Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT02

Owen DeLong owen at
Fri Feb 12 22:04:27 UTC 2021

> On Sep 16, 2020, at 2:52 PM, Noah <noah at> wrote:


> HI Ekaterina,


> Unless you point to exactly what part of the policy proposal text you do not agree with or support then your blunt opposition to the proposal without clear basis is unfounded.

While it is misguided and somewhat misinformed, it is not unfounded.

Apparently she does not realize that AFRINIC (and the other RIRs) already serve as trust anchors for RPKI and already have some control over how ROAs are issued, signed, and
distributed. This policy does not change that fact. This policy merely extends that authority to allow the RIR to attest to the unallocated prefixes by issuing AS0 ROAs for
those prefixes that are not associated with a registrant.

> And by the way, wow will people lose connectivity yet the proposal is clear on the prefixes/routes being tagged with AS0 are unallocated and unassigned?

Presumably, she is looking out for the connectivity of squatters and hijackers that are using unallocated prefixes for their connectivity as those are the only ones that would be affected by a legitimate AS0 ROA issued by an RIR. The other possibility, of course, is that she is concerned about those who might be impacted by the RIR issuing an AS0 ROA by mistake, or perhaps she is concerned that the AFRINIC staff has malicious intent and would issue destructive invalid AS0 ROAs.

Regardless of which of these three things is her motivation, I don’t consider any of them to be a substantive reason to oppose this policy and I think that all three have been addressed on multiple occasions in this forum.

> In a nutshell, there is perfectly everything right with AFRINIC adopting this policy in order to also participate in enhancing internet security and as such read below article [1] if you will.

I’m not sure that I buy into the idea that RPKI somehow enhances internet security, but I agree that AS0 ROAs are useful and should be implemented. I would argue that RPKI is mostly harmless at best.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list