Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] Afrinic and RPKI

Andrew Alston aa at tenet.ac.za
Tue Feb 15 19:52:48 UTC 2011


I need also, in addition to my last email, recall an incident in Cairo, at Afrinic in 2005.

The ITU stood up there, and very basically, if memory serves me correctly, proposed that IP space be split up between NIRs (national internet registries), with the amount of space being split between the countries based on a number of factors, and in effect, handing control of IP space to governments.

The proposal caused anger in the room to levels that shocked me, so much so that the floor took only 2 or 3 questions before very smartly closing for questions because of the vehemence that was coming from the floor over the proposal.  

Why did the proposal meet such tremendous opposition?  Because it took the control of the net out of the hands of the people and placed it in the hands of entities that may or may not have the good of the internet at heart.  (That and the basis of splitting up the IP space and how much each country would get etc was... beyond bizarre)

Now, lets look at a scenario here for a second.  We implement RPKI, the ITU then attempts to get it legislated that RPKI and negative testing becomes mandatory.  At that point, it is one small step from the RIR being coerced into accepting "member STATE" decisions about certifications.  The state now controls who they can turn on and who they can turn off.

Far fetched?  Conspiracy theory?  Some would have said so, until Egypt, Tunisia, Algeria, Iran, the statements by the ANCYL that they would "Shut down twitter", I can keep listing....

I really believe that over the last few years, governments have begun to realize that the internet is dangerous to them, they have been, and will continue to attempt to legislate and take back the control, to protect themselves and limit the power of communication by the people.  Look back at history, the first thing any dictatorial government has gone after in most cases is freedom of the media.  Why?  Its a communication mechanism.  The internet reduces their ability to do this.  RPKI plays into their hands and could unless very carefully considered hand back more control to these entities.

Andrew Alston
TENET - Chief Technology Officer
Phone: +27 21 763 7181



-----Original Message-----
From: aalain at afribone.trstech.net on behalf of ALAIN AINA
Sent: Tue 2/15/2011 9:09 PM
To: Andrew Alston
Cc: AfriNIC List
Subject: Re: [AfriNIC-rpd] Afrinic and RPKI
 

On Feb 13, 2011, at 3:45 PM, Andrew Alston wrote:

> Hi Guys,
> 
> While I was considering developing a policy proposal around RPKI in Africa,

What is the problem statement for the policy ??


> I figured before I attempt that one, and its a bit of a minefield, I'd like
> to open some discussion on the list about RPKI.


Great. We also have rpki-discuss at afrinic.net for RPKI related discussions.

> 
> While I am not going to attempt to go into the details of RPKI in this
> email, and will leave that up to the reader to do some research (its a
> complex topic), I would like someone from AfriNIC to respond to the
> following questions that can help guide policy formation on this issue.
> 

I will respond only  to RPKI part :-)

> A.) When a government declares that ISP X must be turned off, and issues
> AfriNIC with an order to turn them off, that is generated in a court in the
> country that the ISP resides in, how is AfriNIC planning on responding.


Not a RPKI issue

> B.) With the acceptance of RPKI we effectively allow outside forces to
> control the issuing and revocation of IP space,

Nope. RPKI reflects what  AfriNIC members and allocations databases say. If you are member and have resources, you will have a RPKI certificate to say so.


> and if we look at the
> actions taken recently in Tunisia, Egypt and rumour has it now in Algeria,
> is this really a road we want to walk down?


Nobody wants to go there. Open and free access to the Internet should a goal  for every net citizen. 

> C.) Has AfriNIC done any work with regards to RPKI to prepare for if this
> does become a reality?


For the RPKI, we have a CP and CPS and are looking at the legal related aspects with the Legal adviser. This does  include Legal aspects on the Internet Number resources management.

> 
> Right now, I see the world discussing RPKI as a solution for IP hijacking,
> which is likely to become far more commonplace now that IP space is running
> out, at the same time, I see us being years away from RPKI implementations.
> (There is no code in the routers to support this yet,


 you can just use the RPKI  objects  to generate filters for  routers  for now. 

> there are immense
> technical and political hurdles to be crossed, and its a fundemental change
> to the way the Internet actually operates and in my opinion a grave threat
> to the autonomy of ISPs).  

I thought you were in favor of solutions  for  IP hijacking and  BGP threats :-)


> However, with the global debate on this
> increasing I think it would be irresponsible of us in the AfriNIC region if
> we did not start taking a long hard look at this and deciding how we as the
> African community want to respond.


Agreed.

thanks

--alain
> 
> So, I'd like to issue an invitation for some discussion on this subject on
> the list.  Do some reading, do some research, and lets hear some thoughts so
> that we can develop some sensible policies around this within the community,
> before its far to late and we are forced to accept something implemented by
> the rest of the world without our thoughts being heard.
> 
> I would strongly suggest reading
> http://blog.internetgovernance.org/blog/_archives/2010/3/13/4479658.html
> 
> Thanks
> 
> Andrew Alston
> TENET - Chief technology Officer
> 
> 
> _______________________________________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20110215/0b7cedf0/attachment.html>


More information about the RPD mailing list