[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[Amreesh Phokeer]

Hi,

I believe it is fair to assume and trust that AFRINIC 'as a registry', will
put all the necessary checks and balances in place to prevent a human or
even the system to create AS0 ROAs with assigned space. It is the same
checks and balances that AFRINIC has been operating on their current RPKI
and WHOIS systems, so based on that, it is reasonable to assume they will
do what it takes to ensure consistency.

I think there is a repeated misunderstanding that "AFRINIC will inject data
in the routing database". Maybe it's important to clarify here:
1. AFRINIC operates an RPKI CA, through which ROAs are created, which are
made available in a public repository (this is not the routing database)
2. RPKI Validators run validation on the RPKI repositories and produce a
list of validated ROAs.
3. Operators may then decide (OR NOT) to use the validated ROAs against the
announcements they are receiving to decide (OR NOT) to drop the invalid
announcements.

So, AFRINIC is not injecting any data in the routing table, it is simply
operating an RPKI CA and maintaining a public repository. The decision to
use AFRINIC repository is the operator's and only the operator's decision.

It's interesting to see how old arguments that "RIR should not participate
in the routing process" are re-surfacing. We should not forget that AFRINIC *is
already operating* an IRR and RPKI service - as per IETF standards.

Regards,
Amreesh

On Sun, Jun 6, 2021 at 9:44 PM Anthony Ubah <ubah.tonyiyke at gmail.com> wrote:


> Hello Noah,

>

>

> Here's my point.

>

> Is there a possibility for error?

>

> Albeit small, can we call that a risk?

>

> If so, what mechanisms are in place to manage and mitigating.

>

>

> Kind regards,

>

> Anthony

>

>

> On Sun, Jun 6, 2021, 1:30 PM Noah <noah at neo.co.tz> wrote:

>

>>

>>

>> On Sun, 6 Jun 2021, 18:57 Anthony Ubah, <ubah.tonyiyke at gmail.com> wrote:

>>

>>> Dear PDWG,

>>>

>>> I directed a question to the Legal team at the hearing of this policy,

>>> multiple times, and it was inexplicably ignored by Jordi, the Co-chairs and

>>> perhaps the legal team, and I still sought clarity on it.

>>>

>>

>> Read the impact analysis. Legal had no comment btw.

>>

>>

>>> My question remains; In a situation where, due to human or machine error

>>> AS0 is injected by AFRINIC on already assigned resources

>>>

>>

>>

>> Impact on members

>>

>> No impact on members resources as the AS0 ROAs will be created on

>> unallocated and unassigned IPv4 and IPv6 resources. AFRINIC will ensure

>> that the RPKI ROA or ROAs with origin AS0 covering the space will first

>> have to be revoked AND not be visible in the repositories before the

>> allocation/assignment can happen to a Resource Member.

>>

>>

>> Noah

>>

>>> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

>



-- 
Amreesh Phokeer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210606/126fe2c4/attachment.html>