Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Tutu Ngcaba pan.afrikhan at
Tue Jun 27 18:10:20 UTC 2017

On 27 Jun 2017 8:45 p.m., "Andrew Alston" <Andrew.Alston at>


Sorry, but you honestly do not know what you are talking about here.

Firstly – there is information that can be disclosed to AfriNIC – and there
is information contained in systems that will NEVER be disclosed –
particularly because AfriNIC does not have NDA’s with its members (and a
few years ago, I tried to get one signed to provide them information they
asked for – they refused – though that situation may have changed under the
new management)

Secondly – there is absolutely no way for AfriNIC to verify any information
in an audit without substantial access to sensitive information –
information which AfriNIC can provide zero assurances is going to be safely
kept and guarded – and that is access that no large commercial company will
grant any RIR without seriously paperwork in place.  And the agreement in
the RSA about confidentiality – quite frankly – doesn’t cut it – no way –
no how.

Thirdly – I can put any information I like into a management system – would
it be trusted?  Where is the line – there is only one ground truth – what
is configured and running on the devices.   When you are running a network
of 20+ thousand potential IP enabled devices that are routing multiple
blocks, are running tens of thousands of customers with static assignments,
when the base routing tables don’t tell even a fraction of the story
because of space inside vrf’s, and sometimes even inside CinC VRF’s – to
even COMPILE that information into a form that is sanitized enough that it
could be given to an untrusted third party (which is what AfriNIC is in
this case) is time consuming, a massive drain on resource, and expensive.

I have PERSONALY conducted proper deep IP audits in the past on three
networks – NONE of them took less than a month to complete – and that was
with a lot of dedicated hard working resources that cost a fortune – and
that is when the information is being compiled straight into secured system
and does not need to be sanitized for consumption by an external party who
cannot be held accountable should the information disclosed by leaked.

So sorry Tutu – you are just flat wrong here

Bra Andrew,

so after reading you mean to said that you customer informations is private
like ip address you gave them to connect to the internet. But why you will
hide this ip address in confidentiality?

Telkom or MTN they have so many million customers and am sure they can tell
which customer used which ip address if police come to ask for example of
abuse like in america they do. so it means the isp will always have this
information and easy to give.

also if it was this long one month you take to do audit in your past maybe
the afrinic can take 4 months but the important is the review  is done and
completed. dont worry about the time bra.

Best Regards,
Tutu Ngcaba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list