[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[Job Snijders]

On Tue, Jun 08, 2021 at 05:12:13PM +0200, JORDI PALET MARTINEZ via RPD wrote:

> Then we should “cancel” the AFRINIC whois, IRR, etc., right?


Unfortunately, I think the above remark shows you might misunderstand
the technologies at hand. The meaning of RPKI ROA objects vs IRR/WHOIS
objects is slightly different. (But they do look very similar!)

The RFC 6811 Origin Validation procedure is an innovation which only
permits RPKI ROAs as input into the algorithm. One cannot perform the
RFC 6811 procedure with IRR or WHOIS data as input. This is a
significant difference in semantics.

I understand that this is a very subtle and nuanced difference... but
those services are not the same. Think of it as not being on a
'guestlist' versus being added to a 'killlist'.

By the way --- 

Has anyone done research how much alleged 'hacking' and 'spamming' comes
from unallocated AFRINIC ranges in the DFZ? Is it so bad that we are
willing to risk global connectivity? Are there not other (better) ways
to combat network misuse?

In the RIPE and APNIC discussion nobody was able to show me any
statistics or data about the scope of 'the problem'.

My own research into this suggests that the use of a AS0 TAL will NOT
materially improve anything. Many organizations fight internet abuse
through all kinds of techniques, in my opinion the AS0 proposal is the
wrong tool.

Kind regards,

Job

ps. Is anyone on this mailing list using the LACNIC or APNIC AS0 TAL?