Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
Frank Habicht
geier at geier.ne.tz
Tue Jun 8 06:01:54 UTC 2021
Hi
On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
> Hi,
>
> Are you postulating here that Resources not allocated are susceptible to
> hijack?
- resources are susceptible to hijack.
- if a ROA with AS0 was published for an unallocated resource, it would
be less susceptible to hijack.
> My other understanding is an RIR is a resource dispenser.
When I get my next resource from AfriNIC, I will prefer one that was not
previously hijacked and used for spamming and network abuse, and got
blacklisted and a bad reputation everywhere.
What about you?
Thanks,
Frank
>
> Simply
> Daniel
>
> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com
> <mailto:fhfrediani at gmail.com>> wrote:
>
> AfriNic (or any other RIR) is the resource holder for IP space that
> IANA has allocated to it. So who else could secure that space until
> it is assigned to an organization issuing ROAs if not the current
> resource holder ?
>
> Must we have a policy accepted by either RIPE or ARIN first in order
> to accept it in AfriNic afterwards ?
> This is not a worry to the RIR, it is actually an additional
> guarantee that no one else will try to make usage of IP space under
> its responsability.
>
> Fernando
>
> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
>>
>> Dear Jordi,
>>
>> Just out of curiosity why has RIPE and ARIN refused to adopt the
>> RPKI ROA and make it their responsibility that it is used by
>> resource holder?. I will agree that RPKI ROA is a good tool to
>> secure BGP routing, however I don't see as the responsibility of
>> an RIR to implement it.
>>
>> My strong opinion is that any resource holder should be
>> responsible for securing its resources and if RPKI ROA is the best
>> way to prevent hijack, then it will enjoy patronage. Making it a
>> job of AfriNIC, will possibly be going over board.
>>
>> Responding to my opening question, I believe RIPE and ARIN are not
>> keen on accepting your arguments because they are mundane. This
>> means resource holders should handle this issue, without making it
>> a worry of the RIR.
>>
>> In this regard, AfriNIC should concentrate on handling other more
>> important issues, hence this policy is not relevant.
>>
>>
>> Simply
>>
>> Daniel
>>
>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
>>>
>>> Ni Mimi,____
>>>
>>> __ __
>>>
>>> No, is not ideological, the legal counsel already confirmed the
>>> being bookkeepers has many other **related** implications, such
>>> as provide a trustable source of accurate data, and this is what
>>> RPKI and AS0 improve.____
>>>
>>> __ __
>>>
>>> The fact that in RIPE has not been accepted yet is just one more
>>> excuse, if you compare it with the fact that the other TWO RIRs
>>> where it has been submitted (APNIC and LACNIC) accepted it and in
>>> none of those regions there have been any of the excuses and lack
>>> of knowledge about RPKI that we are hearing here. As I’ve
>>> explained already, I don’t think the RIPE chairs decision was
>>> correct, and we will make sure to resubmit the proposal there
>>> once a consistent appeal process is available, in case chairs
>>> take again a wrong decision. Also, then the experience in APNIC,
>>> LACNIC and AFRINIC will show that those motivations are
>>> ridiculous.____
>>>
>>> __ __
>>>
>>> From time to time is good that ARIN and RIPE aren’t the leaders,
>>> you don’t think so? It shows that very smart people exist in
>>> other regions as well!____
>>>
>>> __ __
>>>
>>> Once more, sometimes policies in one or the other region fail to
>>> reach consensus, but it happens sooner or later.____
>>>
>>> __ __
>>>
>>> If you have a simple and trustable tool such as RPKI to drop
>>> invalids, you have a better way (if you want) to avoid bad actors
>>> to use prefixes that don’t belong to them as they are still on
>>> the hands of AFRINIC. This is just facts. Not ideological, not
>>> opinions or personal view points. So yes, AS0 avoids, if you
>>> operate your network in a consistent way, to be faked with
>>> prefixes not allocated/assigned by AFRINIC, and thus helps to
>>> prevent hijacking.____
>>>
>>> __ __
>>>
>>> Regards,____
>>>
>>> Jordi____
>>>
>>> @jordipalet____
>>>
>>> __ __
>>>
>>> __ __
>>>
>>> __ __
>>>
>>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com
>>> <mailto:dym5328 at gmail.com>> escribió:____
>>>
>>> __ __
>>>
>>> Dear WG,____
>>>
>>> ____
>>>
>>> I think the issue here is ideological. Many people believe that
>>> RIRs are mere bookkeepers, and it is not in their mandate to
>>> inject data into the routing database. That is the reason why
>>> RIPE did not approve a similar proposal, which I totally agree
>>> with. Moreover, I wanted to react to Jordi’s statement, saying
>>> that these objections are based on practical and technical
>>> matters. There is not only one routing database, there are many,
>>> isn’t it kind of messy? And that is not even the main reason why
>>> I object to this policy. ____
>>>
>>> From another perspective, since people can adjust and control
>>> their routers, can you precise how this policy can potentially
>>> prevent/ reduce hijacking?____
>>>
>>> ____
>>>
>>> Best.____
>>>
>>> _______________________________________________ RPD mailing list
>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>> <https://lists.afrinic.net/mailman/listinfo/rpd> ____
>>>
>>>
>>> **********************************************
>>> IPv4 is over
>>> Are you ready for the new Internet ?
>>> http://www.theipv6company.com <http://www.theipv6company.com>
>>> The IPv6 Company
>>>
>>> This electronic message contains information which may be
>>> privileged or confidential. The information is intended to be for
>>> the exclusive use of the individual(s) named above and further
>>> non-explicilty authorized disclosure, copying, distribution or
>>> use of the contents of this information, even if partially,
>>> including attached files, is strictly prohibited and will be
>>> considered a criminal offense. If you are not the intended
>>> recipient be aware that any disclosure, copying, distribution or
>>> use of the contents of this information, even if partially,
>>> including attached files, is strictly prohibited, will be
>>> considered a criminal offense, so you must reply to the original
>>> sender to inform about this communication and delete it.
>>>
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
More information about the RPD
mailing list