one - perhaps two > >upon appeal - experts (a term which has yet to be defined in policy). Such > >an opinion, no matter how professional, is a very low bar to be taking as > >objective. > > I agree, but to avoid throwing the baby out with the bathwater, I would > suggest to you that it would be best if you could suggest to the proposal's > author and sponsor some different language with respect to the procedure > for judging such matters... some different process that would address > your reasonable concerns about process... rather than just saying that > the whole proposal is unacceptable. > > In short, it appears that yur objection here is about implementation > details, and that you do not object to the over-arching concept, assuming > of course that the process of adjudicating such matters may be made > substantially more reliable and fool-proof. > > >Should the NCC be allocating them more addresses? > >It is justified (morally, ethically, and perhaps even legally) to continue > >treating all entities as equals by allocating resources for their use > >unless they have been determined to be a distinct threat by a trustworthy > >system, such as a board of peers (as in the case of a criminal > conviction). > > So you do agree that there is a -possibility- that a threat exists and that > it might, in theory, and under some appropriate circumstances, be > diminished > or eliminated by the termination of the RIPE contract with certain well > proven and accurately identified "rogue" members, yes? > > >Keeping to my earlier discussion of the gun store analogy, I do not > believe > >that the opinion of a single expert (with the possibility of appeal) is > >enough > > I agree. > > >> The proposal on the table doesn't deal with any matters which are in > >> any way even remotely tied to mere offenses against any local or > >> localize sensibilities. It doesn't even remotely have anything at > >> all to do with either (a) any actions or offenses in "meatspace" nor > >> (b) any actions or offenses having anything at all to do with -content- > >> in any sense. The present proposal only has to do with the outright > >> THEFT of IP addresses, i.e. the very commodity which RIPE is supposed to > >> the responsible shepard of. > > > > > >Within your jurisdiction, I can think of several cases which show this to > >not be the case (ALS Scan, Inc. v. Cloudflare, Inc., et al. being one of > >them). > > That case has nothing at all to do with the theft OF IP ADDRESSES, and > thus, > it is rather entirely irrelevant to this discussion. But I am glad that > you > brough it up anyway, because one one the points made by the *defendant* in > that case, Cloudflare, actually underscores a point that I have tried to > make here, i.e. that the act of disiplining any one RIPE member, or even > several of them, as is contemplated by 2019-03, is quite clearly *not* > equivalent to some kind of totalitarian banning, from the entire Internet, > of any particular piece of content. But I will let Cloudflare's own legal > argument make the point for me: > > > https://torrentfreak.com/cloudflares-cache-can-substantially-assist-copyright-infringers-court-rules-180314/ > > "One of Cloudflare's arguments was that it did not substantially > assist > copyright infringements because the sites would remain online even if > they were terminated from the service. It can't end the infringements > entirely on its own, the company argued." > > So, as you see, even Cloudflare itself made the point that simply > eliminating > any one (bad) provider does virtually nothing at all to remove from the > entire Internet any given piece of -content-. And this certainly matches > up with my own experience. > > >Blocking content distribution methods is effectively blocking the content > > I disagree, and apparently, so does Cloudflare. And they should know. > > >I've still yet to be convinced that this would substantially cut down on > >hijacking; > > Maybe it wouldn't. The question isn't whether it would or not. The > question > is whether or not this proposal is a demonstrably bad way to -try- to begin > to address the problem, at least in part. I remind you that right now > there > is essentially -zero- disincentive to the act of deliberate hijacking. > > Maybe it is time to try something different and see if it will help. If it > doesn't, then it can be discarded, and then some other approach can be > tried instead. > > >additionally, I've yet to be convinced that such a policy would > >not sweep up innocents due to its allowance of reports by the general > >public and incredibly low bar for labeling someone a hijacker. > > Again, I am in agreement with you, but I do believe that this is a matter > of fine-tuning the procedural aspects of the propsal, rather than simply > opposing or abandoning it wholesale. > > > Regards, > rfg > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190402/cb1fa0fb/attachment.html>
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]