[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Hi Hank, 

El 20/3/19 9:15, "anti-abuse-wg en nombre de Hank Nussbacher" <anti-abuse-wg-bounces at ripe.net en nombre de hank at efes.iucc.ac.il> escribió:

    On Wed, 20 Mar 2019, Gert Doering wrote:
    
    > Hi,
    >
    > On Wed, Mar 20, 2019 at 09:53:02AM +0200, Hank Nussbacher wrote:
    >>> So that's a fairly effective way to sanction abusive behaviour.
    >>
    >> The amount of time that will transpire from the time of abuse and a LIR
    >> closed and their resources withdrawn can well be in excess of a year if
    >> not two years.
    >>
    >> Is that the end result we are looking for?
    >
    > I would hope that *having* a way to sanction abusive behaviour would
    > deter criminals from doing so in the first place.  Today, not enough
    
    I think we have different expections from criminals.  I view the criminals 
    as ones who analyze every RFC and every standard to determine where they 
    can be abused or manipulated for their benefit.  A sanction that would be 
    implemented 18 months later would allow the evil LIR enough time to sell 
    their resources to some other LIR such that they would not lose such 
    resources.

I can figure several possible ways to avoid that.
1) Contractual (not sure if this can be done in a policy) changes to indicate than in case of a policy violation, the account becomes frozen immediately, until actions to close the account are completed.
2) A modification to the transfers policy that indicates that no transfers can be initiated if the any of the parties are involved in an investigation for policy violation.
3) A specific policy about implications of policy violations.

If instead of that we want explicit text about that in this policy proposal, that means possibly a way for slowing down the process, which at the time being it seems to me there is a major agreement of favor of doing something. Furthermore, having explicit text here means that other policy violations need to have their own way, and I think we must have a single path for resolving those issues, not one for each possible policy violation case.

Does that make sense ?

Can we agree that it will be better to have this discussion in a separate thread/policy proposal, in order to avoid this to be a show-stopper for this policy proposal?

Would the chairs allow that thread in this list or suggest an alternative WG for a possible policy proposal?

If we reach the conclusion that we should go for an specific policy proposal kind of "sanctions in case of policy violations", I will be happy to work on that, but I will prefer not being alone and have other co-authors involved as well.

    -Hank
    
    > people care, and playing havoc with BGP (intentional or accidentially)
    > has hardly any consequences at all.
    >
    > OTOH, these are the questions that make me undecided on the proposal :-)
    >
    > Gert Doering
    >        -- NetMaster
    >
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.