<div dir="auto"><div>Sorry off topic. </div><div dir="auto">How Come I subscribed to digest yet getting multiple mails per day? </div><div dir="auto"> <div data-smartmail="gmail_signature" dir="auto">Cheers/DP</div> <div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Sat, Mar 23, 2019, 22:53 <<a href="mailto:anti-abuse-wg-request@ripe.net">anti-abuse-wg-request@ripe.net</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send anti-abuse-wg mailing list submissions to <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> To subscribe or unsubscribe via the World Wide Web, visit <a href="https://lists.ripe.net/mailman/listinfo/anti-abuse-wg" rel="noreferrer noreferrer" target="_blank">https://lists.ripe.net/mailman/listinfo/anti-abuse-wg</a> or, via email, send a message with subject or body 'help' to <a href="mailto:anti-abuse-wg-request@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg-request@ripe.net</a> You can reach the person managing the list at <a href="mailto:anti-abuse-wg-owner@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg-owner@ripe.net</a> When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Carlos Fria?as) 2. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Sascha Luck [ml]) 3. Re: 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) (Lu Heng) 4. Re: 2019-03 and over-reach (Nick Hilliard) 5. Re: 2019-03 and over-reach (Hank Nussbacher) 6. Re: 2019-03 and over-reach (Hank Nussbacher) ---------------------------------------------------------------------- Message: 1 Date: Sat, 23 Mar 2019 13:39:04 +0000 (WET) From: Carlos Fria?as <<a href="mailto:cfriacas@fccn.pt" target="_blank" rel="noreferrer">cfriacas@fccn.pt</a>> To: T?ma Gavrichenkov <<a href="mailto:ximaera@gmail.com" target="_blank" rel="noreferrer">ximaera@gmail.com</a>> Cc: <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <<a href="mailto:alpine.LRH.2.21.1903231315330.9599@gauntlet.corp.fccn.pt" target="_blank" rel="noreferrer">alpine.LRH.2.21.1903231315330.9599@gauntlet.corp.fccn.pt</a>> Content-Type: text/plain; charset="iso-8859-15"; Format="flowed" On Sat, 23 Mar 2019, T?ma Gavrichenkov wrote: > Hi all, Hi, (will try to keep it short) (...) > 1. As of now, the draft looks like a nice example of "document > designed by a committee". > > It's too strict where there's no real need to be strict, and at the > same time too weak where you don't expect it to be weak. E.g. 4 weeks > to report + 4 weeks to investigate + 2 weeks for an appeal give us > solid 10 weeks for an attack to stay there, which is, to put it > gently, a substantial amount of time. Just two co-authors. The set will grow for proposals in other RIRs. And we'll gladly accept help, as Jordi is doing the most of heavy lifting. If your issue is timescales they can be adapted in subsequent versions. What we tried to design here was "due process" with enough "checks & balances" embedded. (...) > 2. OTOH the ultimate result (membership cancellation) may be seen as a > very heavy punishment. > > In fact in theory this policy could make things worse. The scenarios you and others mentioned should be run through the process and what you call "the ultimate result" should only happen if there is absolutely no doubt about the intent and about the 'who'. If company A takes control of company B's router (or hires someone to do it) is already doing something which in most jurisdictions could fall onto "crime". If company A could be identified, then they could/should be the 'who', and not company B. I won't expect this proposal will stop *all* intentional hijackers. Firstly it will depend on a complaint/report, then it must be crystal clear (with all the checks & balances in place) that is was intentional, and the hijack was made by person/org X. So if you see bogus routes from <big company name here>'s ASN coming from somewhere in the world where they have no business, that's because someone else is (ab)using their ASN... (I would also like to hear Randy's take on 2019-03, even now before version 2) (...) > 3. If I were to design that process, I'd put it in a different way, e.g.: It's not explicitely written down, but yes, the idea was to have a (pre-existing) worldwide pool of experts. The timescales were mostly designed expecting it would be possible to build that pool on a voluntary basis. So 4 weeks was for a set of experts to agree on the report, possibly on their own free time... :-) Best Regards, Carlos ------------------------------ Message: 2 Date: Sat, 23 Mar 2019 13:54:06 +0000 From: "Sascha Luck [ml]" <<a href="mailto:aawg@c4inet.net" target="_blank" rel="noreferrer">aawg@c4inet.net</a>> To: JORDI PALET MARTINEZ <<a href="mailto:jordi.palet@consulintel.es" target="_blank" rel="noreferrer">jordi.palet@consulintel.es</a>> Cc: <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <<a href="mailto:20190323135406.GO99066@cilantro.c4inet.net" target="_blank" rel="noreferrer">20190323135406.GO99066@cilantro.c4inet.net</a>> Content-Type: text/plain; charset=us-ascii; format=flowed All, can I ask every participant in this discussion to PLEASE, PLEASE quote properly. It's becoming absolutely impossible to ascertain who wrote what and who made a statement and who answered it. To brass tacks: On Sat, Mar 23, 2019 at 01:44:21PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Immediate membership suspension at the end if the experts decide it's > necessary to do so now. This is not possible under the SSA/ripe-697. Section 1.2.1.1 of ripe-697 states clearly the grounds for termination of membership. "BGP hijacking" is not one of them. While it is presumably possible to add additional reasons, it will be, TTBOMK, only by membership vote. I did at the start decide to give this proposal the benefit of the doubt but I am now convinced that its intent is the subversion of the RIPE NCC in order to force it to abuse its dominant market position to remove from (internet) existence, members who exhibit behaviour that, while arguably legal, elements of this community don't like. Moreover, the proposal aims at doing this while largely excluding the RIPE NCC itself from the decision-making process, instead using some panel of "experts" to decide who should live and who should die. Whence the authority of these "experts" comes is not explained. The NCC Board is then, or so I surmise, tasked with giving this decision an air of legitimacy by ratifying it. Why the (unpaid) Board would even accept such a questionable honour, I don't know, especially in light of the potential liabilities. Further, the danger exists that this community is not done yet. Once a mechanism to terminate unwelcome behaviour is established, it is relatively easy to plug in any other behaviour that this community, or elements thereof, would like to see removed from the internet. In conclusio, this proposal has the potential to irredeemably damage the relationship the NCC has with its members and I would even argue that it has the potential to threaten the very existence of the NCC if the powers that be decide that it is abusing its power as a monopoly provider. For the avoidance of doubt, I remain in opposition, SL ------------------------------ Message: 3 Date: Sat, 23 Mar 2019 22:26:46 +0800 From: Lu Heng <<a href="mailto:h.lu@anytimechinese.com" target="_blank" rel="noreferrer">h.lu@anytimechinese.com</a>> To: "Sascha Luck [ml]" <<a href="mailto:aawg@c4inet.net" target="_blank" rel="noreferrer">aawg@c4inet.net</a>> Cc: JORDI PALET MARTINEZ <<a href="mailto:jordi.palet@consulintel.es" target="_blank" rel="noreferrer">jordi.palet@consulintel.es</a>>, <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Message-ID: <CAAvCx3jaLVGJxH-KBfwsTt-gWk7v77ceDAmm=<a href="mailto:DM0yvsO__ioMA@mail.gmail.com" target="_blank" rel="noreferrer">DM0yvsO__ioMA@mail.gmail.com</a>> Content-Type: text/plain; charset="utf-8" On Sat, Mar 23, 2019 at 21:54 Sascha Luck [ml] <<a href="mailto:aawg@c4inet.net" target="_blank" rel="noreferrer">aawg@c4inet.net</a>> wrote: > > All, > > can I ask every participant in this discussion to PLEASE, PLEASE > quote properly. It's becoming absolutely impossible to ascertain > who wrote what and who made a statement and who answered it. > > > To brass tacks: > > On Sat, Mar 23, 2019 at 01:44:21PM +0100, JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > > Immediate membership suspension at the end if the experts decide it's > > necessary to do so now. > > This is not possible under the SSA/ripe-697. Section 1.2.1.1 of > ripe-697 states clearly the grounds for termination of > membership. "BGP hijacking" is not one of them. While it is > presumably possible to add additional reasons, it will be, > TTBOMK, only by membership vote. > > I did at the start decide to give this proposal the benefit of > the doubt but I am now convinced that its intent is the > subversion of the RIPE NCC in order to force it to abuse its > dominant market position to remove from (internet) existence, > members who exhibit behaviour that, while arguably legal, > elements of this community don't like. > > Moreover, the proposal aims at doing this while largely > excluding the RIPE NCC itself from the decision-making process, > instead using some panel of "experts" to decide who should live > and who should die. Whence the authority of these "experts" > comes is not explained. The NCC Board is then, or so I surmise, > tasked with giving this decision an air of legitimacy by > ratifying it. Why the (unpaid) Board would even accept such a > questionable honour, I don't know, especially in light of the > potential liabilities. > > Further, the danger exists that this community is not done yet. > Once a mechanism to terminate unwelcome behaviour is established, > it is relatively easy to plug in any other behaviour that this > community, or elements thereof, would like to see removed from the > internet. > > In conclusio, this proposal has the potential to irredeemably > damage the relationship the NCC has with its members and I would > even argue that it has the potential to threaten the very > existence of the NCC if the powers that be decide that it is > abusing its power as a monopoly provider. Very well said, +1 > > > For the avoidance of doubt, I remain in opposition, > > SL > > -- -- Kind regards. Lu -------------- next part -------------- An HTML attachment was scrubbed... URL: <<a href="https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20190323/579a0fb5/attachment-0001.html" rel="noreferrer noreferrer" target="_blank">https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20190323/579a0fb5/attachment-0001.html</a>> ------------------------------ Message: 4 Date: Sat, 23 Mar 2019 15:49:16 +0000 From: Nick Hilliard <<a href="mailto:nick@foobar.org" target="_blank" rel="noreferrer">nick@foobar.org</a>> To: JORDI PALET MARTINEZ <<a href="mailto:jordi.palet@consulintel.es" target="_blank" rel="noreferrer">jordi.palet@consulintel.es</a>> Cc: "<a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a>" <<a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a>> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach Message-ID: <<a href="mailto:6179dc11-f299-c076-0ae1-2f2d22eb6115@foobar.org" target="_blank" rel="noreferrer">6179dc11-f299-c076-0ae1-2f2d22eb6115@foobar.org</a>> Content-Type: text/plain; charset=utf-8; format=flowed JORDI PALET MARTINEZ via anti-abuse-wg wrote on 23/03/2019 11:52: > ?El 23/3/19 12:32, "Nick Hilliard" <<a href="mailto:nick@foobar.org" target="_blank" rel="noreferrer">nick@foobar.org</a>> escribi?: > 1. it's not the job of the RIPE NCC to make up for a short-fall of civil > legislation in this area, no matter how distasteful we might find the > consequences of this; > > And we aren't doing that. If there were legislation and enforcement in this area, we wouldn't be having this conversation. > 2. you can throw anything into a contract, but that doesn't mean it's > enforceable or even lawful. > [...] > In this particular case, the suggestion is for the RIPE NCC to start > making judgements about potentially legal actions between second or > third parties, potentially involving non-related resources and to deny > and/or withdraw number registration services on that basis. This does > not sound legally enforceable. > > No, it is not a matter of parties. It is a matter of the membership rules. Jordi, you need to take legal advice on this before proceeding further. Nick ------------------------------ Message: 5 Date: Sat, 23 Mar 2019 19:17:06 +0200 From: Hank Nussbacher <<a href="mailto:hank@efes.iucc.ac.il" target="_blank" rel="noreferrer">hank@efes.iucc.ac.il</a>> To: <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach Message-ID: <<a href="mailto:cd9860db-d5d4-da6d-d07b-902affd1474c@efes.iucc.ac.il" target="_blank" rel="noreferrer">cd9860db-d5d4-da6d-d07b-902affd1474c@efes.iucc.ac.il</a>> Content-Type: text/plain; charset=utf-8; format=flowed On 23/03/2019 00:19, Sander Steffann wrote: >> But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of. > I fully agree with Nick. BGP hijacking has to be fought, but this is not the way? Exactly how successful has been MANRS - our attempt at self-regulation? Regards, -Hank > > Cheers, > Sander > ------------------------------ Message: 6 Date: Sat, 23 Mar 2019 19:23:20 +0200 From: Hank Nussbacher <<a href="mailto:hank@efes.iucc.ac.il" target="_blank" rel="noreferrer">hank@efes.iucc.ac.il</a>> To: <a href="mailto:anti-abuse-wg@ripe.net" target="_blank" rel="noreferrer">anti-abuse-wg@ripe.net</a> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach Message-ID: <<a href="mailto:e72ebef7-2ebc-be2e-c75c-ba203d0d3dd8@efes.iucc.ac.il" target="_blank" rel="noreferrer">e72ebef7-2ebc-be2e-c75c-ba203d0d3dd8@efes.iucc.ac.il</a>> Content-Type: text/plain; charset=utf-8; format=flowed On 23/03/2019 13:31, Nick Hilliard wrote: > JORDI PALET MARTINEZ via anti-abuse-wg wrote on 22/03/2019 22:55: >> The legal bindings of the NCC already have that for those that don?t >> follow existing policies, don?t pay bills, etc. So, the proposal is >> adding in the table a policy for confirming what is a hijack >> according to the community consensus. Same way we did for how we >> distribute resources, do transfers, etc. > > Hi Jordi, > > couple of things: > > 1. it's not the job of the RIPE NCC to make up for a short-fall of > civil legislation in this area, no matter how distasteful we might > find the consequences of this; Purity of concept will result in massive gov't intervention since we will have shown that we don't know how to self-regulate. The voices are already there: <a href="https://hackernoon.com/why-the-internet-must-be-regulated-9d65031e7491" rel="noreferrer noreferrer" target="_blank">https://hackernoon.com/why-the-internet-must-be-regulated-9d65031e7491</a> If you have an alternative solution, not even a better one, please suggest it. Regards, Hank End of anti-abuse-wg Digest, Vol 88, Issue 72 ********************************************* </blockquote></div></div></div>