Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
John Hay
john at sanren.ac.za
Tue Jun 8 05:20:58 UTC 2021
Hi Daniel,
On Tue, 8 Jun 2021 at 00:55, Daniel Yakmut via RPD <rpd at afrinic.net> wrote:
> Hi,
>
> Are you postulating here that Resources not allocated are susceptible to
> hijack?
>
Yes we are.
> My other understanding is an RIR is a resource dispenser.
>
Yes that is true. So they are also the only ones that can say "we have not
dispensed these addresses yet". That is the purpose of ROAs, just to say,
we have not dispensed this yet.
Regards
John
> Simply
> Daniel
>
> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com>
> wrote:
>
>> AfriNic (or any other RIR) is the resource holder for IP space that IANA
>> has allocated to it. So who else could secure that space until it is
>> assigned to an organization issuing ROAs if not the current resource holder
>> ?
>>
>> Must we have a policy accepted by either RIPE or ARIN first in order to
>> accept it in AfriNic afterwards ?
>> This is not a worry to the RIR, it is actually an additional guarantee
>> that no one else will try to make usage of IP space under its
>> responsability.
>>
>> Fernando
>> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
>>
>> Dear Jordi,
>>
>> Just out of curiosity why has RIPE and ARIN refused to adopt the RPKI ROA
>> and make it their responsibility that it is used by resource holder?. I
>> will agree that RPKI ROA is a good tool to secure BGP routing, however I
>> don't see as the responsibility of an RIR to implement it.
>>
>> My strong opinion is that any resource holder should be responsible for
>> securing its resources and if RPKI ROA is the best way to prevent hijack,
>> then it will enjoy patronage. Making it a job of AfriNIC, will possibly be
>> going over board.
>>
>> Responding to my opening question, I believe RIPE and ARIN are not keen
>> on accepting your arguments because they are mundane. This means resource
>> holders should handle this issue, without making it a worry of the RIR.
>>
>> In this regard, AfriNIC should concentrate on handling other more
>> important issues, hence this policy is not relevant.
>>
>>
>> Simply
>>
>> Daniel
>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
>>
>> Ni Mimi,
>>
>>
>>
>> No, is not ideological, the legal counsel already confirmed the being
>> bookkeepers has many other **related** implications, such as provide a
>> trustable source of accurate data, and this is what RPKI and AS0 improve.
>>
>>
>>
>> The fact that in RIPE has not been accepted yet is just one more excuse,
>> if you compare it with the fact that the other TWO RIRs where it has been
>> submitted (APNIC and LACNIC) accepted it and in none of those regions there
>> have been any of the excuses and lack of knowledge about RPKI that we are
>> hearing here. As I’ve explained already, I don’t think the RIPE chairs
>> decision was correct, and we will make sure to resubmit the proposal there
>> once a consistent appeal process is available, in case chairs take again a
>> wrong decision. Also, then the experience in APNIC, LACNIC and AFRINIC will
>> show that those motivations are ridiculous.
>>
>>
>>
>> From time to time is good that ARIN and RIPE aren’t the leaders, you
>> don’t think so? It shows that very smart people exist in other regions as
>> well!
>>
>>
>>
>> Once more, sometimes policies in one or the other region fail to reach
>> consensus, but it happens sooner or later.
>>
>>
>>
>> If you have a simple and trustable tool such as RPKI to drop invalids,
>> you have a better way (if you want) to avoid bad actors to use prefixes
>> that don’t belong to them as they are still on the hands of AFRINIC. This
>> is just facts. Not ideological, not opinions or personal view points. So
>> yes, AS0 avoids, if you operate your network in a consistent way, to be
>> faked with prefixes not allocated/assigned by AFRINIC, and thus helps to
>> prevent hijacking.
>>
>>
>>
>> Regards,
>>
>> Jordi
>>
>> @jordipalet
>>
>>
>>
>>
>>
>>
>>
>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com> escribió:
>>
>>
>>
>> Dear WG,
>>
>>
>>
>> I think the issue here is ideological. Many people believe that RIRs are
>> mere bookkeepers, and it is not in their mandate to inject data into the
>> routing database. That is the reason why RIPE did not approve a similar
>> proposal, which I totally agree with. Moreover, I wanted to react to
>> Jordi’s statement, saying that these objections are based on practical and
>> technical matters. There is not only one routing database, there are many,
>> isn’t it kind of messy? And that is not even the main reason why I object
>> to this policy.
>>
>> From another perspective, since people can adjust and control their
>> routers, can you precise how this policy can potentially prevent/ reduce
>> hijacking?
>>
>>
>>
>> Best.
>>
>> _______________________________________________ RPD mailing list
>> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
>>
>> **********************************************
>> IPv4 is over
>> Are you ready for the new Internet ?
>> http://www.theipv6company.com
>> The IPv6 Company
>>
>> This electronic message contains information which may be privileged or
>> confidential. The information is intended to be for the exclusive use of
>> the individual(s) named above and further non-explicilty authorized
>> disclosure, copying, distribution or use of the contents of this
>> information, even if partially, including attached files, is strictly
>> prohibited and will be considered a criminal offense. If you are not the
>> intended recipient be aware that any disclosure, copying, distribution or
>> use of the contents of this information, even if partially, including
>> attached files, is strictly prohibited, will be considered a criminal
>> offense, so you must reply to the original sender to inform about this
>> communication and delete it.
>>
>>
>> _______________________________________________
>> RPD mailing listRPD at afrinic.nethttps://lists.afrinic.net/mailman/listinfo/rpd
>>
>>
>> _______________________________________________
>> RPD mailing listRPD at afrinic.nethttps://lists.afrinic.net/mailman/listinfo/rpd
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
>>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/eb0467ce/attachment-0001.html>
More information about the RPD
mailing list