Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Gert Doering wrote: Hi, On Fri, Apr 19, 2019 at 02:18:25PM +, Suresh Ramasubramanian wrote: It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation. You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place. Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness" Hi, RIPE NCC isn't tasked with that, i agree. It is also not tasked in ensuring that party A is just using their own numbering resources. But 2019-03 also doesn't mandate that the RIPE NCC should start verifying that randomly. It just opens the door for someone to report a (suspected) resource hijack, and if a large set of circumstances are aligned, it may open the door to a membership status review -- which won't even happen at the first time... according to the current set of policies. (which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC. Maybe it can be a liability if the party responsible for the numbering resources administration does nothing and let's the hijacks run free... Some years ago i had an issue with another RIR about one of its members adding *our address* to one of their netblocks. That registry (whois) entry was clearly forged (the network wasn't and never was running at our address) and it took months to have this corrected with the people who forged the entry and the RIR in question didn't really help. If we had financial losses due to this incorrect entry, wouldn't it be normal to sue also the RIR for not aiding in solving this "address hijack" that hit the registry database??? Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward... Big Kudos to those who have worked hard to try to close this gap lately (also through policy proposals) -- you know who you are... :-)) Regards, Carlos Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Nick Hilliard wrote: Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. Hi, This question was just to express that noone really knows if the impact on abuse will be significant, minimal or none (but it seems there are people trying to state something without real data to back it up). I would also like to read Gert's opinion on this. It will not have any material impact on hijacking; Oh, so you do have the data...? there are better ways of handling hijacking Such as...? and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. Do you care to list them, so we can work on their mitigation? (i mean, those who have been raised in a disperse way in this list and those who haven't been raised yet) And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Because you say so. What i've heard from the Board so far on the list -- and the Board currently has seven members -- was a concern expressed by Piotr about timelines, which i think we have addressed in v2.0's text (which i also hope to see published soon). Best Regards, Carlos Nick
[anti-abuse-wg] funny haha
Joke of the Day. I wonder if the pink box on this page has anything to do with my recent mention of this company here: https://bgp.he.net/AS205869#_asinfo It would appear that perhaps these folks: https://bgp.he.net/AS205869#_peers may have finally concluded that being the one and only remaining peer of a known criminal enterprise may not have been all that wonderful, you know, from a corporate PR perspective.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, Apr 19, 2019 at 02:52:48PM +, Suresh Ramasubramanian wrote: > They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe > spammers set up as eastern european LIRs not too long back As long as spamming is a perfectly legal business in the appropriate jurisdiction, it consists a valid requirement for IPv4 space. The RIPE NCC can not and MUST NOT decide what is "appropriate" use of IP address space. There is laws and courts to do that (and if a LIR is convicted of criminal activity, they will be closed down). But you know all this. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, Apr 19, 2019 at 02:18:25PM +, Suresh Ramasubramanian wrote: > It would be an interesting sight to see the chairman and exec board of ripe > summoned before a parliament or court to explain the situation. You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place. Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness" (which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC. Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> They had a fiduciary duty not to hand out whole /14s of v4 space to > snowshoe spammers set up as eastern european LIRs not too long back as i intended by my reference to martin niemöller, i suspect that's who the net police/vigilantes will come for next. and then ... and then ... it is incremental, each justifies the next. the problem with making weapons is that they will be abused. a good piece on this the other day in the wapo, https://www.washingtonpost.com/opinions/technology-can-be-put-to-good-use--or-hasten-the-demise-of-the-human-race/2019/04/09/c7af4b2e-56e1-11e9-8ef3-fbd41a2ce4d5_story.html there are other means to deal with the hijacking problem without becoming police, judge, jury, and prison all rolled into one. push the technical approaches. use legal resources, the rule of law, before trump erodes it entirely. i hope we are above becoming a lynch mob. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe spammers set up as eastern european LIRs not too long back They would now as well if such duty wasn't abdicated each time The duty doesn't magically go away of course even if it is abdicated and denied --srs From: anti-abuse-wg on behalf of Nick Hilliard Sent: Friday, April 19, 2019 8:16 PM To: Carlos Friaças Cc: Gert Doering; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: > Would you find reasonable to have the rule/policy in place say for 2 or > 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
For those saying "Dutch court" etc please do be careful what you're asking for. Experience in two decades of anti abuse work says that if a particular form of abuse is allowed and even waved away so there's an enforcement gap, and that form of abuse is used to successfully attack something important and news making (lets say the European parliament or the defence forces of an EU country). Plausible - people can hijack address space belonging to most anybody. It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation. --srs From: anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg Sent: Friday, April 19, 2019 7:33 PM To: Gert Doering Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) On Fri, 19 Apr 2019, Gert Doering wrote: > Hi, > (...) > But anyway: the point that Randy is making that this policy is neither > common sense, nor effective in reducing abuse. So it's not the way to go. Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 >
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, 19 Apr 2019, ac wrote: (...) But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making? how rude and presumptuous of yourself. it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate" Please let's not start with that... (disclaimer: i value Gert's opinion on any Internet related subject as much as i value Randy's) Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope" It wasn't clear enough for me too at first, but i now clearly know that Randy objects 2019-03 (i.e. the potential "police state" and less energy in routing security). *sigh* - this is one of the most commented on and longest suffering thread(s) ever. It seems there are vested interests in ensuring that RIPE does not exercise any administrative (or limited) authority and only acts as a 'sort of' loose record or some sort of index of who may possibly or potentially be assigned which public resources... i.e. "land registry" has already been mentioned. Which is something i completely disagree, because, i don't see a (real) land registry as a member association, and having a role to actually distribute land -- among other details... I just wish to add the one thing that I have not yet seen in the thread(s): I would propose that should RIR not act with administrative authority we can expect world governments to legislate as chaos is not in the best interests of civil society. I'm not sure if that is the case for all governments in the world, but yes, i think that without enough self-regulation, some jurisdictions may perceive that more legislation is needed... so yes, i also see that risk. Even from the individual perspective of an average Internet user, it could be hard to understand how resource hijackers are tolerated by the very same organisations that have administrative powers over said resources. Regards, Carlos Andre
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Gert Doering wrote: Hi, (...) But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Fi Shing wrote: What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy? https://en.wikipedia.org/wiki/Slippery_slope It wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse. (Usually, there is one other motivation (financial) but not in this proposal). Hi, Please let me tell you that you are absolutely wrong about Randy Bush. I co-authored another policy proposal together with Randy (and also some other people who have already objected to 2019-03) some years ago. Randy's contribution is always appreciated and (at least) i feel very lucky when he shows up at RIPE meetings, and i happen to be there too. I hope this will destroy any doubt you may have about Randy: https://www.internethalloffame.org/inductees/randy-bush Let me also say that i think that energy into improving/deploying routing security (RPKI, MANRS, ...) should in any way be reduced just because of what 2019-03 proposes. Randy's position is obviously not irrelevant for me, as other person who frequently brings as much value to the RIPE community as Randy does, already told me (in private), in even a less positive way. Regards, Carlos Original Message Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) From: Randy Bush Date: Fri, April 19, 2019 1:55 am To: anti-abuse-wg@ripe.net < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
very well said Randy, +1 On Fri, 19 Apr 2019 at 11:33, Randy Bush wrote: > > so you are taking it upon yourself to attach your own opinion by > > commenting on how you interpret the point(s) Randy is making? > > > > how rude and presumptuous of yourself. > > QED? i wish folk would not resort to ad homina > > > it seems many people (including myself) are rude, obnoxious, not > > tolerant as well as very impolite and "unconsiderate" > > > > Anyway, to add my own interpretation, seeing as this is what we are now > > reduced to, I am understanding that Randy is pointing out that when > > 2019-03 moves forward, this is common sense and not a "slippery slope" > > no. gert was correct. but you are correct in the sense that it is not > a slippery slope. it is the bottom of the slope. > > the slope started with insufficient diligence in registration services > when dealing with some quite abusive actors. next, in the process of > cleaning it up, american style lawyers created the overreaching ripe-716 > to formalize a weapon to punish miscreants. now folk in this wg wave > the weapon around to punish others who might be miscreants of a > different sort. > > a martin niemöller quote comes to mind. > > as does "the only winning move is not to play." > > randy, who thinks this is a sad day for the ripe community > > -- -- Kind regards. Lu
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> so you are taking it upon yourself to attach your own opinion by > commenting on how you interpret the point(s) Randy is making? > > how rude and presumptuous of yourself. QED? i wish folk would not resort to ad homina > it seems many people (including myself) are rude, obnoxious, not > tolerant as well as very impolite and "unconsiderate" > > Anyway, to add my own interpretation, seeing as this is what we are now > reduced to, I am understanding that Randy is pointing out that when > 2019-03 moves forward, this is common sense and not a "slippery slope" no. gert was correct. but you are correct in the sense that it is not a slippery slope. it is the bottom of the slope. the slope started with insufficient diligence in registration services when dealing with some quite abusive actors. next, in the process of cleaning it up, american style lawyers created the overreaching ripe-716 to formalize a weapon to punish miscreants. now folk in this wg wave the weapon around to punish others who might be miscreants of a different sort. a martin niemöller quote comes to mind. as does "the only winning move is not to play." randy, who thinks this is a sad day for the ripe community
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019 09:51:56 +0200 Gert Doering wrote: > On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote: > > What absolute crap. > > Why is that every time something resembling common sense enters > > this group, there are these people who insist on using slippery > > slop fallacy? > style=""> > mce_style="font-size: 12pt;" style=""> > > HTML-mails, top posted, on a mailing list that has a different mail > style. Very impolite and unconsiderate. > +1, but anyway... > But anyway: the point that Randy is making that this policy is neither > common sense, nor effective in reducing abuse. So it's not the way > to go. > so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making? how rude and presumptuous of yourself. it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate" Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope" *sigh* - this is one of the most commented on and longest suffering thread(s) ever. It seems there are vested interests in ensuring that RIPE does not exercise any administrative (or limited) authority and only acts as a 'sort of' loose record or some sort of index of who may possibly or potentially be assigned which public resources... I just wish to add the one thing that I have not yet seen in the thread(s): I would propose that should RIR not act with administrative authority we can expect world governments to legislate as chaos is not in the best interests of civil society. Andre
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote: > What absolute crap. Why is that > every time something resembling common sense enters this group, there are > these people who insist on using slippery slop fallacy? style=""> style=""> style=""> href="https://en.wikipedia.org/wiki/Slippery_slope; > style="">https://en.wikipedia.org/wiki/Slippery_slope style=""> style=""> style="">It wouldn't half surprise me if people like this "randy bush" are > motivated by criminal groups. I cannot think of any reason, other than a > criminal one, why someone would object to common sense policy that leads to a > reduction in abuse. mce_style="font-size: 12pt;" style="">(Usually, there is one other motivation > (financial) but not in this proposal). mce_style="font-size: 12pt;" style=""> HTML-mails, top posted, on a mailing list that has a different mail style. Very impolite and unconsiderate. But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
