[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

If you want to have an idea of "what" we have captured during the discussion in this mailing list, we have also submitted the "improved" version to ARIN (and working on the same for APNIC and AfriNIC).

You can read that (in English) here:
https://www.arin.net/participate/policy/proposals/2019/ARIN_prop_266_v2/

Actually, question for the chairs and Marco. Do you think it makes sense to continue the discussion with the current version before improving it, or already sending a new one? There is a lot of improvement already, the discussion has been extremely useful for the authors. However, we are missing some NCC inputs, for example, regarding legal questions that we raised several times, so if sending a new version means we can't get those inputs, then is not good ...

Note: As said this already before, I think. We aren't - the co-authors- coordinating our responses, so we may have different opinions in all what we say, and I think this is good because it helps with the responses of the community to build-out our own positions and clear our "internal" differences (which we have, don't have any doubt on it!) and reach consensus "among ourselves".

Regards,
Jordi
 
 

El 30/3/19 10:54, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces at ripe.net en nombre de anti-abuse-wg at ripe.net> escribió:

    
    On Fri, 29 Mar 2019, Sergey Myasoedov via anti-abuse-wg wrote:
    
    > Hello community,
    
    Hi Sergey, All,
    
    
    > I strongly oppose to this proposal. The proposal gives a power for
    > misuse to the RIR
    
    I fail to understand how. The main concept of 2019-03 is that it isn't the 
    RIR's role to evaluate if an intentional hijack was performed -- that 
    should be the role of external, independent experts.
    
    Btw, a similar policy proposal was published yesterday in LACNIC.
    
    
    > and does not protect members against setup.
    
    We aim to refine the proposal, so can you please specify exactly where 
    the members might become "unprotected"?
    
    The proposal was built with checks & balances in mind. If they are not 
    enough, let's work towards solving that, so noone will feel "unprotected".
    
    
    > I believe this policy have nothing to do in RIPE.
    
    Quoting:
    =========
    > -----Original Message-----
    > From: Sascha Luck [ml] <aawg at c4inet.net>
    > Sent: Monday 25 March 2019 12:24
    >
    > I therefore argue that it is maybe time to have a discussion on what 
    > exactly RIPE and the NCC should be and what, if any, limits on their 
    > administrative power there should be.
    > I hope, though, that everyone can at least agree that *this* is
    > *not* the forum for that discussion.
    
    To confirm, the Anti-Abuse WG is absolutely not the right forum for that 
    discussion.
    
    Thanks,
    
    Brian
    Co-Chair, RIPE AA-WG
    =========
    
    I understood this as "the Anti-Abuse WG is not the right forum to discuss 
    the RIPE NCC's charter, the PDP or if any given proposal is admissible or 
    not".
    
    
    
    > It's better to issue it as a BCP document or an informational RFC.
    
    I agree a BCP document can also be useful, so we'll start that as soon as 
    possible.
    However, having a clear statement within RIPE policies sends a much 
    stronger message to anyone thinking about engaging in such practices.
    
    Again, i want to point out the detail that anyone performing intentional 
    hijacks _today_ (or last month or the previous year) is *not* within the 
    proposal's scope -- if it happens to get accepted.
    
    There are absolutely no rules *today* against (IP address space/ASN) 
    hijacks, and this is precisely the gap 2019-03 aims to fix.
    
    
    Best Regards,
    Carlos Friaças
    
    
    
    > --
    > Sergey
    >
    > Tuesday, March 19, 2019, 1:41:22 PM, you wrote:
    >
    > MS> Dear colleagues,
    >
    > MS> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE
    > MS> Policy Violation", is now available for discussion.
    >
    > MS> The goal of this proposal is to define that BGP hijacking is not
    > MS> accepted as normal practice within the RIPE NCC service region.
    >
    > MS> You can find the full proposal at:
    > MS> https://www.ripe.net/participate/policies/proposals/2019-03
    >
    > MS> As per the RIPE Policy Development Process (PDP), the purpose of
    > MS> this four-week Discussion Phase is to discuss the proposal and
    > MS> provide feedback to the proposer.
    >
    > MS> At the end of the Discussion Phase, the proposers, with the
    > MS> agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal.
    >
    > MS> We encourage you to review this proposal and send your comments
    > MS> to <anti-abuse-wg at ripe.net> before 17 April 2019.
    >
    > MS> Kind regards,
    >
    > MS> Marco Schmidt
    > MS> Policy Officer
    > MS> RIPE NCC
    >
    > MS> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
    >
    >
    >
    >



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.