[rpd] REPORT ON Appeal against the non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space ? Draft 2).

[Frank Habicht]

Hi,

On 29/01/2021 02:05, Anthony Ubah wrote:

> 

> Dear Jord!

> 

> I think you may be misunderstanding me when I say that they are invalid.

> It is also quite unfortunate to hear you say that ideological

> differences are an “invalid objection”.

> 

> The providers, who use RPKI, can invalidate (or AS0 as you put it) those

> unallocated spaces themselves with minimal code, so there is no need to

> have a particular policy for it. That is the exact reason why such an

> approach is not accepted in RIPE in the first place. I to also note that

> there is really no need to converting BOP (best operating practices)

> into unnecessary policies, as is slowly becominga norm. I am sure that

> you have best interests at heart, but this is not what policies are

> supposed to be.


I want to ask something about this.
Because you call this "unnecessary policies".
Do you agree that holders of address space are responsible for that
address space and can make decisions to safeguard that address space?
Especially protect it from hijacks ("misoriginations").
Like for instance creating an AS0 ROA?

One might be asking :
isn't AfriNIC one such holder of address space?
Let's assume this policy proposal doesn't exist.
Isn't AfriNIC as custodian of the address space entitled to say "noone
should route this on the Internet"?

Can AfriNIC do that using *a tool* called RPKI?
[1]


> Contrarywise, requiring RIRs to inject routing data into the only

> available routing certification program is a violation of the RIR’s

> purpose.


I strongly believe that this is a wrong assumption.
this is not about "requiring RIRs to inject routing data".
this is about asking a RIR to make statements about what it would like
to see happen (or not happen) about address space. In *a tool*.


> The RIRs are not built for regulating routing – this is the

> ideological difference that I am talking about – (and something I

> believe you have been told regularly in the RIPE region),


... and I say this is also not what is happening here.


> including the

> most recent appeal you have filed against the contact abuse policy in RIPE.

> 

> If you ask anyone here to compensate for hijacking, the chances are

> there is an inordinately high probability that most of them

> misunderstand an RIR's fundamental functions.


I'm one of those.
is it not APNIC's function to publish information about unallocated
address space in RPKI?



> If you want to use RPKI to

> prevent hijacking, you can do it today;


I can do that for my address space.
Can AfriNIC - please - also to it for address space they are custodian for?


> moreover, if you wish to use

> RPKI with AS0 functionality, you can also do it today with just a few

> additional lines of code.


even better: no additional lines of code.
you just enter "0" in the field for the ASN in the web form for creating
a ROA.


> Therefore, your argument that the provider can’t protect themselves from

> hijacking because they lack AS0 functionality in an RIR-provided space

> is very misleading.


We're all understanding that the *provider* can do that.
We want the ability that other address space holders can do that as
well. AfriNIC.


> On the other hand, the current status quo allows the

> provider to choose whether or not they want such functionality instead

> of forcing it on them.


Agree. No provider should be forced.


> The AS0 for unallocated space is already an

> optional function that anyone can enable independently, and enabling AS0

> is a BOF  rather than a policy issue.


I think I couldn't follow that part, can you re-phrase?


Thanks,
Frank