+1. I'm also one of the first "+1" and Yesterday when all this discussion started I wanted to write the email that Marco did but unfortunately no time was left for me to do it. :| So I just want to give me support to what Marco said and off course to 2019-03.
Also I would to remind all the community that usually what happens to communities that cannot regulate themselves is that some outsider comes and regulated them... Best regards, Aviso de Confidencialidade/Disclaimer: Este e-mail foi escrito de acordo com o novo acordo ortográfico. Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail and delete it immediately. [ Antes de imprimir esta mensagem pense no ambiente. Before printing this message, think about environment ] Às 16:52 de 04/04/19, CSIRT.UMINHO Marco Teixeira escreveu: > (Please mind, this is my personal opinion. The signature was left for > consensus evaluation and background context) > > Dear RIPE associates, and other longtime participants in this mailing list, > > While I speak for myself, I might incur the risk of representing a lot of the > so-called "Astroturfers?!". While some accuse (please don't take it > personally, it's just clarification) the newcomers of being voiceless, I must > say that I have been, with great effort, refraining from going into a long > discourse on a list where I am new. That should not be understood as a sign > of "spamming" a vetting process, but as a sign of respect for all of you, > long-standing members of RIPE, guardians of our IP addresses, one of the > building blocks of the Internet :-) > > I have before, stated that you might start to see some newcomers from .PT, > and the reason for that being related to a famous post from Ronald Guilmette > mentioning a Portuguese bad actor. This particular BGP Hijack was discussed > at one of the Portuguese CSIRT Network meetings (www.redecsirt.pt), and draw > some attention to all the 30+ members, and to me in particular, on the lack > of policy by RIPE regarding this. So, it's just natural, I guess, that when > most of my fellow countryman from this security community saw this > opportunity of amending this, they subscribed and voted +1. After all, if > they agree on the text of the policy, why pollute the mailing-list with > repetitive discourse... > > Having said that, please consider for this discussion, from a (no more) RIPE > outsider, it's somewhat weird that RIPE (as in the community), being an > association of good people, seems to be somewhat reluctant to take action and > approve a policy to self regulate against misuse of these same IP > resources... I understand that we must not "sacrifice our freedom for a small > feeling of security", but I hope (while I have not read all of RIPE rules on > this) that if abused, this policy can, any point in time, be put to > discussion for review, and improve whatever article is being abused. > > As for those who defend BGP Hijacks are to be resolved with a BCP (or any > other "technical solution"), mind that BCP regarding hijacks already have > some time and little results. As do other BCP, like "source-spoofing" and we > still see it at large... why? because it hurts your bottom-line. The sole > purpose of a "Company" is to distribute the largest amount possible of > dividends to shareholders! (imagine the manpower for transit tear 1's > applying BGP filtering). It's in these scenarios that regulation comes to > play. And better to self-regulate then wait for state regulation when the > next hijack hits your industry 4.0 or your local smart city, or even when > some "Einstein" thinks it's ok to hijack networks from another country state > agency... > > As one last thought, again IMHO, I believe BGP Hijacking is one of the most > pressing issues, menacing the Internet resiliency, and it must be dealt with. > In the same manner, we apply AUP's to our users, it's RIPE responsibility, to > clearly state, it is not acceptable, and it will have consequences... Raising > the risk for companies is the only way we tip the balance of "Loss vs > Earning", and hopefully eradicate bad actors, or hopefully even stopping them > right at their business plans. > > This is why I support "2019-03 New Policy Proposal (BGP Hijacking is a RIPE > Policy Violation)" > > Best regards, > Marco > ----------------------------------------------------------------------- > CSIRT.UMINHO - Universidade do Minho > https://csirt.uminho.pt | rep...@csirt.uminho.pt | i...@csirt.uminho.pt > ----------------------------------------------------------------------- > > ----- Mensagem original ----- >> De: "Brian Nisbet" <brian.nis...@heanet.ie> >> Para: "anti-abuse-wg" <anti-abuse-wg@ripe.net> >> Enviadas: Quinta-feira, 4 De Abril de 2019 9:42:32 >> Assunto: [anti-abuse-wg] On +1s and Policy Awareness >> Colleagues, >> >> Two (broad) things to address, while, of course, noting that I would ask you >> all >> to assume best intent in all of your fellow working group members. And to >> post >> as politely as possible yourself! >> >> I have, repeatedly, pointed out that all of the emails are being read by the >> Co-Chairs and the RIPE PDO. Short messages of support or +1s are noted and >> considered, but this is not a vote. I think I've said that twice now, >> hopefully >> the third time will be enough. We have also read the opinions of people about >> this, however the original statement remains unchanged. If, at the >> appropriate >> points, anyone in the working group feels the Co-Chairs have erred in our >> decision regarding consensus, then there is an appeals process. >> >> RIPE 710 covers the whole PDP and section 4 specifically covers appeals - >> https://www.ripe.net/publications/docs/ripe-710 >> >> On the general awareness of the policy, the announcement on 2019-03 was >> posted >> to the Policy Announce list and to Routing-WG in addition to here. It has >> also >> been raised in a few other locations. Given where we are right now in the >> initial Discussion Phase and the plans by the authors to produce a v2.0 of >> the >> document, I would strongly suggest (but note that it is not certain) that >> nothing will have been decided by RIPE 78, when even more people will become >> aware. If people choose not to join the mailing list nor use the RIPE Forum >> to >> participate, then there is little the AA-WG can do. >> >> So please, especially given all the nice things people have said about the >> Co-Chairs, and thank you for that, can you trust that we are both seeing all >> of >> the messages and treating them as stated, and if you don't agree, there is a >> process by which you can express this, rather than all going back and forth >> again here. >> >> You can also always contact the Co-Chairs directly on aa-wg-ch...@ripe.net >> >> Thanks, >> >> Brian >> Co-Chair, RIPE AA-WG >> >> >> >> Brian Nisbet >> Service Operations Manager >> HEAnet CLG, Ireland's National Education and Research Network >> 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland >> +35316609040 brian.nis...@heanet.ie www.heanet.ie >> Registered in Ireland, No. 275301. CRA No. 20036270
smime.p7s
Description: Assinatura criptográfica S/MIME
