Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 88, Issue 72
Sorry off topic. How Come I subscribed to digest yet getting multiple mails per day? Cheers/DP On Sat, Mar 23, 2019, 22:53 <anti-abuse-wg-request@ripe.net> wrote:
Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net
You can reach the person managing the list at anti-abuse-wg-owner@ripe.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..."
Today's Topics:
1. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Carlos Fria?as) 2. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Sascha Luck [ml]) 3. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Lu Heng) 4. Re: 2019-03 and over-reach (Nick Hilliard) 5. Re: 2019-03 and over-reach (Hank Nussbacher) 6. Re: 2019-03 and over-reach (Hank Nussbacher)
----------------------------------------------------------------------
Message: 1 Date: Sat, 23 Mar 2019 13:39:04 +0000 (WET) From: Carlos Fria?as <cfriacas@fccn.pt> To: T?ma Gavrichenkov <ximaera@gmail.com> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <alpine.LRH.2.21.1903231315330.9599@gauntlet.corp.fccn.pt> Content-Type: text/plain; charset="iso-8859-15"; Format="flowed"
On Sat, 23 Mar 2019, T?ma Gavrichenkov wrote:
Hi all,
Hi, (will try to keep it short)
(...)
1. As of now, the draft looks like a nice example of "document designed by a committee".
It's too strict where there's no real need to be strict, and at the same time too weak where you don't expect it to be weak. E.g. 4 weeks to report + 4 weeks to investigate + 2 weeks for an appeal give us solid 10 weeks for an attack to stay there, which is, to put it gently, a substantial amount of time.
Just two co-authors. The set will grow for proposals in other RIRs. And we'll gladly accept help, as Jordi is doing the most of heavy lifting.
If your issue is timescales they can be adapted in subsequent versions. What we tried to design here was "due process" with enough "checks & balances" embedded.
(...)
2. OTOH the ultimate result (membership cancellation) may be seen as a very heavy punishment.
In fact in theory this policy could make things worse.
The scenarios you and others mentioned should be run through the process and what you call "the ultimate result" should only happen if there is absolutely no doubt about the intent and about the 'who'. If company A takes control of company B's router (or hires someone to do it) is already doing something which in most jurisdictions could fall onto "crime". If company A could be identified, then they could/should be the 'who', and not company B.
I won't expect this proposal will stop *all* intentional hijackers. Firstly it will depend on a complaint/report, then it must be crystal clear (with all the checks & balances in place) that is was intentional, and the hijack was made by person/org X. So if you see bogus routes from <big company name here>'s ASN coming from somewhere in the world where they have no business, that's because someone else is (ab)using their ASN...
(I would also like to hear Randy's take on 2019-03, even now before version 2)
(...)
3. If I were to design that process, I'd put it in a different way, e.g.:
It's not explicitely written down, but yes, the idea was to have a (pre-existing) worldwide pool of experts. The timescales were mostly designed expecting it would be possible to build that pool on a voluntary basis. So 4 weeks was for a set of experts to agree on the report, possibly on their own free time... :-)
Best Regards, Carlos
------------------------------
Message: 2 Date: Sat, 23 Mar 2019 13:54:06 +0000 From: "Sascha Luck [ml]" <aawg@c4inet.net> To: JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <20190323135406.GO99066@cilantro.c4inet.net> Content-Type: text/plain; charset=us-ascii; format=flowed
All,
can I ask every participant in this discussion to PLEASE, PLEASE quote properly. It's becoming absolutely impossible to ascertain who wrote what and who made a statement and who answered it.
To brass tacks:
On Sat, Mar 23, 2019 at 01:44:21PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
Immediate membership suspension at the end if the experts decide it's necessary to do so now.
This is not possible under the SSA/ripe-697. Section 1.2.1.1 of ripe-697 states clearly the grounds for termination of membership. "BGP hijacking" is not one of them. While it is presumably possible to add additional reasons, it will be, TTBOMK, only by membership vote.
I did at the start decide to give this proposal the benefit of the doubt but I am now convinced that its intent is the subversion of the RIPE NCC in order to force it to abuse its dominant market position to remove from (internet) existence, members who exhibit behaviour that, while arguably legal, elements of this community don't like.
Moreover, the proposal aims at doing this while largely excluding the RIPE NCC itself from the decision-making process, instead using some panel of "experts" to decide who should live and who should die. Whence the authority of these "experts" comes is not explained. The NCC Board is then, or so I surmise, tasked with giving this decision an air of legitimacy by ratifying it. Why the (unpaid) Board would even accept such a questionable honour, I don't know, especially in light of the potential liabilities.
Further, the danger exists that this community is not done yet. Once a mechanism to terminate unwelcome behaviour is established, it is relatively easy to plug in any other behaviour that this community, or elements thereof, would like to see removed from the internet.
In conclusio, this proposal has the potential to irredeemably damage the relationship the NCC has with its members and I would even argue that it has the potential to threaten the very existence of the NCC if the powers that be decide that it is abusing its power as a monopoly provider.
For the avoidance of doubt, I remain in opposition,
SL
------------------------------
Message: 3 Date: Sat, 23 Mar 2019 22:26:46 +0800 From: Lu Heng <h.lu@anytimechinese.com> To: "Sascha Luck [ml]" <aawg@c4inet.net> Cc: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <CAAvCx3jaLVGJxH-KBfwsTt-gWk7v77ceDAmm= DM0yvsO__ioMA@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
On Sat, Mar 23, 2019 at 21:54 Sascha Luck [ml] <aawg@c4inet.net> wrote:
All,
can I ask every participant in this discussion to PLEASE, PLEASE quote properly. It's becoming absolutely impossible to ascertain who wrote what and who made a statement and who answered it.
To brass tacks:
On Sat, Mar 23, 2019 at 01:44:21PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
Immediate membership suspension at the end if the experts decide
it's
necessary to do so now.
This is not possible under the SSA/ripe-697. Section 1.2.1.1 of ripe-697 states clearly the grounds for termination of membership. "BGP hijacking" is not one of them. While it is presumably possible to add additional reasons, it will be, TTBOMK, only by membership vote.
I did at the start decide to give this proposal the benefit of the doubt but I am now convinced that its intent is the subversion of the RIPE NCC in order to force it to abuse its dominant market position to remove from (internet) existence, members who exhibit behaviour that, while arguably legal, elements of this community don't like.
Moreover, the proposal aims at doing this while largely excluding the RIPE NCC itself from the decision-making process, instead using some panel of "experts" to decide who should live and who should die. Whence the authority of these "experts" comes is not explained. The NCC Board is then, or so I surmise, tasked with giving this decision an air of legitimacy by ratifying it. Why the (unpaid) Board would even accept such a questionable honour, I don't know, especially in light of the potential liabilities.
Further, the danger exists that this community is not done yet. Once a mechanism to terminate unwelcome behaviour is established, it is relatively easy to plug in any other behaviour that this community, or elements thereof, would like to see removed from the internet.
In conclusio, this proposal has the potential to irredeemably damage the relationship the NCC has with its members and I would even argue that it has the potential to threaten the very existence of the NCC if the powers that be decide that it is abusing its power as a monopoly provider.
Very well said, +1
For the avoidance of doubt, I remain in opposition,
SL
--
-- Kind regards. Lu
participants (1)
-
Durga Prasad Malyala