Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Fernando Frediani fhfrediani at gmail.com
Mon Jun 7 22:27:09 UTC 2021


AfriNic (or any other RIR) is the resource holder for IP space that IANA
has allocated to it. So who else could secure that space until it is
assigned to an organization issuing ROAs if not the current resource
holder ?

Must we have a policy accepted by either RIPE or ARIN first in order to
accept it in AfriNic afterwards ?
This is not a worry to the RIR, it is actually an additional guarantee
that no one else will try to make usage of IP space under its
responsability.

Fernando

On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:

>

> Dear Jordi,

>

> Just out of curiosity why has RIPE and ARIN refused to adopt the RPKI

> ROA and make it their responsibility that it is used by resource

> holder?. I will agree that RPKI ROA is a good tool to secure BGP

> routing, however I don't see as the responsibility of an RIR to

> implement it.

>

> My strong opinion is that any resource holder should be responsible

> for securing its resources and if RPKI ROA is the best way to prevent

> hijack, then it will enjoy patronage. Making it a job of AfriNIC, will

> possibly be going over board.

>

> Responding to my opening question, I believe RIPE and ARIN are not

> keen on accepting your arguments because they are mundane. This means

> resource holders should handle this issue, without making it a worry

> of the RIR.

>

> In this regard, AfriNIC should concentrate on handling other more

> important issues, hence this policy is not relevant.

>

>

> Simply

>

> Daniel

>

> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:

>>

>> Ni Mimi,

>>

>> No, is not ideological, the legal counsel already confirmed the being

>> bookkeepers has many other **related** implications, such as provide

>> a trustable source of accurate data, and this is what RPKI and AS0

>> improve.

>>

>> The fact that in RIPE has not been accepted yet is just one more

>> excuse, if you compare it with the fact that the other TWO RIRs where

>> it has been submitted (APNIC and LACNIC) accepted it and in none of

>> those regions there have been any of the excuses and lack of

>> knowledge about RPKI that we are hearing here. As I’ve explained

>> already, I don’t think the RIPE chairs decision was correct, and we

>> will make sure to resubmit the proposal there once a consistent

>> appeal process is available, in case chairs take again a wrong

>> decision. Also, then the experience in APNIC, LACNIC and AFRINIC will

>> show that those motivations are ridiculous.

>>

>> From time to time is good that ARIN and RIPE aren’t the leaders, you

>> don’t think so? It shows that very smart people exist in other

>> regions as well!

>>

>> Once more, sometimes policies in one or the other region fail to

>> reach consensus, but it happens sooner or later.

>>

>> If you have a simple and trustable tool such as RPKI to drop

>> invalids, you have a better way (if you want) to avoid bad actors to

>> use prefixes that don’t belong to them as they are still on the hands

>> of AFRINIC. This is just facts. Not ideological, not opinions or

>> personal view points. So yes, AS0 avoids, if you operate your network

>> in a consistent way, to be faked with prefixes not allocated/assigned

>> by AFRINIC, and thus helps to prevent hijacking.

>>

>> Regards,

>>

>> Jordi

>>

>> @jordipalet

>>

>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com

>> <mailto:dym5328 at gmail.com>> escribió:

>>

>> Dear WG,

>>

>> I think the issue here is ideological. Many people believe that RIRs

>> are mere bookkeepers, and it is not in their mandate to inject data

>> into the routing database. That is the reason why RIPE did not

>> approve a similar proposal, which I totally agree with. Moreover, I

>> wanted to react to Jordi’s statement, saying that these objections

>> are based on practical and technical matters. There is not only one

>> routing database, there are many, isn’t it kind of messy? And that is

>> not even the main reason why I object to this policy.

>>

>> From another perspective, since people can adjust and control their

>> routers, can you precise how this policy can potentially prevent/

>> reduce hijacking?

>>

>> Best.

>>

>> _______________________________________________ RPD mailing list

>> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

>>

>>

>> **********************************************

>> IPv4 is over

>> Are you ready for the new Internet ?

>> http://www.theipv6company.com

>> The IPv6 Company

>>

>> This electronic message contains information which may be privileged

>> or confidential. The information is intended to be for the exclusive

>> use of the individual(s) named above and further non-explicilty

>> authorized disclosure, copying, distribution or use of the contents

>> of this information, even if partially, including attached files, is

>> strictly prohibited and will be considered a criminal offense. If you

>> are not the intended recipient be aware that any disclosure, copying,

>> distribution or use of the contents of this information, even if

>> partially, including attached files, is strictly prohibited, will be

>> considered a criminal offense, so you must reply to the original

>> sender to inform about this communication and delete it.

>>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net

>> https://lists.afrinic.net/mailman/listinfo/rpd

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210607/95b7eb62/attachment-0001.html>


More information about the RPD mailing list