[anti-abuse-wg] Dogs
I feel compelled to offer my apologies to the list membership for my posting here about a week ago in which I made retorical use of the word "dogpiles" as in "cleaning up our own dogpiles". It was certainly not my intent to offend anyone with my usual and rather cavalier use of language. Nontheless, following that post, a number of dog owners on the list wrote to me privately to express thier disgust and outrage at what appeared to them to have been personalised and selective attacks on either them or their pets or both. As it was pointed out to me, in no uncertain terms, dogs are far from the only type of pets that routinely manufacture piles of what are generally considered to be non-recyclable waste by-products. Cats, lizards, parakeets, and even ring-tailed lemurs also routinely gift to thier environments copious quantities of effluent. Given these facts, some members here righfully objected to my singling out of dogs for either special note or special derision. I do apologize to all concerned, and I promise that in future I will make every reasonable attempt to be species-neutral in my use of language, whenever possible, especially now that I am aware of the issue, and of the specific offense that some on the list can and do take to my manner of speech. To paraphrase, I will amend my speech lest I mar my fortunes. Regards, rfg P.S. It certainly does seem evident to me that the best way that I could avoid getting into trouble like this in the future would be for me to never say anything. I do believe, based on some evidence, that at least a few of the members here would be quite alright with that solution.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Richard Clayton wrote: >Instead, experts are used by those who are charged with dispensing >justice as a means of understanding what is likely to have gone on, and >these people then weigh the various opinions of the experts (or indeed >their unanimity) in coming to their decision. I agree completely that this is the way the process -should- indeed work (when "hijacking" charges are being adjudicated). And in fact, I have previously stated exactly that position in private email to the main sponsor/author of 2019-03. >So a policy which said that unauthorised BGP hijacking was unacceptable >behaviour and charged RIPE NCC with addressing the problem if it was >caused by anyone who used RIPE resources would I think be helpful. Once again, we are in perfect agreement. >Telling RIPE NCC exactly how to recognise and deal with BGP hijacking >(and specifying exactly how experts and no one else will determine what >has occurred) is I think unhelpful and attempts to move forward this way >are likely to be counterproductive. I agree that subject-matter experts should not themselves be the adjudicators but rather that they should merely be resources that are available to the actual adjudicators. If, hypothetically, that change were made to 2019-03 would it then be something that you'd support? Or did you see other issues? Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , =?ISO-8859-15?Q?Carlos_Fria=E7as?= wrote: >2019-03 aims to create an inexistent rule, that could lead to >consequences... Speaking of which, I wonder if anyone here might happen to know the penality, under Dutch law, for knowingly receiving stolen property, or cash? I only ask because I did notice, just yesterday, the fact that AS205869, aka Universal IP Solution Corp. is apparently still, to this day, a member in good standing (and dues-paying member) of RIPE. And this is true even MONTHS after the company was publicly identified as having been one of two entities behind a large scale "ad fraud" scheme, publicly documented by Google and their partners, WhiteOps, and which netted the criminals behind it an alleged $29 million of ill-gotten gains: https://arstechnica.com/information-technology/2018/12/how-3ves-bgp-hijackers-eluded-the-internet-and-made-29m/ This entire sophisticated ad fraud scheme resulted in multiple U.S. federal grand jury indictments: https://www.justice.gov/usao-edny/press-release/file/1114576/download Unfortunately, many of those criminally charged are still at large, and thus, they are able to continue doing business with, and paying dues to RIPE. To say that any such funds now being paid to RIPE are "tainted" would be a rather gross understatement. This is the elephant in the room that none of the opponents of 2019-03 wants to talk about, i.e. the rather inconvenient fact that RIPE, due to its intransigent lethargy, is quite apparently doing business, even as we speak, with known and well-identified cyber-criminals. So, when it comes time for RIPE to answer, in a Dutch court, for this continued and ongoing support of known criminals, what will be RIPE's response? I can see it all now... "Oh! Gee! Sorry your honor! We are an association, under Dutch law, and our by-laws require us not to adopt any policies that do not obtain 100% consensus of ALL of our members, and thus, because our members are a rambunctious lot, and because at least some of them don't really mind that much being associated with criminals, we have been unable to adopt any new governing rules for our association that would actually prohibit us from receiving stolen money. Can we go now?" Yea. *That* defense is sure to work... NOT! Perhaps some of the people here who have speculated aloud about the (dim) possibility that RIPE might someday accrue some civil liability for having kicked out members who are hijackers could perhaps spare a moment or two in their busy schedules to give at least some thought to the vastly greater potential liability, both civil and criminal, that might accrue to RIPE if it continues, as it is now doing, to support and sell services to known cyber-criminals. Note that when and if a day of legal judgement finally arrives for *these* failures, RIPE will also not be able to avail itself of either of the two other traditional defenses that have been trotted out, in the past, to try to excuse the inexcusable. I am speaking of course of the "we didn't know" defense and the "we were just following orders" defense. RIPE clearly *does* know about the nature and purpose of Universal IP Solution Corp., and if it doesn't know, then it can only be because RIPE is -willfully- electing to remain ignorant. Separately, RIPE can certainly attempt to claim that it was "just following the orders" of its membership, but that defense is likely to fall on deaf ears also... as it has in the past. So where are all of the members who earlier, and right here on this mailing list, worried aloud about legal liability? Why are they apparently NOT worrrying about the legal liability that may arise from seeing evil and doing nothing whatsoever to impede it, or to even stop doing business with it? Apparently, the potential for legal liability is only an issue when concern abou the potential for that is used as an argument to support those conservatives who wish to do nothing at all. When viewed objectively and even-handedly however, arguments in favor of doing nothing which are based on the "legal liability" bogeyman can be easily seen to be rather entirely disingenuous, because it is self-evident that the *real* and far more serious potential for legal liability lies with continuing to have RIPE support and sell services to cyber-criminals, as it is now, quite apparently, doing. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <83185.1554061...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>However, it is not necessarily clear at all and writing a policy which >>assumes that it will always be clear is in my view unwise. >> >>Assuming that experts will always be able to determine who is at fault >>(along with deciding whether an event they know little of is accidental >>or deliberate) is to live in a world that I do not recognise. > >I disagree completely. The world would be one that you most certainly >*would* recognize. > >Your argument basically boils down to the following unsustainable >assertion: We cannot assume that we will always, and in 100% of all >cases, be able to accurately recognize "crime" when we see it. Therefore >we should have -no- criminal laws. I don't agree ... what I am saying is that it can be very hard for real experts to agree. These are people who consider all possible reasons for events to occur and then offer their opinion as which reasons can be completely ruled out and which are unlikely to be actual explanation in the particular case. As a result we seldom operate justice by using experts (whether they agree or not) as the ultimate arbiters of how cases are decided. Instead, experts are used by those who are charged with dispensing justice as a means of understanding what is likely to have gone on, and these people then weigh the various opinions of the experts (or indeed their unanimity) in coming to their decision. >>If the policy stopped at the statement that unauthorised BGP hijacking >>was unacceptable behaviour then I would be happy with it. > >I have no idea what country you live in the United Kingdom (it's fairly easy to work that out BTW) >, but would you likewise find it >equally acceptable if your local national legislature also and likewise >passed a resolution calling for murder to be entirely decriminalized, >while adding that it is the sense of the legislature that murder shall >nontheless, and henceforth, be deemed "unacceptable behaviour" deserving >of public derision and scorn, but no further penalties whatsoever? As it happens (it's tricky when appealing to completely irrelevant matters isn't it?) the UK does not have a statute that makes murder a crime -- so it might be quite complicated to decriminalise it ! People are instead charged under the common law -- the court then decides whether or not they are guilty (often having considered the evidence of experts whose duty is explicitly defined as being to assist the court, albeit they are paid by either the prosecution or the defence). However if the accused is found guilty then the sentence is specified by statute (which, because it gives no leeway to the court, leads to numerous unfair outcomes which I will not elaborate here). So a policy which said that unauthorised BGP hijacking was unacceptable behaviour and charged RIPE NCC with addressing the problem if it was caused by anyone who used RIPE resources would I think be helpful. Telling RIPE NCC exactly how to recognise and deal with BGP hijacking (and specifying exactly how experts and no one else will determine what has occurred) is I think unhelpful and attempts to move forward this way are likely to be counterproductive. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Richard Clayton wrote: >In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. >Guilmette writes >>In the summer of last year, 2018, I took steps to point out, in a very public >>way, on the NANOG mailing list, two notable hijacking situations that came >>to my attention *and* also to identify, by name, the actors that were quite >>apparently behind each of those. In neither of those instances was there >>ever even any serious attempt, by either of the relevant parties, to refute >>-any- of my very public allegations. > >If they had refuted the allegations then it would have become rather >complicated and it would have come down to one entities word against >another and perhaps the examination of documentary evidence of what >arrangements had been authorised (and then perhaps forensic assessment >of the authenticity of those documents). I am not persuaded that such complexity would ever actuall arise, in practice, although I do confess that my view may be colored by the facts of the specific cases I have personally looked at. (In one of the two cases I cited, an allegedly "Ukranian" entity was quite obviously... and quite blatantly... hijacking a block of ARIN-issued IPv4 addresses that were officially registered to the United States Air Force, thus leaving no ambiguity whatsoever.) >Some BGP hijacking cases have been prosecuted on the basis of the >forging of documents rather than on the hijack per se. Perhaps you could share references to such incidents (?) I don't doubt your assertion here, but I, for one, am always interested to look at the details of additional cases. >I agree that it can be pretty clear what has gone on and the accused >then helpfully acts in such a way as to make it clear to everyone that >they were "guilty"... Yes. It is certainly the case that, on some occasions, at least, the crooks have been most helpful in their own downfalls. >However, it is not necessarily clear at all and writing a policy which >assumes that it will always be clear is in my view unwise. > >Assuming that experts will always be able to determine who is at fault >(along with deciding whether an event they know little of is accidental >or deliberate) is to live in a world that I do not recognise. I disagree completely. The world would be one that you most certainly *would* recognize. Your argument basically boils down to the following unsustainable assertion: We cannot assume that we will always, and in 100% of all cases, be able to accurately recognize "crime" when we see it. Therefore we should have -no- criminal laws. That is the undeniable fundamental logic of your position. There *is* a world that you would not recognize, and it is one that would be guided by this very principal that you are espousing. What would the world be like if we all just shrugged and said "Oh, well, we cannot be absolutely sure that we will be 100% accurate when we prosecute shoplifters, or murderers, and therfore we will never even try to do so" ? *That* would be the world that you would not recognize. But we already have a living, breathing example of that world, and the effects of such a guiding principal, when put into actual practice... and it is NOT a pretty picture. The world in question is called RIPE, where scofflaws roam free, and where, at worst, those same scofflaws are only subjected to some rather modest public embarassement. I would be the first to agree that something less than 100% of all shoplifting cases and also something less than 100% of all murder cases are so abundantly clear as to leave no doubts whatsoever. In my own country, several murder cases have been overturned, upon further review, sometimes even decades after an innocent man has been incarcerated. These cases are quite obviously problematic for anyone with any semblance of a conscience. But I have yet to hear even the most liberal of defense attorneys argue in favor of legalizing murder... or shoplifting for that matter.. as an appropriate or well reasoned response to the vagaries and vissitudes of our imperfect justice system... as you appear to be doing. (Because that *is* really the inescapable end-point of your position.) >If the policy stopped at the statement that unauthorised BGP hijacking >was unacceptable behaviour then I would be happy with it. I have no idea what country you live in, but would you likewise find it equally acceptable if your local national legislature also and likewise passed a resolution calling for murder to be entirely decriminalized, while adding that it is the sense of the legislature that murder shall nontheless, and henceforth, be deemed "unacceptable behaviour" deserving of public derision and scorn, but no further penalties whatsoever? If so, I would suggest to you that anarchy and chaos would ensue. If a concrete example is needed, then I can and will simply point to what's been going on in the RIPE region, specifically with respect to the number reso
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sun, 31 Mar 2019, Richard Clayton wrote: (...) I meant that the experts cannot ever be absolutely certain that their evaluation is correct -- though of course they can be correct in their nuanced assessment. I've been thinking about Cynthia Revstrom's argument, and now i'm thinking if unanimity between all experts in every case is a needed "feature". In the summer of last year, 2018, I took steps to point out, in a very public way, on the NANOG mailing list, two notable hijacking situations that came to my attention *and* also to identify, by name, the actors that were quite apparently behind each of those. In neither of those instances was there ever even any serious attempt, by either of the relevant parties, to refute -any- of my very public allegations. If they had refuted the allegations then it would have become rather complicated and it would have come down to one entities word against another and perhaps the examination of documentary evidence of what arrangements had been authorised (and then perhaps forensic assessment of the authenticity of those documents). Afaik, some allegations were made in response to Mr.Krebs questions, however, as far as i've seen ASNs sourcing hijacks and the direct transit ASN kind of vanished some days later. Some BGP hijacking cases have been prosecuted on the basis of the forging of documents rather than on the hijack per se. Really? in courts? i'll be very interested to know in which jurisdictions. I don't have any doubt that if someone hijacks a prefix or sub-prefix from a mobile operator, consequences in justice should be unavoidable... But regarding Internet prefixes (or ASN) i'm really unaware of any case. I agree that it can be pretty clear what has gone on and the accused then helpfully acts in such a way as to make it clear to everyone that they were "guilty" (or individual peers assess the situation from their own standpoint and decide that they do not have an obligation to carry the traffic). If peers share their routing view publicly (i.e. peering with RIS) then anyone should be able to assess :-) However, it is not necessarily clear at all and writing a policy which assumes that it will always be clear is in my view unwise. I don't think this is the case of 2019-03. Cases/reports where there is unsufficient evidence or where there is any kind of doubts should be dismissed. 2019-03 aims to create an inexistent rule, that could lead to consequences, but it isn't trying to define those consequences are mandatory to be implemented in a 1st instance, 2nd instance, 3rd instance and so on. That should be left to the already existing concept of "repeateadly policy violations" Assuming that experts will always be able to determine who is at fault (along with deciding whether an event they know little of is accidental or deliberate) is to live in a world that I do not recognise. If they are not able, then a case should be dismissed. Simple as that. If the policy stopped at the statement that unauthorised BGP hijacking was unacceptable behaviour then I would be happy with it. Adding all the procedural stuff about how BGP hijacking will be (easily of course) We can rephrase/review it in version 2.0. detected and exotic details about experts and report forms and time periods is (a) irrelevant to establishing the principle and (b) cluttered with false assumptions and unhelpful caveats and (c) way too formalised to survive dealing with some real examples. Some people seem to want the exact some opposite, a process to be detailed in its every aspect. Thanks. Best Regards, Carlos -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] 2019-03 and over-reach
Hi, On Sun, 31 Mar 2019, Richard Clayton wrote: 1) The hijackings you mentioned also affect your customers, right? I do not believe they did, not all announced space is in use If third parties could receive any of the customer's space is already bad enough. The hijacker could be impersonating the customer towards other networks (not necessarily to every network in the world). 2) Do you or your customers report these hijackings (and their impact) to somebody? The hijacks only came to light due to feedback about spam sending, where it turned out to be impossible to identify anyone using the IPs that were sending the spam. In that sense the reporting was the other way. Although the victims (third party networks) directed their reports to the wrong people -- this is why i'm saying impersonating is an advantage to hijackers. 3) Is it in your customers' best interest to do nothing? I think it's presumptuous to assume that nothing was done. Once it was understood what was occurring (which took rather longer than I think it would today) the matter was dealt with and the hijacks ceased If enough harm was already done... 4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level? Rules do not prevent hijacks -- detection and mitigation do I agree detection and mitigation do, but having no rules is actually helping hijackers. As i understand it, if someone provides the RIR with falsified data there was no falsified data provided to an RIR in this case I wasn't clear enough. I'm saying the rule about falsified data exists and if someone does that, the RIR is able to act -- today it doesn't have the ability to act regarding hijacks! , they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk". I have already pointed you towards IXPs once ... that's where this example was dealt with. That is precisely another excellent issue. IXPs are by nature "neutral". However, if rules are written, one member that announces hijacked routes will most likely be shown the door. When that happens the IXP is only "enforcing" the rules. In my opinion, the RIR (which also does that in other cases of rule breaking) should be doing the same -- but for that rhe rule needs to be in place. I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection". this is a new point presented without any evidence whatsoever (albeit I do agree that having more sensors would improve the detection of some hijacking events). That's basically it... more sensors, better "community protection". The content of routing tables are often not shared publicly for reasons of perceived commercial confidentiality -- you It's always a choice not publicly detailing which your neighbors are. I'm only saying more public information helps in "detection". should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network). I only said it was an incentive to... i'm not suggesting it should be mandatory for every network to export info about who actually are their neighbors. Best Regards, Carlos -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. Guilmette writes >In message , >Richard Clayton wrote: > >>It is NOT possible (for experts or almost anyone else) to accurately >>evaluate who is performing BGP hijacks... > >I did not intend to participate any further in this discussion, above and >beyond what I already have done, but I fell compelled to at least point out >the intellectual dishonesty of the above assertion. It is, I agree, badly phrased. I apologise. I meant that the experts cannot ever be absolutely certain that their evaluation is correct -- though of course they can be correct in their nuanced assessment. >In the summer of last year, 2018, I took steps to point out, in a very public >way, on the NANOG mailing list, two notable hijacking situations that came >to my attention *and* also to identify, by name, the actors that were quite >apparently behind each of those. In neither of those instances was there >ever even any serious attempt, by either of the relevant parties, to refute >-any- of my very public allegations. If they had refuted the allegations then it would have become rather complicated and it would have come down to one entities word against another and perhaps the examination of documentary evidence of what arrangements had been authorised (and then perhaps forensic assessment of the authenticity of those documents). Some BGP hijacking cases have been prosecuted on the basis of the forging of documents rather than on the hijack per se. I agree that it can be pretty clear what has gone on and the accused then helpfully acts in such a way as to make it clear to everyone that they were "guilty" (or individual peers assess the situation from their own standpoint and decide that they do not have an obligation to carry the traffic). However, it is not necessarily clear at all and writing a policy which assumes that it will always be clear is in my view unwise. Assuming that experts will always be able to determine who is at fault (along with deciding whether an event they know little of is accidental or deliberate) is to live in a world that I do not recognise. If the policy stopped at the statement that unauthorised BGP hijacking was unacceptable behaviour then I would be happy with it. Adding all the procedural stuff about how BGP hijacking will be (easily of course) detected and exotic details about experts and report forms and time periods is (a) irrelevant to establishing the principle and (b) cluttered with false assumptions and unhelpful caveats and (c) way too formalised to survive dealing with some real examples. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 and over-reach
In message , Carlos Friaças via anti-abuse-wg writes >On Sat, 23 Mar 2019, Lu Heng wrote: > >(...) >> And for the record, it?s in my short term interest to have that policy >> as we do suffer from time to time hijackings, and I made presentation in >> this working group how more half million of our IP get hijacked for half >> a year. Lu Heng can of course reply, but I have some familiarity with this particular episode >1) The hijackings you mentioned also affect your customers, right? I do not believe they did, not all announced space is in use >2) Do you or your customers report these hijackings (and their impact) to >somebody? The hijacks only came to light due to feedback about spam sending, where it turned out to be impossible to identify anyone using the IPs that were sending the spam. In that sense the reporting was the other way. >3) Is it in your customers' best interest to do nothing? I think it's presumptuous to assume that nothing was done. Once it was understood what was occurring (which took rather longer than I think it would today) the matter was dealt with and the hijacks ceased >4) Is it in your customers' best interest to "protect" the lack of rules >about hijacking at registry level? Rules do not prevent hijacks -- detection and mitigation do >As i understand it, if someone provides the RIR with falsified data there was no falsified data provided to an RIR in this case >, they >expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having >this rule in place is protecting the RIR's long term stability -- the >point about 2019-03 is that someone doing persistent intentional hijacks >should be subject to the same "risk". I have already pointed you towards IXPs once ... that's where this example was dealt with. >I understand your point about partial visibility. With 2019-03 in place, i >think the incentive for anyone to share their routing view will increase, >as a way of protection -- i see it as "community protection". this is a new point presented without any evidence whatsoever (albeit I do agree that having more sensors would improve the detection of some hijacking events). The content of routing tables are often not shared publicly for reasons of perceived commercial confidentiality -- you should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 and over-reach -- RIPE-001 document
On Fri, 22 Mar 2019, Nick Hilliard wrote: (...) Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Hi Nick, All, I understand you are talking about https://www.ripe.net/publications/docs/ripe-001 The word "enforcement" is not part of ripe-001. So, it's not explicitely written as something which is completely out of scope. The RIPE NCC (as a supporting organization) is already "enforcing" that people abide by rules (i.e. it's against the rules to provide falsified information, and even unresponsiveness may lead to a LIR closure -- that's what i read from RIPE-716, just to name a few). Best Regards, Carlos
Re: [anti-abuse-wg] 2019-03 and over-reach
On Sat, 23 Mar 2019, Lu Heng wrote: (...) And for the record, it?s in my short term interest to have that policy as we do suffer from time to time hijackings, and I made presentation in this working group how more half million of our IP get hijacked for half a year. But for the long term stability of the registry, or the internet as a whole, in which in all my interest to protect, I really like to see community avoid policy like that. Dear Lu Heng, All, I suppose you have customers. What you wrote above makes me wonder about: 1) The hijackings you mentioned also affect your customers, right? 2) Do you or your customers report these hijackings (and their impact) to somebody? 3) Is it in your customers' best interest to do nothing? 4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level? As i understand it, if someone provides the RIR with falsified data, they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk". I've looked for your presentation, and found it (at RIPE 72). I especially like your slide which has: "Hijacker ARE NOT HIDING, THEY ARE RUNNING IT LIKE REAL BUSINESS" -- this is an exact quote, uppercase included :-) At the time you wrote/presented this, did you identify the hijacker(s), and were they also operating one or more LIRs? I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection". Thanks for your input. I hope you can help fine tune the proposal, in a way that your concerns about registry (in)stability and Internet as a whole (in)stability can be solved. Best Regards, Carlos Friaças
