This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck [ml]
aawg at c4inet.net
Thu Mar 21 14:09:27 CET 2019
On Thu, Mar 21, 2019 at 08:33:22AM +0000, Carlos Friaas wrote: >>Not for the RIPE NCC. The NCC aims to restore compliance with the >>SSA and not to punish the member unless as a last resort. > >If the member keeps breaking compliance........ >Where do you exactly see in 2019-03 the suggestion that anyone will >get a red card at first time? What I really, really want to know is what do you envision the consequences for such a breach of compliance to be... Say, a member advertises ASnnnnn which they are are not assigned. After a day or so its neighbours stop accepting that, possibly due to complaints. 6 months later a report issues stating that the member has violated RIPE policy. The member goes: "yeah, whatever, this was 6 months ago and is long 'fixed'" What happens? >>Please state exactly how advertising someone else's resources >>constitutes "abuse against the RIPE NCC" unless the offender also >>registers wrong data in the ripedb. > >The RIPE NCC is a RIR. If its own members *repeateadly* don't respect >the RIR's distribution of resources, then the RIR's usefulness quickly >tends to zero. How? Unless the "offenders" enter incorrect data into the ripedb (which is already in violation of policy), the effect on the the NCC is zero. The ripedb will still fulfil its function of showing who a resource *should* be allocated/assigned to. I can see how advertising resources which are rightfully allocated/assigned to someone else infringes on the rights of the rightful "owner", I can not see how it is abuse against the registry. >>it does not enforce who can live on it. If someone takes over >>someone else's land, the *courts* deal with it. >A "Land Registry" is NOT distributing land. > >Question: So, forgetting about that bit (distribution) and introducing >the need to go to courts is a stalling mechanism by design? No, it is a conflict resolution procedure to prevent a dispute over land escalating into violence. To extend the analogy to the internet resource realm, the "owner" of a resource is of course free to procure a court order demanding that the "hijacker" stop using it. The owner is not (at least here) entitled to take an armed mob to the 'hijacker's' NOC and disconnect their routers. >>In the SSA. The SSA describes exactly what happens in case of >>policy violations and it is crystal clear that these steps are >>intended to rectify the situation rather than to punish the >>offender after the fact. > >Although (as you stated before) if rectification is not possible then >SSA termination (punishment?) is possible. If a 'hijacker' refuses to stop advertising hijacked resources or refuses to cooperate and the ripe-697 procedure has run its course, yes. How realistic is this? Are there any actual cases where someone is long-term camping resources that are not theirs and refuses to relinquish them even after being contacted? >>Pretty sure it is the NCC only who can determine that. Others may >>state opinions as to whether or not something is a policy >>violation but it's the NCC's *job* to make that determination. > >At some point it *might* be the NCC's Board, through the ratification >phase. The proposal doesn't suggest NCC staff to be involved other >than providing the means to allow anyone to file a report. Staff, Board, whatever. My point is that the *NCC* -AND ONLY THE NCC- gets to make a determination that a breach has occurred and, more importantly, whether it still pertains. It sounds to me as if you propose to simply use the NCC as the enforcement arm of the "Will Of The Community". >>Not my claim. I was paraphrasing the terms of the SSA > >2019-03 doesn't try to change the SSA. I thought this thread was about >2019-03. It should be abundantly clear that any presumable offender >will have several occasions to cooperate. Same question as above: Is a persistent hijacker who refuses to cooperate a valid threat? >>A due process is ineffective as the hijack will be long over by >>the time anyone makes a determination. > >2019-03 doesn't aim to stop intentional hijacks while they are >happenning. The proposal is intended to show everyone that >consequences might happen if they engage in these practices, and also >reduce the amounts of hijacks from the same source. And this is where you contradict yourself. The SSA and ripe-697 contain procedures to deal with and repair policy violations and termination of membership only in case of refusal or non-cooperation. A "resource hijack" that has ended means that compliance is restored, so what are the "consequences"? >I already understood "speed" is irrelevant for you. But if you are >happy that intentional hijacks keep going on a daily basis, and RIPE >and RIPE NCC's reputation going down the drain, others are not. :-) Please provide evidence for the claim that "RIPE and RIPE NCC's reputation going down the drain". I've not heard that. >Understood. You will not support 2019-03, regardless of the "speed" or >the "cost" axis, or depending on any other variable. Correct. I disagree with the fundamental concept of turning the RIPE NCC from a registry into a regulator. >>But that is a discussion for another day. > >If so, i really don't understand why do you spend your time >participating :-) There are times when I ask myself the same question. I guess someone has to provide the adult view... rgds, SL
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]