
On Wed, Feb 1, 2012 at 4:43 PM, Seth Mattinen <sethm@rollernet.us> wrote:
Phoenix NAP colluding to hijack address space and then balking when it was brought to their attention is a perfect example someone could use to say why "we" need to be regulated. And I'm sure it will eventually
There are always going to be some bad actors, and some negligent participants who get taken advantage of by bad actors. There's no way to guarantee a service provider capable of hijacking space does not fall into the category of negligent facilitator. Simple government regulation is of limited value, since the problem network may be overseas. Also, separate networks that adhere to different rules should not have to follow the internet's conventions -- if they want to implement their own local variant of TCP/IP on their computers connected over private connections but not connect to the internet, and therefore follow their own address management system, in a free society, people should be free to do this with their computers; the last thing we ever need are governments mandating global uniqueness of IP addresses, ASN numbers, Port numbers, or other aspects of the engineering of private computer networks. I would say a service provider entering into a contractual relationship with any other network that does not allow the service provider to make and enforce their own network access TOS and routing policies and disconnect downstream networks as necessary to protect network stability or comply with upstream routing policies and what the RFCs and IANA say regarding internet address management, is negligent, from the community's point of view, in that they are not taking the reasonable care that is expected and necessary of service providers participating in the internet. Agreement to implement RPKI by RIRs and the RIR community would solve the problem but has other drawbacks. What the internet really needs is Tier1 and Tier2 providers participating in the internet who "care", regardless of the popularity or size of netblocks or issues involved. And by "care", I mean, providers efficiently investigating reports of hijacking or rogue announcement, and taking switft responsible actions, without bureaucratic processes requiring years and reams of paperwork, or any attempt to shrug off responsibility they have as intermediary. -- -JH