Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] [PDWG-Appeal] REPORT ON Appeal against the non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI R

Mike Burns mike at
Wed Mar 10 15:18:00 UTC 2021

This is an interesting discussion, but the problem is too large to be decided in this forum.

As I see it, there are two governance systems in place, and the intersection of these systems begs the question of which is the superior. This question has been elided in the past through careful behavior of judges on the one hand and RIR staff on the other. Both sides have been deferential in the hopes of avoiding that decision.

But this can’t last forever. ARIN uses the term “intersection of rights” when they discuss legacy rights versus registration rights. Legal governance has some say over legacy holdership rights, but RIR governance has some say over registration practices. Which controls? Nobody knows. I think labeling this as an “intersection of rights” is an attempt to paper over the problem. The label elucidates nothing regarding conflict resolution at these intersections.

Owen is correct that legal corporations are setup and certain powers necessarily delegated to them by the requirements of the Internet governance system. Fernando is correct that the Internet governance system came first, and caused the creation of the legal corporations to suit its needs.

So which system would dominate in a conflicted decision? The local legal system in which a particular RIR is incorporated or the global stake-holder-driven Internet governance system?

I have no answer except to rephrase the trope regarding the Pope’s divisions. How many guns does the Internet governance system have?


Mike Burns

From: Fernando Frediani <fhfrediani at>
Sent: Tuesday, March 09, 2021 6:06 PM
To: rpd at
Subject: Re: [rpd] [PDWG-Appeal] REPORT ON Appeal against the non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI R

Unfortunatelly, you keep confusing things and making certain assumptions that aren't correct.
First ARIN is an exotic scenario different from everything else. Thing that apply there (thankfully) don't apply to any other RIR.

Expedited process in LACNIC does NOT mean the same thing we are discussing here. Expedited process in LACNIC means shorter times for discussion, Chairs reviews, ratification by the Board to then be presented in a Public Forum afterwards (the last one is what makes it to be more expedited). Also and more importantly all this is fully covered by the PDP which has been previously approved by the community and ratified by the Board. Nowhere in the LACNIC PDP mentions anything related to the possibility that Board can adopt policies by itself without any input of the community, exactly as it is expected by ICP-2 a base condition for any RIR to start exist as a RIR to always have the involvement of all stakeholders.

It does not matter that bylaws give the Board authority to implement emergency policies. That is a void thing. Bylaws do not govern the PDP and will never. If someone one day had the idea to put that in the bylaws of any RIR that person probably didn't know what he was doing as that cannot exist in practice. If a Board would dare to assume they can do that by themselves they would put the RIR in big trouble against not only its own regional community but also international community that would seriously dispute that action.

I fail to understand why you seem to defend this prerogative is valid just because they are written in the bylaws. Have already discussed that bylaws govern the organization for legal effects only. Policy Development and Internet business in general concerns much broader audience is something that is much beyond the bylaws of an organization.


On 09/03/2021 19:46, Owen DeLong wrote:

It has already happened more than once within the ARIN region and in both cases, the boards emergency action was subsequently ratified by the AC based on positive feedback from the community.

I have not found examples of use of this emergency authority in other RIRs, though I believe the expedited community process has been used in LACNIC at least once.

APNIC put this slide deck out in 2013:

Policy Development Processes in the APNIC › assets › apnic-policy-process-ga4 <>

Search for Emergency and you will find a slide that clearly states that the bylaws in APNIC give the board authority to implement emergency policies. In fact, the bylaws grant the APNIC

EC even broader powers than that, Part V, section 30 paragraph “e”:

e. to consider broad Internet policy issues in order to ensure that APNIC’s policies and strategies fully respond to the constantly changing Internet environment;

RIPE appears to have no emergency process.

LACNIC has an expedited policy process, but it is community driven.

We’ve already covered the details of the AFRINIC Bylaws and what is specified there in previous posts.

On Mar 8, 2021, at 6:32 PM, Fernando Frediani <fhfrediani at <mailto:fhfrediani at> > wrote:

Hi Owen

I believe your understanding is very wrong regarding RIR prerogatives regarding PDP, but I will not continue this discussion as we are starting to go in circles.

I’m aware of this. I’ve presented documents, bylaws, and other information which shows my understanding to be correct. You continue to deny these facts, yet you’ve offered nothing concrete to support your position.

I just hope no Board on any RIR ever commit the mistake to believe they can make policies by themselves just because they believe this is their right to do for "some emergency or noble reason" and "for the good of community".

I think that the likelihood of a board going rogue in an RIR is relatively low, but even if that does happen, there are safeguards in place to limit how rogue they can go. In all cases, the membership can eventually replace a rogue board through the election process. Most of the emergency policy authorities of the board(s) have limits and/or requirements for subsequent review and usually ratification by the community of their actions. The community generally has the power to reverse any such policy through the applicable PDP.



On 08/03/2021 17:14, Owen DeLong wrote:

On Mar 3, 2021, at 18:15 , Fernando Frediani <fhfrediani at <mailto:fhfrediani at> > wrote:

Owen, I believe you are confusing things here. Perhaps you are applying some ARIN specific scenario you may know better to all other RIRs which is incorrect.

Please stop making assumptions about me. You are not correct.

AfriNic exist as any other institution and have a bylaws that govern the organization for legal and financial proposals within a country. But to be and operate as a RIR it must have some recognition from different stakeholders as for example community, other internet organizations and ICANN which requires certain standards of operation and which are much beyond what the bylaws do for the organization.

Actually, ICANN does not have the authority to sanction new RIRs. The IANA is involved in that process.

As I understand it, the empowered community through the NRO controls the awarding of the IANA functions contract which is currently awarded to ICANN and subcontracted too PTI. (I’m still not 100% clear on the relationship between ICANN and PTI).

Different from what you said that PDWG is NOT a concession that the Board give to the community. If it was like that and Board by its own could make up Internet policies by its own, the organization would certainly not be recognized as a RIR, but just a normal organization and those policies would be useless.

I did not say that the PDWG is a concession given to the community to the board. I stated that in terms of corporate governance and operation, any authority that the PDWG has is granted to it by the board and/or the bylaws of the organization.

This is technically true of every RIR, whether you like it or not. It’s also true that in order to become accredited through ICP-2, something like the PDWG must be a structural component of the organization at the time sanction is granted by the NRO and IANA.

It the Board of any RIR would ever call that prerogative to themselves alone the organization would still exist legally but it would lack community, other internet organizations and mainly ICANN (IANA/PRI whatever you may like to call) recognition as a RIR which MUST operate under certain standards which some of them are guided by ICP2 and which different from what you believe is the guide document not only to be used one-off to form a new RIR by for a RIR to remain recognized as such and operate within those principles.

That’s not entirely clear. I do agree that there is some power of ISPs to disregard the RIR system or a particular RIR and develop some other basis for registering unique numeric identifiers. However, I think that in reality, any such event occurring in any cohesive way would be nearly impossible in the most collegial of situations, let alone the current environment.

Or do you really thing that if any Board would retain the prerogative to make policies only by themselves the community, ICANN and even many of its members would still keep recognizing it as a RIR ?

Every RIR board has the prerogative to make policies by themselves (with the possible exception of RIPE-NCC, I have not reviewed their bylaws). It is rarely used, but every RIR has an emergency policy process where the board can enact a policy change. Each of those processes also has a procedure for subsequent review, input, comment, and/or revision/repeal by the community, but given that there is a limit to the speed with which the community can act and the boards have no such limitation, a board that wanted to act in bad faith could easily abuse this authority.

Therefore CPM is not and cannot be governed by any RIR bylaws and why Board cannot adopt policies unless that permission is given by the community after due process.

The CPM is absolutely governed by the bylaws and the board can absolutely do so. The CPM is a corporate operational document of the organization, whether you like it or not. Sure, the community could create some other structure with a fork of the CPM or even a brand new version and call that new structure authoritative for number resource registrations in the region. However, getting that new structure accepted by consensus of the community, let alone sanctioned under ICP-2 would be a pretty hard uphill battle.



On 03/03/2021 17:33, Owen DeLong wrote:


You are living in a fantasy world if you believe this. The bylaws are effectively the constitution
of the organization and are the primary document by which the organization is governed. The
Community does not have standing to control or override them, nor to change them. The
Membership may change the bylaws by resolution at a members meeting. The community

The community receives what powers it has by grant from the bylaws and/or the board. This is
the way that the corporate governance structure of AFRINIC is set up and as near as I can tell,
that’s true across the board of all of the RIRs with the possible exception of RIPE-NCC (though
I believe it’s actually true there as well, technically).

To the best of my knowledge, this structure is required for legal compliance in virtually ever
Jurisdiction and it is not (to the best of my knowledge) legally possible to create a structure
where an unaccountable community holds the fiduciary control of an organization (which
is what you are essentially claiming here).


On Mar 3, 2021, at 5:50 AM, Fernando Frediani <fhfrediani at <mailto:fhfrediani at> > wrote:

Owen, the Board does not have the power to modify the CPM even on a emergency basis. This applies on ARIN where you may be more used with but not here in AfriNic as the community didn't gave that prerogative to them and it does not matter they are the responsible for the RIR. CPM is not something regulated by the bylaws.


On 03/03/2021 04:09, Owen DeLong via RPD wrote:

Could the AFRINIC Board please explain this? The AC should not be under a gag order or prvented
from continuing its processing of the appeals on its docket (which are in progress as specified in the

Also, under the existing rules, it is my opinion that the AC should either reject this request to reconsider
or accept it in a timely manner. In the event they accept it, then this is an appeal that remains in progress
and is no longer complete and they should proceed with it despite the resignations as specified in the

We really must start following the rules we have established and not having the board and others
making up random new rules as they see fit.

If you don’t like the rules or feel that the rules do not fit the situation, then there are defined processes
by which they can be modified. Those processes have rules and exist to protect the rights of the
community as well as the board. The board has full power to modify the ToR or the CPM on an
emergency basis if needed, so there really is no excuse for not doing this properly.


On Mar 2, 2021, at 1:21 AM, paulos at <mailto:paulos at> wrote:


Please note that the Appeal Committee has been gagged by the Afrinic Board Chair and
hence is currently unable to handle such requests.


Dr Paulos Nyirenda

------- Forwarded message follows -------
Date sent: Mon, 01 Mar 2021 15:13:39 +0100
From: diren at <mailto:diren at>
To: pdwg-appeal at <mailto:pdwg-appeal at>
Subject: Re: [PDWG-Appeal] [rpd] REPORT ON Appeal against the non-consensus
determination on proposal AFPUB-2019-GEN-006-DRAFT02 (RPKI ROAs for
Unallocated and Unassigned AFRINIC Address Space

Good day! As you asked, I´ve collected to you several necessary
docs and
attached them to the email. If you really will want to find some info,
you know, whom to ask.

On 2021-02-07 20:48, wrote:

Could the Appeal Committee respond to this, and reconsider the work
they are doing, as I just explained in my previous email, taking the
inputs of the Recall Committee?




El 26/1/21 12:14, "JORDI PALET MARTINEZ via RPD" <mailto:rpd at> <rpd at>

In case the Appeal Committee is not subscribed to the RPD list.

Waiting for your response.




El 26/1/21 11:50, "JORDI PALET MARTINEZ"
<mailto:jordi.palet at> <jordi.palet at> escribi:

Hi Wafa, all,

First of all, dont take anything that I say personally, but in
general I see a total failure of the Appeal Committee and lack of
compliance with the PDP.

Your judgment must be on the grounds of a correct decision of the

In taking such decision the Appeal Committee must be based on facts,
never on personal opinions (from the community or the chairs or the
Appeal Committee itself). Being based on objective facts means
checking if what the policy proposal said, what were the objections,
and if those objections *are real*, not just illusions or lack of
knowledge or untrue or personal preferences.

If the Appeal Committee doesnt have the right knowledge, as I
already said I believe was the reason the chairs took the wrong
decision, then they should ask for help to the staff or third

Any objection to a policy proposal must be duly justified and that
justification not addressed by the authors or other community

Any policy proposal that has objections, the objections MUST BE
VALID, even if the objections come from 99% of the community. This
is not democracy, is not number of votes or voices, is based on
non-addressed objections. It is not based on untrue objections. None
of the objections to this policy proposal were valid. They are
mostly based on lack of sufficient knowledge, and never lack of
knowledge can be a VALID reason. Again, not only the authors, but
many other expert community members have confirmed that those
objections are invalid.

A policy proposal never can be based in I dont like it. You need
to state I dont like it because it breaks this RFC (for example).
And even in that cases authors can respond showing why the
perception of breaking this RFC is wrong (so addressing the
objection will nullify it). Policies are not based on personal
preferences, but in what is the best *technically correct choice*
for the community.

Last but not least, the Appeal Committee seems to be working as a
democratic body, which is wrong. ALL THE PDP is based in consensus
approach. The Appeal Committee must also follow that approach,
otherwise, it is breaking the ICP-2, which is the higher mandate of
how the policy making process works. If 3 members of the Appeal
Committee believe that the opposition was correct, they should
*demonstrate with facts why* and this must be done using the
responses provided by the authors and community to those objections.

If 3 members of the Appeal Committee believe that any of the
objections has not been addressed, they need to *demonstrate why*,
taking in consideration the community and author responses, and
those must be crystal clear in the report, which is not the case.

The Appeal Committee must respond to the authors, in a consensus
based approach, not a democratic one to all what the authors
confirmed in the Appeal Document.

Note also that there is a paragraph in the Appeal Report that
completely kills the PDP and demonstrates that the Appeal Committee

The 3 members who observed significant opposition to the policy,
however, also observed that it is the PDWG that builds consensus and
decides whether issues of opposition are addressed to the
satisfaction of the PDWG which is where the PDP requires that
consensus is assessed by the Co-Chairs.

The PDP states clearly that the Appeal Committee need to review the
chairs decision. If the chairs have considered as VALID objections
that OBJECTIVELY ARE INVALID, it is clear that the Appeal Committee
must declare the lack of consensus declaration is invalid, and
consequently, the proposal reached consensus.

Lets go the details and I ask the Appeal Committee to respond to
each of the objections included and refuted in the Appeal Document:

2.1. a. Allowing resource holders to create AS0/ ROA will lead to
an increase of even more invalid prefixes in the routing table

Following RFC6483, section 4 (A ROA with a subject of AS 0 (AS 0
ROA) is an attestation by the holder of a prefix that the prefix
described in the ROA, and any more specific prefix, should not be
used in a routing context) resource holders, as part of the RPKI
system already can and actually do this (example IXPs), in fact they
do. This has been explained several times, including my presentation
at the PPM. The proposal is just adding light about actual facts
regarding this aspect, not changing anything, so it cant be a valid
objection for the policy proposal.

2.2. b. Revocation time of AS0 state, and the time for new
allocation doesnt match

This is not true, again a misunderstanding about how RPKI works. The
authors and other several community experts have discussed this in
the list. If you get number resources from AFRINIC, normally you
dont announce them in minutes, or hours, or even days. There is
some work to do in your network, you need to do changes in systems
and routers, and this takes hours, and normally you cant touch
systems during the day, but only in maintenance windows in the
night. That means that if AFRINIC revokes an AS0 certificate, it
will be done in a few minutes during the day. So even if the
worldwide caches take hours to see that, there is no negative

In addition to that, this it can be improved thru implementation, as
I already explained also in the list. The staff could tentatively
release from the AS0 the resources that they plan to allocate once a
week or every couple of days, etc. For example, when they are
processing a request, and they are pending on final documentation,
the RSA signature for new members, or the review with the member of
the justified need. Many other examples can be provided about how to
do it. The proposal doesnt go into any of those details, because
the understanding is that those are too depth operational, and in
fact the staff could decide an approach during the implementation,
and based on experience improve it afterwards.

The conclusion is that there is no such matching, neither
unmatching, so this cant be taken as a valid objection for the

2.3. c. Other RIRs dont have a similar the policy therefore, it
can not be effective

All the policies have different discussions in different RIRs at
different times. This policy is already available (reached consensus
and implemented) in APNIC and LACNIC (reached consensus, being
implemented). There is work being done in ARIN and RIPE (the first
proposal was not accepted), not yet public. So, this is untrue if
you look at all the RIRs.

The effectivity of a policy is not only related to how many RIRs
implement it. In this case, any RIR having this policy is actually
stronger than the other RIRs not having it, in terms of routing
security. It shows the commitment of that RIR about the RPKI usage
with all its possibilities. It facilitates the operators in the
region and outside the region to identify in a simpler and automated
way, what prefixes should not be in the routing tables and
consequently allow them in an opt-in basis, to discard them. So, it
is in the other way around, any RIR with this policy could be said
that it is more effective (even if it is not probably the right
wording for this topic) that the others. We should rather say that
a RIR with this policy is offering a more secure view of their
routing information.

In addition to that, there are policies in AFRINIC which arent
available in other RIRs. That, clearly, doesnt make them invalid
(or in other words, this is an invalid objection is good that all
RIRs do the same, but is not always the case, or not at the same
time), clearly this shows that this cant be taken as a valid
objection against this policy proposal.

2.4. d. This will become a uniform policy if it is not globally
implemented, which causes additional stress

This is almost a duplicate of the previous one. Absolutely not. We
can add that the way we suggest the staff, and they confirmed, with
an independent TAL protects, as intended by the proposal, the
resources of the RIR implementing it, not creating any issues in
what is done in other RIRs to any operator, so it cant be taken as
a valid objection against this policy proposal.

It is difficult to understand what it means additional stress in
this context, but clearly, it will be in the other way around. As
more RIRs implement it, less manual work in terms of filtering, is
needed to be done by operators, if they opt to use the AS0 ROA
service from the RIRs that have implemented it. So, it is not
correct and thus, not a valid objection.

If the question is about if this policy should be a Global Policy,
the response has also been provided in the discussion. Ideally, a
Global Policy will be only able to protect the IANA unallocated
resources, but not the resources that IANA already allocated to each
RIR. In fact, Im already working (when time permits it will be made
public) in a Global Policy for that, but this is irrelevant versus
having a policy at every RIR (or a few of them), so again,
objectively not a valid objection.

2.5. e. Validity period: if members decide to implement it, is
it not better to recover the space if it is kept unused for too

This doesnt make sense, at least not as worded. This is not about
recovering space, no relation. It is the unused space hold by
AFRINIC, regardless of if it was never allocated/assigned, returned
by members, or recovered by AFRINIC. Once more, not a valid

2.6. f. How do we revoke the ROA? How long does it take to revoke
it (chain/ refreshing )?

This looks the same as 2.2 above. It doesnt matter in practice, if
it takes minutes or hours or even days. Community and staff provided
some facts about this, just to cite a couple of them: [1] [2]

2.7. g. What happens if AFRINIC accidentally issues a ROA for an
address in error?

What happens if AFRINIC accidentally issues a ROA without an address
already allocated to members?

Exactly the same if the existing RPKI fails, and thats why there
are monitoring systems in place and as reported by the staff impact
analysis, this proposal will ensure that the monitoring is improved,
so it is actually helping on the right direction, not in the other
way around.

Further to that, because the systems of operators have caches, it is
all depending (for the existing TAL and for the new one implemented
with this proposal) on how much time it takes to AFRINIC to resolve
the error and the specific configuration of the operators and if
they actually drop invalid prefixes or they only create alerts,
trigger some processes, etc. Note that RPKI doesnt force the
operators to drop the prefixes even if they are using RPKI, there
are different ways to take advantage of this.

This proposal doesn't change that, it is provided as an opt-in
service and consequently it is not a valid objection.

2.8. h. It also might affect the neighbours and involves
monitoring of unallocated spaces

It is not clear if neighbours here is referring to BGP peering ones.

The same monitoring that right now is done AFRINIC for
unallocated/unassigned spaces could be improved with this proposal.
AFRINIC already, today, needs to make sure that they get alerts if
unallocated/unassigned space appears in the routing tables, because
that may imply that a member may be violating the RSA, bylaws,
policies, etc.

Exactly the same as for operators connected to Internet with BGP.
The proposal allows them, as an opt-in service, to improve if they
wish, the automation of all that, and to use the service in the way
they decide. The proposal is not forcing operators any specific
usage for the service, it is entirely at their own

This proposal ensures that the service is improved so, hijacking of
unused space is less prone to occur, thats the purpose of the
proposal and RPKI, increase the routing security, without making it
mandatory for any operator. Consequently, once more, this cant be
considered a valid objection.

2.9. i. Possibility of it being used against a member who is yet
to pay dues

According to AFRINIC bylaws and RSA, AFRINIC has the obligation to
avoid members not paying to stop using the resources, so they are
available to other members.

It will be unfair and discriminatory to other members not doing so,
and thats the reason, even if we dont have this proposal, AFRINIC
could at any time, following the bylaws and RSA, do whatever
actions, including legal and technical ones, to make sure that
unallocated, or unassigned, or returned, or recovered resources are
not used. As part of those actions, AFRINIC could even ask in courts
to stop routing those resources, even to other operators. It is
AFRINIC duty, practically will probably not make sense in terms of
the cost (unless a major hijacking of AFRINIC resources occurs).
Most probably just the cooperation among operators, without any
legal requirement, will make that happen. So, this proposal doesnt
change that in the sense of adding to AFRINIC any new prerogative
because already have that right and duty regarding the responsible
use of the resources only to the allocated/assigned parties and in
compliance with the legal bindings.

To further explain this, if a member decides to stop paying,
AFRINIC, following legal bindings, will follow a procedure to try to
fix it, and if it doesnt succeed, will remove whois data (which in
turn will cause the removal of route objects that depend on them),
RDNS (which means the address space becomes in general unusable),

Clearly, once more, this cant be considered a valid objection, on
the other way around is a fundamental AFRINICs right and duty.

I urge you to respond to each of those objections, accepted by the
chairs to declare the lack of consensus, that the authors and other
community members DEMONSTRATED with OBJECTIVE information, are

Again, please, Appeal Committee members, respond OBJECTIVELY AND
detailed demonstration of why the Appeal Committee (not individual
members) say each of those objections has not been addressed, while
the authors and community believe otherwise.

This is what we expect from an Appeal Committee, to OBJECTIVELY
review what the chairs objserved, when the Appeal Document clearly
demonstrated that it is invalid and consequently the chairs took a
wrong decision, based on personal preferences of community members
or lack of knowledge, or other not objective or untrue facts.




El 22/1/21 13:59, "wafa Dahmani" <mailto:wafatn7604 at> <wafatn7604 at> escribi:

Dear Community,

This is to inform you that the Report on Appeal against the
non-consensus determination on proposal AFPUB-2019-GEN-006-DRAFT02
(RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space
Draft 2) and the minutes have been published following the links

Best Regards

Wafa Dahmani

Chair of the Appeal Committee

_______________________________________________ RPD mailing list
RPD at <mailto:RPD at>

IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company

This electronic message contains information which may be privileged
or confidential. The information is intended to be for the exclusive
use of the individual(s) named above and further non-explicilty
authorized disclosure, copying, distribution or use of the contents
of this information, even if partially, including attached files, is
strictly prohibited and will be considered a criminal offense. If
you are not the intended recipient be aware that any disclosure,
copying, distribution or use of the contents of this information,
even if partially, including attached files, is strictly prohibited,
will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.

_______________________________________________ RPD mailing list
RPD at <mailto:RPD at>
********************************************** IPv4 is over Are you
ready for the new Internet ? The IPv6

This electronic message contains information which may be privileged
or confidential. The information is intended to be for the exclusive
use of the individual(s) named above and further non-explicilty
authorized disclosure, copying, distribution or use of the contents
of this information, even if partially, including attached files, is
strictly prohibited and will be considered a criminal offense. If
you are not the intended recipient be aware that any disclosure,
copying, distribution or use of the contents of this information,
even if partially, including attached files, is strictly prohibited,
will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.


------- End of forwarded message -------

RPD mailing list
RPD at <mailto:RPD at>

RPD mailing list
RPD at <mailto:RPD at>

RPD mailing list
RPD at <mailto:RPD at>

RPD mailing list
RPD at <mailto:RPD at>

RPD mailing list
RPD at <mailto:RPD at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list