[anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

Hi Daniel,

Responses below, in-line.

Regards,
Jordi
 
 

-----Mensaje original-----
De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> en nombre de Daniel Suchy <danny at danysek.cz>
Fecha: martes, 19 de marzo de 2019, 14:15
Para: <anti-abuse-wg at ripe.net>
Asunto: Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

    Hello,
    my comments:
    - section 4.0: Assessers should be under direct community control
    (voted/approved by community/members), not just defined by NCC.

As we are preparing also the same policy proposal for all the other RIRs, in a recent internal discussion we had already considered your point regarding the direct community control of the expert's group.

It looks that the authors agreement, at the time being, is on the direction that the RIR manage the procedure for selecting people but it should be done by means of a public open call. This is similar to what is done by other folks selected by the community.

    - section 4.0 + 7.0 should define minimal number of assessers

Same regarding the number of experts, in the LACNIC proposal we understood that should be 3 people, same number for all the incidents, same number in the appeal phase (if it comes to that), and if in the future it is determined that it is too small, make sure that it is an odd number.

It will be very important for us to understand what other people believe on all those issues and possible pros/cons.
    
    - reported incidents (reported by web-form defined at 4.0) should be
    public, at least some metadata (prefix, offending ASN) to avoid
    duplicate reports - with indication of assessment stage on that list

Making public the data for the reported incident seems a good idea, because even if you try to automate avoiding duplicate reports, it not necessarily works 100%. Furthermore, one possible idea is to allow to add "more" data to existing reports, which will probably, facilitate the work of the experts and the initial classification in terms of "fat fingers incident" vs "deliberate hijack".    
    
    - Daniel
    
    On 3/19/19 1:42 PM, Marco Schmidt wrote:
    > Dear colleagues,
    > 
    > A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy
    > Violation", is now available for discussion.
    > 
    > This proposed policy is of interest to both the Anti-Abuse and Routing
    > working groups. The chairs of both these working groups have agreed to
    > keep the discussion on one single mailing list to avoid duplication, and
    > for formal consideration of the proposal within the RIPE Policy
    > Development Process.
    > 
    > You are therefore requested to share your feedback on this proposal with
    > the Anti-Abuse mailing list.
    > 
    > The goal of this proposal is to define that BGP hijacking is not
    > accepted as normal practice within the RIPE NCC service region.
    > 
    > You can find the full proposal at:
    > https://www.ripe.net/participate/policies/proposals/2019-03
    > 
    > We encourage you to review this proposal and send your comments to
    > <anti-abuse-wg at ripe.net> before 17 April 2019.
    > 
    > Kind regards,
    > 
    > Marco Schmidt
    > Policy Officer
    > RIPE NCC
    > 
    > 
    
    
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.