[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <74227.1553972836 at segfault.tristatelogic.com>, Ronald F.
Guilmette <rfg at tristatelogic.com> writes

>In message <qjgJ+XCzz1ncFA0a at highwayman.com>, 
>Richard Clayton <richard at highwayman.com> wrote:
>
>>It is NOT possible (for experts or almost anyone else) to accurately
>>evaluate who is performing BGP hijacks...
>
>I did not intend to participate any further in this discussion, above and
>beyond what I already have done, but I fell compelled to at least point out
>the intellectual dishonesty of the above assertion.

It is, I agree, badly phrased.  I apologise.

I meant that the experts cannot ever be absolutely certain that their
evaluation is correct -- though of course they can be correct in their
nuanced assessment.

>In the summer of last year, 2018, I took steps to point out, in a very public
>way, on the NANOG mailing list, two notable hijacking situations that came
>to my attention *and* also to identify, by name, the actors that were quite
>apparently behind each of those.  In neither of those instances was there
>ever even any serious attempt, by either of the relevant parties, to refute
>-any- of my very public allegations.

If they had refuted the allegations then it would have become rather
complicated and it would have come down to one entities word against
another and perhaps the examination of documentary evidence of what
arrangements had been authorised (and then perhaps forensic assessment
of the authenticity of those documents).

Some BGP hijacking cases have been prosecuted on the basis of the
forging of documents rather than on the hijack per se.

I agree that it can be pretty clear what has gone on and the accused
then helpfully acts in such a way as to make it clear to everyone that
they were "guilty" (or individual peers assess the situation from their
own standpoint and decide that they do not have an obligation to carry
the traffic).

However, it is not necessarily clear at all and writing a policy which
assumes that it will always be clear is in my view unwise.

Assuming that experts will always be able to determine who is at fault
(along with deciding whether an event they know little of is accidental
or deliberate) is to live in a world that I do not recognise.

If the policy stopped at the statement that unauthorised BGP hijacking
was unacceptable behaviour then I would be happy with it. Adding all the
procedural stuff about how BGP hijacking will be (easily of course)
detected and exotic details about experts and report forms and time
periods is (a) irrelevant to establishing the principle and (b)
cluttered with false assumptions and unhelpful caveats and (c) way too
formalised to survive dealing with some real examples.

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190331/bb7032c6/attachment.sig>