Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Kris Seeburn seeburn.k at gmail.com
Tue Jun 27 18:35:42 UTC 2017


Tutu or whichever alias is used,

You better have a look at icp2 that is where icann / iana defines the role of a rir.

Some
Things are privileged information. Even we
As having been board members had no access to
Those information. It is attached within the bounds of the CEO and staff. 

Rules which you want to change are
Beyond ourselves. That is why a
Policy is being proposed.but a policy does not override what an rir has signed with icann on first place.

People we need to be rational know our limits.
And bear in mind that RIPE act based on enough proof to carry out an audit. Not because is talking about a suspicion that can lead to legal
Implications. Be wary of that, I could also anonymously say that "seacom" are
Malicious using the resources or
Someone else as well. Where is the proof
That would pull The resources to do so. 

As nishal said there should. Be no
Exception at all. No one gets
Away but who will
Provide the money and resources to
Audit our 1500 Members. I also know of academia not respecting the sla should we
Take their resources away. Some
Are making some
Money with that and they are supposed to
So apart from
Research.

Lets be very pragmatic and not with hunts from
A policy designed such ways.

Kris

> On 27 Jun 2017, at 20:10, Tutu Ngcaba <pan.afrikhan at gmail.com> wrote:
> 
> On 27 Jun 2017 8:45 p.m., "Andrew Alston" <Andrew.Alston at liquidtelecom.com> wrote:
> Tutu,
> 
>  
> 
> Sorry, but you honestly do not know what you are talking about here.
> 
>  
> 
> Firstly – there is information that can be disclosed to AfriNIC – and there is information contained in systems that will NEVER be disclosed – particularly because AfriNIC does not have NDA’s with its members (and a few years ago, I tried to get one signed to provide them information they asked for – they refused – though that situation may have changed under the new management)
> 
>  
> 
> Secondly – there is absolutely no way for AfriNIC to verify any information in an audit without substantial access to sensitive information – information which AfriNIC can provide zero assurances is going to be safely kept and guarded – and that is access that no large commercial company will grant any RIR without seriously paperwork in place.  And the agreement in the RSA about confidentiality – quite frankly – doesn’t cut it – no way – no how.
> 
>  
> 
> Thirdly – I can put any information I like into a management system – would it be trusted?  Where is the line – there is only one ground truth – what is configured and running on the devices.   When you are running a network of 20+ thousand potential IP enabled devices that are routing multiple blocks, are running tens of thousands of customers with static assignments, when the base routing tables don’t tell even a fraction of the story because of space inside vrf’s, and sometimes even inside CinC VRF’s – to even COMPILE that information into a form that is sanitized enough that it could be given to an untrusted third party (which is what AfriNIC is in this case) is time consuming, a massive drain on resource, and expensive.
> 
>  
> 
> I have PERSONALY conducted proper deep IP audits in the past on three networks – NONE of them took less than a month to complete – and that was with a lot of dedicated hard working resources that cost a fortune – and that is when the information is being compiled straight into secured system and does not need to be sanitized for consumption by an external party who cannot be held accountable should the information disclosed by leaked.
> 
>  
> 
> So sorry Tutu – you are just flat wrong here
> 
> 
> Bra Andrew,
> 
> so after reading you mean to said that you customer informations is private like ip address you gave them to connect to the internet. But why you will hide this ip address in confidentiality?
> 
> Telkom or MTN they have so many million customers and am sure they can tell which customer used which ip address if police come to ask for example of abuse like in america they do. so it means the isp will always have this information and easy to give.
> 
> also if it was this long one month you take to do audit in your past maybe the afrinic can take 4 months but the important is the review  is done and completed. dont worry about the time bra.
> 
> Best Regards,
> Tutu Ngcaba
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20170627/7077894c/attachment-0001.html>


More information about the RPD mailing list