This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Wed Mar 20 23:41:00 CET 2019
Dear Sascha, (please see inline) On Wed, 20 Mar 2019, Sascha Luck [ml] wrote: > All, > > On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote: >> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy >> Violation", is now available for discussion. >> The goal of this proposal is to define that BGP hijacking is not accepted >> as normal practice within the RIPE NCC service region. >> >> You can find the full proposal at: >> https://www.ripe.net/participate/policies/proposals/2019-03 > > there has been a trend in recent years to make RIPE policy that > transforms the NCC from a resource registry into a political > agency to monitor and prescribe the behaviour of the internet industry Do you actually have any reference about that? > in the RIPE Service Region by weaponising the NCC > Service Agreement. Isn't that a contract? If a party breaches a contract, isn't it normal for the other party to terminate it? > This I consider harmful to the standing of > the RIPE NCC as an impartial, non-political resource registry. What i consider harmful is abuse against the RIPE NCC and the RIPE NCC Membership at large. The RIPE NCC has proven several times it is impartial, and it is not influenced by political or geo-political events/constraints. The RIPE NCC acts according to Dutch court orders, as is supposed. Do you have any evidence that the RIPE NCC has acted beyond Dutch court orders? I don't. > The major point, even if you accept that the NCC has a mandate to > act as a regulatory authority If it has, please point me out to where i can find it in writing. The NCC is a Regional Internet Registry. Its purpose (as i see it) is to distribute Internet resources. So, if it distributes resource X to party Y, then if party Z takes over the resource without party Y's consent, the whole concept and purpose of having a registry is broken. So the NCC (or at least the community supporting it) should have something in place that could at least be preventive of such actions against its purpose and usefulness (as a registry). > - which I want to state > unequivocally here that I do NOT - against this proposal is that > it is ineffective and a waste of time and membership funding: So you already have the Impact Analysis done two days after the discussion phase has started? But isn't the role of the NCC to perform such I.A.? > 1. The procedures for policy violations in the RIPE NCC are > restorative rather than retributive. I agree with this. The proposal aims to restore "normality", where only a legitimate holder is able to use/announce the resource. :-) Just out of curiosity, this restorative vs. retributive is written exactly where? > If the NCC determines that a policy violation has occurred, This proposal suggests clearly it is NOT the NCC who is determining if a policy violation has occurred. > the "offender" is given an > opportunity to rectify the situation, if they do so the case is > closed. Only if the "offender" refuses to cooperate or is not > contactable is any further action taken. So, where exactly do you see in the suggested process, the lack of opportunity (or opportunities) for the presumed "offender" to cooperate? If reasonable explanations and cooperation are provided, i don't see how and why a set of experts will not "close" a case. And even if it does not close it, the NCC Board can ultimately choose NOT to ratify the report. > 2. "Resource hijacks" are transient in nature. They persist, > generally, only until the "offender's" neighbours take action. > Yet, 2019-03 proposes a long, convoluted, costly process involving > "experts", reports, appeals and the NCC Board. If it makes you more comfortable, we can replace the NCC Board for the RIPE Chair, or have them both :-) >From what i read from you, a speedy process will be undesirable, but a process with all the checks & balances will also be undesirable. Understood. And "costly" depends if there are volunteers to the expert pool or not... > By the time this > process has run its course, the "resource hijack" in question > will have long faded from memory. So the end result of this > proposed process is that the "offender" gets a report which it > will, in all likelihood, consign to the round archive (ie the > recycling bin). I'm confused. So you think a fast track process will better serve the community's interests? > 3. The time of the NCC staff and the Board will have been wasted. So Which time of the NCC staff? Just drawing which expert will be associated with Case#N? I suggest letting an algorithm work :-) The NCC staff doesn't need to be involved, really. The Board's time -- why not let them think about it? (i.e. the impact analysis?) > will have NCC funding which we, as the Membership have to > provide. The "experts" will in all likelihood not work for free > either, indeed a cynic could argue that the main effect of this > proposal is to let some "experts" dip their beak into NCC funds. So, if a set of people agrees do this on a voluntary basis, you would consider to support the idea? > 4. I want to forestall the inevitable argument here that "we can > make policy to have those evildoers thrown out of the NCC > later!". No, you can't. The SSA and its contents are solely the > domain of the NCC Membership My employer is also part of the NCC Membership. I wouldn't mind discussing this during an AGM, if the Board allows it. > and I sincerely hope that that body > will refuse to ratify any proposal that opens themselves to the > loss of the services of a monopoly provider on the say-so of some > activist randomers on a mailing list. I know which way I would > vote. "activist randomers on a mailing list", just for sake of clarity, is aimed only at the two co-authors, or also at other people which have already expressed support for the idea/proposal? :-)) Best Regards, Carlos > 5. If there is still any doubt, the above constitutes strenuous > opposition to 2019-03. > > rgds, > Sascha Luck >
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]