Hello, Warren, thanks for your input. What you described also crossed my mind, but as you said "it won't be too hard to figure out". And when everything is made clear, if a report is filed against AS1, AS1's holder might have a problem, so i see a strong reason for not even trying :-) I also want to stress out the main idea is to have a proper set of checks & balances, so an appeal is always possible, and as a last safeguard the RIPE NCC Board can decide not to ratify experts' conclusions. Also, routing data from last year, 2 years ago and so on (or from today...) will not be eligible to draw conclusions about any case, so if the policy is approved, the initial workload will depend on received reports with a very short timeframe of routing datasets. Best Regards, Carlos On Wed, 20 Mar 2019, Warren Kumari wrote:
On Tue, Mar 19, 2019 at 1:42 PM Marco Schmidt <mschmidt@ripe.net> wrote: Dear colleagues,
A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion.
The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region.
You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-03
From the policy: "The RIPE NCC will define a pool of worldwide experts who can assess whether reported BGP hijacks constitute policy violations. Experts from this pool will provide a judgement regarding each reported case, no later than four weeks from the moment the report was received."
This seems like a reasonable approach, but I still worry about the possibility of abuse of the policy.
As a hypothetical example: I'm AS1. I'm in a feud with Job (he called my hat ugly...) who runs AS2, and is a peer of mine. I decide to get even by announcing all sorts of address space, and prepending AS2 to the announcements. I then report Job as a hijacker.
?Networks Affected?: AS1, AS17, AS1234 ?Offender ASN?: AS2 ?Hijacked Prefixes?: [ long list of things ] ?Timespan?: last Thursday, 8:00AM.
Yes, in this case it won't be too hard to figure out it was me, but I do see that this could be abused in various ways.
Please note, I *really* support the proposal, but care will need to be taken to watch for false-flag operations, and the experts should take care to watch for this possibility. I'm also a bit concerned about the initial workload for the experts...
W
As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer.
At the end of the Discussion Phase, the proposers, with the agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal.
We encourage you to review this proposal and send your comments to <anti-abuse-wg@ripe.net> before 17 April 2019.
Kind regards,
Marco Schmidt Policy Officer RIPE NCC
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf