In message <74227.1553972836@segfault.tristatelogic.com>, Ronald F. Guilmette <rfg@tristatelogic.com> writes
In message <qjgJ+XCzz1ncFA0a@highwayman.com>, Richard Clayton <richard@highwayman.com> wrote:
It is NOT possible (for experts or almost anyone else) to accurately evaluate who is performing BGP hijacks...
I did not intend to participate any further in this discussion, above and beyond what I already have done, but I fell compelled to at least point out the intellectual dishonesty of the above assertion.
It is, I agree, badly phrased. I apologise. I meant that the experts cannot ever be absolutely certain that their evaluation is correct -- though of course they can be correct in their nuanced assessment.
In the summer of last year, 2018, I took steps to point out, in a very public way, on the NANOG mailing list, two notable hijacking situations that came to my attention *and* also to identify, by name, the actors that were quite apparently behind each of those. In neither of those instances was there ever even any serious attempt, by either of the relevant parties, to refute -any- of my very public allegations.
If they had refuted the allegations then it would have become rather complicated and it would have come down to one entities word against another and perhaps the examination of documentary evidence of what arrangements had been authorised (and then perhaps forensic assessment of the authenticity of those documents). Some BGP hijacking cases have been prosecuted on the basis of the forging of documents rather than on the hijack per se. I agree that it can be pretty clear what has gone on and the accused then helpfully acts in such a way as to make it clear to everyone that they were "guilty" (or individual peers assess the situation from their own standpoint and decide that they do not have an obligation to carry the traffic). However, it is not necessarily clear at all and writing a policy which assumes that it will always be clear is in my view unwise. Assuming that experts will always be able to determine who is at fault (along with deciding whether an event they know little of is accidental or deliberate) is to live in a world that I do not recognise. If the policy stopped at the statement that unauthorised BGP hijacking was unacceptable behaviour then I would be happy with it. Adding all the procedural stuff about how BGP hijacking will be (easily of course) detected and exotic details about experts and report forms and time periods is (a) irrelevant to establishing the principle and (b) cluttered with false assumptions and unhelpful caveats and (c) way too formalised to survive dealing with some real examples. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755