[rpd] REPORT ON Appeal against the non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space ? Draft 2).

[Fernando Frediani]

I also find very strange to refer to RPKI as "something that makes RIRs 
to inject routing data". It is absolutely nothing about that. RPKI is 
not BGP.

I concur with everything Frank said: it is a tool that allow the RIR 
that allows the RIR to protect IP space under its custody.
One strange thing from this discussion is that I have not seen anyone 
against this proposal and at the same time defending that any 
organization can announce any unallocated space under the custody of the 
RIR at will so it is hard to understand all the fear about the RIR using 
this tool to protect space under its responsibility.

One of the main proposes of a RIR is to register space accurately but 
there are other related ones. From AfriNic's bylaws Section 3.4:

- "... and to assist in the development and growth of the Internet in 
the African region;"
- "to promote responsible management of Internet resources throughout 
the African region, as well as the responsible development and operation 
of Internet infrastructures;"
- "to propose and take such steps as are necessary to promote the 
development of public policies in the best interest of members ..."
- "to develop and promote technical and business practice standards 
related to Internet service provision to members;"

Now I ask:

- Isn't responsible management of Internet resources make sure that no 
one can use an space that is currently under responsibility of the RIR ?
- Isn't in the best interest of the members that resources assigned are 
used properly and by the rightful organization ?
- Making sure of all this above doesn't go towards the development and 
growth of the Internet in the African region ?

And mainly: Why can't AfriNic use this tool to achieve that and sign 
ASN0 ROAS as any other organization that have custody of IP space ?

Regards
Fernando Frediani

On 29/01/2021 01:48, Frank Habicht wrote:

> Hi,

>

> On 29/01/2021 02:05, Anthony Ubah wrote:

>> Dear Jord!

>>

>> I think you may be misunderstanding me when I say that they are invalid.

>> It is also quite unfortunate to hear you say that ideological

>> differences are an “invalid objection”.

>>

>> The providers, who use RPKI, can invalidate (or AS0 as you put it) those

>> unallocated spaces themselves with minimal code, so there is no need to

>> have a particular policy for it. That is the exact reason why such an

>> approach is not accepted in RIPE in the first place. I to also note that

>> there is really no need to converting BOP (best operating practices)

>> into unnecessary policies, as is slowly becominga norm. I am sure that

>> you have best interests at heart, but this is not what policies are

>> supposed to be.

> I want to ask something about this.

> Because you call this "unnecessary policies".

> Do you agree that holders of address space are responsible for that

> address space and can make decisions to safeguard that address space?

> Especially protect it from hijacks ("misoriginations").

> Like for instance creating an AS0 ROA?

>

> One might be asking :

> isn't AfriNIC one such holder of address space?

> Let's assume this policy proposal doesn't exist.

> Isn't AfriNIC as custodian of the address space entitled to say "noone

> should route this on the Internet"?

>

> Can AfriNIC do that using *a tool* called RPKI?

> [1]

>

>> Contrarywise, requiring RIRs to inject routing data into the only

>> available routing certification program is a violation of the RIR’s

>> purpose.

> I strongly believe that this is a wrong assumption.

> this is not about "requiring RIRs to inject routing data".

> this is about asking a RIR to make statements about what it would like

> to see happen (or not happen) about address space. In *a tool*.

>

>> The RIRs are not built for regulating routing – this is the

>> ideological difference that I am talking about – (and something I

>> believe you have been told regularly in the RIPE region),

> ... and I say this is also not what is happening here.

>

>> including the

>> most recent appeal you have filed against the contact abuse policy in RIPE.

>>

>> If you ask anyone here to compensate for hijacking, the chances are

>> there is an inordinately high probability that most of them

>> misunderstand an RIR's fundamental functions.

> I'm one of those.

> is it not APNIC's function to publish information about unallocated

> address space in RPKI?

>

>

>> If you want to use RPKI to

>> prevent hijacking, you can do it today;

> I can do that for my address space.

> Can AfriNIC - please - also to it for address space they are custodian for?

>

>> moreover, if you wish to use

>> RPKI with AS0 functionality, you can also do it today with just a few

>> additional lines of code.

> even better: no additional lines of code.

> you just enter "0" in the field for the ASN in the web form for creating

> a ROA.

>

>> Therefore, your argument that the provider can’t protect themselves from

>> hijacking because they lack AS0 functionality in an RIR-provided space

>> is very misleading.

> We're all understanding that the *provider* can do that.

> We want the ability that other address space holders can do that as

> well. AfriNIC.

>

>> On the other hand, the current status quo allows the

>> provider to choose whether or not they want such functionality instead

>> of forcing it on them.

> Agree. No provider should be forced.

>

>> The AS0 for unallocated space is already an

>> optional function that anyone can enable independently, and enabling AS0

>> is a BOF  rather than a policy issue.

> I think I couldn't follow that part, can you re-phrase?

>

>

> Thanks,

> Frank

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd