This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Mar 31 21:37:42 CEST 2019
In message <sIJ4kBCqwOocFAf1 at highwayman.com>, Richard Clayton <richard at highwayman.com> wrote: >In message <74227.1553972836 at segfault.tristatelogic.com>, Ronald F. >Guilmette <rfg at tristatelogic.com> writes >>In the summer of last year, 2018, I took steps to point out, in a very public >>way, on the NANOG mailing list, two notable hijacking situations that came >>to my attention *and* also to identify, by name, the actors that were quite >>apparently behind each of those. In neither of those instances was there >>ever even any serious attempt, by either of the relevant parties, to refute >>-any- of my very public allegations. > >If they had refuted the allegations then it would have become rather >complicated and it would have come down to one entities word against >another and perhaps the examination of documentary evidence of what >arrangements had been authorised (and then perhaps forensic assessment >of the authenticity of those documents). I am not persuaded that such complexity would ever actuall arise, in practice, although I do confess that my view may be colored by the facts of the specific cases I have personally looked at. (In one of the two cases I cited, an allegedly "Ukranian" entity was quite obviously... and quite blatantly... hijacking a block of ARIN-issued IPv4 addresses that were officially registered to the United States Air Force, thus leaving no ambiguity whatsoever.) >Some BGP hijacking cases have been prosecuted on the basis of the >forging of documents rather than on the hijack per se. Perhaps you could share references to such incidents (?) I don't doubt your assertion here, but I, for one, am always interested to look at the details of additional cases. >I agree that it can be pretty clear what has gone on and the accused >then helpfully acts in such a way as to make it clear to everyone that >they were "guilty"... Yes. It is certainly the case that, on some occasions, at least, the crooks have been most helpful in their own downfalls. >However, it is not necessarily clear at all and writing a policy which >assumes that it will always be clear is in my view unwise. > >Assuming that experts will always be able to determine who is at fault >(along with deciding whether an event they know little of is accidental >or deliberate) is to live in a world that I do not recognise. I disagree completely. The world would be one that you most certainly *would* recognize. Your argument basically boils down to the following unsustainable assertion: We cannot assume that we will always, and in 100% of all cases, be able to accurately recognize "crime" when we see it. Therefore we should have -no- criminal laws. That is the undeniable fundamental logic of your position. There *is* a world that you would not recognize, and it is one that would be guided by this very principal that you are espousing. What would the world be like if we all just shrugged and said "Oh, well, we cannot be absolutely sure that we will be 100% accurate when we prosecute shoplifters, or murderers, and therfore we will never even try to do so" ? *That* would be the world that you would not recognize. But we already have a living, breathing example of that world, and the effects of such a guiding principal, when put into actual practice... and it is NOT a pretty picture. The world in question is called RIPE, where scofflaws roam free, and where, at worst, those same scofflaws are only subjected to some rather modest public embarassement. I would be the first to agree that something less than 100% of all shoplifting cases and also something less than 100% of all murder cases are so abundantly clear as to leave no doubts whatsoever. In my own country, several murder cases have been overturned, upon further review, sometimes even decades after an innocent man has been incarcerated. These cases are quite obviously problematic for anyone with any semblance of a conscience. But I have yet to hear even the most liberal of defense attorneys argue in favor of legalizing murder... or shoplifting for that matter.. as an appropriate or well reasoned response to the vagaries and vissitudes of our imperfect justice system... as you appear to be doing. (Because that *is* really the inescapable end-point of your position.) >If the policy stopped at the statement that unauthorised BGP hijacking >was unacceptable behaviour then I would be happy with it. I have no idea what country you live in, but would you likewise find it equally acceptable if your local national legislature also and likewise passed a resolution calling for murder to be entirely decriminalized, while adding that it is the sense of the legislature that murder shall nontheless, and henceforth, be deemed "unacceptable behaviour" deserving of public derision and scorn, but no further penalties whatsoever? If so, I would suggest to you that anarchy and chaos would ensue. If a concrete example is needed, then I can and will simply point to what's been going on in the RIPE region, specifically with respect to the number resources that RIPE allegedly "manages". >Adding all the >procedural stuff about how BGP hijacking will be (easily of course) >detected and exotic details about experts and report forms and time >periods is (a) irrelevant to establishing the principle and (b) >cluttered with false assumptions and unhelpful caveats and (c) way too >formalised to survive dealing with some real examples. While I agree with the general thrust of your comments here, I would hasten to point out that every one of these same criticism can be, and has been, leveled also at literally *every* criminal justice system in literally *every* civilized country on the face of the earth. And despite that, no one in any of these countries seems either ready or eager to discard centuries of codified law or procedure in favor of abject and unbridled lawlessness. To do so would be self-evident madness. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]