[rpd] final decision on AFPUB-2019-GEN-006-DRAFT01 "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space" (last call)

[JORDI PALET MARTINEZ]

Hi AK, Moses,

 

I was expecting a kind of simplification of what is(are) the critical(s) objection(s), and a rational of if it has not been addressed, by the authors, or if it is justified. Here I just see a summary of the discussion in the list, which of course, I followed up in the list.

 

Also, you’re not including answers from authors and other community members to each of those points, which will clearly show, that there are no such “critical objections”, at least none justified.

 

I’m not going to repeat all what has been said in the list, just trying to provide a short response/rererence to each one.

 

1. Human errors can be done *always* in any resource management. So, should we never approve any policy proposal because that? It is up to operational procedures to avoid them as much as possible.

 

2. All the policies have operational aspects (routing or others), and the staff need to make an implementation to resolve those issues or come back to the community with anything that is not solvable. The staff did presented a about this proposal and didn’t raised any issues. Also, I clarified that % of impact is not small. At a minimum, in the case of IPv6 it is much bigger in AFRINIC than other regions, because lower IPv6 penetration, so more unallocated/unassigned resources. Same for IPv4 (at the time being), until all the IPv4 resources get allocated/assigned.

 

3. As indicated, the reading from different people (about RIPE discussion) may be different, but it is also a different PDP and clearly this is never a critical objection, as otherwise, policies will need to be exactly the same in every RIR.

 

4. I’ve responded to this also in 2 above. The rational of the global policy has also been responded by several folks.

 

5. Responded in 1 as well.

 

6. This has also been extensively discussed in the list, and it is related to 1 above.

 

7, 8, 9 and 10. Seem to be due to lack of knowledge of how a RIR and RKPI work, but not justified at all. There is no such thing as RPKI = centralized control.

 

So, honestly, I think it is clear that there is no any critical or justified objection that allows to change the consensus decision based in the last call discussion.

 

In fact, based on that discussion, there is no way authors can update the test of the proposal, because we don’t believe there is anything wrong or than can be accommodated.

 

In fact, I believe (personal opinion) that many of the objections raised (probably 1 to 6 above, but this need to be confirmed by the people who raised the objections), are “non-blocking”. Please refer to rough consensus definition, RFC7282: Rough consensus is achieved when all issues are addressed, but not necessarily accommodated, and 7-10 are, clearly, not justified.

 

If we procced this way with *ANY* policy proposal, it means that *ALWAYS* *ANYONE* will be able to block it in the last call, which is never acceptable.

 

Regards,

Jordi

@jordipalet

 

 

 

El 12/2/20 16:53, "ABDULKARIM AYOPO OLOYEDE" <oloyede.aa at unilorin.edu.ng> escribió:

 

Dear PDWG

 

 Apologies for the slow response,  co-chairs have been caught up with work lately.    Below is a list of objections that were raised. 

 

 

1.    Objection point:

- [ ] Some technicalities- human or machine error in revoking the AS0 state- are unresolved which would affect the implication of this policy

 

Author:Taiwo Oyewande

 

Content:

Are resources reclaimed by Afrinic regarded as bogons, how long after reclaim of such resources will they be given a ROA with origin AS0?

 

What happens in the case of human or machine error in revoking the AS0 state. Which can lead to DOS of the resource holder. I think there are some technicalities unresolved that affect the implication of this policy which needs to be looked at before moving forward with this policy

 

 

2.    Objection Point:

- [ ] The policy involving Afrinic in the routing would impact staff due to the multiple checks post-implementation

- [ ] Afrinic’s operation details should then be considered

- [ ] policy is not effective as we only have single-digit percentile of resource allocation -> should be implemented on global scope

 

Author:Anthony Ubah

 

Content:


>From my understanding, if the policy involves AfriNIC in the routing


 

process, it is impacting on staff as there must be multiple checks

post-implementation to mitigate accidental/malicious DOS. In this case,

don't you think AfriNIC's operational details should also be considered as

well in certain policies like this which are impacting?

I'm not abreast of staff impact assessment in the previous presentations,

so please offer me some clarity.

 

Finally looking at this from the AfriNIC lens, with our single-digit

percentile of resource allocation, how effective will this policy be if

other RIRs with bigger resources don not have an equivalent implementation?

I think this will only be truly efficient if implemented on a global scope,

starting from the RIRs with the bulk of resources.

 

 

 

3.    Objection Point: a lot of people questioned the impact of this policy and the operational overhead of it

 

Author:Rob Evans

 

Content: > It has been already submitted to RIPE and we are waiting right now for the impact analysis. I think unless the impact analysis finds anything really terrible (which I don’t think is the case), it will reach consensus.

 

 

Your reading of the discussion is different to mine. I think so far a

number of people have questioned the impact this will have, and the

operational overhead to implement it, so I'm not convinced we should

jump to conclusions. :)

 

 

4.    Objection Point:

- [ ] Questioning if they have enough data on the operational impact of RIRs (asking for clarification)

- [ ] The policy has no great impact due to the number of resources within the jurisdiction of AfriNIC.

- [ ] the policy is not global/unifrom enough which would create additional and unreasonable stress.

 

Author:Anthony Ubah

 

Content:

Although you haven't provided adequate clarity on impact, which I think

must be put into good consideration.

Quoting my previous comment, " I'm not abreast of staff impact assessment

in the previous presentations, so please offer me some clarity"

Do we have data on the operational implication/Impact of other RIRs that

have this ion consideration, and/or that which has adopted and implemented

it?

 

Also, I'm still curious about the effectiveness of this policy if it is

implemented on RIR to RIR basis. I think it will be of no great impact,

judging by the number of resources within the jurisdiction of AfriNIC.

 

I honestly think this policy is very operational and should be reviewed.

Only a global policy will be reasonable because a none uniform policy might

create additional and unreasonable stress.

  

 

5.    Objection Point:

- [ ] Concern about the implementation process due to errors such as “timing and wrong route origin authorisation” previously discussed

 

Author: Taiwo Oyewande

 

Content:

My main concern about this proposal still remains how smooth the implementation can be (automated or manual). I recommend an additional clause be added to the proposal to limit implementation errors such as “timing and wrong route origin authorisation” previously discussed

 

  

 

6.    Objection Point:

- [ ] Asks for a staff impact analysis to clear confusions

- [ ] Concerned about how timelines for revocations and new allocations might be affected by the revocation of AS0 VRP and how this will disappear from validator caches worldwide

 

 

Author: Paschal Ochang

 

Content:

The perceived impacts will continue to be there until perhaps a staff

impact analysis probably clears the air and this is one of the reasons I

supported the staff impact analysis which was opposed by some. I also have

some concerns regarding how timelines for revocations and new allocations

might be affected by the revocation of AS0 VRP and how this will disappear

from validator caches worldwide.

  

 

7.    Objection point:

- [ ] Government would take all the control of RPKI and hence unable to ensure users can use the Internet freely and legitimately.

 

Author: Blaise Fyama

 

Content:

I do not support the RPKI ROAs for Unallocated and Unassigned Afrinic

Address Space policy as it raises the concern about the control of

internet; should we have to let the government take all control of RPKI and

therefore representing a risk on how to make sure the use of Internet free

and legitimate. I therefore object it on the the engagement of a free

internet controlled by the community and its users.

 

 

 

8.    Objection Point:

- [ ] The proposal centralises the control of the internet to the government.

 

Author: Kakel Mbumb

 

Content:

The proposal for RPKI is not applicable as it centralises the control of

internet; and also represents a potential risk for government to overtake

it.

We are a community and need to be independent on the way we treat our

resources.

  

 

9.    Objection Point:

- [ ] RPKI does not stop boon

- [ ] it centralises the control of internet to the government

 

Author: Kakel Mbumb

 

Content:

Hello all, i think RPKI asks for bogon but does not stop bogon and it shall

not involve in routing issue. Do we really want it to centralise the

control of the internet because it can present potential risk for

government to overtake it.

Regards..

  

 

10. Objection Point: same as above

 

Author: Kakel Mbumb

 

Content:

Hello Jordi, what I mean is RPKI centralises the control of the Internet

and allows AFRINIC to create ROAs for all unallocated and unassigned

address space under its control. Only AFRINIC has the authority to create

RPKI ROAs for address space not yet allocated or assigned to its members.

This thus concentrates the control of the internet to AFRINIC.

 

We have also critically examined the response(s) from the authors and we still believe that this proposal requires more discussion on a number of the issue raised hence we are not yet recommending it for ratification. 

We also understand that the community has a diverse voice on this proposal. However, Co-chairs want to emphasise the fact that we are human beings.  If anyone finds some error in our decisions you are welcome to appeal it in line with the CPM.

 

Thanks 

Co-Chair PDWG

.

  

 

 

 

 

On Wed, Feb 12, 2020 at 9:15 PM JORDI PALET MARTINEZ <jordi.palet at consulintel.es> wrote:

By the way, just to clarify one of my points.

The message from the chairs (https://lists.afrinic.net/pipermail/rpd/2020/010326.html), indicates "we believe it requires more discussion", and according the CPM 3.4.3, it may be interpreted as extending the last call.

So, unless either the co-chairs clarify that, or the appeal committee has the same interpretation on that message, the appeal need to be submitted within 2-weeks of that message (which is today).

Regards,
Jordi
@jordipalet



El 12/2/20 13:59, "JORDI PALET MARTINEZ via RPD" <rpd at afrinic.net> escribió:

    Hi co-chairs, all,

    I don't want to put any pressure on you, I fully understand how difficult is to take decisions in the PDP, but in my opinion, as well as other co-authors and other participants from the PDWG, there was not any justified objection during the last call.

    However, by chance (I was looking for something else in the CPM) I just realized that the procedure in the CPM, as per section 3.5.2, states that an appeal must be submitted within 2 weeks of the public knowledge of the decision.

    I don't know if you already looked at this deadline and we should already expect your response in the next few hours.

    Otherwise, as this 2-weeks period expires today, we need to take a decision, *unless* the Appeal Committee can respond to this message, confirming that they will consider the 2-weeks period only starting once the co-chairs re-confirm its decision. I think this is feasible, because they already mention they are hearing the inputs and working on it.

    Thanks for responding as promptly as possible (and maybe wasting time in an appeal if not really needed).

    Regards,
    Jordi
    @jordipalet





    **********************************************
    IPv4 is over
    Are you ready for the new Internet ?
    http://www.theipv6company.com
    The IPv6 Company

    This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.




    _______________________________________________
    RPD mailing list
    RPD at afrinic.net
    https://lists.afrinic.net/mailman/listinfo/rpd




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.





 

Website, Weekly Bulletin UGPortal PGPortal

 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200212/0e83cbe7/attachment-0001.html>