Search RPD Archives
[rpd] REPORT ON Appeal against the non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space ? Draft 2).
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Mon Feb 1 16:03:33 UTC 2021
Ok, so I understand that you agree that RPKI is a good service and it is optional and should be provided by AFRINIC.
Then, the AS0 allows to add one add one more tool to the RPKI: The *optional* feature of "marking" in a trusted way, the resources that are on the hands of AFRINIC and not in the hands of resource holders.
Again, this is *optional*. You can decide to use RPKI and not use the AS0. So AFRINIC is not "injecting" anything into your routing stuff, which is the fundamental lie on what the objections are based.
The optional AS0 feature allows you, as a network operator, to automatically discard any prefix that AFRINIC has not allocated to a resource-holder, but criminals may be using for spam or other criminal activities.
You can do that by yourself using the AFRINIC databases, but it will not be using RPKI, so not signed, not trustable in the same degree and of course more complex, more time consuming, requires a higher effort and cost on your side for automating it.
So having the *choice* of using RPKI or RPKI+AS0 increases the "health" of your network.
El 1/2/21 14:53, "Ibeanusi Elvis" <ibeanusielvis at gmail.com> escribió:
First, to make it clear, I am not in support of the policy.
In accordance with my earlier email, I was not aiming to suggest that the provision of RPKI should be stopped not stop the provision through the Whois and other DB’s the necessary information about legitimate resource holders for each address block but rather I was stipulating on the flexibility and independence of choice that the presence of the RPKI gives the resource holders.
Although the RPKI might not be mandatory but it is essential to have as it provides a verification of internet number resource. On the other hand, concerning the issue of a “healthy network”, were you trying to say that the current RPKI+ASO that the AFRINIC organization utilizes does not provide and promote a healthy network? And if network companies or organizations want to use use RPKI+ASO and want to have a healthy network, they have to run a manual filtering?
> On Feb 1, 2021, at 17:45, Nishal Goburdhan <nishal at controlfreak.co.za> wrote:
> On 31 Jan 2021, at 03:52, Paschal Ochang <pascosoft at gmail.com> wrote:
>> Hello all,
>> From my own point of view I do think this should be available in a consented form and optional form.
> it. already. is.
> the “economic” argument is fallacious; if you are an ISP and can’t afford to setup a RP cache (ie. a virtual machine with 1GB of RAM), there are many public validators you can use. in my community, i operate six (6) free-to-use caches; this is a zero-dollar cost to operators. discussing RP cache setup and use, is outside the scope of this policy.
> RPD mailing list
> RPD at afrinic.net
RPD mailing list
RPD at afrinic.net
IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
More information about the RPD