<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta content="text/html; charset=utf-8">
</head>
<body>
<div>Noah is it best practice? Under who's definition? Best practice to centralize something that has grown organically and found its very success in its decentralized anarchical structures? I don't think so.</div>
<div><br>
</div>
<div>I have fundamental problems with the centralization involved in RPKI, which creates unique security problems in and of itself in my view.</div>
<div><br>
</div>
<div>And I also point out that security is NOT always best practice, because security is very often a trade off. For example, is it best practice for a company to invest in security infrastructure it cannot afford and thereby risk bankcrucpy? Of course it isn't.
Best practice is not a globally holistic thing, what is best for one region may not be best for another.</div>
<div><br>
</div>
<div>There is a saying, one mans food is another mans poison. This can be applied to rpki as well imho.</div>
<div><br>
</div>
<div>You might wanna ask why there was never consensus in the RIPE region about rpki and the policy working groups could never get it passed, so ripe to push RPKI put it through a non standard membership vote which passed by a very small majority with a large
number of abstentions.</div>
<div><br>
</div>
<div>There was never consensus</div>
<div><br>
</div>
<div>Andrew</div>
<div><br>
<div class="acompli_signature">Get <a href="https://aka.ms/o0ukef">Outlook for iOS</a></div>
<br>
</div>
<br>
<br>
<br>
<div class="gmail_quote">On Sun, Jun 26, 2016 at 5:15 PM +0300, "Noah" <span dir="ltr">
<<a href="mailto:noah@neo.co.tz" target="_blank">noah@neo.co.tz</a>></span> wrote:<br>
<br>
</div>
<div>
<p dir="ltr"><br>
On 25 Jun 2016 16:51, "Andrew Alston" <<a href="mailto:Andrew.Alston@liquidtelecom.com">Andrew.Alston@liquidtelecom.com</a>> wrote:<br>
><br>
> Just need to point out, RPKI is a *choice*, and there could be many reasons for people NOT running RPKI, that go beyond just AfriNIC promoting it or not.<br>
></p>
<p dir="ltr">No one disagreed and yes its your choice. </p>
<p dir="ltr">The point being put forward is "Its a best practise to do it" because its important to support any initiative that tries to promote improved security of Internet routing.</p>
<p dir="ltr">There were valid reasons that compeled the community that was involved in the RPKI proposition and drafts until some folks startes implementing.</p>
<p dir="ltr"><a href="https://tools.ietf.org/html/rfc6480">https://tools.ietf.org/html/rfc6480</a></p>
<p dir="ltr">> <br>
><br>
> I for one am not on that list of ASN’s, and I have zero plans to be on that list of ASN’s. Not because I don’t know how to implement it, not because I can’t go and get it, but because I am fundamentally opposed to RPKI for various reasons.<br>
></p>
<p dir="ltr">And what are those fundamental reason if you may?</p>
<p dir="ltr">><br>
> Andrew<br>
></p>
<p dir="ltr">Noah</p>
</div>
</body>
</html>