Re: [anti-abuse-wg] 2019-03 and over-reach
Emm...so if someone steal your house you will take your staff back from his home without police and court? Because you “admin” your staff? Try that next time and try your best explain to the judge why you think he took your staff give you rights to become police. On Sat, Mar 23, 2019 at 18:50 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:29:55 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
bottom line: you can do what you like with your electricity but the electricity company cannot allow you to just take any electricity as the electricity company is responsible for the administration of the electricity.
not stopping you from taking someone else's electricity is not a "policing" or "judicial" thing - it is an administrative power as this is the primary job of the electricity company: administer the electricity.
otherwise why have an electricity company at all?
just let anyone use any electricity they like.
this is a stupid thread.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
> There's also the interesting comparison of how some TLD > registries - many of them - act on canceling spam and phish > domains while others go to every extreme not to do so. > > --srs > > ________________________________ > From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on > behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 > 11:16 AM To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] 2019-03 and over-reach > > On Fri, 22 Mar 2019 17:13:20 +0000 > Nick Hilliard <nick@foobar.org> wrote: > > Regarding over-reach, the RIPE NCC was instituted as a > > numbering registry and as a supporting organisation for > > the RIPE Community, whose terms of reference are > > described in the RIPE-1 document. The terms of reference > > make it clear that the purpose of the RIPE Community and > > the RIPE NCC is internet co-ordination and - pointedly > > - not enforcement. Proposal 2019-03 goes well outside the > > scope of what the RIPE Community and the RIPE NCC were > > constituted to do, and I do not believe that the Anti > > Abuse working group has the authority to override this. > > > the wg is not overriding anything. 2019-03 is about removing > resources, in much the same way as same resources would have > been removed for payment. (RIPE NCC accounts person would > "judge" that there was no payment and resources would be > affected) > > Just because there is a decision it does not mean that such > a decision > > is "law enforcement" or judicial. > > 2019-03 is administrative > > and not legal/law/judicial > > > The second point relates to the long term consequences of > > the proposal. If the RIPE Community were to pass this > > policy, then it would direct the RIPE NCC to act as both > > a judiciary and policing agency for internet abuse. > > Judgement and enforcement of behaviour are the competence > > of national governments, courts and law > > No. You are saying the same thing, though eloquently, in a > different way and trying to link it to some future potential > hijacking by gov of RIR. > > It is not much of a decision that RIPE NCC has to make > either as: > > 1. There was hijacking > > OR > > 2. There was no hijacking > > Whether it was accidental, ongoing for long period of time > and all the other technical and scientific facts, this may > require some sort of interpretation of facts. > > But, not whether it actually happened or not. > > > > > But, this is not how to handle the problem of BGP > > hijacking. Even if it had the slightest possibility of > > making any difference at a technical level (which it > > won't), the proposal would set the RIPE Community and the > > RIPE NCC down a road which I believe would be extremely > > unwise to take from a legal and political point of view, > > and which would be difficult, if not impossible to > > manoeuver out of. > ianal, NCC legal will surely evaluate the legal aspects, but > practically every new shell company that has to deal with > compliance and other issues is just another layer in the > onion. > > > > >
--
-- Kind regards. Lu
-- -- Kind regards. Lu
-- -- Kind regards. Lu
On Sat, 23 Mar 2019 19:02:48 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
Emm...so if someone steal your house you will take your staff back from his home without police and court? Because you “admin” your staff?
Try that next time and try your best explain to the judge why you think he took your staff give you rights to become police.
not at all. BGP is more like: if I am giving out flyers on a street corner and I have already given you a flyer I will decide not to give you another flyer. See? So... I do not agree with you at all and I think that the RIR administrative authority may be confusing and difficult to comprehend for non techs Anyway, as I said I will now stop replying to 2019-03 as I have already stated my position that it should move onward. And, I thank everyone that helped me clearly understand and shape my opinion. Andre
There are different things that can habbe. What we are talking here is a breach of contract, i.e. two parties agree on something and then one one does not stick to the agreement. This is typically handled under civil law. The parties can agree agree to whatever actions. Then there is criminal law, which is a different matter. Stealing power is probably illegal under criminal law in most places. Hijacking a BGP prefix, I don't know, it may be, but there is most likely no law that says "Hijacking a BGP prefix is illegal" But it may be illegal to disrupt a communication service. That needs to be checked. Now the police typically only must act in serious crimes (murder), but can act on lesser charges (petty theft). There is no equality when you are breaking the law. What we are talking here is contractual issues. You can do agree to *almost* anything in a contract, but only almost. This is important and is here to prevent misuse of the party delivering a service. So i suggest we consider this whole thing as - We try to fix a contract, so RIPE has the possibility to stop certain bad behaviour. - We are not taking people to court in this (one could add a sentence to that effect) But we're not in the policing business. - We don't know how effective this new clause will be, it may not help, because the bad guys come up with another idea, or because it creates too much work, or whatever. In any case, we then can always abolish it. Personally I'd say let's try to find obvious problems, fix these in the policy proposal and then try it out. Cheers Serge PS: I'm not a lawyer, but I happen to be involved in such issue a lot lately. On 23.03.19 07:02, Lu Heng wrote:
Emm...so if someone steal your house you will take your staff back from his home without police and court? Because you “admin” your staff?
Try that next time and try your best explain to the judge why you think he took your staff give you rights to become police.
On Sat, Mar 23, 2019 at 18:50 ac <ac@main.me <mailto:ac@main.me>> wrote:
On Sat, 23 Mar 2019 18:29:55 +0800 Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> wrote: > When you stealing electricity the electricity company will not cut > your electricity at home but report you to the policy. > > No one saying stealing is ok, but no one agrees electricity company > should have policing power. >
bottom line: you can do what you like with your electricity but the electricity company cannot allow you to just take any electricity as the electricity company is responsible for the administration of the electricity.
not stopping you from taking someone else's electricity is not a "policing" or "judicial" thing - it is an administrative power as this is the primary job of the electricity company: administer the electricity.
otherwise why have an electricity company at all?
just let anyone use any electricity they like.
this is a stupid thread.
> > > On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me <mailto:ac@main.me>> wrote: > > > On Sat, 23 Mar 2019 18:04:22 +0800 > > Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> wrote: > > > > > > It’s very much like electricity company tell you if you do > > > something bad we will cut you off and stop supply electricity.and > > > yes, they will cut you if you stop paying them, but that doesn’t > > > mean they can > > > > they also cut if you cheat by stealing electricity. > > > > you not talk about stealing but you and Nick talk about how use > > electricity. > > > > use any way you like, ripe not internet police, but you no steal, > > okay? > > > make themselve self juridical court in any bad thing happen in > > > this world. > > > > > not every bad thing, just administrative duty to say stealing is > > stealing. > > > > stealing not the same as using electricity to fry naughty neighbor > > in chair. > > > > stealing is when you no pay for electricity you use to fry > > neighbor, see? > > > > you use for anything bad, this your business, ripe not judicial > > court, administrative authority. > > > > but you no hijack, okay? > > > > > Internet, or registry, are starting if not already is, become > > > part of base infrastructure of the society, but that does not > > > give us any rights in the society to become the supreme court of > > > the society, just like your water company or electricity company > > > won’t judge you for what you use water or electricity for. > > > > > > > > > > > > On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me <mailto:ac@main.me>> wrote: > > > > > > > > > > > ugh, english. I do not mean external as in outside I meant > > > > external as in not > > > > allocated. > > > > > > > > for example: complaint received about 147g8oobra912cx47.com <http://147g8oobra912cx47.com> > > > > > > > > versus a HIJACKING complaint received about apple.com <http://apple.com> > > > > > > > > my argument would be that; as 147Goobra912cX.com is not > > > > allocated, any complaints about such a resource is outside the > > > > scope of any administrative authority - and ianal, but, some of > > > > what Nick Hilliard said, may apply. Same as abuse BY a > > > > resource, when what Nick Hilliard said, may also apply. > > > > > > > > The main point is that; > > > > > > > > Because: "hijacking" of a domain name (or any resource) is a > > > > direct administrative issue (this is factual - as per my > > > > previous post) > > > > > > > > BUT > > > > > > > > abuse BY a domain name (or any resource) is not necessarily an > > > > administrative issue at all (this is debatable/opinion) - as you > > > > said "some" TLD responds some do not...and RIPE NCC is not the > > > > Internet Police.... > > > > > > > > So, anyway, as 2019-03 deals with hijacking, this entire over > > > > reach argument is factually not relevant at all > > > > > > > > and, more so: 2019-03 not proceeding would be counter to the > > > > ethical administration of resources, a dereliction of > > > > responsibility and a breach of trust implied in any such > > > > administration (as well as administrative authority) > > > > > > > > > > > > On Sat, 23 Mar 2019 08:20:01 +0000 > > > > Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com>> wrote: > > > > > > > > > They either find out for themselves or someone else points it > > > > > out to them. In either case their responsibility continues if > > > > > what you say holds good > > > > > > > > > > --srs > > > > > > > > > > ________________________________ > > > > > From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net <mailto:anti-abuse-wg-bounces@ripe.net>> on > > > > > behalf of ac <ac@main.me <mailto:ac@main.me>> Sent: Saturday, March 23, 2019 1:44 > > > > > PM To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > > > > Subject: Re: [anti-abuse-wg] 2019-03 and over-reach > > > > > > > > > > > > > > > some of what the wg discusses are opinions and some things are > > > > > scientific facts. > > > > > > > > > > scientific facts may change as environments and other > > > > > variables change, but currently it is so that; > > > > > > > > > > there is NO TLD registry that will allow the ongoing random > > > > > hijacking of domain names (under that TLD of course) > > > > > > > > > > as, this would mean that the TLD does not need to exist at all > > > > > and/or it will not have any trust/value. > > > > > > > > > > RIPE NCC though, is factually a resource administrative > > > > > authority. > > > > > > > > > > As such, it does need to administer resources and an integral > > > > > part of that resource administration is the core > > > > > responsibility implied by such administration itself and the > > > > > balance of exercising such authority with the implied and > > > > > direct responsibility of any such administration. > > > > > > > > > > Factually, the authority to allocate (or not) is > > > > > administrative. > > > > > > > > > > I think (my opinion) is that the confusion arises due to > > > > > whether a resource (whether it be a domain name, ip number, > > > > > etc) is allocated, or not. When resources are allocated the > > > > > administrative responsibility is not degraded, in fact a very > > > > > strong argument could be made that the inverse is true: > > > > > Allocated resources increases the level of administrative > > > > > authority, responsibility and all of the administration > > > > > aspects themselves. > > > > > > > > > > Now, TLD (or RIPE NCC) managing **"external"** complaints > > > > > about direct abuse, is, imho, outside the scope of an > > > > > administrative authority and would be the scenario Nick > > > > > Hilliard refers to. Then again, this is my opinion, so I may > > > > > be completely wrong (or not) :) > > > > > > > > > > On Sat, 23 Mar 2019 07:27:40 +0000 > > > > > Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com>> wrote: > > > > > > > > > > > There's also the interesting comparison of how some TLD > > > > > > registries - many of them - act on canceling spam and phish > > > > > > domains while others go to every extreme not to do so. > > > > > > > > > > > > --srs > > > > > > > > > > > > ________________________________ > > > > > > From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net <mailto:anti-abuse-wg-bounces@ripe.net>> on > > > > > > behalf of ac <ac@main.me <mailto:ac@main.me>> Sent: Saturday, March 23, 2019 > > > > > > 11:16 AM To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > > > > > Subject: Re: [anti-abuse-wg] 2019-03 and over-reach > > > > > > > > > > > > On Fri, 22 Mar 2019 17:13:20 +0000 > > > > > > Nick Hilliard <nick@foobar.org <mailto:nick@foobar.org>> wrote: > > > > > > > Regarding over-reach, the RIPE NCC was instituted as a > > > > > > > numbering registry and as a supporting organisation for > > > > > > > the RIPE Community, whose terms of reference are > > > > > > > described in the RIPE-1 document. The terms of reference > > > > > > > make it clear that the purpose of the RIPE Community and > > > > > > > the RIPE NCC is internet co-ordination and - pointedly > > > > > > > - not enforcement. Proposal 2019-03 goes well outside the > > > > > > > scope of what the RIPE Community and the RIPE NCC were > > > > > > > constituted to do, and I do not believe that the Anti > > > > > > > Abuse working group has the authority to override this. > > > > > > > > > > > > > the wg is not overriding anything. 2019-03 is about removing > > > > > > resources, in much the same way as same resources would have > > > > > > been removed for payment. (RIPE NCC accounts person would > > > > > > "judge" that there was no payment and resources would be > > > > > > affected) > > > > > > > > > > > > Just because there is a decision it does not mean that such > > > > > > a decision > > > > > > > > > > > > is "law enforcement" or judicial. > > > > > > > > > > > > 2019-03 is administrative > > > > > > > > > > > > and not legal/law/judicial > > > > > > > > > > > > > The second point relates to the long term consequences of > > > > > > > the proposal. If the RIPE Community were to pass this > > > > > > > policy, then it would direct the RIPE NCC to act as both > > > > > > > a judiciary and policing agency for internet abuse. > > > > > > > Judgement and enforcement of behaviour are the competence > > > > > > > of national governments, courts and law > > > > > > > > > > > > No. You are saying the same thing, though eloquently, in a > > > > > > different way and trying to link it to some future potential > > > > > > hijacking by gov of RIR. > > > > > > > > > > > > It is not much of a decision that RIPE NCC has to make > > > > > > either as: > > > > > > > > > > > > 1. There was hijacking > > > > > > > > > > > > OR > > > > > > > > > > > > 2. There was no hijacking > > > > > > > > > > > > Whether it was accidental, ongoing for long period of time > > > > > > and all the other technical and scientific facts, this may > > > > > > require some sort of interpretation of facts. > > > > > > > > > > > > But, not whether it actually happened or not. > > > > > > > > > > > > > > > > > > > > But, this is not how to handle the problem of BGP > > > > > > > hijacking. Even if it had the slightest possibility of > > > > > > > making any difference at a technical level (which it > > > > > > > won't), the proposal would set the RIPE Community and the > > > > > > > RIPE NCC down a road which I believe would be extremely > > > > > > > unwise to take from a legal and political point of view, > > > > > > > and which would be difficult, if not impossible to > > > > > > > manoeuver out of. > > > > > > ianal, NCC legal will surely evaluate the legal aspects, but > > > > > > practically every new shell company that has to deal with > > > > > > compliance and other issues is just another layer in the > > > > > > onion. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > -- > > > Kind regards. > > > Lu > > > > -- > -- > Kind regards. > Lu
-- -- Kind regards. Lu
-- Dr. Serge Droz Member of the FIRST Board of Directors Senior Advisor https://www.first.org https://www.ict4peace.org
participants (3)
-
ac -
Lu Heng -
Serge Droz