[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[JORDI PALET MARTINEZ]

Hi Daniel,

 

As I’ve already explained, this proposal has never been submitted to ARIN, so it has never been rejected.

 

In RIPE there were discussions and objections, you can read all them in the archive. I just will tell my conclusions: Objections were not valid, however chairs accepted the objections. Note that at least one of the chairs was against the proposal. Appeals in RIPE are handled by chairs collective. That’s why, even I was not a co-author there, I considered appealing, but you may guess that it will have rejected. So because the appeal process and the PDP is being re-drafted, I will try again then.

 

As explained many times, this is part of the RIR job, because members can’t do that by themselves, in a way that it is automated, standard, safe and trustable.

 

Let’s not be naïve. Bad Internet actors can never be in favour of proposals that facilitate bad actions. Right? No more words needed!

 

Regards,

Jordi

@jordipalet

 

 

 

El 8/6/21 0:23, "Daniel Yakmut via RPD" <rpd at afrinic.net> escribió:

 

Dear Jordi, 

Just out of curiosity why has RIPE and ARIN refused to adopt the RPKI ROA and make it their responsibility that it is used by resource holder?. I will agree that RPKI ROA is a good tool to secure BGP routing, however I don't see as the responsibility of an RIR to implement it.

My strong opinion is that any resource holder should be responsible for securing its resources and if RPKI ROA is the best way to prevent hijack, then it will enjoy patronage. Making it a job of AfriNIC, will possibly be going over board.

Responding to my opening question, I believe RIPE and ARIN are not keen on accepting your arguments because they are mundane. This means resource holders should handle this issue, without making it a worry of the RIR.

In this regard, AfriNIC should concentrate on handling other more important issues, hence this policy is not relevant.

 

Simply

Daniel

On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:

Ni Mimi,

 

No, is not ideological, the legal counsel already confirmed the being bookkeepers has many other *related* implications, such as provide a trustable source of accurate data, and this is what RPKI and AS0 improve.

 

The fact that in RIPE has not been accepted yet is just one more excuse, if you compare it with the fact that the other TWO RIRs where it has been submitted (APNIC and LACNIC) accepted it and in none of those regions there have been any of the excuses and lack of knowledge about RPKI that we are hearing here. As I’ve explained already, I don’t think the RIPE chairs decision was correct, and we will make sure to resubmit the proposal there once a consistent appeal process is available, in case chairs take again a wrong decision. Also, then the experience in APNIC, LACNIC and AFRINIC will show that those motivations are ridiculous.

 


>From time to time is good that ARIN and RIPE aren’t the leaders, you don’t think so? It shows that very smart people exist in other regions as well!


 

Once more, sometimes policies in one or the other region fail to reach consensus, but it happens sooner or later.

 

If you have a simple and trustable tool such as RPKI to drop invalids, you have a better way (if you want) to avoid bad actors to use prefixes that don’t belong to them as they are still on the hands of AFRINIC. This is just facts. Not ideological, not opinions or personal view points. So yes, AS0 avoids, if you operate your network in a consistent way, to be faked with prefixes not allocated/assigned by AFRINIC, and thus helps to prevent hijacking.

 

Regards,

Jordi

@jordipalet

 

 

 

El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com> escribió:

 

Dear WG,

 

I think the issue here is ideological. Many people believe that RIRs are mere bookkeepers, and it is not in their mandate to inject data into the routing database. That is the reason why RIPE did not approve a similar proposal, which I totally agree with. Moreover, I wanted to react to Jordi’s statement, saying that these objections are based on practical and technical matters. There is not only one routing database, there are many, isn’t it kind of messy? And that is not even the main reason why I object to this policy. 


>From another perspective, since people can adjust and control their routers, can you precise how this policy can potentially prevent/ reduce hijacking?


 

Best.

_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd 


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.



_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/d846fc2c/attachment-0001.html>