Hi Carlos,

"It will not stop determined miscreants" -- even if it stops some, it's already something positive, anti-abuse-wise. :-))

The thing is that, if you look at it from another direction, if it just does one "false positive", I would argue that it outweighs 100 small hijacks.

And then we have the other co-author,

On Sat, Mar 23, 2019 at 10:42 PM JORDI PALET MARTINEZ via
anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

I think is very obvious that the experts [..] will make sure that when a warning is sufficient

How is that obvious? Answer: it is not obvious, you are just making assumptions.

After looking at this in a bit more detail, my stance on this proposal has to be that I strongly object to it.

I do feel like the better way to go about this is on a technical level, with more things like RPKI and IRR, not this stuff.

On another note, unless all RIRs have a similar policy, then a hijacker wouldn't have to be from RIPE, or what if they have gotten hold of a legacy ASN.

My point is that, no matter what the authors intended, I think this policy, would stop close to no determined hijackers, and probably cause a few "false positives".

- Cynthia