Gert, Töma, All, "It will not stop determined miscreants" -- even if it stops some, it's already something positive, anti-abuse-wise. :-)) "sanctions are irrelevant for someone who does this on purpose" -- sanctions are not specified in 2019-03, but if there are will be any at some point, the impact will depend on the size of assets that "someone" already has gathered (and which part of it can be associated with him/her). "it brings the RIPE NCC into difficult legal territory" -- i will leave this for the impact analysis (by the RIPE NCC). More important than the three details above: Creating a BCP along the lines you describe is something i can definitely support! I haven't consulted with Jordi about this yet, but i think the BCP is something that can be worked in paralell with 2019-03's due course. To be clear: it wouldn't be "change 2019-03 into a BCP", but "creating a new BCP in addition to 2019-03". Best Regards, Carlos On Sun, 24 Mar 2019, Gert Doering wrote:
Hi,
On Sun, Mar 24, 2019 at 02:08:53AM +0100, Töma Gavrichenkov wrote:
E.g. I'm the attacker, I start the hijacking, I continue that for 10 weeks until I'm denied membership. I don't lose any valuable address space at the time because it's just IPv6 which is totally disposable. I then switch to another LIR account I've obtained before, and start doing the same thing, at a cost of a generous sign-up fee.
What's the value of the 2019-03 proposal then?
This is one of the aspects that makes me really sceptic of the value of this proposal as written.
It will not stop determined miscreants, because the reaction time is WAY too long, and the sanctions are irrelevant for someone who does this on purpose. So it does not stop, and does not deter, and as such, does not achieve the stated purpose.
On the other hand, it brings the RIPE NCC into difficult legal territory, for all the reasons Nick and Sascha have written.
As such, I have decided that I can not support the policy as written, and change my stance from "neutral" to "object".
Now, I do share the wish to "do something!!" against BGP hijacking.
So, maybe a more workable way forward would be to change this into a BCP ("the RIPE anti-abuse community states with full backing from the RIPE community that BGP hijacking, as defined in <reference>, is considered unwanted behaviour") - and *then* use that on a commercial/peering basis among transit ISPs to strengthen the message "we want *you* to filter your customer BGP sessions, because that's the proper way to run a network!".
Sometimes just agreeing on a written-down message already helps on other fronts.
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279