[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

On Thu, Mar 21, 2019 at 01:35:54PM -0400, Jacob Slater wrote:
>While I am in general support of the proposal’s ideas, I have several
>concerns with regards to the specific implementation.

Sadly, we don't know about the implementation details yet and
that is another problem with this proposal.

- Who are these "experts" that are supposed to make a
  determination of policy violation? Who picks them? Whom are
they accountable to? 

- What powers will they have to "subpoena" data from "suspect"
  parties (and their neighbours and their neighbour's neighbours
according to the desires voiced in this discussion)? What happens
if one refuses to engage with or provide sensitive data to them?

>
>Additionally, while the policy does define a difference between accidental
>and intentional hijacking, it does not differentiate between the two with
>regards to policy violations.

FWIW, neither does the NCC with regards to current policy
violations. Incorrect data is a policy violation, whether it
resulted from a typo or an intent to defraud. The (current) aim
of the NCC's "policy enforcement" is to repair such incorrect
data, not to punish those responsible. 

rgds,
SL