On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote: > A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy > Violation", is now available for discussion.
I have read the proposal version 1.0 as published on 13 March. I believe that the proposers try to act with the best of intentions. I also believe that certains occurences of "hijacking" constitute unfriendly action, likely involving violation of crominal codes. Looking at the supporting arguments however, I fail to see merit in any of them: > BGP hijacking completely negates the purpose of a (Regional Internet) > Registry. This is unclear to me. The Registry registers address space, not routes. > This community needs to explicitly express that BGP hijacking violates RIPE > policies. This is self referential - it remains unclear how and why "BGP hijacking" would violate RIPE policies. It is also unclear that other courses of action are either unavailable or unworkable. > If nothing changes in this field, the reputation of the RIPE NCC service > region will continue to be affected from a cybersecurity perspective due to > BGP hijacking events. Sorry, this is pure handwaving. Looking at the proposal text itself, I fail to see what policy it actually proposes. Instead of defining policy it suggest to instantiate a court like system that will, without having either appropriate competence nor investigatory power, issue a finding of whether or not a "policy violation" has happened. The only purpose is to construct a compliance case for the NCC to terminate membership and/or withdraw ressource allocations (or maybe assignments). The topic of attribution is heavily discussed in a variety of fora and the approach chosen in 2019-03 is, at best, overly optimistic. At the same time it is unclear why the RIPE NCC should even consider this "policy" in their compliance assessment. That said, I wonder why this non-proposal met the threshold for being accepted in the first place. Upholding my previous assessment, I do object to 2019-03. The discussion phase has shown enough lack of clarity both in terms of defining what should be considered "hijacking" as well as questions of proper jurisdiction. Therefore, I would be highly surprised if this work of art would be declared ready for the review phase. best regards, Peter
