Re: [anti-abuse-wg] [aa-wg-chair] RIPE 78 Anti-Abuse WG Minutes
Hello Brian, Many thanks for this report. Having read the 2 paragraphs related to my comments, I confirm I've no issue. Best regards Hervé -Message d'origine- De : anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] De la part de Brian Nisbet Envoyé : mardi 10 septembre 2019 13:00 À : anti-abuse-wg@ripe.net Objet : [anti-abuse-wg] Fw: [aa-wg-chair] RIPE 78 Anti-Abuse WG Minutes Colleagues, Here are the draft minutes from RIPE 78. Please let us know if you have any issues or required changes. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Vicarious liability / criminal negligence is also a thing in several jurisdictions so “let us do nothing and we won’t be liable” doesn’t always work. --srs From: Nuno Vieira Sent: Tuesday, September 10, 2019 5:11 PM To: Suresh Ramasubramanian Cc: Sérgio Rocha; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation) Unfortunately yes. However it doesn’t mean that we shouldn’t discuss this, work on solutions and don’t let this die. Some interim solutions might be good to be deployed, like warp. At least they would serve as statistic or wall of shame. This might only see the sunlight when some government, regulator or some “critical” infrastructure around here gets hijacked, and the collaborative isps/upstreams properly bashed and prosecuted. Nuno Vieira No dia 10/09/2019, às 12:26, Suresh Ramasubramanian escreveu: > You are right. I have very little hope of anything concrete coming out of > this process, however. > > On 10/09/19, 4:04 PM, "anti-abuse-wg on behalf of Sérgio Rocha" > > wrote: > > Hi, > > I agree with Carlos. It is better to have an imperfect policy than not to > have any policy and watch these hijacks helplessly in the front row. > > I can't understand why some people resist having a policy that create a > response to those who break the chain of trust on which the internet is > based, we can't keep looking at abusers and think it's okay, one of this days > will be your network, your client. > > There are many hijacks that are claimed by the true owners of space and we > cannot let these abusers, usually are always the same, remain members, we > need to have policies to fight. > > At RIPE meetings I always hear a lot of people talking about the inability to > have any response to these events and when we hear the impact of these > actions we realize than something has to be done, it may be not consensual a > first version, but all supporters are certain that improvements will be made > in the future. > > Finally, if we do not want nations and governmental laws to regulate the > internet, it has to be via entities like RIPE to bring regulation, otherwise > we will lose control of the internet and it will start to be controlled by > governments. (they are waiting for us to fail) > > Regards, > Sérgio > > > -Original Message- > From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of > Carlos Friaças via anti-abuse-wg > Sent: 10 de setembro de 2019 08:26 > To: Jacob Slater > Cc: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a > RIPE Policy Violation) > > > Hello, > > As the RIPE NCC's IA shows (imho), the proposed process is not perfect. > > The main goal of having a process to start with was to allow some action > regarding evident cases, and i hope people will agree that significant effort > was made to accomodate comments during v1's discussion. > > We tried to add more "safety knobs", because we felt that a wrong decision > (by experts) would be a really, really bad thing, and we wanted to avoid that > -- even knowing that sometimes even courts do get it wrong _and_ that ONE > 'guilty of hijacking' case wouldn't result immediately in a LIR terminating > process. > > In the case there were no doubts that someone/some company was doing this > (i.e. a 'guilty' conclusion), the expected outcome would be for that member > to stop that behaviour from that point forward. > > Regards, > Carlos > > > > >> On Mon, 9 Sep 2019, Jacob Slater wrote: >> >> All, >> Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free >> for everyone to access. :-) >> >> >> Having a copy of the table and see historical data doesn't >> automatically give one the ability to determine if a given announcement was >> a hijack. >> I might strongly suspect that it was - sure. My personal suspicions >> should not be enough in this instance. >> >> Honestly, i handed it back in late April. The IA and publishing took some >> time... :-) >> What i think supports what i wrote above is in Section 7.0, clause 1: >> "The RIPE NCC will verify that a report contains sufficient information >> before assigning it to a group of experts. If this is not the case, the >> report will be dismissed." >> >> Maybe it could be a bit clearer, or we could textually add "one event or a >> handful of events is not enough". >> >> Stating that a single report isn't enough doesn't solve the issue. A >> thousand reports might not give enough quality information to justify >> an investigation; a single report from an authoritative source might. It is >> for this reason that - in order to save resources - I'm concerned with the >> amount of people who could potentially submit a report. >> >> Hence Section 7.0, clause 1 :-) >> >> Section 7 of the current draft gives the accused the opportunity to >> defend themselves as the
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Unfortunately yes. However it doesn’t mean that we shouldn’t discuss this, work on solutions and don’t let this die. Some interim solutions might be good to be deployed, like warp. At least they would serve as statistic or wall of shame. This might only see the sunlight when some government, regulator or some “critical” infrastructure around here gets hijacked, and the collaborative isps/upstreams properly bashed and prosecuted. Nuno Vieira No dia 10/09/2019, às 12:26, Suresh Ramasubramanian escreveu: > You are right. I have very little hope of anything concrete coming out of > this process, however. > > On 10/09/19, 4:04 PM, "anti-abuse-wg on behalf of Sérgio Rocha" > > wrote: > >Hi, > >I agree with Carlos. It is better to have an imperfect policy than not to > have any policy and watch these hijacks helplessly in the front row. > >I can't understand why some people resist having a policy that create a > response to those who break the chain of trust on which the internet is > based, we can't keep looking at abusers and think it's okay, one of this days > will be your network, your client. > >There are many hijacks that are claimed by the true owners of space and we > cannot let these abusers, usually are always the same, remain members, we > need to have policies to fight. > >At RIPE meetings I always hear a lot of people talking about the inability > to have any response to these events and when we hear the impact of these > actions we realize than something has to be done, it may be not consensual a > first version, but all supporters are certain that improvements will be made > in the future. > >Finally, if we do not want nations and governmental laws to regulate the > internet, it has to be via entities like RIPE to bring regulation, otherwise > we will lose control of the internet and it will start to be controlled by > governments. (they are waiting for us to fail) > >Regards, >Sérgio > > >-Original Message- >From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of > Carlos Friaças via anti-abuse-wg >Sent: 10 de setembro de 2019 08:26 >To: Jacob Slater >Cc: anti-abuse-wg@ripe.net >Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a > RIPE Policy Violation) > > >Hello, > >As the RIPE NCC's IA shows (imho), the proposed process is not perfect. > >The main goal of having a process to start with was to allow some action > regarding evident cases, and i hope people will agree that significant effort > was made to accomodate comments during v1's discussion. > >We tried to add more "safety knobs", because we felt that a wrong decision > (by experts) would be a really, really bad thing, and we wanted to avoid that > -- even knowing that sometimes even courts do get it wrong _and_ that ONE > 'guilty of hijacking' case wouldn't result immediately in a LIR terminating > process. > >In the case there were no doubts that someone/some company was doing this > (i.e. a 'guilty' conclusion), the expected outcome would be for that member > to stop that behaviour from that point forward. > >Regards, >Carlos > > > > >>On Mon, 9 Sep 2019, Jacob Slater wrote: >> >> All, >> Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are >> free >> for everyone to access. :-) >> >> >> Having a copy of the table and see historical data doesn't >> automatically give one the ability to determine if a given announcement was >> a hijack. >> I might strongly suspect that it was - sure. My personal suspicions >> should not be enough in this instance. >> >> Honestly, i handed it back in late April. The IA and publishing took >> some >> time... :-) >> What i think supports what i wrote above is in Section 7.0, clause 1: >> "The RIPE NCC will verify that a report contains sufficient information >> before assigning it to a group of experts. If this is not the case, the >> report will be dismissed." >> >> Maybe it could be a bit clearer, or we could textually add "one event >> or a >> handful of events is not enough". >> >> Stating that a single report isn't enough doesn't solve the issue. A >> thousand reports might not give enough quality information to justify >> an investigation; a single report from an authoritative source might. It is >> for this reason that - in order to save resources - I'm concerned with the >> amount of people who could potentially submit a report. >> >> Hence Section 7.0, clause 1 :-) >> >> Section 7 of the current draft gives the accused the opportunity to >> defend themselves as the second step, right after the NCC "verifies" the >> request. >> The accused entity is still being "asked" (under pressure) to provide >> information on the basis of a report that may or may not have come from >> someone who actually knows about
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
You are right. I have very little hope of anything concrete coming out of this process, however. On 10/09/19, 4:04 PM, "anti-abuse-wg on behalf of Sérgio Rocha" wrote: Hi, I agree with Carlos. It is better to have an imperfect policy than not to have any policy and watch these hijacks helplessly in the front row. I can't understand why some people resist having a policy that create a response to those who break the chain of trust on which the internet is based, we can't keep looking at abusers and think it's okay, one of this days will be your network, your client. There are many hijacks that are claimed by the true owners of space and we cannot let these abusers, usually are always the same, remain members, we need to have policies to fight. At RIPE meetings I always hear a lot of people talking about the inability to have any response to these events and when we hear the impact of these actions we realize than something has to be done, it may be not consensual a first version, but all supporters are certain that improvements will be made in the future. Finally, if we do not want nations and governmental laws to regulate the internet, it has to be via entities like RIPE to bring regulation, otherwise we will lose control of the internet and it will start to be controlled by governments. (they are waiting for us to fail) Regards, Sérgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Carlos Friaças via anti-abuse-wg Sent: 10 de setembro de 2019 08:26 To: Jacob Slater Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation) Hello, As the RIPE NCC's IA shows (imho), the proposed process is not perfect. The main goal of having a process to start with was to allow some action regarding evident cases, and i hope people will agree that significant effort was made to accomodate comments during v1's discussion. We tried to add more "safety knobs", because we felt that a wrong decision (by experts) would be a really, really bad thing, and we wanted to avoid that -- even knowing that sometimes even courts do get it wrong _and_ that ONE 'guilty of hijacking' case wouldn't result immediately in a LIR terminating process. In the case there were no doubts that someone/some company was doing this (i.e. a 'guilty' conclusion), the expected outcome would be for that member to stop that behaviour from that point forward. Regards, Carlos On Mon, 9 Sep 2019, Jacob Slater wrote: > All, > Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free > for everyone to access. :-) > > > Having a copy of the table and see historical data doesn't > automatically give one the ability to determine if a given announcement was a hijack. > I might strongly suspect that it was - sure. My personal suspicions > should not be enough in this instance. > > Honestly, i handed it back in late April. The IA and publishing took some > time... :-) > What i think supports what i wrote above is in Section 7.0, clause 1: > "The RIPE NCC will verify that a report contains sufficient information > before assigning it to a group of experts. If this is not the case, the > report will be dismissed." > > Maybe it could be a bit clearer, or we could textually add "one event or a > handful of events is not enough". > > Stating that a single report isn't enough doesn't solve the issue. A > thousand reports might not give enough quality information to justify > an investigation; a single report from an authoritative source might. It is for this reason that - in order to save resources - I'm concerned with the amount of people who could potentially submit a report. > > Hence Section 7.0, clause 1 :-) > > Section 7 of the current draft gives the accused the opportunity to > defend themselves as the second step, right after the NCC "verifies" the request. > The accused entity is still being "asked" (under pressure) to provide > information on the basis of a report that may or may not have come from someone who actually knows about the situation. > > Sure. And i have already read the IA. All of it. > > OK. I've done the same. I still feel that the IA outlines a lot of > issues and problems. At this time, I don't think that the potential benefits of the proposal outweigh the costs. > > Jacob Slater > > > > > On Mon, Sep 9, 2019 at 5:56 PM Carlos Friaças wrote: > > > Hi, > > > On Mon, 9 Sep 2019, Jacob Slater
[anti-abuse-wg] Fw: [aa-wg-chair] RIPE 78 Anti-Abuse WG Minutes
Colleagues, Here are the draft minutes from RIPE 78. Please let us know if you have any issues or required changes. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 RIPE 78-Anti-Abuse-WG Minutes.docx Description: RIPE 78-Anti-Abuse-WG Minutes.docx
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hi, I agree with Carlos. It is better to have an imperfect policy than not to have any policy and watch these hijacks helplessly in the front row. I can't understand why some people resist having a policy that create a response to those who break the chain of trust on which the internet is based, we can't keep looking at abusers and think it's okay, one of this days will be your network, your client. There are many hijacks that are claimed by the true owners of space and we cannot let these abusers, usually are always the same, remain members, we need to have policies to fight. At RIPE meetings I always hear a lot of people talking about the inability to have any response to these events and when we hear the impact of these actions we realize than something has to be done, it may be not consensual a first version, but all supporters are certain that improvements will be made in the future. Finally, if we do not want nations and governmental laws to regulate the internet, it has to be via entities like RIPE to bring regulation, otherwise we will lose control of the internet and it will start to be controlled by governments. (they are waiting for us to fail) Regards, Sérgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Carlos Friaças via anti-abuse-wg Sent: 10 de setembro de 2019 08:26 To: Jacob Slater Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation) Hello, As the RIPE NCC's IA shows (imho), the proposed process is not perfect. The main goal of having a process to start with was to allow some action regarding evident cases, and i hope people will agree that significant effort was made to accomodate comments during v1's discussion. We tried to add more "safety knobs", because we felt that a wrong decision (by experts) would be a really, really bad thing, and we wanted to avoid that -- even knowing that sometimes even courts do get it wrong _and_ that ONE 'guilty of hijacking' case wouldn't result immediately in a LIR terminating process. In the case there were no doubts that someone/some company was doing this (i.e. a 'guilty' conclusion), the expected outcome would be for that member to stop that behaviour from that point forward. Regards, Carlos On Mon, 9 Sep 2019, Jacob Slater wrote: > All, > Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are > free > for everyone to access. :-) > > > Having a copy of the table and see historical data doesn't > automatically give one the ability to determine if a given announcement was a > hijack. > I might strongly suspect that it was - sure. My personal suspicions > should not be enough in this instance. > > Honestly, i handed it back in late April. The IA and publishing took > some > time... :-) > What i think supports what i wrote above is in Section 7.0, clause 1: > "The RIPE NCC will verify that a report contains sufficient information > before assigning it to a group of experts. If this is not the case, the > report will be dismissed." > > Maybe it could be a bit clearer, or we could textually add "one event > or a > handful of events is not enough". > > Stating that a single report isn't enough doesn't solve the issue. A > thousand reports might not give enough quality information to justify > an investigation; a single report from an authoritative source might. It is > for this reason that - in order to save resources - I'm concerned with the > amount of people who could potentially submit a report. > > Hence Section 7.0, clause 1 :-) > > Section 7 of the current draft gives the accused the opportunity to > defend themselves as the second step, right after the NCC "verifies" the > request. > The accused entity is still being "asked" (under pressure) to provide > information on the basis of a report that may or may not have come from > someone who actually knows about the situation. > > Sure. And i have already read the IA. All of it. > > OK. I've done the same. I still feel that the IA outlines a lot of > issues and problems. At this time, I don't think that the potential benefits > of the proposal outweigh the costs. > > Jacob Slater > > > > > On Mon, Sep 9, 2019 at 5:56 PM Carlos Friaças wrote: > > > Hi, > > > On Mon, 9 Sep 2019, Jacob Slater wrote: > > > All, > > If it's *your* table, you should be able. > > > > Again, I disagree. Just because you have a copy of the routing table > doesn't automatically put you in a position to > know what is going on with each entry present in that table. > > Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are > free > for everyone to access. :-) > > > > But please keep in mind than one event or a handful of events > shouldn't > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hello, As the RIPE NCC's IA shows (imho), the proposed process is not perfect. The main goal of having a process to start with was to allow some action regarding evident cases, and i hope people will agree that significant effort was made to accomodate comments during v1's discussion. We tried to add more "safety knobs", because we felt that a wrong decision (by experts) would be a really, really bad thing, and we wanted to avoid that -- even knowing that sometimes even courts do get it wrong _and_ that ONE 'guilty of hijacking' case wouldn't result immediately in a LIR terminating process. In the case there were no doubts that someone/some company was doing this (i.e. a 'guilty' conclusion), the expected outcome would be for that member to stop that behaviour from that point forward. Regards, Carlos On Mon, 9 Sep 2019, Jacob Slater wrote: All, Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free for everyone to access. :-) Having a copy of the table and see historical data doesn't automatically give one the ability to determine if a given announcement was a hijack. I might strongly suspect that it was - sure. My personal suspicions should not be enough in this instance. Honestly, i handed it back in late April. The IA and publishing took some time... :-) What i think supports what i wrote above is in Section 7.0, clause 1: "The RIPE NCC will verify that a report contains sufficient information before assigning it to a group of experts. If this is not the case, the report will be dismissed." Maybe it could be a bit clearer, or we could textually add "one event or a handful of events is not enough". Stating that a single report isn't enough doesn't solve the issue. A thousand reports might not give enough quality information to justify an investigation; a single report from an authoritative source might. It is for this reason that - in order to save resources - I'm concerned with the amount of people who could potentially submit a report. Hence Section 7.0, clause 1 :-) Section 7 of the current draft gives the accused the opportunity to defend themselves as the second step, right after the NCC "verifies" the request. The accused entity is still being "asked" (under pressure) to provide information on the basis of a report that may or may not have come from someone who actually knows about the situation. Sure. And i have already read the IA. All of it. OK. I've done the same. I still feel that the IA outlines a lot of issues and problems. At this time, I don't think that the potential benefits of the proposal outweigh the costs. Jacob Slater On Mon, Sep 9, 2019 at 5:56 PM Carlos Friaças wrote: Hi, On Mon, 9 Sep 2019, Jacob Slater wrote: > All, > If it's *your* table, you should be able. > > Again, I disagree. Just because you have a copy of the routing table doesn't automatically put you in a position to know what is going on with each entry present in that table. Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free for everyone to access. :-) > But please keep in mind than one event or a handful of events shouldn't > justify an investigation, or handing a case to "experts". > > The current policy proposal doesn't have text to support this. Honestly, i handed it back in late April. The IA and publishing took some time... :-) What i think supports what i wrote above is in Section 7.0, clause 1: "The RIPE NCC will verify that a report contains sufficient information before assigning it to a group of experts. If this is not the case, the report will be dismissed." Maybe it could be a bit clearer, or we could textually add "one event or a handful of events is not enough". > If the issue is fixed and the issue originator isn't always the same, then > no real need for an investigation. Maybe the amount of text on the current > version fades a bit the two main concepts of "persistent" and > "intentional". > > I am in agreement with you on this. > > There should be enough "trail" to justify starting an investigation... > > If the person submitting a report isn't in an authoritative position to say whether or not an announcement was a hijack, there isn't a good enough "trail" to justify starting an investigation. Hence Section 7.0, clause 1 :-) > The "proposal". It's just a proposal...! :-) > > > > I agree that there isn't a way to measure how many people around the > > world would not resort to hijacking if this proposal was in place today > > My apologies for misspeaking on that one. Any references I