[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Hi Peter, All,


On Wed, 17 Apr 2019, Peter Koch wrote:

> On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote:
>
>> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion.
>
> I have read the proposal version 1.0 as published on 13 March.
>
> I believe that the proposers try to act with the best of intentions.

Mainly because what we have *today* is not really working...



> I also believe that certains occurences of "hijacking" constitute
> unfriendly action, likely involving violation of crominal codes.

Yes, however, jurisdictions (and lack of laws in some of it) sometimes 
work against stopping criminal activities (again, dozens of different 
legal systems in the RIPE NCC Service Region, and beyond).



> Looking at the supporting arguments however, I fail to see merit in any of them:
>
>> BGP hijacking completely negates the purpose of a (Regional Internet) Registry.
>
> This is unclear to me.  The Registry registers address space, not routes.

Yes, but one of the main purposes of a Registry is that everyone knows who 
is using a specific resource (or who is the legitimate holder).

Those who are intentionally and continuously hijacking resources are 
removing value from the Registry for the whole community.

What's the point in having a Registry if people just decide which numbers 
to use, even if those Internet numbers are attached to another org with 
legitimate holdership and exclusive rights of usage?



>> This community needs to explicitly express that BGP hijacking violates RIPE policies.
>
> This is self referential - it remains unclear how and why "BGP hijacking" would violate
> RIPE policies.  It is also unclear that other courses of action are either unavailable
> or unworkable.

I agree that the wording is a bit self referential, yes.

The rule, as we speak doesn't exist. Maybe using different wording, it 
could mean: "Resource hijacking is not allowed". Period.

Anyone who hijacks other org's resources can happilly keep theirs.
In fact they can even use their own legitimate ASN (which is also a 
resource) to perform said hijacks...

About "other courses of action which are unworkable":
The "intentional hijacker" and the "hijacked" usually are not within the 
same economy/law system/jurisdiction -- they may even be in different RIR 
Service Regions...

So, the main/only course of action, as i see it today for an hijacked 
party (if the hijacker is from the RIPE region), is sending a complaint to 
a dutch court... and it's doubtful if the dutch court will not rule 
itself to be "unable to rule" on the matter...

Hence, industry "self-regulation" comes to mind.



>> If nothing changes in this field, the reputation of the RIPE NCC 
> service region will continue to be affected from a cybersecurity 
> perspective due to BGP hijacking events.
>
> Sorry, this is pure handwaving.

The issue is not an exclusive problem within the RIPE NCC Service Region.

However, yes, there are hijacks originating from the region, and there 
isn't an easy way for anyone to report it, so hijacks (or persistent 
hijackers) are stopped.



> Looking at the proposal text itself, I fail to see what policy it actually proposes.

Trying to sum it up in just a line:
"Persistent and intentional resource hijacking is not tolerated."



> Instead of defining policy it suggest to instantiate a court like system that will,
> without having either appropriate competence nor investigatory power, issue a finding of
> whether or not a "policy violation" has happened.  The only purpose is to construct
> a compliance case for the NCC to terminate membership and/or withdraw ressource allocations
> (or maybe assignments).

The main concept is that the RIPE NCC will not have the role to 
investigate or to judge, following a report.



> The topic of attribution is heavily discussed in a variety of fora and the approach
> chosen in 2019-03 is, at best, overly optimistic.

Version 2.0 (to be published soon) has more details, based on the feedback 
received during the discussion phase.



> At the same time it is unclear why the RIPE NCC should even consider this "policy"
> in their compliance assessment.

It's not "policy", it's a "proposal".
The PDP was followed, as far as i know.



> That said, I wonder why this non-proposal met the threshold for being accepted in the
> first place.

It's a "proposal", and while there isn't a voting involved and the 
consensus calling is upto the AAWG Chairs, the support expressed 
for 2019-03 largely exceeded objections (upto now, of course).


> Upholding my previous assessment, I do object to 2019-03.

That was already clear, but thanks for writing it. :-)


> The discussion phase has shown enough lack of clarity both in terms of defining what should
> be considered "hijacking" as well as questions of proper jurisdiction.  Therefore, I would
> be highly surprised if this work of art would be declared ready for the review phase.

Again, version 2.0 will be published soon.


Best Regards,
Carlos



> best regards,
>   Peter
>