In message <CAB69EHiWkmEACduS2U1WaDQRfk03Xmvd9S0DGro9FcgxUyXKeQ@mail.gmail.com>, Eric Kuhnke <eric.kuhnke@gmail.com> wrote: rfg>> 4) Filing a "fraud request" with ARIN is a serious step and one that rfg> could quite conceivably end up with the party filing such a formal rfg> report being on the business end of lawsuit, just for having filed rfg> such a report. rfg>
What makes you think that the sort of persons who would hijack a /17 sized piece of space, for spam generation purposes, would sue you over some formal submission you might make to ARIN, but would not already have sued you over your already exhaustively detailed posts to the public NANOG list?
Let me see if I understand this. You don't have any argument with the other three reasons I gave for sending my alert to the NANOG list, but you -would- like to quible with reason #4. Have I understood you clearly? Assuming so, let me answer your question with a question (or two). Is my fear of the potential for lawsuits actually LESS reasonable than ARIN's use of the same vague and non-specific bogeyman to thwart and impede, on a global scale, the more widespread adoption of RPKI... adoption which would, if it ever became universal, put an end to most or all of these nefarious and malevolent IP block hanky panky games? The last time I looked, RPKI adoption was sitting at around a grand total of 15% worldwide. Ah yes, here it is... https://rpki-monitor.antd.nist.gov/ I've asked many people and many companies why adoption remains so low, and why their own companies aren't doing RPKI. I've gotten the usual assortment of utterly lame excuses, but the one that I have had the hardest time trying to counter is the one where a network engineer says to me "Well, ya know, we were GOING to do that, but then ARIN... unlike the other four regional authorities... demanded that we sign some silly thing indemnifying them in case of.... something. We're not even sure what ``something'' actually is in this case, other than some demented lawsuit from some deranged ``lone wolf'' individual, but since ARIN demanded that we sign it, the thing had to go to -our- lawyers, and they took one look at it and said, in effect, ``F that! We are NOT going to accept any new potential liability if we don't have to'', so that was the end of that." As I have often said, if we all only did things that had been pre-cleared as being ``utterly safe'' by our respective lawyers, then none of us would ever even get out of bed in the morning. Regadless of whether ARIN was in any way indemnified against such an event, the Micfo guy elected to name ARIN in a lawsuit. This is a matter of public record. It's ludicrous and laughable, obviously, but he apparently sued ARIN when they woudn't just roll over and allow him to continue to play his ridiculous little fraud games. Like I say, in this country, at least (USA), you run the risk of getting sued if you even so much as get out a bed in the morning. BUT SO BLOODY WHAT? Neither we as individuals nor ARIN as an organization should cower in fear in our caves because of a bogeyman that may never come to pass, or that may be totally inconsequential even if it does, as in the case of Mr. Micfo's joke of a lawsuit. So I put it to everyone here... Are ARIN policies and its over-hyped fear of the vague bogeyman of lawsuits materially impeding the adoption of RPKI, and if so, what should be done about this? In the meantime, I decline to accept criticism of -my- perhaps misplaced fears of lawsuits. Mine have essentially no real world consequences. ARIN's, on the other hand, appear to be keeping some finite non-zero fraction of 85% of the world's route announcements unchecked, at least for any meaningful sense of the word "checked". Regards, rfg