[DBWG] issue report - AFRINIC RPKI intermediate CA overclaim
Job Snijders
job at fastly.com
Thu Oct 26 09:18:07 UTC 2023
Dear David,
On Thu, Oct 19, 2023 at 02:09:24PM +0400, David Njuki wrote:
> We are planning to schedule it for next week Thursday, 26th October to
> coincide with the next CRL update.
Many thanks for the swift action. I now observe that 154.16.0.0/8 was
split into the appropriate more-specifics.
I'm sorry to not have noticed before that a similar issue exists for the
subordinate resource listing of 196.0.0.0/7. As I understand the RIR
delegations, the following blocks are *not* managed by Afrinic:
196.1.1.0/24 # APNIC
196.1.68.0/24 # APNIC
196.1.104.0 - 196.1.106.255 # APNIC
196.1.108.0/22 # APNIC
196.1.113.0 - 196.1.114.255 # APNIC
196.1.134.0/24 # APNIC
196.3.65.0/24 # APNIC
196.3.72.0/24 # APNIC
196.12.32.0/19 # APNIC
196.15.16.0/20 # APNIC
196.29.64.0/19 # LACNIC
196.32.32.0/19 # LACNIC
196.32.64.0/19 # LACNIC
196.40.0.0 - 196.40.95.255 # LACNIC
So instead of listing 196.0.0.0/7, I believe the following should be
listed as subordinate:
196.0.0.0 - 196.1.0.255
196.1.2.0 - 196.1.67.255
196.1.96.0/21
196.1.107.0/24
196.1.112.0/24
196.1.115.0 - 196.1.133.255
196.1.135.0 - 196.3.64.255
196.3.66.0 - 196.3.71.255
196.3.73.0 - 196.12.31.255
196.12.64.0 - 196.15.15.255
196.15.32.0 - 196.29.63.255
196.32.96.0 - 196.39.255.255
196.40.96.0 - 197.255.255.255
Please double-double-check the above suggestion! :-)
If you agree with the above assessment, can a new afrinic-ca.cer be
issued? Hopefully this was the last overclaiming issue.
Kind regards,
Job
More information about the DBWG
mailing list