<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Rubik">+1.<br>
<br>
I'm also one of the first "+1" and Yesterday when all this
discussion started I wanted to write the email that Marco did but
unfortunately no time was left for me to do it. :| So I just want
to give me support to what Marco said and off course to 2019-03.<br>
<br>
Also I would to remind all the community that usually what happens
to communities that cannot regulate themselves is that some
outsider comes and regulated them...<br>
<br>
Best regards,<br>
</font>
<div class="moz-signature">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
a:hover { }
a:link {color:#777777;text-decoration:none;}
a:visited {color:#777777;text-decoration:none;}
a:hover {color:#777777;text-decoration:none;}
a:active {color:#777777;text-decoration:none;}
</style><img
src="http://onlineservices.dns.pt/assinaturas/sign_eduardo.gif"
alt="" usemap="#Map" width="490" height="182">
<map name="Map">
<area shape="rect" coords="236,142,362,158"
href="http://pt.linkedin.com/in/dnspt" alt="linkedin dns">
<area shape="rect" coords="131,142,234,158"
href="https://www.facebook.com/dns.pt" alt="facebook dns.pt">
<area shape="rect" coords="88,142,129,158"
href="https://www.3em1.pt/" alt="3em1">
<area shape="rect" coords="37,142,86,156"
href="https://www.dns.pt/pt/dnssec/ambito/" alt="dnssec">
<area shape="rect" coords="1,142,35,155"
href="https://www.dns.pt/pt/" alt="dns.pt">
</map>
<div style="FONT-SIZE: 8px;"> </div>
<div style="FONT-SIZE: 9px; COLOR: #777777; FONT-STYLE:italic;
FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif"
align="left">
Aviso de Confidencialidade/Disclaimer: </div>
<div style="FONT-SIZE: 8px; COLOR: #777777; FONT-STYLE:italic;
FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif"
align="left">
Este e-mail foi escrito de acordo com o novo acordo ortográfico.</div>
<div style="FONT-SIZE: 8px; COLOR: #777777; FONT-STYLE:italic;
FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif"
align="left">
Esta mensagem é exclusivamente destinada ao seu destinatário,
podendo conter informação CONFIDENCIAL, cuja divulgação está
expressamente vedada nos termos da lei.
Caso tenha recepcionado indevidamente esta mensagem,
solicitamos-lhe que nos comunique esse mesmo facto por esta via
devendo apagar o seu conteúdo de imediato. <br>
This message is intended exclusively for its addressee. It may
contain CONFIDENTIAL information protected by law. If this
message has been received by error, please notify us via e-mail
and delete it immediately.</div>
<div style="FONT-SIZE: 8px; COLOR: #777777; FONT-STYLE:italic;
FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif"
align="left">
[ Antes de imprimir esta mensagem pense no ambiente. Before
printing this message, think about environment ]</div>
</div>
<div class="moz-cite-prefix">Às 16:52 de 04/04/19, CSIRT.UMINHO
Marco Teixeira escreveu:<br>
</div>
<blockquote type="cite"
cite="mid:2088234235.64800.1554393152759.JavaMail.zimbra@csirt.uminho.pt">
<pre class="moz-quote-pre" wrap="">(Please mind, this is my personal opinion. The signature was left for consensus evaluation and background context)
Dear RIPE associates, and other longtime participants in this mailing list,
While I speak for myself, I might incur the risk of representing a lot of the so-called "Astroturfers?!". While some accuse (please don't take it personally, it's just clarification) the newcomers of being voiceless, I must say that I have been, with great effort, refraining from going into a long discourse on a list where I am new. That should not be understood as a sign of "spamming" a vetting process, but as a sign of respect for all of you, long-standing members of RIPE, guardians of our IP addresses, one of the building blocks of the Internet :-)
I have before, stated that you might start to see some newcomers from .PT, and the reason for that being related to a famous post from Ronald Guilmette mentioning a Portuguese bad actor. This particular BGP Hijack was discussed at one of the Portuguese CSIRT Network meetings (<a class="moz-txt-link-abbreviated" href="http://www.redecsirt.pt">www.redecsirt.pt</a>), and draw some attention to all the 30+ members, and to me in particular, on the lack of policy by RIPE regarding this. So, it's just natural, I guess, that when most of my fellow countryman from this security community saw this opportunity of amending this, they subscribed and voted +1. After all, if they agree on the text of the policy, why pollute the mailing-list with repetitive discourse...
Having said that, please consider for this discussion, from a (no more) RIPE outsider, it's somewhat weird that RIPE (as in the community), being an association of good people, seems to be somewhat reluctant to take action and approve a policy to self regulate against misuse of these same IP resources... I understand that we must not "sacrifice our freedom for a small feeling of security", but I hope (while I have not read all of RIPE rules on this) that if abused, this policy can, any point in time, be put to discussion for review, and improve whatever article is being abused.
As for those who defend BGP Hijacks are to be resolved with a BCP (or any other "technical solution"), mind that BCP regarding hijacks already have some time and little results. As do other BCP, like "source-spoofing" and we still see it at large... why? because it hurts your bottom-line. The sole purpose of a "Company" is to distribute the largest amount possible of dividends to shareholders! (imagine the manpower for transit tear 1's applying BGP filtering). It's in these scenarios that regulation comes to play. And better to self-regulate then wait for state regulation when the next hijack hits your industry 4.0 or your local smart city, or even when some "Einstein" thinks it's ok to hijack networks from another country state agency...
As one last thought, again IMHO, I believe BGP Hijacking is one of the most pressing issues, menacing the Internet resiliency, and it must be dealt with. In the same manner, we apply AUP's to our users, it's RIPE responsibility, to clearly state, it is not acceptable, and it will have consequences... Raising the risk for companies is the only way we tip the balance of "Loss vs Earning", and hopefully eradicate bad actors, or hopefully even stopping them right at their business plans.
This is why I support "2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)"
Best regards,
Marco
-----------------------------------------------------------------------
CSIRT.UMINHO - Universidade do Minho
<a class="moz-txt-link-freetext" href="https://csirt.uminho.pt">https://csirt.uminho.pt</a> | <a class="moz-txt-link-abbreviated" href="mailto:report@csirt.uminho.pt">report@csirt.uminho.pt</a> | <a class="moz-txt-link-abbreviated" href="mailto:info@csirt.uminho.pt">info@csirt.uminho.pt</a>
-----------------------------------------------------------------------
----- Mensagem original -----
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">De: "Brian Nisbet" <a class="moz-txt-link-rfc2396E" href="mailto:brian.nisbet@heanet.ie"><brian.nisbet@heanet.ie></a>
Para: "anti-abuse-wg" <a class="moz-txt-link-rfc2396E" href="mailto:anti-abuse-wg@ripe.net"><anti-abuse-wg@ripe.net></a>
Enviadas: Quinta-feira, 4 De Abril de 2019 9:42:32
Assunto: [anti-abuse-wg] On +1s and Policy Awareness
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Colleagues,
Two (broad) things to address, while, of course, noting that I would ask you all
to assume best intent in all of your fellow working group members. And to post
as politely as possible yourself!
I have, repeatedly, pointed out that all of the emails are being read by the
Co-Chairs and the RIPE PDO. Short messages of support or +1s are noted and
considered, but this is not a vote. I think I've said that twice now, hopefully
the third time will be enough. We have also read the opinions of people about
this, however the original statement remains unchanged. If, at the appropriate
points, anyone in the working group feels the Co-Chairs have erred in our
decision regarding consensus, then there is an appeals process.
RIPE 710 covers the whole PDP and section 4 specifically covers appeals -
<a class="moz-txt-link-freetext" href="https://www.ripe.net/publications/docs/ripe-710">https://www.ripe.net/publications/docs/ripe-710</a>
On the general awareness of the policy, the announcement on 2019-03 was posted
to the Policy Announce list and to Routing-WG in addition to here. It has also
been raised in a few other locations. Given where we are right now in the
initial Discussion Phase and the plans by the authors to produce a v2.0 of the
document, I would strongly suggest (but note that it is not certain) that
nothing will have been decided by RIPE 78, when even more people will become
aware. If people choose not to join the mailing list nor use the RIPE Forum to
participate, then there is little the AA-WG can do.
So please, especially given all the nice things people have said about the
Co-Chairs, and thank you for that, can you trust that we are both seeing all of
the messages and treating them as stated, and if you don't agree, there is a
process by which you can express this, rather than all going back and forth
again here.
You can also always contact the Co-Chairs directly on <a class="moz-txt-link-abbreviated" href="mailto:aa-wg-chair@ripe.net">aa-wg-chair@ripe.net</a>
Thanks,
Brian
Co-Chair, RIPE AA-WG
Brian Nisbet
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 <a class="moz-txt-link-abbreviated" href="mailto:brian.nisbet@heanet.ie">brian.nisbet@heanet.ie</a> <a class="moz-txt-link-abbreviated" href="http://www.heanet.ie">www.heanet.ie</a>
Registered in Ireland, No. 275301. CRA No. 20036270
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
<br>
</body>
</html>