Re: [anti-abuse-wg] 2019-03 and over-reach
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. No one saying stealing is ok, but no one agrees electricity company should have policing power. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu
What, you don’t get cut off by your electric utility if you don’t pay your bill or are illegally drawing power? They might call the cops if you have tapped into a power line on your own, but they’ll sure disconnect you first. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Lu Heng <h.lu@anytimechinese.com> Date: Saturday, 23 March 2019 at 4:00 PM To: ac <ac@main.me> Cc: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. No one saying stealing is ok, but no one agrees electricity company should have policing power. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu
No they don’t.(not the pay bill part, that is different story, putting here is both misleading and out of discussion) If you illegally drawing power in your neighbor house, they will not cut your home electricity off. Your neigbor(most likely than electricity company) will report to the cop and you get busted. On Sat, Mar 23, 2019 at 18:31 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
What, you don’t get cut off by your electric utility if you don’t pay your bill or are illegally drawing power? They might call the cops if you have tapped into a power line on your own, but they’ll sure disconnect you first.
*From: *anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Lu Heng <h.lu@anytimechinese.com>
*Date: *Saturday, 23 March 2019 at 4:00 PM *To: *ac <ac@main.me> *Cc: *"anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> *Subject: *Re: [anti-abuse-wg] 2019-03 and over-reach
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
-- -- Kind regards. Lu
Out here in India there’s this entertaining habit people have of tapping into an electric pole and running a wire from there to whatever temporary lighting they’ve set up (like at a construction site, or in the slums) – without asking the utility about it of course. But this is going off topic eh. All the power theft examples in the world are best discussed over a beer in the next RIPE meeting to spare the admins’ sanity here ☺ From: Lu Heng <h.lu@anytimechinese.com> Date: Saturday, 23 March 2019 at 4:05 PM To: Suresh Ramasubramanian <ops.lists@gmail.com> Cc: ac <ac@main.me>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach No they don’t.(not the pay bill part, that is different story, putting here is both misleading and out of discussion) If you illegally drawing power in your neighbor house, they will not cut your home electricity off. Your neigbor(most likely than electricity company) will report to the cop and you get busted. On Sat, Mar 23, 2019 at 18:31 Suresh Ramasubramanian <ops.lists@gmail.com> wrote: What, you don’t get cut off by your electric utility if you don’t pay your bill or are illegally drawing power? They might call the cops if you have tapped into a power line on your own, but they’ll sure disconnect you first. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Lu Heng <h.lu@anytimechinese.com> Date: Saturday, 23 March 2019 at 4:00 PM To: ac <ac@main.me> Cc: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] 2019-03 and over-reach When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. No one saying stealing is ok, but no one agrees electricity company should have policing power. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu -- -- Kind regards. Lu
It’a very much because of internet has become part of unitiy to my point of view. Any policy that says “if you do bad thing we taking your IP number back” is very much like “if you do bad thing we cut your water/electricity off”. Ask unity provider(us, who providing internet) to become vigilante are not only dangers but also not working in a world with laws and juridictions, policing should be done by police, juridical power should only exist with court and judges, period. Having a registry database really doesn’t justify to having juridical power or policing power in any sinarios. Similar policy around globe like “anti-shutdown” where we take Ip back if gov shuts down, it’s basic logic are the same, if someone do something bad, we take IP back. So as I started my conversation , how about a policy about murder is a address policy violation, speeding in the street is a address policy violation, etc. The whole discussion here is not about if those actions are bad, it’s simply about it’s police’s business, not registry’s. Hijacking IP and damaging someone’s business is illegal, so you should go to police for it. If police needs information, with court order ripe NCC can provides it, and that ends our good citizen responsibility, we are not the police and we do not judge what people did is legal or not, nor we have such rights to do so. On Sat, Mar 23, 2019 at 18:39 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Out here in India there’s this entertaining habit people have of tapping into an electric pole and running a wire from there to whatever temporary lighting they’ve set up (like at a construction site, or in the slums) – without asking the utility about it of course. But this is going off topic eh. All the power theft examples in the world are best discussed over a beer in the next RIPE meeting to spare the admins’ sanity here ☺
*From: *Lu Heng <h.lu@anytimechinese.com> *Date: *Saturday, 23 March 2019 at 4:05 PM *To: *Suresh Ramasubramanian <ops.lists@gmail.com> *Cc: *ac <ac@main.me>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> *Subject: *Re: [anti-abuse-wg] 2019-03 and over-reach
No they don’t.(not the pay bill part, that is different story, putting here is both misleading and out of discussion)
If you illegally drawing power in your neighbor house, they will not cut your home electricity off. Your neigbor(most likely than electricity company) will report to the cop and you get busted.
On Sat, Mar 23, 2019 at 18:31 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
What, you don’t get cut off by your electric utility if you don’t pay your bill or are illegally drawing power? They might call the cops if you have tapped into a power line on your own, but they’ll sure disconnect you first.
*From: *anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Lu Heng <h.lu@anytimechinese.com>
*Date: *Saturday, 23 March 2019 at 4:00 PM *To: *ac <ac@main.me> *Cc: *"anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> *Subject: *Re: [anti-abuse-wg] 2019-03 and over-reach
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
--
-- Kind regards. Lu
-- -- Kind regards. Lu
On Sat, 23 Mar 2019 18:57:43 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’a very much because of internet has become part of unitiy to my point of view.
Any policy that says “if you do bad thing we taking your IP number back” is very much like “if you do bad thing we cut your water/electricity off”.
the point is: you can do what you like with "your ip", if it is "your ip" but part of what makes it "your ip" is an advertisement that is an assignment by an administrative power and the same administrative power comes with responsibility and a whole bunch of unavoidable and undetachable other things.... so, we can keep going around in chicken and egg circles, but I think my mind is made up now... thank you for that :) I am +1 for adoption of 2019-03 as it stands... Andre
Hi Lu, El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" <anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió: When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. Depends on the contract. In my country, they are able to do, even at the same time all those: Cut your electricity Claim the case to the police (criminal case) Claim the case to the courts for the damages (civil case) No one saying stealing is ok, but no one agrees electricity company should have policing power. Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" < anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
Depends on the contract. In my country, they are able to do, even at the same time all those:
1. Cut your electricity 2. Claim the case to the police (criminal case) 3. Claim the case to the courts for the damages (civil case)
No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people.
I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Lu, El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" <anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió: When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. Depends on the contract. In my country, they are able to do, even at the same time all those: 1. Cut your electricity 2. Claim the case to the police (criminal case) 3. Claim the case to the courts for the damages (civil case) No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that. When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it. This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc. No one saying stealing is ok, but no one agrees electricity company should have policing power. Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people. I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter. The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" < anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
Depends on the contract. In my country, they are able to do, even at the same time all those:
1. Cut your electricity
2. Claim the case to the police (criminal case)
3. Claim the case to the courts for the damages (civil case)
No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that.
When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it.
This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc.
That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name. You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people.
I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter.
The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
On Sat, Mar 23, 2019 at 19:05 Lu Heng <h.lu@anytimechinese.com> wrote:
On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" < anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
Depends on the contract. In my country, they are able to do, even at the same time all those:
1. Cut your electricity
2. Claim the case to the police (criminal case)
3. Claim the case to the courts for the damages (civil case)
No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that.
When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it.
This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc.
That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name.
You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people.
I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter.
The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that.
And I believe the rights to use the address, and bandwidth in fiber cable etc are private properties, they are not “from the community”, they have market value and legal ownership, they are not owned by the community and I fail to see how community have been given rights to decide private properties. It’s like your local community can decide your house away if you do something bad, because your house is “from the community?” , even though you paid for it and live in it? The only institution in this society can decide take private properties away are the court and judges, and I don’t think any one or any community for that matter should have such rights.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote: > Regarding over-reach, the RIPE NCC was instituted as a > numbering registry and as a supporting organisation for the > RIPE Community, whose terms of reference are described in the > RIPE-1 document. The terms of reference make it clear that > the purpose of the RIPE Community and the RIPE NCC is > internet co-ordination and - pointedly > - not enforcement. Proposal 2019-03 goes well outside the > scope of what the RIPE Community and the RIPE NCC were > constituted to do, and I do not believe that the Anti Abuse > working group has the authority to override this. > the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
> The second point relates to the long term consequences of the > proposal. If the RIPE Community were to pass this policy, > then it would direct the RIPE NCC to act as both a judiciary > and policing agency for internet abuse. Judgement and > enforcement of behaviour are the competence of national > governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
> > But, this is not how to handle the problem of BGP hijacking. > Even if it had the slightest possibility of making any > difference at a technical level (which it won't), the > proposal would set the RIPE Community and the RIPE NCC down a > road which I believe would be extremely unwise to take from a > legal and political point of view, and which would be > difficult, if not impossible to manoeuver out of. ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
-- -- Kind regards. Lu
El 23/3/19 12:13, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 19:05 Lu Heng <h.lu@anytimechinese.com> wrote: On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Lu, El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" <anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió: When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. Depends on the contract. In my country, they are able to do, even at the same time all those: 1. Cut your electricity 2. Claim the case to the police (criminal case) 3. Claim the case to the courts for the damages (civil case) No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that. When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it. This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc. That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name. You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off. No one saying stealing is ok, but no one agrees electricity company should have policing power. Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people. I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter. The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that. And I believe the rights to use the address, and bandwidth in fiber cable etc are private properties, they are not “from the community”, they have market value and legal ownership, they are not owned by the community and I fail to see how community have been given rights to decide private properties. Market value doesn’t mean it is a property, it is a right to use. You can pay to buy the right to reproduce a song, but this doesn’t mean that you’re the owner of it. The difference is more evident in the case of the Internet resources, because a song can be “used” by many people at the same time, but not an IP address or an ASN which can only be “used” by the legitimate resource-holder or its customers. It’s like your local community can decide your house away if you do something bad, because your house is “from the community?” , even though you paid for it and live in it? The only institution in this society can decide take private properties away are the court and judges, and I don’t think any one or any community for that matter should have such rights. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Sat, Mar 23, 2019 at 19:37 JORDI PALET MARTINEZ < jordi.palet@consulintel.es> wrote:
El 23/3/19 12:13, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 19:05 Lu Heng <h.lu@anytimechinese.com> wrote:
On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" < anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
Depends on the contract. In my country, they are able to do, even at the same time all those:
1. Cut your electricity
2. Claim the case to the police (criminal case)
3. Claim the case to the courts for the damages (civil case)
No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that.
When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it.
This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc.
That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name.
You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people.
I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter.
The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that.
And I believe the rights to use the address, and bandwidth in fiber cable etc are private properties, they are not “from the community”, they have market value and legal ownership, they are not owned by the community and I fail to see how community have been given rights to decide private properties.
Market value doesn’t mean it is a property, it is a right to use.
You can pay to buy the right to reproduce a song, but this doesn’t mean that you’re the owner of it.
The difference is more evident in the case of the Internet resources, because a song can be “used” by many people at the same time, but not an IP address or an ASN which can only be “used” by the legitimate resource-holder or its customers.
No body say you are owner of that song, exclusive rights to use are also protected by law and not ripe NCC. This exclusive rights are market tradable and protected. But not by community, by law.
It’s like your local community can decide your house away if you do something bad, because your house is “from the community?” , even though you paid for it and live in it?
The only institution in this society can decide take private properties away are the court and judges, and I don’t think any one or any community for that matter should have such rights.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
Hi Lu, You’re denying that the resources are from the community, which means they aren’t owned by the RIR members, so basically you deny the complete RIR system. This is a different topic, I guess? Regards, Jordi El 23/3/19 12:45, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 19:37 JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote: El 23/3/19 12:13, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 19:05 Lu Heng <h.lu@anytimechinese.com> wrote: On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Lu, El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" <anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió: When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. Depends on the contract. In my country, they are able to do, even at the same time all those: 1. Cut your electricity 2. Claim the case to the police (criminal case) 3. Claim the case to the courts for the damages (civil case) No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that. When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it. This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc. That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name. You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off. No one saying stealing is ok, but no one agrees electricity company should have policing power. Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people. I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter. The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that. And I believe the rights to use the address, and bandwidth in fiber cable etc are private properties, they are not “from the community”, they have market value and legal ownership, they are not owned by the community and I fail to see how community have been given rights to decide private properties. Market value doesn’t mean it is a property, it is a right to use. You can pay to buy the right to reproduce a song, but this doesn’t mean that you’re the owner of it. The difference is more evident in the case of the Internet resources, because a song can be “used” by many people at the same time, but not an IP address or an ASN which can only be “used” by the legitimate resource-holder or its customers. No body say you are owner of that song, exclusive rights to use are also protected by law and not ripe NCC. This exclusive rights are market tradable and protected. But not by community, by law. It’s like your local community can decide your house away if you do something bad, because your house is “from the community?” , even though you paid for it and live in it? The only institution in this society can decide take private properties away are the court and judges, and I don’t think any one or any community for that matter should have such rights. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Hi Interesting reading to my wording. In a short answer, no, you didn’t understand what’s I said. Don’t make statement that’s entirely misleading to my original wording for me, please. The rights to use the space is a market tradable rights and protected by law just like any rights are tradable on the market. As where the resource from is entirely irrelevant in this discussion. The land your house built on is from your local community but you own it, it does not in any way degrade your ownership rights. I think you just don’t understand the RIR system, it’s a registry system that doesn’t involve policing real world rights. On Sat, Mar 23, 2019 at 19:56 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
You’re denying that the resources are from the community, which means they aren’t owned by the RIR members, so basically you deny the complete RIR system.
This is a different topic, I guess?
Regards,
Jordi
El 23/3/19 12:45, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 19:37 JORDI PALET MARTINEZ < jordi.palet@consulintel.es> wrote:
El 23/3/19 12:13, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 19:05 Lu Heng <h.lu@anytimechinese.com> wrote:
On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió:
On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote:
Hi Lu,
El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" < anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
Depends on the contract. In my country, they are able to do, even at the same time all those:
1. Cut your electricity
2. Claim the case to the police (criminal case)
3. Claim the case to the courts for the damages (civil case)
No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that.
When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it.
This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc.
That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name.
You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people.
I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter.
The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that.
And I believe the rights to use the address, and bandwidth in fiber cable etc are private properties, they are not “from the community”, they have market value and legal ownership, they are not owned by the community and I fail to see how community have been given rights to decide private properties.
Market value doesn’t mean it is a property, it is a right to use.
You can pay to buy the right to reproduce a song, but this doesn’t mean that you’re the owner of it.
The difference is more evident in the case of the Internet resources, because a song can be “used” by many people at the same time, but not an IP address or an ASN which can only be “used” by the legitimate resource-holder or its customers.
No body say you are owner of that song, exclusive rights to use are also protected by law and not ripe NCC.
This exclusive rights are market tradable and protected.
But not by community, by law.
It’s like your local community can decide your house away if you do something bad, because your house is “from the community?” , even though you paid for it and live in it?
The only institution in this society can decide take private properties away are the court and judges, and I don’t think any one or any community for that matter should have such rights.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
--
-- Kind regards. Lu
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
-- -- Kind regards. Lu
El 23/3/19 12:05, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 18:58 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: El 23/3/19 11:39, "Lu Heng" <h.lu@anytimechinese.com> escribió: On Sat, Mar 23, 2019 at 18:35 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Lu, El 23/3/19 11:30, "anti-abuse-wg en nombre de Lu Heng" <anti-abuse-wg-bounces@ripe.net en nombre de h.lu@anytimechinese.com> escribió: When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy. Depends on the contract. In my country, they are able to do, even at the same time all those: 1. Cut your electricity 2. Claim the case to the police (criminal case) 3. Claim the case to the courts for the damages (civil case) No, if you stealing electricity at random building, your home electricity will not be cut off, I don’t see any contract of electric company of any country would do that. When you steal electricity, even if you do from the company, you can create troubles to other people, because you’re using “dangerous” connections to the grid. The electricity company can cut it as soon as they detect it. This is in the newspapers as happening in some towns of the South of Spain, almost every other day. They have dangerous (fire, electrocution, etc.) installations to grow marijuana, which also take resources from the network disturbing other neighbors because the power needs create frequent “protection cuts”, etc. That’s right, but if you steal at random building, they will stop you from stealing but will not cut your home electricity off, nor they will cut all the house under your name. Right the electricity example works only in the case you steal the electricity in your home, but in this case your peers can disconnect you if they see that you’re doing something wrong, otherwise they have the risk that their transits filter them, etc. You will get busted by police and court will decide how to punish you, but I am 100% sure that doesn’t involve cut your home electricity off. No one saying stealing is ok, but no one agrees electricity company should have policing power. Sometimes the stealing is not from the electricity company, but from a neighbors. Bad guys don’t care if they are damaging other people. I don’t see the relevence to the discussion here. Doesn’t matter who they steal to, it’s a police matter not a electricity company matter. The relevance is that a hijack is stealing resources (not just ASNs or addresses, but also bandwidth, routing slots, time to deal with it, etc.) from the community, and the community can decide to have rules about that. On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote: On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity. you not talk about stealing but you and Nick talk about how use electricity. use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing. stealing not the same as using electricity to fry naughty neighbor in chair. stealing is when you no pay for electricity you use to fry neighbor, see? you use for anything bad, this your business, ripe not judicial court, administrative authority. but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote:
Regarding over-reach, the RIPE NCC was instituted as a numbering registry and as a supporting organisation for the RIPE Community, whose terms of reference are described in the RIPE-1 document. The terms of reference make it clear that the purpose of the RIPE Community and the RIPE NCC is internet co-ordination and - pointedly - not enforcement. Proposal 2019-03 goes well outside the scope of what the RIPE Community and the RIPE NCC were constituted to do, and I do not believe that the Anti Abuse working group has the authority to override this.
the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
The second point relates to the long term consequences of the proposal. If the RIPE Community were to pass this policy, then it would direct the RIPE NCC to act as both a judiciary and policing agency for internet abuse. Judgement and enforcement of behaviour are the competence of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
But, this is not how to handle the problem of BGP hijacking. Even if it had the slightest possibility of making any difference at a technical level (which it won't), the proposal would set the RIPE Community and the RIPE NCC down a road which I believe would be extremely unwise to take from a legal and political point of view, and which would be difficult, if not impossible to manoeuver out of.
ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- -- Kind regards. Lu ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Sat, 23 Mar 2019 18:29:55 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
When you stealing electricity the electricity company will not cut your electricity at home but report you to the policy.
No one saying stealing is ok, but no one agrees electricity company should have policing power.
bottom line: you can do what you like with your electricity but the electricity company cannot allow you to just take any electricity as the electricity company is responsible for the administration of the electricity. not stopping you from taking someone else's electricity is not a "policing" or "judicial" thing - it is an administrative power as this is the primary job of the electricity company: administer the electricity. otherwise why have an electricity company at all? just let anyone use any electricity they like. this is a stupid thread.
On Sat, Mar 23, 2019 at 18:27 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:04:22 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’s very much like electricity company tell you if you do something bad we will cut you off and stop supply electricity.and yes, they will cut you if you stop paying them, but that doesn’t mean they can
they also cut if you cheat by stealing electricity.
you not talk about stealing but you and Nick talk about how use electricity.
use any way you like, ripe not internet police, but you no steal, okay?
make themselve self juridical court in any bad thing happen in this world.
not every bad thing, just administrative duty to say stealing is stealing.
stealing not the same as using electricity to fry naughty neighbor in chair.
stealing is when you no pay for electricity you use to fry neighbor, see?
you use for anything bad, this your business, ripe not judicial court, administrative authority.
but you no hijack, okay?
Internet, or registry, are starting if not already is, become part of base infrastructure of the society, but that does not give us any rights in the society to become the supreme court of the society, just like your water company or electricity company won’t judge you for what you use water or electricity for.
On Sat, Mar 23, 2019 at 16:54 ac <ac@main.me> wrote:
ugh, english. I do not mean external as in outside I meant external as in not allocated.
for example: complaint received about 147g8oobra912cx47.com
versus a HIJACKING complaint received about apple.com
my argument would be that; as 147Goobra912cX.com is not allocated, any complaints about such a resource is outside the scope of any administrative authority - and ianal, but, some of what Nick Hilliard said, may apply. Same as abuse BY a resource, when what Nick Hilliard said, may also apply.
The main point is that;
Because: "hijacking" of a domain name (or any resource) is a direct administrative issue (this is factual - as per my previous post)
BUT
abuse BY a domain name (or any resource) is not necessarily an administrative issue at all (this is debatable/opinion) - as you said "some" TLD responds some do not...and RIPE NCC is not the Internet Police....
So, anyway, as 2019-03 deals with hijacking, this entire over reach argument is factually not relevant at all
and, more so: 2019-03 not proceeding would be counter to the ethical administration of resources, a dereliction of responsibility and a breach of trust implied in any such administration (as well as administrative authority)
On Sat, 23 Mar 2019 08:20:01 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
They either find out for themselves or someone else points it out to them. In either case their responsibility continues if what you say holds good
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 1:44 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
some of what the wg discusses are opinions and some things are scientific facts.
scientific facts may change as environments and other variables change, but currently it is so that;
there is NO TLD registry that will allow the ongoing random hijacking of domain names (under that TLD of course)
as, this would mean that the TLD does not need to exist at all and/or it will not have any trust/value.
RIPE NCC though, is factually a resource administrative authority.
As such, it does need to administer resources and an integral part of that resource administration is the core responsibility implied by such administration itself and the balance of exercising such authority with the implied and direct responsibility of any such administration.
Factually, the authority to allocate (or not) is administrative.
I think (my opinion) is that the confusion arises due to whether a resource (whether it be a domain name, ip number, etc) is allocated, or not. When resources are allocated the administrative responsibility is not degraded, in fact a very strong argument could be made that the inverse is true: Allocated resources increases the level of administrative authority, responsibility and all of the administration aspects themselves.
Now, TLD (or RIPE NCC) managing **"external"** complaints about direct abuse, is, imho, outside the scope of an administrative authority and would be the scenario Nick Hilliard refers to. Then again, this is my opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.
--srs
________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of ac <ac@main.me> Sent: Saturday, March 23, 2019 11:16 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 and over-reach
On Fri, 22 Mar 2019 17:13:20 +0000 Nick Hilliard <nick@foobar.org> wrote: > Regarding over-reach, the RIPE NCC was instituted as a > numbering registry and as a supporting organisation for > the RIPE Community, whose terms of reference are > described in the RIPE-1 document. The terms of reference > make it clear that the purpose of the RIPE Community and > the RIPE NCC is internet co-ordination and - pointedly > - not enforcement. Proposal 2019-03 goes well outside the > scope of what the RIPE Community and the RIPE NCC were > constituted to do, and I do not believe that the Anti > Abuse working group has the authority to override this. > the wg is not overriding anything. 2019-03 is about removing resources, in much the same way as same resources would have been removed for payment. (RIPE NCC accounts person would "judge" that there was no payment and resources would be affected)
Just because there is a decision it does not mean that such a decision
is "law enforcement" or judicial.
2019-03 is administrative
and not legal/law/judicial
> The second point relates to the long term consequences of > the proposal. If the RIPE Community were to pass this > policy, then it would direct the RIPE NCC to act as both > a judiciary and policing agency for internet abuse. > Judgement and enforcement of behaviour are the competence > of national governments, courts and law
No. You are saying the same thing, though eloquently, in a different way and trying to link it to some future potential hijacking by gov of RIR.
It is not much of a decision that RIPE NCC has to make either as:
1. There was hijacking
OR
2. There was no hijacking
Whether it was accidental, ongoing for long period of time and all the other technical and scientific facts, this may require some sort of interpretation of facts.
But, not whether it actually happened or not.
> > But, this is not how to handle the problem of BGP > hijacking. Even if it had the slightest possibility of > making any difference at a technical level (which it > won't), the proposal would set the RIPE Community and the > RIPE NCC down a road which I believe would be extremely > unwise to take from a legal and political point of view, > and which would be difficult, if not impossible to > manoeuver out of. ianal, NCC legal will surely evaluate the legal aspects, but practically every new shell company that has to deal with compliance and other issues is just another layer in the onion.
--
-- Kind regards. Lu
-- -- Kind regards. Lu
participants (4)
-
ac -
JORDI PALET MARTINEZ -
Lu Heng -
Suresh Ramasubramanian