Re: [anti-abuse-wg] About "consensus" and "voting"...
Hi everyoneOtherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.If we don't change something in the process it better close this mailing lists that only exist to give the fake image that the community it's workingSREnviado a partir do meu smartphone Samsung Galaxy.<div> </div><div> </div><!-- originalMessage --><div>-------- Mensagem original --------</div><div>De : Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> </div><div>Data: 09/05/20 13:41 (GMT+00:00) </div><div>Para: Suresh Ramasubramanian <ops.lists@gmail.com> </div><div>Cc: Gert Doering <gert@space.net>, anti-abuse-wg@ripe.net </div><div>Assunto: [anti-abuse-wg] About "consensus" and "voting"... </div><div> </div> Hi Suresh, Gert, All, "member organizations represented by" -- this only happens at the RIPE NCC GM, twice a year. The PDP doesn't happen at the RIPE NCC GM, afaik, whether we like it or not. When polarisation is obvious, "consensus" is impossible and everything tend to remain as is... Cheers, Carlos On Sat, 9 May 2020, Suresh Ramasubramanian wrote:
In a case where the community is polarised to this extent it would be better to break with procedure and call a vote for once.? With member organizations represented by their abuse team heads, rather than IP / routing people, so that the organisation?s stance on this is clear.
?
From: Gert Doering <gert@space.net> Date: Saturday, 9 May 2020 at 3:57 PM To: Suresh Ramasubramanian <ops.lists@gmail.com> Cc: Randy Bush <randy@psg.com>, Nick Hilliard <nick@foobar.org>, anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi,
On Sat, May 09, 2020 at 01:12:32AM +0000, Suresh Ramasubramanian wrote:
Has this even been put to a vote or is it the same group of extremely vocal RIPE regulars against it and the same group of extremely vocal security types for it??? Rough consensus has its limitations in such cases.
There is no voting.
It's either "there is sufficient support and counterarguments have been adequately addressed" or "no consensus, rewrite or withdraw".
Gert Doering ??????? -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG????????????????????? Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14??????? Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen???????????????? HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444???????? USt-IdNr.: DE813185279
Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.
the goals of the ripe community are stewardship and cooperation, not voting, deciding, and "getting things done." you can look at the current us govt for a great example of why not. if we can not come to consensus on something, then we are patient. and that's ok. we move as a cooperative community and that takes time. yes, this becomes more complex as the community scales and becomes more diverse. and we want diversity and wide representation. so ever more patience is needed; not the means to rush to judgment. for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding. as we become more diverse, the physics of that shared experience and understanding weakens. so cooperative/consensus decision making is more complex and takes longer. welcome to a larger and mode diverse community. this is good. but we are stewards of one internet. it took eight, yes eight, years for me to get the ietf to change a constant from 4k to 64k (rfc 8654). so my sense of urgency may be a little different than that of others. randy
Hi Randy,
Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.
the goals of the ripe community are stewardship and cooperation, not voting, deciding, and "getting things done." you can look at the current us govt for a great example of why not.
if we can not come to consensus on something, then we are patient. and that's ok. we move as a cooperative community and that takes time.
yes, this becomes more complex as the community scales and becomes more diverse. and we want diversity and wide representation. so ever more patience is needed; not the means to rush to judgment.
for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding.
as we become more diverse, the physics of that shared experience and understanding weakens. so cooperative/consensus decision making is more complex and takes longer. welcome to a larger and mode diverse community. this is good.
but we are stewards of one internet.
it took eight, yes eight, years for me to get the ietf to change a constant from 4k to 64k (rfc 8654). so my sense of urgency may be a little different than that of others.
Thank you for writing this down so clearly, Sander
Hi everyone, On Sat, 9 May 2020, Sander Steffann wrote:
Hi Randy,
Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.
(...)
for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding.
I must note, however, that security is embedded inside "..." *sigh* Carlos
The problem is that many of the people objecting - I won’t say all, I know many of you over the years - are not from a security, or more properly an abuse and policy enforcement background. Almost all of it is layer 9 --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Sunday, May 10, 2020 2:58:50 AM To: Sander Steffann <sander@steffann.nl> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] About "consensus" and "voting"... Hi everyone, On Sat, 9 May 2020, Sander Steffann wrote:
Hi Randy,
Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.
(...)
for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding.
I must note, however, that security is embedded inside "..." *sigh* Carlos
All, I think Randy has written this very clearly. That said, I am happy to discuss the concepts, and why the RIPE Community cleaves to them, with people, either on or off list. The RIPE WGs, AA-WG included, have made policy and changed things over the years through this method. It's not perfect, nothing involving humans is, but policies have reached consensus, change has been effected, and I believe that will continue. Consensus is a great way to achieve that. And it's very important to remember that one voice can't stop that change just by objecting, in the same way one voice can't effect change just by repeatedly asking for it, if there is not consensus. As Nick points out, there have been policies to which people objected, but those policies reached consensus, because the community and the Chairs adjudged that those objections had been addressed. If there is ever a future where the RIPE Community changes our way of policy development then it will be a Community effort to make that change, and the AA-WG Co-Chairs have no intention of even attempting to suggest an exception for 2019-04. Thank you all for your continued involvement, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Randy Bush <randy@psg.com> Sent: Saturday 9 May 2020 19:36 To: "Sérgio Rocha" <sergio.rocha@makeitsimple.pt> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] About "consensus" and "voting"... CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions.
the goals of the ripe community are stewardship and cooperation, not voting, deciding, and "getting things done." you can look at the current us govt for a great example of why not. if we can not come to consensus on something, then we are patient. and that's ok. we move as a cooperative community and that takes time. yes, this becomes more complex as the community scales and becomes more diverse. and we want diversity and wide representation. so ever more patience is needed; not the means to rush to judgment. for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding. as we become more diverse, the physics of that shared experience and understanding weakens. so cooperative/consensus decision making is more complex and takes longer. welcome to a larger and mode diverse community. this is good. but we are stewards of one internet. it took eight, yes eight, years for me to get the ietf to change a constant from 4k to 64k (rfc 8654). so my sense of urgency may be a little different than that of others. randy
brian, excuse my continuing to rant. if i write a long message, it can not be good :) as with spam, you have a delete key. i think we all dislike spam and other forms of network abuse. but this is the only working group whose goal is negative, to stop something. even the wg's name is composed of two negative words. when i said:
for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding.
underlying that culture is the imperative to see that packets get to the desired destination. routing, internet exchanges, dns, even ipv6 :) it's a culture built on cooperation at its very core: bgp, exchanges, dns replication, ... in order that packets go where they need to go. so there will be a reflexive dislike of things which propose to stop packets from getting to where they were intended to go. proposals to break routing, rescind address allocations, etc. evoke reactions similar to proposals for capital punishment. they seem extreme and go against ingrained cultural norms. but many of the citizens of the anti-abuse wg perceive that there is a war. as the general community dislikes 'abuse', there is emotional desire that the anti-abuse warriors will 'win'. but wars escalate. and what was at first defensive often becomes offensive. and the tools of the defenders become hard to tell from those of the attackers. e.g., to a router geek, rescinding an address allocation may 'feel' similar to a route hijack and therefore invoke a negative response. the upside is that the anti-abuse wg gets significantly higher attendance :) but this is no longer our mothers' internet. how does a pacifistic culture of cooperation deal with anti-cultural behavior? darned if i know, my daughter was the political scientist. back to consensus and voting given the cultural tensions above, it is likely that there will be issues where agreement is either very long in coming or not reached at all. other than patience, how do we deal with that? historically, it has been what dave clark said a few decades back, about when ripe formed We reject: kings, presidents and voting. We believe in: rough consensus and running code. when the ietf went through its ever ongoing omphaloskepsis on decision making, pete resnik produced a rather nice document, rfc 7282. to move from that to a win/lose voting system will be very hard in a cooperative consensus based culture. how do you motivate such a radical change? sad to say words such as 'democracy' ring hollow in today's world. we the abused should be careful not to grow up to be abusers. randy
What Randy said applies in spades to the original strong community that the Internet used to be. Today and over the past several years we have - 1. Organisations evolving into or being taken over by corporations who are more concerned with profit (keeping a bad customer despite pressure to the contrary) or cost saving (doing the bare minimum or less to maintain an abuse team) or both 2. Many bad actors themselves becoming part of the ecosystem for example registrars, LIRs, employees in RIRs like the unfortunate afrinic case and similar. The system that Randy describes - policy making based on consensus and mutual trust - is unfortunately undermined by various actors for one reason or the other, and this does lead to more and more demands for a change. I agree the change proposed - a vote - might be too radical a solution, but this discussion has been going on for more than eight years by my count. I sent this to nanog in early 2011 and Richard Cox was heaved out of this wg some months before that https://ripe.net/ripe/maillists/archives/anti-abuse-wg/2011/msg00000.html I am not entirely sure the discussion has moved all that much in the past decade beyond this exact point - how to pressure ripe to deal with shady actors getting themselves LIR status or appropriating large legacy netblocks belonging to defunct companies. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Randy Bush <randy@psg.com> Sent: Monday, May 11, 2020 5:17:57 PM To: Brian Nisbet <brian.nisbet@heanet.ie> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] About "consensus" and "voting"... brian, excuse my continuing to rant. if i write a long message, it can not be good :) as with spam, you have a delete key. i think we all dislike spam and other forms of network abuse. but this is the only working group whose goal is negative, to stop something. even the wg's name is composed of two negative words. when i said:
for a large segment of the community, and that which was pretty much the original population, there is an underlying physics and shared experience of moving packets, routing, circuits, bgp, ixen, ... that gives us a common experience and understanding.
underlying that culture is the imperative to see that packets get to the desired destination. routing, internet exchanges, dns, even ipv6 :) it's a culture built on cooperation at its very core: bgp, exchanges, dns replication, ... in order that packets go where they need to go. so there will be a reflexive dislike of things which propose to stop packets from getting to where they were intended to go. proposals to break routing, rescind address allocations, etc. evoke reactions similar to proposals for capital punishment. they seem extreme and go against ingrained cultural norms. but many of the citizens of the anti-abuse wg perceive that there is a war. as the general community dislikes 'abuse', there is emotional desire that the anti-abuse warriors will 'win'. but wars escalate. and what was at first defensive often becomes offensive. and the tools of the defenders become hard to tell from those of the attackers. e.g., to a router geek, rescinding an address allocation may 'feel' similar to a route hijack and therefore invoke a negative response. the upside is that the anti-abuse wg gets significantly higher attendance :) but this is no longer our mothers' internet. how does a pacifistic culture of cooperation deal with anti-cultural behavior? darned if i know, my daughter was the political scientist. back to consensus and voting given the cultural tensions above, it is likely that there will be issues where agreement is either very long in coming or not reached at all. other than patience, how do we deal with that? historically, it has been what dave clark said a few decades back, about when ripe formed We reject: kings, presidents and voting. We believe in: rough consensus and running code. when the ietf went through its ever ongoing omphaloskepsis on decision making, pete resnik produced a rather nice document, rfc 7282. to move from that to a win/lose voting system will be very hard in a cooperative consensus based culture. how do you motivate such a radical change? sad to say words such as 'democracy' ring hollow in today's world. we the abused should be careful not to grow up to be abusers. randy
Suresh Ramasubramanian wrote on 11/05/2020 13:20:
I am not entirely sure the discussion has moved all that much in the past decade beyond this exact point - how to pressure ripe to deal with shady actors getting themselves LIR status or appropriating large legacy netblocks belonging to defunct companies.
Fraudulent appropriation of network blocks is a direct violation of the SSA, and is already actionable. From what I understand, the RIPE NCC already deals with abuse of this form on a regular basis. Refusing to grant LIR status to "shady actors" is legally difficult. So is revocation of resource holdership on the grounds that the number resources were used for specific purposes which may be illegal in some or all of the RIPE NCC service region. Acting outside the terms of legal proportionality is also problematic. Many policy proposals have foundered on this issue. Also, there are open questions as to whether deregistration of IP addressing resources will have a real impact on abuse management, or whether the abusers would just spin up another legal vehicle to conduct their abuse. Overall, this is a fraught area. This is at least part of the reason that it's been difficult to reach consensus on a good number of these proposals. Nick
Due diligence can be legally problematic but the consequences, sooner or later, of not performing such due diligence are likely to be worse sooner or later. A decade or so back, the discussion here was about handing out multiple /15s to various LIRs who were populating them entirely with snowshoe spam. More than one person here back then was assuring me “oh that’s not a problem, IPv6 is here to stay and v4 is getting exhausted anyway”. About your question as to whether this is going to help mitigate internet abuse because the shady outfit will just register a fresh shell company, apply for LIR status and resume their activities. In security, you never let your adversaries entrench themselves in positions of strength, so chase them off ISPs, registrars and such on a regular enough basis and they’re left busy rebuilding their infrastructure – too busy to distribute malware or phish, never mind just spam. Keep them moving often enough and their efficiency is reduced. Take down a bunch of domains and suspend registrar accounts along with the IP addresses and the damage takes much longer for them to repair. Besides if these are coordinated with arrests and equipment seizure coordinated with law enforcement, it takes much longer for them to bounce back. The shutdown of Intercage / Atrivo back in 2008 was an early example. A brief but extremely sharp dip in spam levels worldwide, so that various botmasters had to scramble to set up new hosting. http://voices.washingtonpost.com/securityfix/2008/10/spam_volumes_plummet_af... From: Nick Hilliard <nick@foobar.org> Date: Monday, 11 May 2020 at 8:15 PM To: Suresh Ramasubramanian <ops.lists@gmail.com> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] About "consensus" and "voting"... Suresh Ramasubramanian wrote on 11/05/2020 13:20:
I am not entirely sure the discussion has moved all that much in the past decade beyond this exact point - how to pressure ripe to deal with shady actors getting themselves LIR status or appropriating large legacy netblocks belonging to defunct companies.
Fraudulent appropriation of network blocks is a direct violation of the SSA, and is already actionable. From what I understand, the RIPE NCC already deals with abuse of this form on a regular basis. Refusing to grant LIR status to "shady actors" is legally difficult. So is revocation of resource holdership on the grounds that the number resources were used for specific purposes which may be illegal in some or all of the RIPE NCC service region. Acting outside the terms of legal proportionality is also problematic. Many policy proposals have foundered on this issue. Also, there are open questions as to whether deregistration of IP addressing resources will have a real impact on abuse management, or whether the abusers would just spin up another legal vehicle to conduct their abuse. Overall, this is a fraught area. This is at least part of the reason that it's been difficult to reach consensus on a good number of these proposals. Nick
I think we all need to re-read, from time to time, RFC7282. Regards, Jordi @jordipalet El 9/5/20 18:21, "anti-abuse-wg en nombre de Sérgio Rocha" <anti-abuse-wg-bounces@ripe.net en nombre de sergio.rocha@makeitsimple.pt> escribió: Hi everyone Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions. If we don't change something in the process it better close this mailing lists that only exist to give the fake image that the community it's working SR Enviado a partir do meu smartphone Samsung Galaxy. -------- Mensagem original -------- De : Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Data: 09/05/20 13:41 (GMT+00:00) Para: Suresh Ramasubramanian <ops.lists@gmail.com> Cc: Gert Doering <gert@space.net>, anti-abuse-wg@ripe.net Assunto: [anti-abuse-wg] About "consensus" and "voting"... Hi Suresh, Gert, All, "member organizations represented by" -- this only happens at the RIPE NCC GM, twice a year. The PDP doesn't happen at the RIPE NCC GM, afaik, whether we like it or not. When polarisation is obvious, "consensus" is impossible and everything tend to remain as is... Cheers, Carlos On Sat, 9 May 2020, Suresh Ramasubramanian wrote:
In a case where the community is polarised to this extent it would be better to break with procedure and call a vote for once.? With member organizations represented by their abuse team heads, rather than IP / routing people, so that the organisation?s stance on this is clear.
?
From: Gert Doering <gert@space.net> Date: Saturday, 9 May 2020 at 3:57 PM To: Suresh Ramasubramanian <ops.lists@gmail.com> Cc: Randy Bush <randy@psg.com>, Nick Hilliard <nick@foobar.org>, anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi,
On Sat, May 09, 2020 at 01:12:32AM +0000, Suresh Ramasubramanian wrote:
Has this even been put to a vote or is it the same group of extremely vocal RIPE regulars against it and the same group of extremely vocal security types for it??? Rough consensus has its limitations in such cases.
There is no voting.
It's either "there is sufficient support and counterarguments have been adequately addressed" or "no consensus, rewrite or withdraw".
Gert Doering ??????? -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG????????????????????? Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14??????? Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen???????????????? HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444???????? USt-IdNr.: DE813185279
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
participants (8)
-
Brian Nisbet -
Carlos Friaças -
JORDI PALET MARTINEZ -
Nick Hilliard -
Randy Bush -
Sander Steffann -
Suresh Ramasubramanian -
Sérgio Rocha