Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Mark Elkins mje at posix.co.za
Tue Jun 8 14:05:39 UTC 2021


1) I have on my laptop - RPD emails going back to November 2018 - and I
have never ever seen a post from jeffery_sky <jeffery_sky-99 at yahoo.com>
before (just checked).

2) The only information that is "being injected" is into the space that
AFRINIC has not yet allocated/assigned to any Member - which will just
make it easier on the few routers that look at RPKI information to see
that a very bad actor is using space that should not be visible on the
Internet at all. The only folk that this should bother is Bad Actors who
have using this unallocated /unassigned space on the Internet (thieves?)

I really don't understand the problem. All all the objectors thieves?
(wanting to use/route something that does not belong to them).

On 6/8/21 3:21 PM, jeffery_sky via RPD wrote:

> Hello,

> To clarify, these concerns are becoming repetitive due to the lack of

> adequate responses from the concerned stakeholders. Also, I want to

> address the fact that the real problem here is notRPKI in any way.

> What is really bothering me is that***RIR is injecti**ng its own data

> into RPKI*, which makes the previous argument about how signing space

> is invalid.Further, the usage of RPKI will lead toAS0 all unallocated

> space for you. Consequently, the routing changes.

> I understand that some of these concerns are repeated, but I think it

> is because they were not addressed properly. The responses provided

> are mainly vague and it seems to me that you are dodging the comments

> by bringing the Last call phase procedure and calling out the PDWG

> co-chairs.

> The last call phase is dedicated to this type of discussions, and if

> several people are not convinced, it simply means that the co-authors

> should try providing insightful responses that go straight to the

> point, not vague ones. If this vicious cycle and the lack of proper

> answers continues, consensus will never happen, and the policy cannot

> be implemented. Also, most of the raised objections have nothing to do

> with technicalities, therefore, they are meant to be discussed on the

> RPD. Finally, the arguments you perceive repeated, have not been

> received accurate replies, which means they will keep popping out.

> Consequently, the best thing to do, is to dig deeper in this proposal,

> instead of labelling the arguments as invalid.In the hope of receiving

> insightful answers...

>

> Best.

>

>

> On Tuesday, June 8, 2021, 9:40:10 PM GMT+9, Fernando Frediani

> <fhfrediani at gmail.com> wrote:

>

>

> +1

>

> Excelent and simple answer.

>

> Em 6/8/2021 3:01 AM, Frank Habicht escreveu:

> > Hi

> >

> > On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:

> >> Hi,

> >>

> >> Are you postulating here that Resources not allocated are

> susceptible to

> >> hijack?

> > - resources are susceptible to hijack.

> > - if a ROA with AS0 was published for an unallocated resource, it would

> >    be less susceptible to hijack.

> >

> >

> >> My other understanding is an RIR is a resource dispenser.

> > When I get my next resource from AfriNIC, I will prefer one that was not

> > previously hijacked and used for spamming and network abuse, and got

> > blacklisted and a bad reputation everywhere.

> >

> > What about you?

> >

> >

> > Thanks,

> > Frank

> >

> >

> >> Simply

> >> Daniel

> >>

> >> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani

> <fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>

> >> <mailto:fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>>> wrote:

> >>

> >>      AfriNic (or any other RIR) is the resource holder for IP space

> that

> >>      IANA has allocated to it. So who else could secure that space

> until

> >>      it is assigned to an organization issuing ROAs if not the current

> >>      resource holder ?

> >>

> >>      Must we have a policy accepted by either RIPE or ARIN first in

> order

> >>      to accept it in AfriNic afterwards ?

> >>      This is not a worry to the RIR, it is actually an additional

> >>      guarantee that no one else will try to make usage of IP space

> under

> >>      its responsability.

> >>

> >>      Fernando

> >>

> >>      On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:

> >>>      Dear Jordi,

> >>>

> >>>      Just out of curiosity why has RIPE and ARIN refused to adopt the

> >>>      RPKI ROA and make it their responsibility that it is used by

> >>>      resource holder?. I will agree that RPKI ROA is a good tool to

> >>>      secure BGP routing, however I don't see as the responsibility of

> >>>      an RIR to implement it.

> >>>

> >>>      My strong opinion is that any resource holder should be

> >>>      responsible for securing its resources and if RPKI ROA is the

> best

> >>>      way to prevent hijack, then it will enjoy patronage. Making it a

> >>>      job of AfriNIC, will possibly be going over board.

> >>>

> >>>      Responding to my opening question, I believe RIPE and ARIN

> are not

> >>>      keen on accepting your arguments because they are mundane. This

> >>>      means resource holders should handle this issue, without

> making it

> >>>      a worry of the RIR.

> >>>

> >>>      In this regard, AfriNIC should concentrate on handling other more

> >>>      important issues, hence this policy is not relevant.

> >>>

> >>>

> >>>      Simply

> >>>

> >>>      Daniel

> >>>

> >>>      On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:

> >>>>      Ni Mimi,____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      No, is not ideological, the legal counsel already confirmed the

> >>>>      being bookkeepers has many other **related** implications, such

> >>>>      as provide a trustable source of accurate data, and this is what

> >>>>      RPKI and AS0 improve.____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      The fact that in RIPE has not been accepted yet is just one more

> >>>>      excuse, if you compare it with the fact that the other TWO RIRs

> >>>>      where it has been submitted (APNIC and LACNIC) accepted it

> and in

> >>>>      none of those regions there have been any of the excuses and

> lack

> >>>>      of knowledge about RPKI that we are hearing here. As I’ve

> >>>>      explained already, I don’t think the RIPE chairs decision was

> >>>>      correct, and we will make sure to resubmit the proposal there

> >>>>      once a consistent appeal process is available, in case chairs

> >>>>      take again a wrong decision. Also, then the experience in APNIC,

> >>>>      LACNIC and AFRINIC will show that those motivations are

> >>>>      ridiculous.____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      From time to time is good that ARIN and RIPE aren’t the leaders,

> >>>>      you don’t think so? It shows that very smart people exist in

> >>>>      other regions as well!____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      Once more, sometimes policies in one or the other region fail to

> >>>>      reach consensus, but it happens sooner or later.____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      If you have a simple and trustable tool such as RPKI to drop

> >>>>      invalids, you have a better way (if you want) to avoid bad

> actors

> >>>>      to use prefixes that don’t belong to them as they are still on

> >>>>      the hands of AFRINIC. This is just facts. Not ideological, not

> >>>>      opinions or personal view points. So yes, AS0 avoids, if you

> >>>>      operate your network in a consistent way, to be faked with

> >>>>      prefixes not allocated/assigned by AFRINIC, and thus helps to

> >>>>      prevent hijacking.____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      Regards,____

> >>>>

> >>>>      Jordi____

> >>>>

> >>>>      @jordipalet____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      __ __

> >>>>

> >>>>      __ __

> >>>>

> >>>>      El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com

> <mailto:dym5328 at gmail.com>

> >>>>      <mailto:dym5328 at gmail.com <mailto:dym5328 at gmail.com>>>

> escribió:____

> >>>>

> >>>>      __ __

> >>>>

> >>>>      Dear WG,____

> >>>>

> >>>>       ____

> >>>>

> >>>>      I think the issue here is ideological. Many people believe that

> >>>>      RIRs are mere bookkeepers, and it is not in their mandate to

> >>>>      inject data into the routing database. That is the reason why

> >>>>      RIPE did not approve a similar proposal, which I totally agree

> >>>>      with. Moreover, I wanted to react to Jordi’s statement, saying

> >>>>      that these objections are based on practical and technical

> >>>>      matters. There is not only one routing database, there are many,

> >>>>      isn’t it kind of messy? And that is not even the main reason why

> >>>>      I object to this policy. ____

> >>>>

> >>>>      From another perspective, since people can adjust and control

> >>>>      their routers, can you precise how this policy can potentially

> >>>>      prevent/ reduce hijacking?____

> >>>>

> >>>>       ____

> >>>>

> >>>>      Best.____

> >>>>

> >>>> _______________________________________________ RPD mailing list

> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net

> <mailto:RPD at afrinic.net>>

> >>>> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

> >>>>      <https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>> ____

> >>>>

> >>>>

> >>>> **********************************************

> >>>>      IPv4 is over

> >>>>      Are you ready for the new Internet ?

> >>>> http://www.theipv6company.com <http://www.theipv6company.com

> ><http://www.theipv6company.com <http://www.theipv6company.com>>

> >>>>      The IPv6 Company

> >>>>

> >>>>      This electronic message contains information which may be

> >>>>      privileged or confidential. The information is intended to

> be for

> >>>>      the exclusive use of the individual(s) named above and further

> >>>>      non-explicilty authorized disclosure, copying, distribution or

> >>>>      use of the contents of this information, even if partially,

> >>>>      including attached files, is strictly prohibited and will be

> >>>>      considered a criminal offense. If you are not the intended

> >>>>      recipient be aware that any disclosure, copying, distribution or

> >>>>      use of the contents of this information, even if partially,

> >>>>      including attached files, is strictly prohibited, will be

> >>>>      considered a criminal offense, so you must reply to the original

> >>>>      sender to inform about this communication and delete it.

>

> >>>>

> >>>>

> >>>> _______________________________________________

> >>>>      RPD mailing list

> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net

> <mailto:RPD at afrinic.net>>

> >>>> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd

> ><https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>>

> >>> _______________________________________________

> >>>      RPD mailing list

> >>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net

> <mailto:RPD at afrinic.net>>

> >>> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd

> ><https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>>

> >> _______________________________________________

> >>      RPD mailing list

> >> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net

> <mailto:RPD at afrinic.net>>

> >> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

> >>      <https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>>

> >>

> >>

> >> _______________________________________________

> >> RPD mailing list

> >> RPD at afrinic.net <mailto:RPD at afrinic.net>

> >> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

> >>

> > _______________________________________________

> > RPD mailing list

> > RPD at afrinic.net <mailto:RPD at afrinic.net>

> > https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

--

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>

Posix SystemsVCARD for MJ Elkins

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e007e9bd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abessive_logo.jpg
Type: image/jpeg
Size: 6410 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e007e9bd/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: QR-MJElkins.png
Type: image/png
Size: 2163 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/e007e9bd/attachment-0001.png>


More information about the RPD mailing list