[rpd] RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT02

[Lamiaa Chnayti]

Hey everyone,


I, on the other hand, am having issues with this policy due to the
following reasons :


- It potentially can turn registration error into operation disaster,
if Afrinic mistakenly labour one of the member’s ip into their own
pool, it has a great chance for end users to lose their connection vs
just a wrong registration data.

- RPKI for unallocated space is rather a global policy issue rather
than a regional policy issue, all regions should have the same view on
the topic, if only AFRINIC implements it, it will create an
operational inconsistency.

- There is a potential huge risk that will be created if Ernest’s case
happens again, AFRINIC’s own staff potentially has the power to rob
other members space by “AS0” it.



Regards,



Lamiaa




Le jeu. 17 sept. 2020 à 09:04, Mark Elkins <mje at posix.co.za> a écrit :


> I support the RPKI ROA policy as written. I understand the technical

> aspects of the policy. I have a feeling that those objecting may not

> completely understand the technical aspects which is why they are objecting.

>

> AFRINIC's job is to properly document the resources they have been

> provided by ICANN/IANA and this is simply part of the job. When new

> resources are provided to AFRINIC, they label it as such (AS0, etc). When

> it is then allocated/assigned to a member, the AS0 RPKI is removed. All

> this means is that the unallocated/unassigned resources that are with

> AFRINIC can be (optionally) identified as such and thus can not be easily

> misused by bad actors. This also means that when they are

> allocated/assigned to members, they are less lightly to have been made

> "dirty".

> On 2020/09/17 08:26, Ibeanusi Elvis wrote:

>

> Dear all,

>

> The AFRINIC as an organization specifically focuses on the registration

> database and thereby having knowledge of where the prefix belongs to and

> AFRINIC should just focus on this role and should not engage in

> authenticating or the authorization of various services. If such rights are

> given to any organization, they have the right to assign prefixes to

> servers hence, having control of the routing database at which a technical

> or human error will lead to an immense catastrophe to the internet society.

> This control is basically the specific definition of centralization. This

> centralization is the major reason why most providers do not trust the

> Resource Public Key Infrastructure (RPKI). I am still in opposition to this

> policy proposal.

>

> Elvis.

>

> On Thu, Sep 17, 2020 at 3:01 PM Darwin Costa <dc at darwincosta.com> wrote:

>

>> Cmon folks….!

>>

>> @Elvis, I really don’t see your point here and also don’t really

>> understand why are you opposing against this proposal.

>>

>> As mentioned further on the thread - RPKI won’t change Afrnic´s role at

>> all…. Instead this proposal will certainly contribute to a more secure

>> routing advertisement.

>>

>> As such, other RIR´s have successfully implemented this in order to

>> protect our garden so called “The Internet”.

>>

>> Darwin-.

>>

>>

>>

>> On 17 Sep 2020, at 05:42, Fernando Frediani <fhfrediani at gmail.com> wrote:

>>

>> I think there is a serious issue by some people totally misunderstanding

>> what RPKI actually is.

>>

>> Some arguments saying something like 'Afrinic will centralize control of

>> the internet and should not have such power' don't have relation to what

>> what this proposal intends and the reasons to oppose it are not tied to

>> real possible problems pointed.

>>

>> This proposal only follows what have been done in APNIC and LACNIC and is

>> a natural move to make an internet more secure and avoid organizations to

>> use space that is not assigned to anyone else.

>> Therefore I support this proposal.

>>

>> Fernando

>> On 16/09/2020 20:42, Noah wrote:

>>

>>

>> On Thu, Sep 17, 2020 at 2:30 AM Ibeanusi Elvis <ibeanusielvis at gmail.com>

>> wrote:

>>

>>>

>>> I am strongly in opposition to this RPKI ROA proposal,

>>>

>>

>> You oppose yet....

>>

>>

>>>  issuing an AS0 for AFRINIC address space

>>>

>>

>> You must be clear on which AFRINIC address space rather than presenting a

>> rather vague statement.

>>

>> The proposal is very clear and explicit and the AFRINIC space in question

>> is that which has not yet been allocated or assigned to any entity or

>> resource member.

>>

>> I will quote for you section 2.0 of the proposal as written below;

>>

>> *2.0 Summary of how this proposal addresses the problem*

>>

>> This proposal instructs AFRINIC to create ROAs for all *unallocated and

>> unassigned address space under its control.* This will enable networks

>> performing RPKI-based BGP Origin Validation to easily reject all the bogon

>> announcements covering resources managed by AFRINIC.

>>

>> So what are you talking about?

>>

>> Noah

>>

>>

>> _______________________________________________

>> RPD mailing listRPD at afrinic.nethttps://lists.afrinic.net/mailman/listinfo/rpd <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720490840&sdata=mOjgUTIarKfPnsD2h0TtixnR51E4wzIwqoo6rONHW%2FI%3D&reserved=0>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net

>>

>> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720510827&sdata=jlnsXCK7dATX4Jcg48%2BhurUnj1E5umTa2RZq7IMsb%2Fs%3D&reserved=0

>>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net

>> https://lists.afrinic.net/mailman/listinfo/rpd

>>

>

> _______________________________________________

> RPD mailing listRPD at afrinic.nethttps://lists.afrinic.net/mailman/listinfo/rpd

>

> --

>

> Mark James ELKINS  -  Posix Systems - (South) Africa

> mje at posix.co.za       Tel: +27.826010496 <+27826010496>

> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

>

> [image: Posix Systems][image: VCARD for MJ Elkins]

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200917/9bd12a8d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abessive_logo.jpg
Type: image/jpeg
Size: 6410 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200917/9bd12a8d/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: QR-MJElkins.png
Type: image/png
Size: 2163 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200917/9bd12a8d/attachment-0001.png>