Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
Jaco Kroon
jaco at uls.co.za
Thu Jun 10 07:43:01 UTC 2021
Hi,
So ... bluntly: Why are you so adamant that you want unallocated space
to be routed/advertisable?
In other words,what's the issue with unallocated space being listed in AS0?
Even if AS0 was enforced and everyone HAD to use it ... I fail to see
why you would not want to use it.
Kind Regards,
Jaco
On 2021/06/08 15:21, jeffery_sky via RPD wrote:
> Hello,
> To clarify, these concerns are becoming repetitive due to the lack of
> adequate responses from the concerned stakeholders. Also, I want to
> address the fact that the real problem here is notRPKI in any way.
> What is really bothering me is that***RIR is injecti**ng its own data
> into RPKI*, which makes the previous argument about how signing space
> is invalid.Further, the usage of RPKI will lead toAS0 all unallocated
> space for you. Consequently, the routing changes.
> I understand that some of these concerns are repeated, but I think it
> is because they were not addressed properly. The responses provided
> are mainly vague and it seems to me that you are dodging the comments
> by bringing the Last call phase procedure and calling out the PDWG
> co-chairs.
> The last call phase is dedicated to this type of discussions, and if
> several people are not convinced, it simply means that the co-authors
> should try providing insightful responses that go straight to the
> point, not vague ones. If this vicious cycle and the lack of proper
> answers continues, consensus will never happen, and the policy cannot
> be implemented. Also, most of the raised objections have nothing to do
> with technicalities, therefore, they are meant to be discussed on the
> RPD. Finally, the arguments you perceive repeated, have not been
> received accurate replies, which means they will keep popping out.
> Consequently, the best thing to do, is to dig deeper in this proposal,
> instead of labelling the arguments as invalid.In the hope of receiving
> insightful answers...
>
> Best.
>
>
> On Tuesday, June 8, 2021, 9:40:10 PM GMT+9, Fernando Frediani
> <fhfrediani at gmail.com> wrote:
>
>
> +1
>
> Excelent and simple answer.
>
> Em 6/8/2021 3:01 AM, Frank Habicht escreveu:
> > Hi
> >
> > On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
> >> Hi,
> >>
> >> Are you postulating here that Resources not allocated are
> susceptible to
> >> hijack?
> > - resources are susceptible to hijack.
> > - if a ROA with AS0 was published for an unallocated resource, it would
> > be less susceptible to hijack.
> >
> >
> >> My other understanding is an RIR is a resource dispenser.
> > When I get my next resource from AfriNIC, I will prefer one that was not
> > previously hijacked and used for spamming and network abuse, and got
> > blacklisted and a bad reputation everywhere.
> >
> > What about you?
> >
> >
> > Thanks,
> > Frank
> >
> >
> >> Simply
> >> Daniel
> >>
> >> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani
> <fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>
> >> <mailto:fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>>> wrote:
> >>
> >> AfriNic (or any other RIR) is the resource holder for IP space
> that
> >> IANA has allocated to it. So who else could secure that space
> until
> >> it is assigned to an organization issuing ROAs if not the current
> >> resource holder ?
> >>
> >> Must we have a policy accepted by either RIPE or ARIN first in
> order
> >> to accept it in AfriNic afterwards ?
> >> This is not a worry to the RIR, it is actually an additional
> >> guarantee that no one else will try to make usage of IP space
> under
> >> its responsability.
> >>
> >> Fernando
> >>
> >> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
> >>> Dear Jordi,
> >>>
> >>> Just out of curiosity why has RIPE and ARIN refused to adopt the
> >>> RPKI ROA and make it their responsibility that it is used by
> >>> resource holder?. I will agree that RPKI ROA is a good tool to
> >>> secure BGP routing, however I don't see as the responsibility of
> >>> an RIR to implement it.
> >>>
> >>> My strong opinion is that any resource holder should be
> >>> responsible for securing its resources and if RPKI ROA is the
> best
> >>> way to prevent hijack, then it will enjoy patronage. Making it a
> >>> job of AfriNIC, will possibly be going over board.
> >>>
> >>> Responding to my opening question, I believe RIPE and ARIN
> are not
> >>> keen on accepting your arguments because they are mundane. This
> >>> means resource holders should handle this issue, without
> making it
> >>> a worry of the RIR.
> >>>
> >>> In this regard, AfriNIC should concentrate on handling other more
> >>> important issues, hence this policy is not relevant.
> >>>
> >>>
> >>> Simply
> >>>
> >>> Daniel
> >>>
> >>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
> >>>> Ni Mimi,____
> >>>>
> >>>> __ __
> >>>>
> >>>> No, is not ideological, the legal counsel already confirmed the
> >>>> being bookkeepers has many other **related** implications, such
> >>>> as provide a trustable source of accurate data, and this is what
> >>>> RPKI and AS0 improve.____
> >>>>
> >>>> __ __
> >>>>
> >>>> The fact that in RIPE has not been accepted yet is just one more
> >>>> excuse, if you compare it with the fact that the other TWO RIRs
> >>>> where it has been submitted (APNIC and LACNIC) accepted it
> and in
> >>>> none of those regions there have been any of the excuses and
> lack
> >>>> of knowledge about RPKI that we are hearing here. As I’ve
> >>>> explained already, I don’t think the RIPE chairs decision was
> >>>> correct, and we will make sure to resubmit the proposal there
> >>>> once a consistent appeal process is available, in case chairs
> >>>> take again a wrong decision. Also, then the experience in APNIC,
> >>>> LACNIC and AFRINIC will show that those motivations are
> >>>> ridiculous.____
> >>>>
> >>>> __ __
> >>>>
> >>>> From time to time is good that ARIN and RIPE aren’t the leaders,
> >>>> you don’t think so? It shows that very smart people exist in
> >>>> other regions as well!____
> >>>>
> >>>> __ __
> >>>>
> >>>> Once more, sometimes policies in one or the other region fail to
> >>>> reach consensus, but it happens sooner or later.____
> >>>>
> >>>> __ __
> >>>>
> >>>> If you have a simple and trustable tool such as RPKI to drop
> >>>> invalids, you have a better way (if you want) to avoid bad
> actors
> >>>> to use prefixes that don’t belong to them as they are still on
> >>>> the hands of AFRINIC. This is just facts. Not ideological, not
> >>>> opinions or personal view points. So yes, AS0 avoids, if you
> >>>> operate your network in a consistent way, to be faked with
> >>>> prefixes not allocated/assigned by AFRINIC, and thus helps to
> >>>> prevent hijacking.____
> >>>>
> >>>> __ __
> >>>>
> >>>> Regards,____
> >>>>
> >>>> Jordi____
> >>>>
> >>>> @jordipalet____
> >>>>
> >>>> __ __
> >>>>
> >>>> __ __
> >>>>
> >>>> __ __
> >>>>
> >>>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com
> <mailto:dym5328 at gmail.com>
> >>>> <mailto:dym5328 at gmail.com <mailto:dym5328 at gmail.com>>>
> escribió:____
> >>>>
> >>>> __ __
> >>>>
> >>>> Dear WG,____
> >>>>
> >>>> ____
> >>>>
> >>>> I think the issue here is ideological. Many people believe that
> >>>> RIRs are mere bookkeepers, and it is not in their mandate to
> >>>> inject data into the routing database. That is the reason why
> >>>> RIPE did not approve a similar proposal, which I totally agree
> >>>> with. Moreover, I wanted to react to Jordi’s statement, saying
> >>>> that these objections are based on practical and technical
> >>>> matters. There is not only one routing database, there are many,
> >>>> isn’t it kind of messy? And that is not even the main reason why
> >>>> I object to this policy. ____
> >>>>
> >>>> From another perspective, since people can adjust and control
> >>>> their routers, can you precise how this policy can potentially
> >>>> prevent/ reduce hijacking?____
> >>>>
> >>>> ____
> >>>>
> >>>> Best.____
> >>>>
> >>>> _______________________________________________ RPD mailing list
> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>
> >>>> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
> >>>> <https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>> ____
> >>>>
> >>>>
> >>>> **********************************************
> >>>> IPv4 is over
> >>>> Are you ready for the new Internet ?
> >>>> http://www.theipv6company.com <http://www.theipv6company.com
> ><http://www.theipv6company.com <http://www.theipv6company.com>>
> >>>> The IPv6 Company
> >>>>
> >>>> This electronic message contains information which may be
> >>>> privileged or confidential. The information is intended to
> be for
> >>>> the exclusive use of the individual(s) named above and further
> >>>> non-explicilty authorized disclosure, copying, distribution or
> >>>> use of the contents of this information, even if partially,
> >>>> including attached files, is strictly prohibited and will be
> >>>> considered a criminal offense. If you are not the intended
> >>>> recipient be aware that any disclosure, copying, distribution or
> >>>> use of the contents of this information, even if partially,
> >>>> including attached files, is strictly prohibited, will be
> >>>> considered a criminal offense, so you must reply to the original
> >>>> sender to inform about this communication and delete it.
>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> RPD mailing list
> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net>
> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>
> >>>> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd
> ><https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>>
> >>> _______________________________________________
> >>> RPD mailing list
> >>> RPD at afrinic.net <mailto:RPD at afrinic.net>
> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>
> >>> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd
> ><https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>>
> >> _______________________________________________
> >> RPD mailing list
> >> RPD at afrinic.net <mailto:RPD at afrinic.net>
> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>
> >> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
> >> <https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>>
> >>
> >>
> >> _______________________________________________
> >> RPD mailing list
> >> RPD at afrinic.net <mailto:RPD at afrinic.net>
> >> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
> >>
> > _______________________________________________
> > RPD mailing list
> > RPD at afrinic.net <mailto:RPD at afrinic.net>
> > https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210610/5e018e9e/attachment-0001.html>
More information about the RPD
mailing list