Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
Fernando Frediani
fhfrediani at gmail.com
Tue Jun 8 12:38:41 UTC 2021
+1
Excelent and simple answer.
Em 6/8/2021 3:01 AM, Frank Habicht escreveu:
> Hi
>
> On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
>> Hi,
>>
>> Are you postulating here that Resources not allocated are susceptible to
>> hijack?
> - resources are susceptible to hijack.
> - if a ROA with AS0 was published for an unallocated resource, it would
> be less susceptible to hijack.
>
>
>> My other understanding is an RIR is a resource dispenser.
> When I get my next resource from AfriNIC, I will prefer one that was not
> previously hijacked and used for spamming and network abuse, and got
> blacklisted and a bad reputation everywhere.
>
> What about you?
>
>
> Thanks,
> Frank
>
>
>> Simply
>> Daniel
>>
>> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com
>> <mailto:fhfrediani at gmail.com>> wrote:
>>
>> AfriNic (or any other RIR) is the resource holder for IP space that
>> IANA has allocated to it. So who else could secure that space until
>> it is assigned to an organization issuing ROAs if not the current
>> resource holder ?
>>
>> Must we have a policy accepted by either RIPE or ARIN first in order
>> to accept it in AfriNic afterwards ?
>> This is not a worry to the RIR, it is actually an additional
>> guarantee that no one else will try to make usage of IP space under
>> its responsability.
>>
>> Fernando
>>
>> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
>>> Dear Jordi,
>>>
>>> Just out of curiosity why has RIPE and ARIN refused to adopt the
>>> RPKI ROA and make it their responsibility that it is used by
>>> resource holder?. I will agree that RPKI ROA is a good tool to
>>> secure BGP routing, however I don't see as the responsibility of
>>> an RIR to implement it.
>>>
>>> My strong opinion is that any resource holder should be
>>> responsible for securing its resources and if RPKI ROA is the best
>>> way to prevent hijack, then it will enjoy patronage. Making it a
>>> job of AfriNIC, will possibly be going over board.
>>>
>>> Responding to my opening question, I believe RIPE and ARIN are not
>>> keen on accepting your arguments because they are mundane. This
>>> means resource holders should handle this issue, without making it
>>> a worry of the RIR.
>>>
>>> In this regard, AfriNIC should concentrate on handling other more
>>> important issues, hence this policy is not relevant.
>>>
>>>
>>> Simply
>>>
>>> Daniel
>>>
>>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
>>>> Ni Mimi,____
>>>>
>>>> __ __
>>>>
>>>> No, is not ideological, the legal counsel already confirmed the
>>>> being bookkeepers has many other **related** implications, such
>>>> as provide a trustable source of accurate data, and this is what
>>>> RPKI and AS0 improve.____
>>>>
>>>> __ __
>>>>
>>>> The fact that in RIPE has not been accepted yet is just one more
>>>> excuse, if you compare it with the fact that the other TWO RIRs
>>>> where it has been submitted (APNIC and LACNIC) accepted it and in
>>>> none of those regions there have been any of the excuses and lack
>>>> of knowledge about RPKI that we are hearing here. As I’ve
>>>> explained already, I don’t think the RIPE chairs decision was
>>>> correct, and we will make sure to resubmit the proposal there
>>>> once a consistent appeal process is available, in case chairs
>>>> take again a wrong decision. Also, then the experience in APNIC,
>>>> LACNIC and AFRINIC will show that those motivations are
>>>> ridiculous.____
>>>>
>>>> __ __
>>>>
>>>> From time to time is good that ARIN and RIPE aren’t the leaders,
>>>> you don’t think so? It shows that very smart people exist in
>>>> other regions as well!____
>>>>
>>>> __ __
>>>>
>>>> Once more, sometimes policies in one or the other region fail to
>>>> reach consensus, but it happens sooner or later.____
>>>>
>>>> __ __
>>>>
>>>> If you have a simple and trustable tool such as RPKI to drop
>>>> invalids, you have a better way (if you want) to avoid bad actors
>>>> to use prefixes that don’t belong to them as they are still on
>>>> the hands of AFRINIC. This is just facts. Not ideological, not
>>>> opinions or personal view points. So yes, AS0 avoids, if you
>>>> operate your network in a consistent way, to be faked with
>>>> prefixes not allocated/assigned by AFRINIC, and thus helps to
>>>> prevent hijacking.____
>>>>
>>>> __ __
>>>>
>>>> Regards,____
>>>>
>>>> Jordi____
>>>>
>>>> @jordipalet____
>>>>
>>>> __ __
>>>>
>>>> __ __
>>>>
>>>> __ __
>>>>
>>>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com
>>>> <mailto:dym5328 at gmail.com>> escribió:____
>>>>
>>>> __ __
>>>>
>>>> Dear WG,____
>>>>
>>>> ____
>>>>
>>>> I think the issue here is ideological. Many people believe that
>>>> RIRs are mere bookkeepers, and it is not in their mandate to
>>>> inject data into the routing database. That is the reason why
>>>> RIPE did not approve a similar proposal, which I totally agree
>>>> with. Moreover, I wanted to react to Jordi’s statement, saying
>>>> that these objections are based on practical and technical
>>>> matters. There is not only one routing database, there are many,
>>>> isn’t it kind of messy? And that is not even the main reason why
>>>> I object to this policy. ____
>>>>
>>>> From another perspective, since people can adjust and control
>>>> their routers, can you precise how this policy can potentially
>>>> prevent/ reduce hijacking?____
>>>>
>>>> ____
>>>>
>>>> Best.____
>>>>
>>>> _______________________________________________ RPD mailing list
>>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>> <https://lists.afrinic.net/mailman/listinfo/rpd> ____
>>>>
>>>>
>>>> **********************************************
>>>> IPv4 is over
>>>> Are you ready for the new Internet ?
>>>> http://www.theipv6company.com <http://www.theipv6company.com>
>>>> The IPv6 Company
>>>>
>>>> This electronic message contains information which may be
>>>> privileged or confidential. The information is intended to be for
>>>> the exclusive use of the individual(s) named above and further
>>>> non-explicilty authorized disclosure, copying, distribution or
>>>> use of the contents of this information, even if partially,
>>>> including attached files, is strictly prohibited and will be
>>>> considered a criminal offense. If you are not the intended
>>>> recipient be aware that any disclosure, copying, distribution or
>>>> use of the contents of this information, even if partially,
>>>> including attached files, is strictly prohibited, will be
>>>> considered a criminal offense, so you must reply to the original
>>>> sender to inform about this communication and delete it.
>>>>
>>>>
>>>> _______________________________________________
>>>> RPD mailing list
>>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>>>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>>
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
>>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
More information about the RPD
mailing list