Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
Mark Elkins
mje at posix.co.za
Tue Jun 8 14:35:19 UTC 2021
Looking at this post - I should not have used the word Thief. Can't
think of a suitable alternative at the moment - I have a horrid headache
and the Nurofen has not yet kicked in. I apologise if anyone is offended.
On 6/8/21 4:05 PM, Mark Elkins wrote:
>
> 1) I have on my laptop - RPD emails going back to November 2018 - and
> I have never ever seen a post from jeffery_sky
> <jeffery_sky-99 at yahoo.com> before (just checked).
>
> 2) The only information that is "being injected" is into the space
> that AFRINIC has not yet allocated/assigned to any Member - which will
> just make it easier on the few routers that look at RPKI information
> to see that a very bad actor is using space that should not be visible
> on the Internet at all. The only folk that this should bother is Bad
> Actors who have using this unallocated /unassigned space on the
> Internet (thieves?)
>
> I really don't understand the problem. All all the objectors thieves?
> (wanting to use/route something that does not belong to them).
>
> On 6/8/21 3:21 PM, jeffery_sky via RPD wrote:
>> Hello,
>> To clarify, these concerns are becoming repetitive due to the lack of
>> adequate responses from the concerned stakeholders. Also, I want to
>> address the fact that the real problem here is notRPKI in any way.
>> What is really bothering me is that***RIR is injecti**ng its own data
>> into RPKI*, which makes the previous argument about how signing space
>> is invalid.Further, the usage of RPKI will lead toAS0 all unallocated
>> space for you. Consequently, the routing changes.
>> I understand that some of these concerns are repeated, but I think it
>> is because they were not addressed properly. The responses provided
>> are mainly vague and it seems to me that you are dodging the comments
>> by bringing the Last call phase procedure and calling out the PDWG
>> co-chairs.
>> The last call phase is dedicated to this type of discussions, and if
>> several people are not convinced, it simply means that the co-authors
>> should try providing insightful responses that go straight to the
>> point, not vague ones. If this vicious cycle and the lack of proper
>> answers continues, consensus will never happen, and the policy cannot
>> be implemented. Also, most of the raised objections have nothing to
>> do with technicalities, therefore, they are meant to be discussed on
>> the RPD. Finally, the arguments you perceive repeated, have not been
>> received accurate replies, which means they will keep popping out.
>> Consequently, the best thing to do, is to dig deeper in this
>> proposal, instead of labelling the arguments as invalid.In the hope
>> of receiving insightful answers...
>>
>> Best.
>>
>>
>> On Tuesday, June 8, 2021, 9:40:10 PM GMT+9, Fernando Frediani
>> <fhfrediani at gmail.com> wrote:
>>
>>
>> +1
>>
>> Excelent and simple answer.
>>
>> Em 6/8/2021 3:01 AM, Frank Habicht escreveu:
>> > Hi
>> >
>> > On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
>> >> Hi,
>> >>
>> >> Are you postulating here that Resources not allocated are
>> susceptible to
>> >> hijack?
>> > - resources are susceptible to hijack.
>> > - if a ROA with AS0 was published for an unallocated resource, it would
>> > be less susceptible to hijack.
>> >
>> >
>> >> My other understanding is an RIR is a resource dispenser.
>> > When I get my next resource from AfriNIC, I will prefer one that
>> was not
>> > previously hijacked and used for spamming and network abuse, and got
>> > blacklisted and a bad reputation everywhere.
>> >
>> > What about you?
>> >
>> >
>> > Thanks,
>> > Frank
>> >
>> >
>> >> Simply
>> >> Daniel
>> >>
>> >> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani
>> <fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>
>> >> <mailto:fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>>> wrote:
>> >>
>> >> AfriNic (or any other RIR) is the resource holder for IP
>> space that
>> >> IANA has allocated to it. So who else could secure that space
>> until
>> >> it is assigned to an organization issuing ROAs if not the current
>> >> resource holder ?
>> >>
>> >> Must we have a policy accepted by either RIPE or ARIN first
>> in order
>> >> to accept it in AfriNic afterwards ?
>> >> This is not a worry to the RIR, it is actually an additional
>> >> guarantee that no one else will try to make usage of IP space
>> under
>> >> its responsability.
>> >>
>> >> Fernando
>> >>
>> >> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
>> >>> Dear Jordi,
>> >>>
>> >>> Just out of curiosity why has RIPE and ARIN refused to adopt the
>> >>> RPKI ROA and make it their responsibility that it is used by
>> >>> resource holder?. I will agree that RPKI ROA is a good tool to
>> >>> secure BGP routing, however I don't see as the responsibility of
>> >>> an RIR to implement it.
>> >>>
>> >>> My strong opinion is that any resource holder should be
>> >>> responsible for securing its resources and if RPKI ROA is
>> the best
>> >>> way to prevent hijack, then it will enjoy patronage. Making it a
>> >>> job of AfriNIC, will possibly be going over board.
>> >>>
>> >>> Responding to my opening question, I believe RIPE and ARIN
>> are not
>> >>> keen on accepting your arguments because they are mundane. This
>> >>> means resource holders should handle this issue, without
>> making it
>> >>> a worry of the RIR.
>> >>>
>> >>> In this regard, AfriNIC should concentrate on handling other
>> more
>> >>> important issues, hence this policy is not relevant.
>> >>>
>> >>>
>> >>> Simply
>> >>>
>> >>> Daniel
>> >>>
>> >>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
>> >>>> Ni Mimi,____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> No, is not ideological, the legal counsel already confirmed the
>> >>>> being bookkeepers has many other **related** implications, such
>> >>>> as provide a trustable source of accurate data, and this is
>> what
>> >>>> RPKI and AS0 improve.____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> The fact that in RIPE has not been accepted yet is just one
>> more
>> >>>> excuse, if you compare it with the fact that the other TWO RIRs
>> >>>> where it has been submitted (APNIC and LACNIC) accepted it
>> and in
>> >>>> none of those regions there have been any of the excuses
>> and lack
>> >>>> of knowledge about RPKI that we are hearing here. As I’ve
>> >>>> explained already, I don’t think the RIPE chairs decision was
>> >>>> correct, and we will make sure to resubmit the proposal there
>> >>>> once a consistent appeal process is available, in case chairs
>> >>>> take again a wrong decision. Also, then the experience in
>> APNIC,
>> >>>> LACNIC and AFRINIC will show that those motivations are
>> >>>> ridiculous.____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> From time to time is good that ARIN and RIPE aren’t the
>> leaders,
>> >>>> you don’t think so? It shows that very smart people exist in
>> >>>> other regions as well!____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> Once more, sometimes policies in one or the other region
>> fail to
>> >>>> reach consensus, but it happens sooner or later.____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> If you have a simple and trustable tool such as RPKI to drop
>> >>>> invalids, you have a better way (if you want) to avoid bad
>> actors
>> >>>> to use prefixes that don’t belong to them as they are still on
>> >>>> the hands of AFRINIC. This is just facts. Not ideological, not
>> >>>> opinions or personal view points. So yes, AS0 avoids, if you
>> >>>> operate your network in a consistent way, to be faked with
>> >>>> prefixes not allocated/assigned by AFRINIC, and thus helps to
>> >>>> prevent hijacking.____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> Regards,____
>> >>>>
>> >>>> Jordi____
>> >>>>
>> >>>> @jordipalet____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com
>> <mailto:dym5328 at gmail.com>
>> >>>> <mailto:dym5328 at gmail.com <mailto:dym5328 at gmail.com>>>
>> escribió:____
>> >>>>
>> >>>> __ __
>> >>>>
>> >>>> Dear WG,____
>> >>>>
>> >>>> ____
>> >>>>
>> >>>> I think the issue here is ideological. Many people believe that
>> >>>> RIRs are mere bookkeepers, and it is not in their mandate to
>> >>>> inject data into the routing database. That is the reason why
>> >>>> RIPE did not approve a similar proposal, which I totally agree
>> >>>> with. Moreover, I wanted to react to Jordi’s statement, saying
>> >>>> that these objections are based on practical and technical
>> >>>> matters. There is not only one routing database, there are
>> many,
>> >>>> isn’t it kind of messy? And that is not even the main
>> reason why
>> >>>> I object to this policy. ____
>> >>>>
>> >>>> From another perspective, since people can adjust and control
>> >>>> their routers, can you precise how this policy can potentially
>> >>>> prevent/ reduce hijacking?____
>> >>>>
>> >>>> ____
>> >>>>
>> >>>> Best.____
>> >>>>
>> >>>> _______________________________________________ RPD mailing list
>> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net
>> <mailto:RPD at afrinic.net>>
>> >>>> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>> >>>> <https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>> ____
>> >>>>
>> >>>>
>> >>>> **********************************************
>> >>>> IPv4 is over
>> >>>> Are you ready for the new Internet ?
>> >>>> http://www.theipv6company.com <http://www.theipv6company.com
>> ><http://www.theipv6company.com <http://www.theipv6company.com>>
>> >>>> The IPv6 Company
>> >>>>
>> >>>> This electronic message contains information which may be
>> >>>> privileged or confidential. The information is intended to
>> be for
>> >>>> the exclusive use of the individual(s) named above and further
>> >>>> non-explicilty authorized disclosure, copying, distribution or
>> >>>> use of the contents of this information, even if partially,
>> >>>> including attached files, is strictly prohibited and will be
>> >>>> considered a criminal offense. If you are not the intended
>> >>>> recipient be aware that any disclosure, copying,
>> distribution or
>> >>>> use of the contents of this information, even if partially,
>> >>>> including attached files, is strictly prohibited, will be
>> >>>> considered a criminal offense, so you must reply to the
>> original
>> >>>> sender to inform about this communication and delete it.
>>
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> RPD mailing list
>> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net
>> <mailto:RPD at afrinic.net>>
>> >>>> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd
>> ><https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>>
>> >>> _______________________________________________
>> >>> RPD mailing list
>> >>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net
>> <mailto:RPD at afrinic.net>>
>> >>> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd
>> ><https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>>
>> >> _______________________________________________
>> >> RPD mailing list
>> >> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net
>> <mailto:RPD at afrinic.net>>
>> >> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>> >> <https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>>
>> >>
>> >>
>> >> _______________________________________________
>> >> RPD mailing list
>> >> RPD at afrinic.net <mailto:RPD at afrinic.net>
>> >> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>> >>
>> > _______________________________________________
>> > RPD mailing list
>> > RPD at afrinic.net <mailto:RPD at afrinic.net>
>> > https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net <mailto:RPD at afrinic.net>
>> https://lists.afrinic.net/mailman/listinfo/rpd
>> <https://lists.afrinic.net/mailman/listinfo/rpd>
>>
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
> --
>
> Mark James ELKINS - Posix Systems - (South) Africa
> mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
> <https://ftth.posix.co.za>
>
> Posix SystemsVCARD for MJ Elkins
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
Posix SystemsVCARD for MJ Elkins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/04b455db/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abessive_logo.jpg
Type: image/jpeg
Size: 6410 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/04b455db/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: QR-MJElkins.png
Type: image/png
Size: 2163 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/04b455db/attachment-0001.png>
More information about the RPD
mailing list