Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
Saul Stein
saul at enetworks.co.za
Tue Jun 8 07:18:56 UTC 2021
Hi
I say this as an AFRINIC member who is affected by the policies that are either implemented or NOT implemented.
While I agree with the community, bottom up approach, I am starting to have an issue where the term “community” is a little stretched. By that, I mean people who are in or out of the region, with apparent little to no understanding of networks anonymously (gmail, representing themselves without us knowing what networks they run and or manage) holding the discussion and policy to ransom.
I have on issues with people who represent and run networks from anywhere willing to assist in the betterment of our policies.
As someone once said, with freedom, comes responsibility.
Just my 2c worth
From: JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
Sent: Tuesday, 08 June 2021 08:38
To: rpd at afrinic.net
Subject: Re: [rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
(semi-irony mode on)
Wow, so much difficult problem statement! Some possible responses:
1. Because some people don’t operate networks, or don’t do it properly?
2. Because some people aren’t interested in understanding it or not interested in measures to protect resources, because that will make easy to avoid their improper business models (or even maybe bad activities)?
3. Because some people are speaking on behalf others?
And all this explains inmature and unreaseanable objections not just to this policy proposal, but to any proposal that try to facilitate the accuracy of the RIRs and simplify the job of good faith operators in a standard way.
Policies aren’t meant to protect business, specially those against the overall community interest. If you’re doing something wrong or in the limit of what is acceptable, you don’t have interest in certain policies.
Regards,
Jordi
@jordipalet
El 8/6/21 8:24, "Mark Elkins" <mje at posix.co.za<mailto:mje at posix.co.za>> escribió:
Well said Frank!
I still don't understand why some people don't see this.
On 6/8/21 8:01 AM, Frank Habicht wrote:
Hi
On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
Hi,
Are you postulating here that Resources not allocated are susceptible to
hijack?
- resources are susceptible to hijack.
- if a ROA with AS0 was published for an unallocated resource, it would
be less susceptible to hijack.
My other understanding is an RIR is a resource dispenser.
When I get my next resource from AfriNIC, I will prefer one that was not
previously hijacked and used for spamming and network abuse, and got
blacklisted and a bad reputation everywhere.
What about you?
Thanks,
Frank
Simply
Daniel
On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com<mailto:fhfrediani at gmail.com>
<mailto:fhfrediani at gmail.com><mailto:fhfrediani at gmail.com>> wrote:
AfriNic (or any other RIR) is the resource holder for IP space that
IANA has allocated to it. So who else could secure that space until
it is assigned to an organization issuing ROAs if not the current
resource holder ?
Must we have a policy accepted by either RIPE or ARIN first in order
to accept it in AfriNic afterwards ?
This is not a worry to the RIR, it is actually an additional
guarantee that no one else will try to make usage of IP space under
its responsability.
Fernando
On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
Dear Jordi,
Just out of curiosity why has RIPE and ARIN refused to adopt the
RPKI ROA and make it their responsibility that it is used by
resource holder?. I will agree that RPKI ROA is a good tool to
secure BGP routing, however I don't see as the responsibility of
an RIR to implement it.
My strong opinion is that any resource holder should be
responsible for securing its resources and if RPKI ROA is the best
way to prevent hijack, then it will enjoy patronage. Making it a
job of AfriNIC, will possibly be going over board.
Responding to my opening question, I believe RIPE and ARIN are not
keen on accepting your arguments because they are mundane. This
means resource holders should handle this issue, without making it
a worry of the RIR.
In this regard, AfriNIC should concentrate on handling other more
important issues, hence this policy is not relevant.
Simply
Daniel
On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
Ni Mimi,____
__ __
No, is not ideological, the legal counsel already confirmed the
being bookkeepers has many other **related** implications, such
as provide a trustable source of accurate data, and this is what
RPKI and AS0 improve.____
__ __
The fact that in RIPE has not been accepted yet is just one more
excuse, if you compare it with the fact that the other TWO RIRs
where it has been submitted (APNIC and LACNIC) accepted it and in
none of those regions there have been any of the excuses and lack
of knowledge about RPKI that we are hearing here. As I’ve
explained already, I don’t think the RIPE chairs decision was
correct, and we will make sure to resubmit the proposal there
once a consistent appeal process is available, in case chairs
take again a wrong decision. Also, then the experience in APNIC,
LACNIC and AFRINIC will show that those motivations are
ridiculous.____
__ __
From time to time is good that ARIN and RIPE aren’t the leaders,
you don’t think so? It shows that very smart people exist in
other regions as well!____
__ __
Once more, sometimes policies in one or the other region fail to
reach consensus, but it happens sooner or later.____
__ __
If you have a simple and trustable tool such as RPKI to drop
invalids, you have a better way (if you want) to avoid bad actors
to use prefixes that don’t belong to them as they are still on
the hands of AFRINIC. This is just facts. Not ideological, not
opinions or personal view points. So yes, AS0 avoids, if you
operate your network in a consistent way, to be faked with
prefixes not allocated/assigned by AFRINIC, and thus helps to
prevent hijacking.____
__ __
Regards,____
Jordi____
@jordipalet____
__ __
__ __
__ __
El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com<mailto:dym5328 at gmail.com>
<mailto:dym5328 at gmail.com><mailto:dym5328 at gmail.com>> escribió:____
__ __
Dear WG,____
____
I think the issue here is ideological. Many people believe that
RIRs are mere bookkeepers, and it is not in their mandate to
inject data into the routing database. That is the reason why
RIPE did not approve a similar proposal, which I totally agree
with. Moreover, I wanted to react to Jordi’s statement, saying
that these objections are based on practical and technical
matters. There is not only one routing database, there are many,
isn’t it kind of messy? And that is not even the main reason why
I object to this policy. ____
From another perspective, since people can adjust and control
their routers, can you precise how this policy can potentially
prevent/ reduce hijacking?____
____
Best.____
_______________________________________________ RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
<https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd> ____
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com> <http://www.theipv6company.com><http://www.theipv6company.com>
The IPv6 Company
This electronic message contains information which may be
privileged or confidential. The information is intended to be for
the exclusive use of the individual(s) named above and further
non-explicilty authorized disclosure, copying, distribution or
use of the contents of this information, even if partially,
including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended
recipient be aware that any disclosure, copying, distribution or
use of the contents of this information, even if partially,
including attached files, is strictly prohibited, will be
considered a criminal offense, so you must reply to the original
sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd> <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd> <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net><mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
<https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net<mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za<mailto:mje at posix.co.za> Tel: +27.826010496<tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za<https://ftth.posix.co.za>
[Posix Systems][VCARD for MJ Elkins]
_______________________________________________ RPD mailing list RPD at afrinic.net<mailto:RPD at afrinic.net> https://lists.afrinic.net/mailman/listinfo/rpd<https://lists.afrinic.net/mailman/listinfo/rpd>
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com>
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6411 bytes
Desc: image001.jpg
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13473 bytes
Desc: image002.png
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e0490d2b/attachment-0001.png>
More information about the RPD
mailing list