Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Saul Stein saul at enetworks.co.za
Tue Jun 8 07:18:56 UTC 2021


Hi

I say this as an AFRINIC member who is affected by the policies that are either implemented or NOT implemented.

While I agree with the community, bottom up approach, I am starting to have an issue where the term “community” is a little stretched. By that, I mean people who are in or out of the region, with apparent little to no understanding of networks anonymously (gmail, representing themselves without us knowing what networks they run and or manage) holding the discussion and policy to ransom.

I have on issues with people who represent and run networks from anywhere willing to assist in the betterment of our policies.

As someone once said, with freedom, comes responsibility.

Just my 2c worth


From: JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
Sent: Tuesday, 08 June 2021 08:38
To: rpd at afrinic.net
Subject: Re: [rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

(semi-irony mode on)

Wow, so much difficult problem statement! Some possible responses:


1. Because some people don’t operate networks, or don’t do it properly?
2. Because some people aren’t interested in understanding it or not interested in measures to protect resources, because that will make easy to avoid their improper business models (or even maybe bad activities)?
3. Because some people are speaking on behalf others?

And all this explains inmature and unreaseanable objections not just to this policy proposal, but to any proposal that try to facilitate the accuracy of the RIRs and simplify the job of good faith operators in a standard way.

Policies aren’t meant to protect business, specially those against the overall community interest. If you’re doing something wrong or in the limit of what is acceptable, you don’t have interest in certain policies.

Regards,
Jordi
@jordipalet



El 8/6/21 8:24, "Mark Elkins" <mje at posix.co.za<mailto:mje at posix.co.za>> escribió:


Well said Frank!

I still don't understand why some people don't see this.
On 6/8/21 8:01 AM, Frank Habicht wrote:

Hi



On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:

Hi,



Are you postulating here that Resources not allocated are susceptible to

hijack?

- resources are susceptible to hijack.

- if a ROA with AS0 was published for an unallocated resource, it would

be less susceptible to hijack.





My other understanding is an RIR is a resource dispenser.

When I get my next resource from AfriNIC, I will prefer one that was not

previously hijacked and used for spamming and network abuse, and got

blacklisted and a bad reputation everywhere.



What about you?





Thanks,

Frank





Simply

Daniel



On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com<mailto:fhfrediani at gmail.com>

<mailto:fhfrediani at gmail.com><mailto:fhfrediani at gmail.com>> wrote:



AfriNic (or any other RIR) is the resource holder for IP space that

IANA has allocated to it. So who else could secure that space until

it is assigned to an organization issuing ROAs if not the current

resource holder ?



Must we have a policy accepted by either RIPE or ARIN first in order

to accept it in AfriNic afterwards ?

This is not a worry to the RIR, it is actually an additional

guarantee that no one else will try to make usage of IP space under

its responsability.



Fernando



On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:

Dear Jordi,



Just out of curiosity why has RIPE and ARIN refused to adopt the

RPKI ROA and make it their responsibility that it is used by

resource holder?. I will agree that RPKI ROA is a good tool to

secure BGP routing, however I don't see as the responsibility of

an RIR to implement it.



My strong opinion is that any resource holder should be

responsible for securing its resources and if RPKI ROA is the best

way to prevent hijack, then it will enjoy patronage. Making it a

job of AfriNIC, will possibly be going over board.



Responding to my opening question, I believe RIPE and ARIN are not

keen on accepting your arguments because they are mundane. This

means resource holders should handle this issue, without making it

a worry of the RIR.



In this regard, AfriNIC should concentrate on handling other more

important issues, hence this policy is not relevant.





Simply



Daniel



On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:

Ni Mimi,____



__ __



No, is not ideological, the legal counsel already confirmed the

being bookkeepers has many other **related** implications, such

as provide a trustable source of accurate data, and this is what

RPKI and AS0 improve.____



__ __



The fact that in RIPE has not been accepted yet is just one more

excuse, if you compare it with the fact that the other TWO RIRs

where it has been submitted (APNIC and LACNIC) accepted it and in

none of those regions there have been any of the excuses and lack

of knowledge about RPKI that we are hearing here. As I’ve

explained already, I don’t think the RIPE chairs decision was

correct, and we will make sure to resubmit the proposal there

once a consistent appeal process is available, in case chairs

take again a wrong decision. Also, then the experience in APNIC,

LACNIC and AFRINIC will show that those motivations are

ridiculous.____



__ __



From time to time is good that ARIN and RIPE aren’t the leaders,

you don’t think so? It shows that very smart people exist in

other regions as well!____



__ __



Once more, sometimes policies in one or the other region fail to

reach consensus, but it happens sooner or later.____



__ __



If you have a simple and trustable tool such as RPKI to drop

invalids, you have a better way (if you want) to avoid bad actors

to use prefixes that don’t belong to them as they are still on

the hands of AFRINIC. This is just facts. Not ideological, not

opinions or personal view points. So yes, AS0 avoids, if you

operate your network in a consistent way, to be faked with

prefixes not allocated/assigned by AFRINIC, and thus helps to

prevent hijacking.____



__ __



Regards,____



Jordi____



@jordipalet____



__ __



__ __



__ __



El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com<mailto:dym5328 at gmail.com>

<mailto:dym5328 at gmail.com><mailto:dym5328 at gmail.com>> escribió:____



__ __



Dear WG,____



____



I think the issue here is ideological. Many people believe that

RIRs are mere bookkeepers, and it is not in their mandate to

inject data into the routing database. That is the reason why

RIPE did not approve a similar proposal, which I totally agree

with. Moreover, I wanted to react to Jordi’s statement, saying

that these objections are based on practical and technical

matters. There is not only one routing database, there are many,

isn’t it kind of messy? And that is not even the main reason why

I object to this policy. ____



From another perspective, since people can adjust and control

their routers, can you precise how this policy can potentially

prevent/ reduce hijacking?____



____



Best.____



_______________________________________________ RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>

<https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd> ____





**********************************************

IPv4 is over

Are you ready for the new Internet ?

http://www.theipv6company.com<http://www.theipv6company.com> <http://www.theipv6company.com><http://www.theipv6company.com>

The IPv6 Company



This electronic message contains information which may be

privileged or confidential. The information is intended to be for

the exclusive use of the individual(s) named above and further

non-explicilty authorized disclosure, copying, distribution or

use of the contents of this information, even if partially,

including attached files, is strictly prohibited and will be

considered a criminal offense. If you are not the intended

recipient be aware that any disclosure, copying, distribution or

use of the contents of this information, even if partially,

including attached files, is strictly prohibited, will be

considered a criminal offense, so you must reply to the original

sender to inform about this communication and delete it.





_______________________________________________

RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd> <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>

_______________________________________________

RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd> <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>

_______________________________________________

RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>

<https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>





_______________________________________________

RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>



_______________________________________________

RPD mailing list

RPD at afrinic.net<mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
--

Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za<mailto:mje at posix.co.za> Tel: +27.826010496<tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za<https://ftth.posix.co.za>

[Posix Systems][VCARD for MJ Elkins]
_______________________________________________ RPD mailing list RPD at afrinic.net<mailto:RPD at afrinic.net> https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com>
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6411 bytes
Desc: image001.jpg
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13473 bytes
Desc: image002.png
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.png>


More information about the RPD mailing list